Tabla de Contenidos

Tor
O/Ss
Search Engines
Entry Points
Anon ID
Email
IM
File Management
Cryto-Currency
- Bitcoin
- Monero (XMR)
Investigations

Tor

Links

Bridges

[Good] Bridges are Tor entry nodes not publicly available (therefore not easily blacklisted by ISPs). However, ISPs are still able to use Deep Packet Filtering to filter out Tor traffic, therefore we have Tor Pluggable Transports…

Transports

[Better] Tor Pluggable Transports attempt to avoid Deep Packet Filtering by making Tor traffic look like any other traffic. Pluggable transports obfuscate your traffic to your Tor Bridge entry node.
Go here and under “Advanced Options,” select pluggable transport type and “Get Bridges.”
Copy and paste into Tor either during setup or in your settings. Manual Page

O/Ss

Tails: [Best] Tails with Pluggable Transport or Bridge

Get Tails
Boot
At Tails boot menu, go into Additional Settings
Select Network Connection
Choose 2nd option: Configure Tor bridge or local proxy
Click on “Add”
Then start Tails
Once booted into Tails choose “Configure” in Connection Settings Pop-up
Check “Tor is censored in my country”
Paste in your bridge information (with pluggable transport if you want) obtained previously and saved on USB stick.

Qubes

Get Qubes:

You can install on a USB stick. From the installation guide:

“Installing an operating system onto a USB drive can be a convenient and secure method of ensuring that your data is protected and remains portable. If you want to install Qubes OS onto a USB drive, just select the USB device as the storage location for the OS. Be advised that a minimum storage of 32 GB is required and that a fast USB 3.0 compatible drive is mandatory to achieve decent performance. Also, bear in mind that the installation process is likely to take longer than an installation on a internal storage disk.”

Requirements to run Qubes on a machine: In the BIOS settings…

Enable Virtualization (VT-x, VT-d / AMD-V, AMD-Vi)
Disable Secure Boot (optional, but recommended)
Set Boot to Legacy (optional, but recommended)
Boot from USB

Search Engines

These are Tor sites. You must use a Tor browser…

DuckDuckGo.com: https://3g2upl4pq6kufc4m.onion/
NotEvil: hss3uro2hsxfogfq.onion
Torch: xmh57jrzrnw6insl.onion
Ahmia: msydqstlz2kzerdg.onion

Entry Points

Listings

hidden wiki: http://zqktlwi4fecvo6ri.onion/wiki/index.php/Main_Page
dark.fail (PGP verifies links): darkfailllnkf4vf.onion
deep web subredit: https://www.reddit.com/r/deepweb/
onions sub reddit: https://www.reddit.com/r/onions/

Others

hidden answers: answerstedhctbek.onion
dread - reddit: http://dreadditevelidot.onion/
privacy sub reddit: https://www.reddit.com/r/privacy/

Anon ID

Create a Fake Anonymous Identity (create an identity for the DarkNet)

http://elfq2qefxx6dv3vy.onion/fakeid.php

Make an ID, modify it so it is “yours” and use that same ID on the DarkNet.

NEVER use it on the ClearNet.
Save it on the encrypted persistent partition on your Tail USB stick.

Email

Temporary Accounts:

http://grrmailb3fxpjbwm.onion/
https://www.guerrillamail.com/
https://tempmailaddress.com
Huge list of other providers: https://gist.github.com/michenriksen/8710649

ProtonMail: This is a “hybrid” set-up: Encrypted (private) but not necessarily anonymous.

Privacy-Focused Email Provider (but WILL respond to authorities and provide required documentation).
ClearNet: https://protonmail.com/
DarkNet: https://protonirockerxow.onion/login

DarkNet Email Providers

Elude is probably the best option. It allows you to communicate with both ClearNet and DarkNet address:
- Elude: http://eludemaillhqfkh5.onion/
Communicate with DarkNet addresses only:
- Torbox - http://torbox3uiot6wchz.onion/
Others:
- Temp Mail - http://grrmailb3fxpjbwm.onion/
- Riseup - http://nzh3fv6jc6jskki3.onion
- mail2tor - http://mail2tor2zyjdctd.onion/
Full List:
- If the links don't work, search on the service name…
- https://www.reddit.com/r/onions/comments/6krt34/list_of_onion_email_providers/

IM

XMPP Servers (allows you to create an account):

https://gist.github.com/dllud/a46d4a555e31dfeff6ad41dcf20729ac

With an account you can communicate with anyone else with an XMPP account.

Recommended: https://dismail.de/

Use Pigin:

In Pigin, Advanced Settings, change the XMPP service to the .onion server.
OTR (Off-The-Record) Plugin: end-to-end encryption.
- Tools… Plugins… Enable it and set Default OTR Settings (always use)

File Management

File Sharing:

Remove/Clean MetaData: In Tails, right click and select “Clean Metadata”
Basic File Sharing: https://send.firefox.com/
- Tor Security Settings must be Medium or Low (b/c JavaScript is necessary)
Peer-to-Peer File Sharing (more secure, full control): OnionShare
- Creates a local Onion service on your computer to be accessed by recipient
- From Tails: right-click file, “Share via OnionShare” (creates URL to share)
- Must be downloaded with a Tor client/browser

File Removal: (delete and wipe) The following only works on hdd…

For a file: In Tails, right click file to delete and choose “Wipe.”
For a device: Clean all persistent available space on your Tails…
- Open a file manager, right click in white space…
- Choose: “Wipe available disk space” (choose options). Does NOT delete files.

