Tor and vm's

Hello all! That's my first post here and I have some few questions about navigation with tor network:

1) Is it safe to use it to access mainstream websites such as facebook, google and so on? I mean, they will probably know by there that we are using tor. And they can of course send out this info to someone else? But the ISP wouldn't have the logs right?

2) Is it safe for banking and shopping? I am sure that using, for example Chrome browser will give you away and you'll also have all your purchases and everything logged. When on tor network...

3) Now, connected to what I said above on 2. When it comes to linux systems configuration of the network to use tor on firefox! What about mozilla? I don't really know if it is intelligent to trust them 100%.

4) VMWare: I use at the actual moment, the linux OS's only inside a vmware machine. As vmware asks for registration I am very keen to believe it's not that safe to do our navigation even inside tor from there. Do you know if they (vmware systems) can know you navigation even inside tor? (of course they could have some print screen system easily...) And even if a vm software doesn't require registration I am not sure it would be really safe to use vm's on Windows OS. Not completely. For example, Win 8 has more of your personal data than previous systems. In this way it is possible that other softwares are checking those details out. Also your antivirus software can know probably everything you do online (at list on a browser I know they can (and they even can see inside a vm)) Comments on those?

I hope you don't find it boring to read so much and we can have some prolific discussion here because I do have a lot to learn...

I appreciate any responses and comments. As this is my first steps here, if there is something wrong with the post. Please someone, an admin... just let me know.

Also, I am not sure right now if the forum accept this kind of discussion (as I saw messages about commands and stuff like that). If not, please tell me why so I just will ask really what the forums here are about. Another thing, if not can you please tell me what forums I can discuss things like so?

Thanks a lot!

The internet works by sending information to other systems and getting information back. As such, you will never have perfect security. At best you can send to systems not known in protocols not recognized via data not understood.

vmware is very big business. They care about their own money and hence have licenses, but are unlikely to have gaping backdoors.

win8 doesn't have your personal information unless you're silly enough to give it to it. They may have scammed lots of people into believing it needs an MSN account and internet access to run, but that's just not true.

Thanks a lot Corona688. I know that nowadays, and as far behind as I know there has never been such thing as perfect security. But what I mean is, how safe would it be to do banking over tor for example?

About vmware, what I think about these big companies is that they are not caring that much if they sell or not our personal info as long as someone pays well or give them any benefits. And I don't have why to believe they wouldn't capture such information just in case too, if they don't already have a reason.

And about Windows, yes, I know that if you don't want them to have your personal detail you just don't give them. Me for example, on the other hand, don't care for some of the information I have to be used through the Microsoft systems, as I use their email personally (but I have some emails and not all on their network, and not all with private info). But there are a lot of other things, simple things like searching for info online that I don't want them to have! But I don't trust IE for example at all.

Thanks again for your response

vmware has big customers, if they were doing that sort of thing they'd find themselves extremely culpable.

MS on the other hand clearly doesn't care, their support is extremely limited and their responsibility ends when they sell an OS.

Yeah, looking from this angle it does makes sense

But even this vision making sense. See big companies with a lot of customers, and that now, we all know have corroborated with snooping...

In my vision it is to be na�ve to believe that because of how people will look at them they wouldn't do it, they would still make money, say something... some excuses... Also, it seems like a vicious thing nowadays, companies and even people recording everything, even what is not necessary. And that can lead to privacy problems...

I really don't trust vmware, or windows... or even Google and so on. You can clearly see for example how Chrome takes screenshots when on the startpage you see those little frames of the pages most visited. Who can tell if there aren't more screen shots going up to the cloud?

And all the data collected, are they giving or not access to someone else? The browsers can even see the names of each file on a machine filesystem. That all can be collected. And I know that even using TOR you must be very careful, really careful. If you are just using it for privacy concerns, dont wanting people having every move you do registered and shared you can be more relaxed, it is easier and it is your right.

If you are not breaking any laws or intending to do so. There's no problem on using TOR (but be aware, if you go to the tor project website in an identifiable way, most likely you'll be in a 'list" from that moment on, that's what I heard and is probably true for what we can search online). But to pay a VPN provider for example is to pay to be snooped on big time! I am quite sure of that. They have logs and everything, plus your very personal data.

TOR is one of the best tools we have now. If not the best. Probably the best. It should be more developed by people who really know what they are doing, because if even now there is how to browse privately through the network, then with more work on it, no one would be able to really see those who really know how to use the service.

