[NanC]

Hello. I’ve created this topic to discuss the security and updates related to the Tor network and the Tor browser. I would be happy if you could share any tips or insights that could help other users, either as soon as possible or whenever you have the time. We can all benefit from each other's experiences.
I will also post a tutorial soon on how to secure your entire computer using tor in here.



Thanks to everyone who has a keyboard

[k1083]

Hello. I’ve created this topic to discuss the security and updates related to the Tor network and the Tor browser. I would be happy if you could share any tips or insights that could help other users, either as soon as possible or whenever you have the time. We can all benefit from each other's experiences.
I will also post a tutorial soon on how to secure your entire computer using tor in here.



Thanks to everyone who has a keyboard

For new users who want to enter Darknet forums using Tor, you must be clear about two things: Are you going in just to browse, or to download and test things?

I open with this because some of the advice I’ll give stems from that distinction. 

1) If the forum you’re entering has a website on both the Clearnet and the Darknet (.onion), I always recommend using the .onion link. If you ever need to use the Clearnet link, do it through the Tor browser—never use conventional browsers, ever. 

2) To slightly increase your privacy level, I recommend using a multi-hop VPN like Mullvad. Never use NordVPN or ProtonVPN. 

3) If you’re just browsing reading and learning (not downloading) you can use a virtual machine like VMware, download the portable version of Tor inside it, and start exploring forums without downloading files. 

4) If you want to download things from forums, I recommend using anonymous email services like OnionMail. Never download anything to your personal machine, even if you’re an expert (even if you’re the best hacker in the world). Never download Darknet files to your personal computer. 

5) Never register on Darknet forums with your personal email or any email tied to your IP or linked to your identity. 

6) To go deeper into the Darknet (not the Deep Web), you must thoroughly learn good OPSEC practices. If you don’t know what this is, look it up on Google or ask ChatGPT and study it. 

7) Learn to use PGP encryption you’ll thank me later. (Some forums require it to log in.) 

8) Under no circumstances should you use your personal Telegram account to join Darknet download groups. Even if you use alternate Telegram accounts, these groups are often filled with stealers/logs be very careful. 

9) Research the messaging apps commonly used in the Darknet . Telegram is not recommended. 

10) The most common messaging apps are: Session, SimpleX, Tox, XMPP, and Keybase. 

11) Never share personal information with people on the Darknet  it can be used against you if you ever have issues in the future. 

12) Never set a profile picture of a "hacker in a hoodie." (You’re not a hacker; you’re just someone learning.) 

I don’t have many technical tips because I don’t consider myself an expert i still a kitten learning new things every day. I’ll leave the technical details to the forum experts.

[BSEA]

Hello. I’ve created this topic to discuss the security and updates related to the Tor network and the Tor browser. I would be happy if you could share any tips or insights that could help other users, either as soon as possible or whenever you have the time. We can all benefit from each other's experiences.
I will also post a tutorial soon on how to secure your entire computer using tor in here.



Thanks to everyone who has a keyboard

For new users who want to enter Darknet forums using Tor, you must be clear about two things: Are you going in just to browse, or to download and test things?

I open with this because some of the advice I’ll give stems from that distinction. 

1) If the forum you’re entering has a website on both the Clearnet and the Darknet (.onion), I always recommend using the .onion link. If you ever need to use the Clearnet link, do it through the Tor browser—never use conventional browsers, ever. 

2) To slightly increase your privacy level, I recommend using a multi-hop VPN like Mullvad. Never use NordVPN or ProtonVPN. 

3) If you’re just browsing reading and learning (not downloading) you can use a virtual machine like VMware, download the portable version of Tor inside it, and start exploring forums without downloading files. 

4) If you want to download things from forums, I recommend using anonymous email services like OnionMail. Never download anything to your personal machine, even if you’re an expert (even if you’re the best hacker in the world). Never download Darknet files to your personal computer. 

5) Never register on Darknet forums with your personal email or any email tied to your IP or linked to your identity. 

6) To go deeper into the Darknet (not the Deep Web), you must thoroughly learn good OPSEC practices. If you don’t know what this is, look it up on Google or ask ChatGPT and study it. 

7) Learn to use PGP encryption you’ll thank me later. (Some forums require it to log in.) 

8) Under no circumstances should you use your personal Telegram account to join Darknet download groups. Even if you use alternate Telegram accounts, these groups are often filled with stealers/logs be very careful. 

9) Research the messaging apps commonly used in the Darknet . Telegram is not recommended. 

10) The most common messaging apps are: Session, SimpleX, Tox, XMPP, and Keybase. 

11) Never share personal information with people on the Darknet  it can be used against you if you ever have issues in the future. 

12) Never set a profile picture of a "hacker in a hoodie." (You’re not a hacker; you’re just someone learning.) 

I don’t have many technical tips because I don’t consider myself an expert i still a kitten learning new things every day. I’ll leave the technical details to the forum experts.