File Removal on ssd/usb_stick: The only real way to erase data so it can not be retrieved…

Burn it. Destroy it. Microwave it. (Yes, you read that correctly.)
Securely wipe and format the entire device. In Tails…
- Applications… Utilities… Disks… Select the device to wipe…
- Click on the cogs icon by the partition graphic… choose “Format Partition”
- Erase option: choose “Overwrite existing data with zeroes…”
- Type: file system type, set to whatever type you want.

Device Encryption: The above wiping sequence for ssd/usb_stick can also be used to encrypt an entire device so that whatever you store in it will be encrypted.

Cryto-Currency

Functions on the same asymmetrical encryption idea as PGP

Your “wallet” has a key pair: one public and one private
You send money to a person's public key
You receive money via your public key and own it via your private key.

Bitcoin

Watch Zaid's explanation: link

REMEMBER: BitCoin is NOT ANONYMOUS. All transactions are public. Never send/receive from an account you do not want to be linked to.

Blockchain includes: Sender address, Receiver address, Amount (ID#), etc.
If you need to “clean” Bitcoins and make them more anonymous, use tumblers.

Set Up:

Create a wallet (Electrum comes pre-installed in Tails)
- Use the “Seguit” option (newer, more secure)
- Also: Tools… Preferences… check “Edit fees manually” (to see x-fer fee)
Create a second wallet using the “Legacy” option for ATMs
- Take the QR code from this wallet to the ATM (pic on phone)
Find an ATM: https://coinatmradar.com/
Deposit cash into ATM w/QR code to buy bitcoin w/ your legacy wallet

Where to buy Bitcoin:

ATM (easiest and easy to be anonymous): https://coinatmradar.com/
Exchanges: https://bitcoin.org/en/exchanges
Online Website: https://www.coinbase.com/

To receive money (people pay you): send people your Receiving Address or QR Code

Tumbler / Mixer:

You dump in your connected/tracked Bitcoin and receive other Bitcoins not connected to you.
Examples - Should have both ClearNet and DarkNet addresses:
- https://bitcoin-laundry.com/
- https://bitmix.biz/en - http://bitmixbizymuphkc.onion
- https://mixtum.io/ - mixtum5lbuslyow2.onion

Monero (XMR)

Download it and check the hash: https://web.getmonero.org/downloads/

Info & How-To: https://moneroworld.com/

For Monero Daemon Settings:

Start a node automatically (downloads the entire blockchain, 25GB)
Connect to a remote node (in Tor network; access blockchain). Nodes:
- https://moneroworld.com/#nodes
- Copy and paste the hostname/IP and then Port number.

Buy some Monero:

https://web.getmonero.org/community/merchants/#exchanges
Find one that allows you to buy without verifying identity.
If there are none, find one… Monero is untracable regardless.
- Click on a link… sign up (using DarkNet ID)… buy.
- NOT IDEAL (still sharing info)
Use an ATM (if you can find one): https://coinatmradar.com/
Buy it in person: https://localmonero.co/
Exchange a current cryptocurrency with Monero:
- Get some bitcoin via an ATM and then use it to buy Monero (very good option).
- Use a crypto-exchange: search for “cryto exchange” (https://web.getmonero.org/ | example, MorphToken: https://www.morphtoken.com/)
- cash → atm → bitcoin → monero → or even back to bitcoin to anonymize bitcoin (called churning… send, receive, lather, rinse, repeat)

Monero Wallet Address:

CREATE A NEW ADDRESS FOR EACH TRANSACTION
Just click on “Create new address” and name it
This further enhances your privacy and anonymity

Investigations

Technical Investigation of a .onion site:

Check out the http headers
- You might get lucky and get the “Client-Peer” IP address
See what kinds of software they are running and their current version
- Server Version | PHP App Server (etc.)
Are there vulnerabilities in that version? is it old? exploits available?
- You can get a search warrant here to break into the machine (hack in) if you have jurisdiction over the location of the server.
- If not then…. go to Shodan.io
Go to Shodan search engine (searches IoT - Internet of Things)
Enter the combo of software and versions to see what machines out there are running that particular combination and open to the Internet.
From the results, find out which serve up .onion sites.
- Few results: do it “by hand”
- Many results: write a script
Query the servers that host .onion sites and “ask” if they serve up your particular .onion site address. If you get a “yes,” bingo.

Learn:

Use a VM (or Tails) and get on the DarkNet
- If VM: take a snapshot when it's set up like you want it
- Then after use it, revert back (rollback) to your clean snapshot
Install ZeroNet, Tribler, I2P, et al
Experiment (by safely: use a machine and ID you only use for DarkNet)
- Google: “Find me DarkNet markets”
- Reddit: check out the subreddits…
- https://www.darkowl.com (comprehensive search engine for various DarkNets)
- Ahmia: https://ahmia.fi
- Shodan: https://www.shodan.io
- Tor2Web (converts .onion URLs to open Internet URLs)
  - https://onion.to
  - https://onion.link