/g/ - Technology

install openbsd

[Make a Post]
[X]





DO NOT USE TORBROWSER 8.x or FF 6X Nanonymous No.1619 [D][U][F][S][L][A][C] >>1620 >>1624 >>3530
File: 9176b47add9be5fc5739e1d1e26d73a9da1dceef736781e8b6875cfa4724682f.jpg (dl) (10.94 KiB)

DO NOT DOWNLOAD TORBROWSER 8.x or FF 6X
they have huge amount of zero-days. THEY ARE COMPROMISED

PROOF: https://darknetlive.com/post/zero-day-company-reveals-vulnerability-in-tor-browser-7-x/
>In a post on Twitter, a company specializing in purchasing zero-day exploits from researchers and selling them to government agencies revealed that several versions of the Tor Browser fail to prevent JavaScript from running even with NoScript on the most secure setting.
>The security company, Zerodium, announced the vulnerability after a new version of the Tor Browser had been released. Tor Browser 8.x is unaffected by the vulnerability, according to their announcement.
A company that earns profit on selling exploits for tor browser is telling you that tbb 7.X in UNSAFE and you need to migrate to SAFE tbb 8. does that sound legit? what is their motivation? how do you think?
if TBB 7 is so insecure, why would they speak about it publicly instead of selling zero-days for it?
the true reason is, because they have a lot of zero-days for TBB8, whereas TBB7 is mature and they won't be able to find much more holes.
THEY ARE A PRIVATE COMPANY that is "specializing in purchasing zero-day exploits from researchers and selling them to government agencies". Your security is not in their interests, their interests is making profit by selling zero-days. If they shill for updating TBB to version 8, that means they will profit from it. How? By selling zero-days for TBB8. They have a lot of them.
>Advisory: Tor Browser 7.x has a serious vuln/bugdoor leading to full bypass of Tor / NoScript ‘Safest’ security level (supposed to block all JS).
The exploit in TBB7 is not in browser code but in NoScript. However, NoScript creators quickly released a fix. You can get it here: https://noscript.net/getit you need the 5.1.9 version for TBB7 and FF ESR <60.
However, those fuckers from Zerodium, they tell you bullshit that you need to update your entire browser. Which is total bullshit. All you need is update NoScript.
Zerodium shill for TBB8 because they have huge amount of exploits for it and they will get rich from it.

Another problem with TBB8 is that it stops spoofing useragent. It lowers your privacy.
https://forums.whonix.org/t/tor-browser-8-and-removal-of-user-agent-spoofing/5930
https://trac.torproject.org/projects/tor/ticket/27495
Tor Project makes changes that lower anonymity of Tor users. Tor Project is compromised by CIA and MOSSAD.

If you have TorBrowser 8 or Firefox 60+ you should quickly downgrade. This is SERIOUS situation.
However, this is not so easy, because Tor Project quickly removed all TorBrowser7.X from their site (https://dist.torproject.org/torbrowser/).
You need to download Tor Browser 7.5.6 from 3rd party websites:
https://archive.org/download/torbrowser-install-7.5.6_en-US_201811/torbrowser-install-7.5.6_en-US.exe
https://torify.me/en/download-tor-browser/download-tor-browser-for-windows.html
after you download you can verify file
SHA1 eb39a62bea0e23816d5376600ad60a1f5ec603b5
SHA-256 475b2207314ddbf28ee79651b5d1154d59699e7b76a3b5081dce3caf97ab941e
SHA384 8f0471f191cf6f4965b5975a2679acf60cd6d1e4b9aac71212ff9ba5532160edc843303ccaab190a53950218ad868d46
SHA-512 6d8af481332ab552cf99a2f03373ed33262fbd8a74b6b082d3a05023c82a978ba0ff757a1d5c25414d419cf45dbd7b54678ea23c77cefff56a916cd48059d0c2
CRC32 cb25f5f0
MD5 886e550598a7328205c430936f4226f5
Size 53 868 664

After you install it, update NoScript, https://noscript.net/getit follow the instructions there and install NoScript 5.1.9.
>Notice: you may need to open about:config and set your xpinstall.signatures.required preference to false in order to install NoScript 5.x, since Mozilla doesn't support signatures for legacy add-ons anymore. If you're using a non ESR Firefox, you may also need this hack.

