Yeah, I don’t think porn is where TOR or I2P shines. You’ll find a better selection on Pornhub. Or a clearnet image board / Reddit if pictures are your thing. And by the way: Pornhub used to have a TOR mirror: http://pornhubthbh7ap3u.onion/ Seems to be down, though. At least it doesn’t load for me.
Yeah. If you’re clever you use some TOR browser bundle or something like that to access the Darknet. Not only for security. You also void your anonymity / privacy once you use just any random regular browser.
The Darknet is a bit of a mixture of people who use it for legitimate purposes, people who tinker around, and some shady people and trolls. So you’d expect some chance of someone trying to use JavaScript against you, or leverage other browser techniques to leak your IP etc… It’s not a frequent thing by any means, but it’s a possibility.
use some TOR browser bundle or something like that
First, this was an I2P link not a Tor .onion link. They are different, non-interoperable anonymity protocols.
Second, using Tor browser directly would be zero layers of sandbox. Running Tor browser inside a VM would be one layer of sandbox.
someone trying to use JavaScript against you, or leverage other browser techniques to leak your IP
Ummm… first the whole point of Tor and I2P both is that nobody knows your IP address. Not even the website operator. Not even the darknet node operators, except the entry node you initially connect to (it kind of has to know your IP address for that to work). And that entry node can see only your IP address – it has no idea what sites you connect to from there or what data you transmit.
Lastly, if you’re taking the trouble to use Tor or I2P in the first place – turn off javascript.
Or even better, just move the slider in Tor Browser to ‘Safest’ mode (why that isn’t the default has been the subject of a religious war, one where my side so far has lost, so you do have to do this manually)
First, this was an I2P link not a Tor .onion link. They are different, non-interoperable anonymity protocols.
True. I wasn’t sure what people use to access I2P sites.
first the whole point of Tor and I2P both is that nobody knows your IP address. Not even the website operator.
Sure. And then they load some resource via the clearnet and get your IP address anyway. Or use WebRTC, or one of the several other methods to squeeze an IP out of a browser.
Lastly, if you’re taking the trouble to use Tor or I2P in the first place – turn off javascript.
And now your porn site doesn’t show videos anymore 😁 I have a hunch, this is one of the two reasons why there aren’t any good porn sites around… Despite OP not liking that answer…
That means going through an exit node, which knows the clearnet address but not your IP address. Again that’s the point of the design.
or WebRTC
Then you didn’t have ‘Safest’ mode enabled
one of the several other methods to squeeze an IP out of a browser
Those are called bugs and they do happen but the question is who is attacking you. Assuming you are fully up to date, they are burning an 0day to do so.
That’s why solutions like Tails, Whonix, and Qubes exist. Even if the browser is compromised, those OSes guard you against leakage.
Q: What did Snowden use to walk out of NSA with gigabytes of national secrets?
A: Tails on a USB stick (hidden in a Rubiks cube)
EDIT: Oh yeah. Streaming videos over Tor literally cannot be done without giving up your anonymity. So no those sites won’t work the way you want them to. You can still download MP4s off PornHub and XVideos though. I have… tested this.
I2P doesn’t have exit nodes. Once you load content from outside the network, that won’t be via I2P, only chance is to get it directly via another connection. For example your default internet connection. So either the browser or operating system is configured to block that. Or you’ll leak your IP.
Then you didn’t have ‘Safest’ mode enabled
Yeah, that’s why I said, use a dedicated browser for that. Something preconfigured to not allow any of that.
Yet better: Use Tails like recommended by Snowden.
Those are called bugs and they do happen […]
I’m not so sure about this… Is “safest” mode really all you need? And does it reliably deal with 100% of the attack vectors? Last time I tried it wasn’t too good for example against browser fingerprinting (which doesn’t reveal an IP, but might be bad as well). And there’s a million ways from WebRTC, to trying to get the IPv6 address if all you did is configure an IPv4 proxy, DNS leaks, browser plugins, the webfont system does a lot of weird things, all the things done to do multimedia are very complex and might offer side-channels, I recently learned how to extract some information with CSS alone, no JS needed… Does “safest” really do a 100% job? I mean what I’ve done until now is to discourage people to mess with their browser settings themselves because it’s (a) easy to make mistakes or miss something, and (b) I wasn’t sure if that setting even does all the heavy-lifting without going into detail with all the other changes for example TOR browser bundle has?!
I’d need to look it up but I think there’s a lot of opportunity without resorting to 0-days.
EDIT […]
Yeah, I think that’s why good (and easy to use) pron sites you’d “recommend to people” aren’t really a thing on there.
