Notes on using TOR and TOR browser (part 1)
ShizoHello dear reader, Shizo is in touch.
Today we'll talk about the tor (including the browser) and basic tips so that you don't get killed very quickly (we'll talk in more depth in another article).
At first there was some romance in the visit.onion sites, surprised by something new, like a child. Now it's more of a technical interest, because there are not particularly any new radically different resources on the radar. And you know yourself that over time you adapt to a lot and get bored.
I think it is obvious that you do not need to log in to your accounts that are in the "clearnet zone", as well as registering accounts in the darknet (darkweb) to previously used nicknames/ emails, because when building connections, this may give you away.
In no case do not use your real number! And in general, avoid such resources where it is required.
Regarding the use of mail, it is better either temporary, or a service that stores user data in encrypted form on a hidden Tor node and with which you can send messages to addresses from the Tor network.
The site is about choosing an email provider.
Use protected operating systems like Qube OS and Whonix, and it's better to eventually come to build a system from the source, and then configure it yourself and check before adding new tools to the arsenal that you haven't worked with for vulnerabilities and bookmarks.
You can read about the facebook user's deanymization (the user's real ip address was obtained due to the Tails vulnerability).
You can visit sites from the clearnet only if they support encrypted communication protocols, for example FTP, HTTP, SMTP can be easily tracked. Therefore, it is better to include HTTPS-Only Mode or HTTPS everywhere extension in the privacy and security settings in the Tor browser.
When sending any files, you initially need to clean the metadata, and when downloading, carefully check the resource from which the file itself is downloaded for the presence of a malicious part, as the simplest measure is VirusTotal, if the hands are not from one place, then you can use impfuzzyhash to identify it. It's not only about executable files, but also about office files (Microsoft Office series), because they can also contain malicious code.
If you use Windows (which I highly do not recommend), it is better to create a new user without administrator rights and run a Tor browser in it. You can also create a virtual machine, but this is a separate topic, because there are many nuances, and in the case of VirtualBox (in version 6.1 there was a vulnerability that allowed you to leave the virtual environment)
Advice about using a VPN before / after connecting is very harmful, of course, if you have not raised it yourself and are confident in the security of it.
Try to change the style of writing, ofrography, grammar, intentionally make mistakes, just so that it does not allow you to be compromised. After all, they can conduct a tonal analysis of the text (the attitude of the author of the text to a certain topic:negative, positive or neutral), linguistic analysis, etc.
This is just a small list, the continuation is coming soon.