Your life is at risk. Follow my instructions to be safe. Spread this message to as many people as possible.

tl;dr
Tor Browser 8.x and FF 60+ are totally COMPROMISED. Downgrade to Tor Browser 7 and FF ESR 53 as quickly as possible. Tor Project is compromised by CIA and MOSSAD.

Nanonymous No.1620 [D] >>1623

>>1619
You are using a flawed "who said what" methodology for finding the truth. It is unreliable. That (((company))) may be using reverse psychology.
Come back when you have real evidence. Until then, I'll be using links + torsocks + tor, instead of some bloated crap like tor browser or furryfucks.
Nanochan has HTTPS by the way. Use it in combination with Tor's encryption, check hapase's /meta/ post for the public key ID. More encryption is better than less.

Nanonymous No.1621 [D] >>1622

>A company that earns profit on selling exploits for tor browser is telling you that tbb 7.X in UNSAFE and you need to migrate to SAFE tbb 8. does that sound legit? what is their motivation? how do you think?
>if TBB 7 is so insecure, why would they speak about it publicly instead of selling zero-days for it?
>the true reason is, because they have a lot of zero-days for TBB8, whereas TBB7 is mature and they won't be able to find much more holes.

When you hear or read something, look at who is saying that and what is his true motivation. What he wants to achieve with it. What are his hidden motives.

Facts:

Zerodium = Private company that earns money on selling Tor Browser zero-days to governments

So Zerodium has zero motivation to help people avoid zero-days, it has opposite motivation, to trap people into zero-days and sell those to governments.

That means, when Zerodium tells you to do X, that means X will fuck you up. In this case X = "Update your Tor Browser and Firefox goyim!"

When Zerodium tells you "goyim Tor Browser 7 is insecure" and "goyim Tor Browser 8 is TOTALLY secure and safe", it's actually opposite. TBB7 is safe and they don't have exploits for it, but they have huge amount of exploits for TBB8.

Their only point of existence is making profits for their shareholders, making profits by selling zero-days to governments.

We need to downgrade to Tor Browser 7

Nanonymous No.1622 [D][U][F] >>1623
File: 4fbd423e8f3a28a900bd67376e496e2c0122a4a02184f14bbf22516e19695c62.jpg (dl) (270.04 KiB)

>>1621
>when (((Zerodium))) says X that means you should do the opposite
What if (((Zerodium))) told you not to install Macroshit Wangblows and use OpenBSD instead? Surely you should install Wangblows, because everything that (((Zerodium))) says is wrong, amirite?
You must take into account that they could be using reverse psychology.
Note that I personally don't have a preference for TBB 7 or 8 because both are bloated pieces of shit.

Nanonymous No.1623 [D]

>>1620
>You are using a flawed "who said what" methodology for finding the truth.
this is not flawed at all
if TBB7 was really bad and TBB8 good, they have zero interest to say that. Their only objective is to make as much profit as possible, by selling zero-days. They have zero interest in making users safer.

also, the bug was in NoScript, not in TBB7 itself. why zeriodum shills told people to update TBB instead of just updating NoScript?
if you have a hole in your tire, you should change your tire, not your car. but Zeriodum told people to change a car

>That (((company))) may be using reverse psychology.
No. Because when they released their recommendation, we got thousands of articles on the internet that we need to update Tor Browser and Firefox, nobody questioned Zerodium recommendations, millions of people had read those articles.
I am literally first person that is proposing that Zerodium fucked us over with their recommendation.

