torsocks abrowser: segmentation fault

15 Antworten [Letzter Beitrag]
Avron

I am a translator!

Offline
Beigetreten: 08/18/2020

$ LC_ALL=C; torsocks abrowser
Segmentation fault
$

$ sudo journalctl -f
juin 03 20:26:33 kernel: abrowser[7404]: segfault at 7ffe243e0ff8 ip 00007dbea7ead06f sp 00007ffe243e1000 error 6 in libstdc++.so.6.0.30[7dbea7e9a000+111000] likely on CPU 1 (core 0, socket 0)
juin 03 20:26:33 kernel: Code: 83 c4 08 c3 0f 1f 80 00 00 00 00 c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 f3 0f 1e fa 53 48 8d 9f 80 00 00 00 48 89 df 5c 20 ff ff 48 85 c0 74 34 48 8d 78 08 48 c7 00 00 00 00 00 48

Am I doing something wrong?

GNUser
Offline
Beigetreten: 07/17/2013

Yes you are... trying to use torsocks with abrowser :P
Half-kidding, the best browser to use for Tor is the Tor Browser. Torsocks is useful for wrapping other tools, but it won't give any "anonymity" these days, with all the tracking online.

Still, I am sorry I never tried doing that and can't help you much. Hope others will.

Urbancowboy
Offline
Beigetreten: 10/14/2022

I wouldn't do that, just use the official project packages. You will stick out.

Avron

I am a translator!

Offline
Beigetreten: 08/18/2020

Does that mean downloading it from https://www.torproject.org/download/? I don't like getting software from third party websites.

Besides, my default language is not English and that browser says that if I set the language to English, it will be more difficult to identify me and my privacy will be better protected. However, if I use it only to access websites that are in a language that is not English, isn't it so that most people accessing these websites request that language by default and then, by setting the language requested to English, I actually stand out much more than by setting it in the website language?

I don't want to use Tor browser at all times, only to access websites that are legal now but might become illegal or a target by the official or rogue police depending how the political situation evolves, so that I don't increase my chances of becoming a target. What worries me is that Tor browser does not say for what threat model it is optimized, and perhaps it is not optimized for my purpose.

andyprough
Offline
Beigetreten: 02/12/2015

>"However, if I use it only to access websites that are in a language that is not English, isn't it so that most people accessing these websites request that language by default and then, by setting the language requested to English, I actually stand out much more than by setting it in the website language?"

That part shouldn't matter. As long as you don't use Tor to sign into any sites in the clearnet then you should be obfuscated enough that you aren't directly traceable. Remember, your highest degree of anonymity with Tor is going to be using onion sites. If you are using Tor to access sites in the clearnet then your potential to make a mistake and make yourself trackable will go up. If you sign into any sites on the clearnet from Tor then you are really just hoping that the sites haven't been compromised or backdoor'ed in any way, and that they are not being subjected to secret court orders to hand over their visitor logs. So certainly, if at all possible, do not log into any sites on the clearnet from Tor. And if you do, then make sure they aren't sites that you have also signed into without Tor, because then they will have logged your IP address.

Avron

I am a translator!

Offline
Beigetreten: 08/18/2020

Thanks, your recommendations make a lot more sense to me. It is a pity that this is not what the popup in Tor browser says, instead of the pointless suggestion on the language.

andyprough
Offline
Beigetreten: 02/12/2015

Tor is very concerned that you blend in with their crowd and not stick out at all.

But if you look at the people who have been de-anonymized, which we usually find out about because of criminal court cases against them, in every case that we know of the person simply did not follow proper operational security ("OPSEC"). They signed into the same site with Tor and without Tor, so their IP address was logged and was associated with all of their Tor activity. In some cases they bragged about their illicit activities in gaming chat rooms and IRC's where their conversations were logged. Some of them associated their personal websites with their Tor persona, and then registered their personal website in their own name. There are many ways to screw this up, and most of them are just people being lazy or stupidly bragging about their Tor activities. There's a video channel on odysee that follows all the well-known Tor screw-ups - Mental Outlaw - https://odysee.com/@AlphaNerd:8 . He also sometimes promotes the FSF, or Icecat, or Libreboot, or shows viewers how to Libreboot a machine. He's got a very large following between youtube and odysee. OPSEC and software freedom and similar issues seem to be quite popular among younger people these days.