Nice summary.

I'll add :

1. Learn and understand what Threat Model is
2. Zero Trust by default, even more on onion site
3. Create a bottom to top/right to left infrastructure for compartmentalization

[bieuz]

Nice topic!
I would appreciate if someone could literally show me the way to find good forums and places to get started.

(I know BreachForums has a .onion version.)

[Synaptic]

Tor is only really safe as long as you use it right, for me, every single device i own either runs through the tor network or a VPN like Mullvad (Yes, even the phone) Of course, the tor network is great and all but it is not magic. For instance, what i do to mitigate against some of the limitations of tor i run a VPN on the host OS, Mullvad + Multihop, using bridges in order to hide the fact that you are using to from your ISP (Please only use those if you really have to e.g. tor is blocked in your country, if such restrictions do not exist, please do not use bridges because you are taking away the ability from people who actually need it), And not giving away any personal info. I keep my "dark web" life away from my real one. Of course, there are more things you can do but this are the basics

Tails does a pretty good job at explaining some things in depth: https://tails.net/doc/about/warnings/tor/index.en.html

[NanC]

Tor Browser has been updated to 14.0.9. See what’s new :

Tor Browser 14.0.9 - April 01 2025
* All Platforms
  * Updated Tor to 0.4.8.16
  * Bug 43580: Backport tor-browser#43443: Drop effective top level domain for `au.securedrop.tor.onion` [tor-browser]
  * Bug 43584: Rebase Tor Browser stable onto 128.9.0esr [tor-browser]
  * Bug 43601: Backport security fixes from Firefox 137 [tor-browser]
* Windows + macOS + Linux
  * Updated Firefox to 128.9.0esr
* macOS + Linux + Android
  * Bug 43553: Backport tor-browser#43504: Implement User Survey UX (Desktop) [tor-browser]
* Android
  * Updated GeckoView to 128.9.0esr
  * Bug 43552: Backport tor-browser#43505: Impement User Survey UX (Android) [tor-browser]
  * Bug 43578: Backport tor-browser#43556: Add the "Dismiss" translations in the survey banner [tor-browser]
* Build System
  * All Platforms
    * Updated Go to 1.22.12
    * Bug 41407: Use Lyrebird also for the Snowflake PT [tor-browser-build]
    * Bug 41420: Update the changelog script for label updates [tor-browser-build]
  * Windows + macOS + Linux
    * Bug 41378: Backport Bug 41363: Make separate update_responses commit for each platform [tor-browser-build]
  * macOS + Linux + Android
    * Bug 41375: Backport Bug 41374+40799: Remove support for migrate_archs and migrate_langs in update_responses + Remove legacy locale iteration in update-responses and dmg2mar [tor-browser-build]
    * Bug 41383: Add clairehurst to list of accepted firefox/geckoview signers [tor-browser-build]
    * Bug 41384: OpenSSL hash files have changed format [tor-browser-build]
    * Bug 41399: Update snowflake to 2.11.0 and lyrebird to 0.6.0 [tor-browser-build]
    * Bug 41378: Backport Bug 41363: Make separate update_responses commit for each platform [tor-browser-build]
  * Linux
    * Bug 41337: Remove libstdc++ from Linux tor-expert-bundle [tor-browser-build]
  * Android
    * Bug 41410: Use the Lyrebird name on Android [tor-browser-build]

https://gitlab.torproject.org/tpo/applic...ngeLog.txt
https://www.torproject.org/download/

[nanc_new]

To stay safe, sometimes read this topic. Also, if you have a better idea, share it with everyone to stay safe.

[sentap]

alright, so this topic’s kinda interesting... security on the tor network and its browser needs some serious attention... always stick with the latest stable version. updates usually got security patches for new vulnerabilities like spectre or webrtc leaks... in tor settings, crank the security level to safest. it kills off javascript, non-standard fonts, and some web elements that could be used for fingerprinting...

systems like tails or whonix are built for staying anonymous. tails boots from a flash drive and routes all traffic through tor. whonix uses virtual machines to keep your network isolated... never log into real accounts on tor. for comms, go with encrypted stuff like onionshare or temp email on secure services...

adding random browser extensions can mess up your anonymity. even popular ones like ublock origin might create patterns that trackers could latch onto... using a vpn before tor (not after) can hide tor usage from your isp, but the vpn’s gotta be rock-solid trustworthy with no logs. protocols like wireguard or openvpn with strong encryption are the way to go...

set up a firewall (like iptables or pfsense) to block non-tor traffic. a solid antivirus and malware scanner (like clamav) is a must for dodging dark web threats... watch out for entry and exit nodes. if you can, use bridges to get on tor in restricted networks... tools like obfs4 can help with that... stay sharp!

[NanC]

@sentap Thank you dude

[Jenc1]

That's a nice summary of OPSEC rules.