What not to do in Tor.
It is best to avoid visiting personal sites that have real names or aliases attached, especially if they have ever been accessed through something other than Tor/with a real IP address. There are probably very few people visiting your personal website through Tor. This means that the user can be the only unique Tor client to do this.
This behavior leads to anonymity leakage because once a website is visited, the entire Tor circuit becomes dirty. If a site is not very popular and does not receive much traffic, then Tor exit nodes can be almost certain that the visitor to that site is the site owner. From this point on, it is reasonable to assume that subsequent connections from this Tor exit node also come from this user’s computer.
Do not log into your personal Facebook or other social network account through Tor. Even if you use a nickname instead of your real name, the account is probably associated with friends who know you. As a result, the social network can make a reasonable guess as to who the user actually is.
No anonymity system is perfect. Online anonymity software can hide IP addresses and locations, but Facebook and similar corporations do not need this information. Social networks already know the user, his friends, the contents of “private” messages between them, and so on. This data is stored at least on the servers of the social network, and no software can delete it. They can only be removed by the social media platforms themselves or by hacker groups.
Users who log into their Facebook and other accounts only get location protection, but not anonymity.
Never log into accounts you used without Tor.
Always assume that on each visit the server log saves the following:
Client IP address/location.
Date and time of the request.
Specific addresses of the requested pages.
HTTP code.
The number of bytes transferred to the user.
The user’s browser agent.
Referring site (referrer).
Also assume that the Internet Service Provider (ISP) will record at a minimum the customer’s online time and IP address/location. The ISP may also record the IP addresses/locations of sites visited, how much traffic (data) was transferred, and what exactly was sent and received. As long as the traffic is not encrypted, the ISP will be able to see what specific actions were taken, the information received and sent.
It is clear that the same type of logging by websites and ISP makes it easy to determine user actions.
The account is compromised and tied to the user even in the case of a one-time authorization through a connection not protected by Tor, from a real IP address. Single errors are often fatal and lead to the exposure of many “anonymous” users.
Do not log into online banking or payment systems unless you understand the risks.
Authorization in online banking, PayPal, eBay and other important financial accounts registered in the user’s name is not recommended. In financial systems, any use of Tor risks account freeze due to “suspicious activity”, which is registered by the fraud prevention system. The reason is that hackers sometimes use Tor to commit fraudulent activities.
Using Tor with online banking and financial accounts is not anonymous for the reasons given above. This is pseudonymity, which only provides hiding of the IP address, or a trick to access a site blocked by the ISP. The difference between anonymity and pseudonymity is described in the corresponding chapter.
If a user is blocked, in many cases you can contact support to unblock the account. Some services even allow relaxation of fraud detection rules for user accounts.
Whonix developer Patrick Schleiser is not against using Tor to bypass website blocking or hide an IP address. But the user must understand that a bank or other payment account may be (temporarily) frozen. In addition, other outcomes are possible (permanent blocking of the service, account deletion, etc.), as stated in the warnings on this page and in the Whonix documentation. If users are aware of the risks and feel it is appropriate to use Tor in specific personal circumstances, they can of course ignore this advice.
Don’t alternate between Tor and Open Wi-Fi
Some users mistakenly think that public Wi-Fi is a faster and more secure “alternative to Tor” because the IP address cannot be tied to a real name.
Below we will explain the reasons why it is better to use open Wi-Fi and Tor, but not open Wi-Fi or Tor.
The approximate location of any IP address can be calculated to a city, district or even street. Even if the user is far from his home, open Wi-Fi still gives the city and approximate location, since most people do not travel across continents.
The identity of the owner with open Wi-Fi and the router settings are also unknown variables. There may be a log of users’ MAC addresses with the corresponding Internet activity of those users, which is open to the owner of the router.
While logging does not necessarily violate the user’s anonymity, it narrows the pool of suspects from the entire global population of the Earth, or continent, or country, to a specific area. This effect greatly reduces anonymity. Users should always retain as much information as possible.
Avoid “Tor over Tor” scenarios
Note: This is a problem specifically with the Whonix service.
When a transparent proxy (such as Whonix) is used, it is possible to run Tor sessions simultaneously on the client side and on the transparent proxy, creating a “Tor over Tor” scenario.
Don’t reveal personally identifiable information online
Deanonymization is possible not only with connections and IP addresses, but also in social ways. Here are some anti-deanonymization recommendations from Anonymous:
Do not include personal information or personal interests in nicknames.
Do not discuss personal information such as location, age, marital status, etc. Over time, silly conversations like discussing the weather can lead to an accurate calculation of the user’s location.
Do not mention gender, tattoos, piercings, physical abilities or disabilities.
Do not mention profession, hobbies, or involvement in activist groups.
Don’t use special characters on your keyboard that only exist in your language.
Do not publish information on the regular Internet (Clearnet) while being anonymous.
Do not use Twitter, Facebook and other social networks. It will be easy to link you to the profile.
Do not use Twitter, Facebook and other social networks. It will be easy to link you to the profile.
Don’t post links to Facebook images. The file name contains your personal ID.
Don’t visit the same website at the same time of day or night. Try to vary your session times.
Remember that IRC, other chat rooms, forums, and mailing lists are public places.
Do not discuss anything personal at all, even when connecting securely and anonymously to a group of strangers. Recipients in a group represent a potential risk (“known unknowns”) and can be forced to work against the user. It only takes one informant to break up the group.
Heroes only exist in comic books - and they are actively hunted. There are only young or dead heroes.