And there’s the other thing that horny people might just click “allow” on something, because their brain is currently not in logical thinking mode.
Yeah, I don’t think porn is where TOR or I2P shines. You’ll find a better selection on Pornhub. Or a clearnet image board / Reddit if pictures are your thing. And by the way: Pornhub used to have a TOR mirror: http://pornhubthbh7ap3u.onion/ Seems to be down, though. At least it doesn’t load for me.
Are you stupid? Why do you down-vote everyone giving you answers to your question?
@desonic@lemmy.cafe http://n435xd44643mslbeu7ff2qljgqmjx7q5xba5ov4ynhgtex5v7cfa.b32.i2p/
Not clicking that without like 2 layers of sandbox isolation
Yeah. If you’re clever you use some TOR browser bundle or something like that to access the Darknet. Not only for security. You also void your anonymity / privacy once you use just any random regular browser.
The Darknet is a bit of a mixture of people who use it for legitimate purposes, people who tinker around, and some shady people and trolls. So you’d expect some chance of someone trying to use JavaScript against you, or leverage other browser techniques to leak your IP etc… It’s not a frequent thing by any means, but it’s a possibility.
First, this was an I2P link not a Tor .onion link. They are different, non-interoperable anonymity protocols.
Second, using Tor browser directly would be zero layers of sandbox. Running Tor browser inside a VM would be one layer of sandbox.
Ummm… first the whole point of Tor and I2P both is that nobody knows your IP address. Not even the website operator. Not even the darknet node operators, except the entry node you initially connect to (it kind of has to know your IP address for that to work). And that entry node can see only your IP address – it has no idea what sites you connect to from there or what data you transmit.
Lastly, if you’re taking the trouble to use Tor or I2P in the first place – turn off javascript. Or even better, just move the slider in Tor Browser to ‘Safest’ mode (why that isn’t the default has been the subject of a religious war, one where my side so far has lost, so you do have to do this manually)
True. I wasn’t sure what people use to access I2P sites.
Sure. And then they load some resource via the clearnet and get your IP address anyway. Or use WebRTC, or one of the several other methods to squeeze an IP out of a browser.
And now your porn site doesn’t show videos anymore 😁 I have a hunch, this is one of the two reasons why there aren’t any good porn sites around… Despite OP not liking that answer…
That means going through an exit node, which knows the clearnet address but not your IP address. Again that’s the point of the design.
Then you didn’t have ‘Safest’ mode enabled
Those are called bugs and they do happen but the question is who is attacking you. Assuming you are fully up to date, they are burning an 0day to do so.
That’s why solutions like Tails, Whonix, and Qubes exist. Even if the browser is compromised, those OSes guard you against leakage.
Q: What did Snowden use to walk out of NSA with gigabytes of national secrets?
A: Tails on a USB stick (hidden in a Rubiks cube)
EDIT: Oh yeah. Streaming videos over Tor literally cannot be done without giving up your anonymity. So no those sites won’t work the way you want them to. You can still download MP4s off PornHub and XVideos though. I have… tested this.
I think we’re somewhat on the same page here.
I2P doesn’t have exit nodes. Once you load content from outside the network, that won’t be via I2P, only chance is to get it directly via another connection. For example your default internet connection. So either the browser or operating system is configured to block that. Or you’ll leak your IP.
Yeah, that’s why I said, use a dedicated browser for that. Something preconfigured to not allow any of that.
Yet better: Use Tails like recommended by Snowden.
I’m not so sure about this… Is “safest” mode really all you need? And does it reliably deal with 100% of the attack vectors? Last time I tried it wasn’t too good for example against browser fingerprinting (which doesn’t reveal an IP, but might be bad as well). And there’s a million ways from WebRTC, to trying to get the IPv6 address if all you did is configure an IPv4 proxy, DNS leaks, browser plugins, the webfont system does a lot of weird things, all the things done to do multimedia are very complex and might offer side-channels, I recently learned how to extract some information with CSS alone, no JS needed… Does “safest” really do a 100% job? I mean what I’ve done until now is to discourage people to mess with their browser settings themselves because it’s (a) easy to make mistakes or miss something, and (b) I wasn’t sure if that setting even does all the heavy-lifting without going into detail with all the other changes for example TOR browser bundle has?!
I’d need to look it up but I think there’s a lot of opportunity without resorting to 0-days.
Yeah, I think that’s why good (and easy to use) pron sites you’d “recommend to people” aren’t really a thing on there.
And there’s the other thing that horny people might just click “allow” on something, because their brain is currently not in logical thinking mode.