>Come back when you have real evidence.
also TBB8/FF60 changed a huge amount of firefox code. this is big new attack surface
TBB7 family was based on long lived Firefox ESR 52. The codebase changed only for bugfixes for long time. But Firefox ESR 60+ changed huge amount of things and added a lot of bloat, it's huge attack surface ready to be used. they will find plenty of zero-days in it

>I'll be using links + torsocks + tor, instead of some bloated crap like tor browser or furryfucks.
if you don't use Tor Browser then probably this doesn't affect you. But Tor.exe could be compromised too, since Tor Project is controlled by CIA&Mossad.
Not sure if using Links is so great idea, because you will stand off from other Tor browsers. Even if you changed your useragent in Links, your browser will behave differently that Tor Browser

>>1622
>What if (((Zerodium))) told you not to install Macroshit Wangblows and use OpenBSD instead? Surely you should install Wangblows, because everything that (((Zerodium))) says is wrong, amirite?
Except Zerodium never said that and never will. They only say things they can profit off.

>You must take into account that they could be using reverse psychology.
I did. It's not reverse psychology because millions of people read articles about Zerodium recommending to update TBB and Firefox, nobody questioned them, everyone agreed we need to do it.

>Note that I personally don't have a preference for TBB 7 or 8 because both are bloated pieces of shit.
but TBB8 is more bloated and it contains huge amount of new code, that means huge attack surface

Nanonymous No.1624 [D] >>1625

>>1619
In what possible method of your crackpot thinking, did you somehow conclude that Tor is compromised by CIA/Mossad?

No, seriously, tell me.

Nanonymous No.1625 [D] >>2697

>>1624
>In what possible method of your crackpot thinking, did you somehow conclude that Tor is compromised by CIA/Mossad?
>No, seriously, tell me.

Tor is making many changes that lower anonymity and security of Tor users. Some time ago they also kicked off one guy on false rape accusations.

Why CIA? Because Tor Project is based in US. Why Mossad? Because jews and Mossad own US and CIA. Americans are cucks that do everything what israel tells them. Israel even told americans to destroy their children's penis foreskins and americans complied with that.

Nanonymous No.1634 [D]

Thanks OP
just downgraded

Nanonymous No.1642 [D]

>Misdirection -- The Jew's oldest trick
You're the one misdirecting here the Jew has infiltrated almost every organization with enough power and influence.

Regarding Tor Browser, the main problem is that you'll stand out when you're down-grading. That's all.

sage sage No.1648 [D][U][F] >>1652
File: b37db20f0c477487e2e58d7c074b004355cd4eb573a92c8f4b0fb037ab7f10d5.png (dl) (207.13 KiB)

Pigchan thread.

Nanonymous No.1652 [D] >>1654 >>1656

>>1648
that's not a repost
thread was started both there and here at same time

and why do you call it pigchan?

Nanonymous No.1654 [D]

>>1652
>why do you call it pigchan?
Lurk the fuck moar.

Nanonymous No.1656 [D][U][F] >>1960
File: 0f1ecd7cd9b194a2050f0a853e5135e33800d1150389515eda19095cb0df6662.jpg (dl) (29.07 KiB)

>>1652
8chan's former proprietor was killed and eaten by the current proprietor's hogs. Ergo, pigchan.

Like anon said, lurk moar, faggot.

Nanonymous No.1959 [D] >>1961

Zerodium might not have expected normalfags on tor to be able to upgrade an addon without their favorite (((mozilla))) addon store.
It also appears that Zerodium works for cyber defense, not offense. If what they say is not just a corporate facade, then it's possible that they could've released the vulnerability out of good faith. The original tweet never said you should upgrade; If they really wanted to "upgrade", Zerodium would probably make their tweet more pushy to target the normalfags on tor.
>ZERODIUM customers are mainly government organizations in need of specific and tailored cybersecurity capabilities and/or protective solutions to defend against zero-day attacks.


Nanonymous No.1960 [D]

>>1656
I can see Freemason Jim doing something like your pic. Where did you get that image from?

Nanonymous No.1961 [D]

>>1959
Nevermind, zerodium has a history of being a scummy company and has no reason to release a vulnerability after paying for it. https://web.archive.org/web/20181123110132/https://zerodium.com/tor.html

Nanonymous No.2694 [D] >>2699

Since TOR is opensource couldn't you fork it and put it back in?