Avron

I am a translator!

Offline
Beigetreten: 08/18/2020

I assume the motivation to use Tor to connect to a personal account is to not reveal your location, so there is not much point doing so if you use a mobile phone, as it is easy to track your location with it.

If you connect to some personal account with Tor, any activity using the same Tor circuit can probably be associated with the identity of the account, so I'd say using the same circuit is fine if the intention is only to hide location, but for other activities to be anonymous, a different circuit should be used.

This is just very rough thinking, I don't know whether this kind of thing is better described somewhere. Thanks for the video reference, even though I find it much easier to find information from text.

andyprough
Offline
Beigetreten: 02/12/2015

>"Thanks for the video reference, even though I find it much easier to find information from text."

I agree, text is better, but the videos are good in that they walk you through a lot of different sources of information. I'll link to the latest video on Lin Rui Siang getting busted by the US FBI a few weeks back for running a store with illegal goods for sale on the dark web. It walks through all the OPSEC mistakes he appears to have made, which were quite numerous. Otherwise he apparently would have remained anonymous via Tor and the FBI would have been chasing a ghost.

Worlds Dumbest Darknet Admin Gets Busted:
https://odysee.com/@AlphaNerd:8/worlds-dumbest-darknet-admin-gets-busted:e

Urbancowboy
Offline
Beigetreten: 10/14/2022

The Tor Project is the Official project. Your options are to verify PGP keys and run it. Install it through Flatpak. I may catch flak for this, but run whonix in a Vm or use Tails on a usb to use TOR.

Avron

I am a translator!

Offline
Beigetreten: 08/18/2020

The Tor project site says to get their PGP key by running (I changed @ to " at "):
gpg --auto-key-locate nodefault,wkd --locate-keys torbrowser at torproject.org

From which server(s) did I get the key by doing that? Is there a way to check that the key is the same from multiple communication channels?

eric23
Offline
Beigetreten: 06/30/2017

We may be able to install it via apt too.

deb https://deb.torproject.org/torproject.org/ jammy main

I was not able to figure how to add the key correctly. When I did add the .asc file with apt-key, it complains about i386 release. But apt-key is deprecated and I deleted the key and put the key in trusted.gpg.d, but it still does not work.


The following signatures couldn't be verified because the public key is not available: NO_PUBKEY 74A941BA219EC810
Reading package lists... Done
Building dependency tree... Done
Reading state information... Done
16 packages can be upgraded. Run 'apt list --upgradable' to see them.
W: An error occurred during the signature verification. The repository is not updated and the previous index files will be used. GPG error: https://deb.torproject.org/torproject.org jammy InRelease: The following signatures couldn't be verified because the public key is not available: NO_PUBKEY 74A941BA219EC810
W: Failed to fetch https://deb.torproject.org/torproject.org/dists/jammy/InRelease The following signatures couldn't be verified because the public key is not available: NO_PUBKEY 74A941BA219EC810
W: Some index files failed to download. They have been ignored, or old ones used instead.

Edit: I see this does not have the tor browser package I supposed it had. Sorry.

eric23
Offline
Beigetreten: 06/30/2017

I installed guix's torbrowser. It has an earlier version, but it works great too.

https://packages.guix.gnu.org/packages/torbrowser

eric23
Offline
Beigetreten: 06/30/2017

I wanted to verify which version torproject has, but I get an error trying to use abrowser.

"An error occurred during a connection to www.torproject.org. The server uses key pinning (HPKP) but no trusted certificate chain could be constructed that matches the pinset. Key pinning violations cannot be overridden.

Error code: MOZILLA_PKIX_ERROR_KEY_PINNING_FAILURE"

Ark74

I am a member!

I am a translator!

Offline
Beigetreten: 07/15/2009

Maybe a temporary issue, I see no error when connecting to http://www.torproject.org/ (Abrowser 127.0.2)

knife

I am a member!

Offline
Beigetreten: 01/02/2019

A website can identify the language your browser is set to. Isn't it? So that's why you should use Tor with an English interface.