A comprehensive guide on privacy and mass surveillance in the modern era: understanding the dangers of your private data being public." Tor Browser Privacy Ads Do not track (DNT) Browser Comparison - Privacy Operating systems VPN Mullvad Citations:

According to the official Tor guide and website, you can "very well decrease your anonymity" by using a VPN in addition to Tor. While in theory a VPN should provide an extra layer of security, there are a few things that privacy-conscious users should keep in mind. One of the biggest mistakes a Tor user can make is choosing the wrong VPN provider. It is known that most VPN providers keep logs of both internet traffic and your payments, so it is extremely important that each user does their own research to determine which (if any) VPNs fit their threat model. If you would like a brief summary of the top privacy VPNs, you can read this section.

Another aspect Tor users need to remember when using a VPN is that a VPN acts as a permanent entry or as a permanent exit node. This means that your VPN endpoint can (in theory) become a single point of failure. At the end of the day, the use of a VPN can both greatly increase or greatly decrease a user's privacy; these risks should be heavily considered and researched before committing to any one way.

One big use case for VPNs with Tor is circumventing censorship. If an oppressive government blocks known Tor nodes (which is very common), a VPN can mask the true destination of a user's requests.

Whether or not to use a VPN depends on the user, their risk tolerance, and their adversary. As the Tor Foundation put it:

"Who's your adversary? Against a global adversary with unlimited resources more hops make passive attacks (slightly) harder but active attacks easier as you are providing more attack surface and send out more data that can be used. Against colluding Tor nodes you are safer, against blackhat hackers who target Tor client code you are safer".(, 2024)

Please navigate to Link [2] for more information.

A "Timing attack" is a method of deanonymization which works by observing the timing of data entering and leaving the network. Alone, these times are almost irrelevant however if an attacker controls both the entry and exit nodes (and the user is on unpatched / old software) an attacker can compare the times from these nodes and deanonymize the user. This type of attack has been seen in the wild and according to a Bleeping Computer article: "The documents related to the information provided strongly suggest that law enforcement agencies have repeated and successfully carried out timing analysis attacks against selected gate users for several years to deanonymize them," stated CCC's Matthias Marx." (B. Toulas, 2024)

While this attack has been used in the wild, the tor foundation has stated that they have done "extensive work to flag and remove bad relays has taken place in the past years" as well as "the version used by the deanonymized user was retired in June 2022 and has been replaced by the next-gen Ricochet-Refresh, which features Vanguards-lite protections against timing and guard discovery attacks." (B. Toulas, 2024)

"Maybe, but timing attacks are something that happens when you are being targeted, specifically. There’s a lot of misinformation about exit nodes. A snooping exit node cannot identify you. Tor uses perfect forward secrecy to prevent the exit node from seeing what the entry and intermediate nodes see. In other words, it makes it impossible for the exit node operator to find out where the data request originated from, especially if you're connecting to an HTTPS site because then they can't even see what you're doing. Using a VPN over Tor is going to prevent your circuit from changing. All of your nodes in the circuit are fixed. The only use this has is if, for some reason, a site is blocking all of Tor's exit nodes; you can use a VPN at the end. Other than this, it has no real purpose. If you're wanting more anonymity, use Tor over VPN. This prevents your real IP from ever connecting to the Tor network. It will also keep your ISP from seeing you use Tor. Also, using this method keeps the VPN separate from the Tor network. The VPN can't see your Tor activity, and Tor can't see the VPN, with the exception of the guard. This would make exploiting your VPN much harder because an adversary would have to compromise Tor first. The other method means your VPN is basically acting as a second exit node. All this to say, if you're just a general web browser, you can probably do whatever you want without being exploited. But if we assume someone is wanting to use a VPN to make themselves more anonymous to the outside world, then you would definitely want to connect to Tor through the VPN, not connect to the VPN through Tor. By the way, here's the link: Link". (, 2024a)

SNDL (Save now, decrypt later), sometimes known as "Harvest now, decrypt later," was a concep first exposed by the Edward Snowden leaks in 2013 Link.

See the [[7ffde81c-4a94-4516-aff6-1b3263d9589d][Browser comparison] here

Arkenfox is my preferred hardened browser

Librewolf is a more "user-friendly" version of arkenfox which doesnt require any modification of your firefox client or user.js, and tends to work out of the box.

Brave browser is a very popular choice for "privacy" since most people arent aware of a certain incident. The brave browser was caught injecting their own affiliate crypto links into certain URLs without user consent. Here is the brave CEO's statemement on the issue:

"The autocomplete default was inspired by search query clientid attribution | that all browsers do, but unlike keyword queries, a typed-in URL should go to the domain named, without any additions. Sorry for this mistake — we are clearly not perfect, but we correct course quickly.

On top of this shady incident brave is still not a great browser, for example brave is a chromium based browser which means it is under the indirect control of Google. The monopoly of chromium needs to stop before we can see internet privacy become mainstream and achievable for anyone.

If you care at all about privacy, you should never be using chrome, you should probably just uninstal the spyware if you have it.

Tor [[7ffde81c-4a94-4516-aff6-1b3263d9589d][Browser comparison]

A Virtual Private Network (VPN) is a secure connection that allows you to browse the internet with enhanced privacy and security.

This section covers different VPN providers and their features.

Mullvad

Mullvad is a privacy-focused VPN service that does not require an email address to sign up. It accepts anonymous payments and offers strong encryption.

:ID: d260a8a9-bbed-4adf-a419-ddc444afd700

This guide discusses various aspects of the Patriot Act

"On April 24, 1996, President Bill Clinton signed the “Antiterrorism and Effective Death Penalty Act of 1996,” to make it easier for law enforcement to identify and prosecute domestic and international terrorists. [1]

• allowing law enforcement to use surveillance and wiretapping to investigate terror-related crimes
• allowing federal agents to request court permission to use roving wiretaps to track a specific terrorist suspect
• allowing delayed notification search warrants to prevent a terrorist from learning they are a suspect
• allowing federal agents to seek federal court permission to obtain bank records and business records to aid in national - security terror investigations and prevent money laundering for terrorism financing
• improving information and intelligence sharing between government agencies
• providing tougher penalties for convicted terrorists and those who harbor them
• allowing search warrants to be obtained in any district where terror-related activity occurs, no matter where the warrant is executed
• ending the statute of limitations for certain terror-related crimes
• making it harder for aliens involved in terrorist activities to enter the United States
• providing aid to terrorism victims and public safety officers involved in investigating or preventing terrorism or responding to terrorist attacks [1]

"According to a 2015 Washington Post article, the Justice Department admitted, “FBI agents can’t point to any major terrorism cases they’ve cracked thanks to the key snooping powers in the Patriot Act." [1]

Another important aspect of the NSA survellence that Edward Snowden leaked is known as PRISM. PRISM was created in 2008 with the intention of intercepting and storing "suspicious" communications. While it is clearly stated that they can only monitor "court approved" communications the [Edward Snowden Leaks] proved otherwise. According to an article published by The Guardian

judges have signed off on broad orders which allow the NSA to make use of information "inadvertently" collected from domestic US communications without a warrant. 3

According to the official document:

"The Government cannot target anyone under the court-approved procedures for Section 702 collection unless there is an appropriate, and documented, foreign intelligence purpose for the acquisition (such as for the prevention of terrorism, hostile cyber activities, or nuclear proliferation) and the foreign target is reasonably believed to be outside the United States. We cannot target even foreign persons overseas without a valid foreign intelligence purpose." [3]

dni.gov 2013

\onecolumn