Nanonymous No.2697 [D]

>>1625
>they also kicked off one guy on false rape accusations.
that debacle with Appelbaum was incredibly cancerous, but it's almost certain he's every bit the douche some of his accusers made him out to be. no matter, his importance to Tor was on the PR side not development. throwing shitty people out of your life is not even remotely a talking point that the project is somehow pozzed.

Nanonymous No.2698 [D]

Tor used to be Vidalia that you would use with a vanilla Firefox instance to browse the internet. After a few disasters, people took notice how fucked up that approach really is so Tor Browser was born out of their findings, which was supposed to address the pitfalls of using vanilla Firefox without any protection.

If you have a proof of concept to demonstrate that TBB8 can be feasibly compromised even when its configured with safest options, feel free to publish it. Until then I'll continue to use it, just how I'm doing right now.

Nanonymous No.2699 [D] >>3295

make sure to set noscript.forbidFonts to true in about:config so CSS OS detection doesn't work
https://arthuredelstein.github.io/tordemos/os-detection-font-css.html
>>2694
Apparently the tor devs fixed the user agent, but I'm not sure if it allows spoofing or just forces a windows user agent all the time. The main contention against tor browser 8 is the unknown amount of exploits that Zerodium paid for. The Tor Project being compromised is less likely.

Nanonymous No.2711 [D][U][F] >>2712
File: 26569eddf8b8abb5b8fe31dac6230ec02e36ba85513167cce283613eb1336de4.jpg (dl) (2.75 MiB)

Just to clarify, browsing nanochan v3 using ungoogled chromium + the "Browse with Onion" extension is worthy of death, right?

Nanonymous No.2712 [D]

>>2711
>the "Browse with Onion"
Does ungoogled Chromium have such an option?

Nanonymous No.2715 [D] >>2728

It never ceases to amaze me how retards just won't fucking use Tor Browser instead resort to snakeoil shit that will get them v& eventually.

Nanonymous No.2718 [D] >>2725

>1619
>A company that earns profit on selling exploits for tor browser is telling you that tbb 7.X in UNSAFE and you need to migrate to SAFE tbb 8. does that sound legit?

Well how can they sell new exploits if there customers are using there already purchased old exploits? Seems they are just keeping themselves in business.

Nanonymous No.2725 [D]

>>2718
Releasing some of your knowledge can also publicly demonstrate competence, attracting more business. Kaspersky and other security/AV companies do this all the time.

Nanonymous No.2728 [D] >>3260

>>2715
>It never ceases to amaze me how retards just won't fucking use Tor Browser
Even on fast desktops, TBB is quite sluggish to interact with, and regular updates means that unless you use TBB often you're probably spending more time downloading updates in TBB than actually using the software. (At least it feels that way for me, sometimes.) It's honestly a bit painful to use so I understand why people would try to achieve similar results with software that doesn't suck.

But the fact remains that many computer literature individuals don't see that they're not nearly competent or informed enough to use tor safely with other web browsers. They've never tested their approach against even a slightly motivated adversary, so they continue under an illusion of safety because they've not attracted anyone's attention before. Sooner or later, they'll get bitten.

TheIntergralReich No.3258 [D]

Dude wake up. They have overtaken most Computer and ISPs. Everyhing belong to Israel.

You can't hid.

You can only hide from Hackers. But not from the NSA or Mossad.
They have to much advance Technology for us to hide on the Internet.



Nanonymous No.3260 [D]

>>2728
>unless you use TBB often
use it as your regular browser. Clearnet should be the exception, maybe for banks and a few others.

Nanonymous No.3292 [D] >>3295

I don'd gnow whad you're dalging aboud widh dhe user agends. Jusd ghgged mine on dor browser 8 and id shows dhe sdandard Windows ND/Geggo dhing. Dhis seems lige a big gonsbiragy dheory widh nod mugh agdual ebidenge.

Nanonymous No.3295 [D]

>>3292
read ṯhe sečond ṗaragraṗh of >>2699

Nanonymous No.3530 [D]

>>1619
>.exe
https://web.archive.org/web/20180904060915/https://www.torproject.org/download/download.html.en