GeapheneOS (Pixel only) has sandboxed play services by default, with controls over location data, etc. Not sure if that's what you're after but I thought I'd mention it.
Edit: I'm not sure why I stayed up typing this. Maybe someone will read this comment and learn something.
I am speaking more specifically about hidden service server compromise, happening via court order if possible once the IP address is obtained through technical (not opsec issue, but perhaps parallel reconstruction) means.
Just in the last year (most last 2-4 months).. after tor DoS was 'more fixed' with PoW mind you.. teams of government agencies have seized the following hidden services and or taken down of the teams behind them: LockBit, Hive, Blackcat/ALPHV, Ragnar, Genesis Market, xDedic, Kingdom Market, Piilopuoti, Qakbot, Skynet Market, ChipMixer, and the list goes on. I didn't even mention all the CSAM and drug related seizures. Those are only ransomware, fraud and drug markets.
But yes /.env, /.well-known, /server-status, not verifying server ssh hash with password login in an amnesiac operating system, not running an amnesiac operating system and having multiple ssh keys (remember that GitLab fiasco)... All OPSEC mistakes an intermediate operator c(w)ould make.
Yes, but with the amount of darknet markets and CSAM hidden services that have been taken down within a relatively short span of time compared to the last decade of tor's more widespread history, it seems they may have a new vulnerability (or perhaps just a new covert post-snowden-acceptance surveillance court ruling) that allows them to identify hidden services real IP addresses. It's speculation, but they wouldn't use it bluntly or everyone would know there was a vulnerability and thousands more eyes would be on the tor code (or awareness of nation-state level traffic omniscience in the case of something as simple as a timing attack). A CSAM hidden service has been run by the federal governments of a few countries, so there's no question of ethics or law in that case.
All of that is taken care of with tor browser. It's a modified version of Firefox writes nothing to disk. There are a few hidden places in the OS itself where some random memory might get stored until reboot or an app switch thumbnail, but with a reboot they should be 99.999% good to go even with forensic analysis.
I almost never trust any site that advertises any kind of VPN service (it's always ranked by the best paying referrals) but this mirrors what I've seen in discussions.
Preferred VPN Choice: The general consensus among VPN users in China is that Astrill VPN is the most reliable option. However, it’s an incredibly expensive VPN, so it’s worth trying other cheaper options first. Surfshark is our top choice for best VPN for China as it has a solid reputation for working in the country while also offering affordable plans.
Alternative VPN Options: Other good options for China include CyberGhost, Proton VPN, Widscribe and Mullvad. NordVPN is also an option, but it’s not as reliable in China as the other six, so we only recommend it if you already have an account.
Censorship Evasion Strategy: Since VPNs are in a running battle with censorship, we recommend subscribing to multiple VPNs to ensure you have coverage at all times. No matter which VPNs you use, make sure you download them before going to China, as the download pages are often blocked.
Nope, that's literally what onion routing is about in case you aren't being facetious. It's in the whitepaper and in the code. It's also in the Snowden leaks.
Edit: Lemmy doesn't allow direct image posting anymore?
Of course that was a long time ago, and hidden services may be much more easily compromised now. And they'll always have their precious 0days. Don't traffick kids, terrorism, or ounces of pure fentanyl and tor will work just fine for you.
There are a ton of obfuscating protocols that a VPN can run. obfs is one of the most popular. You can configure your VPN to appear as basically any traffic. HTTPS, DNS, QUIK.
Part of the point of a VPN is there's not a dedicated IP tied to you (or at least tying all of your activity together). That doesn't provide any benefit besides a corporate/government firewall bypass unless a mass of people are using your server.
And, cloudflare creates a proxy (including it's own SSL certificate by default!) between you and every cloudflare site. So they're able to see all data, even on https secured pages.
I love hearing about how other cultures work. I have a question because this is a point of contention with me and our banking system.
If you have 5.000 DKK in your bank account and buy something worth 6.000 DKK, does your bank allow the charge to go through? If it does, are you charged large fees? How does that work?
Semi-related but not exactly... In the US when a company puts a hold charge on your debit card, depending on what it's for, it's usually for more than the amount than is being paid, I believe, then they refund/unhold the rest when the charge goes through. I may not be accurate in this because I only have it happen at gas stations. You have to have minimum $170 in your account to pay at the pump. Otherwise you have to go inside and pay without a hold.
Someone else from the US correct me if I'm wrong please.
The banking system and cards must work differently in your country, unless it's the second thing you said. That would be nice though. Here in the US sometimes you can wait weeks after getting charged before it sends, especially if it's a smaller company that might somehow miss your order.
Once they do? Stuxnet was what, 2010? And because of the coding error that caused it to spread outside the enrichment plant it was found out and only set them back something like 2 years.
Iran, after the collapse of its 2015 nuclear deal with world powers, has pursued nuclear enrichment just below weapons-grade levels. Tehran has accumulated enough enriched uranium to build several weapons if it chooses. However, U.S. intelligence agencies and others assess that Iran has yet to begin a weapons program.
Iran is “presenting a face which is not entirely transparent when it comes to its nuclear activities. Of course this increases dangers,” Grossi said. “There’s loose talk about nuclear weapons more and more, including in Iran recently.
Since 2022, Iranian officials have spoken openly about something long denied by Tehran as it enriches uranium at its closest-ever levels to weapons-grade material: the Islamic Republic is ready to build an atomic weapon at will. That includes Kamal Kharrazi, an adviser to Iran’s Supreme Leader Ayatollah Ali Khamenei, who told Al Jazeera that Tehran has the ability to build nuclear weapons but does not intend to do so.
GeapheneOS (Pixel only) has sandboxed play services by default, with controls over location data, etc. Not sure if that's what you're after but I thought I'd mention it.