Me for example right now am using a version on MS OS, not the best, but I in the most am just trying to avoid those terrible data collection for ads purposes and having my browsing data collected from Google, Facebook (even what is done outside their website as they publicly stated) and Co. And I really have the vision that this is our right to browse in this way, of course also avoiding ISP's data collection.

Nice weekend you all

If you dont like vmware, you could try virtualbox.

hth

Let me adjust that a little bit. vmware doesn't have billions of individual customers, it has fewer numbers of larger, corporate customers.

It seems okay -- or at least inevitable -- for a company to mess with people's personal information individually these days, but mining someone else's corporation for people's personal information can be seriously big trouble. That's theft, that's information a corporation expects to be paid for.

Hello sea! Thanks a lot! I do know about virtual box for example and I appreciate your response I believe the main reason I cited vmware was to show that they request personal information for you to use their product... But mainly, I may want to probably have one machine totally configured or at least ready for just linux access in a safer way next to my Windows machine.

That's because some search for examples are too personal, even small things, for instance, why should anyone know what cream do you want to use or what razor you generally buy and make money out of it? And I am only talking about the tip of the iceberg (hyperbole?) of possible uses for information...

Thanks again!

---------- Post updated at 07:51 PM ---------- Previous update was at 07:31 PM ----------

Yes, yes, I agree, those are the kind of customers that vmware has in the most part. But as you can see my response to sea, the use of vmware requires registration, something must be behind it. Some kind of control of information, that's obvious (the question is why and what does the info can end up, willingly or not). (even the free non-comercial version has this request for info)

And that is not necessary theorically, because others don't do (this request for info), but of course not only because of that, it is as clear as clean water that it is not necessary not even for their business purposes. The important thing is to have a good software that a lot of people use (and companies also).

But even it being a big issue to mess with corporate information, for another company to do or allow it somehow we do know that it is not impossible. And that doesn't mean (unfortunately) that because it is wrong, or unethical, that it won't be done by some kind of people or association.

There are some informations that I believe you've encountered and read or heard about backdoors on MS OS's for examples. Absolutely that shouldn't be different for corporative clients as the system build is basically the same. And Windows goes on on the market. Mainly perhaps because of how easy it is to deal with (the system). And depending on the case even Ubuntu (that is more and more caring about money) or other unix basic system can't be totally trusted. The ideal thing is to know programming and networks to really infer if a system is safe and spread the word to those who doesn't know those stuff. If there is time to do this (for someone I mean)... and even so, something may have not been seen in time. Like in unix system that ghost problem that happened (how many people did know about that if any? Was that on purpose (the existence or the fact that it was not informed before and corrected?) )

So, basically, what I mean is, that is not because it would be wrong, unethical and possibly cause a bad image if discovered that some people and/or companies won't act in that direction. By my point of view it is basically a moral issue.

I hear FBI network uses TOR model themselves.

TOR is safe but slow really too slow for surfing. you really want to be safe I suggest using relays of homing pigeons to deliver messages no technology in the world can trace that.

Well sparcguy, TOR will be usable depending on your connection and the quality of the connection in your country as well... but it is, even so, slower than the usual connection, that's true.

And probably all (if not all some of) the major agencies not only from US have some relays themselves just to try to get information through it. I've read some stuff that says how they try to trace the information exchanged... and read it of course...

But yeah, it is safe tough. If you know at least a bit of technology and what to do and what not to do over it. But the real thing is, there is a lot of crimes that are possible to be tracked by technology, that's normal for government agecies to want to have the possibility to access all information possible. But on the other hand there's a limit to how much information is accessed and even more WHY. It must have a reason, a real good reason. And not just do it for the sake of it.

As we recently learned, (even though many have guessed probably), there are a lot of information, really personal information that can end somewhere where it shouldn't be, and instead of stopping crime there are some people just looking at it, the private information of someone. That shouldn't be done at all. Why do that? Just because they "can"?

But in general there are not really much to concern about, for example, if you use some adblock software you can stop unwanted ads, once you already pay for your bandwidth you have the right to decide or not to see ads when surfing; but of course, if someone provides you with good information, fun and et cetera and you want to help then you can let the ads on on their blogs, websites... and if you use the ads it'll be even more revenue to them.

The main thing is that you should be free to do whatever you want online. Without being spied on. But then again, some people would commit crimes (even more crimes would happen I mean) if there weren't punishment for what is done online. So that's necessary to have some control of course. Otherwise it would be a really dark place internet. We need laws everywhere. Because there are people that just don't know how to live a life that is good. They have this need to do something bad, that's what it seems to happen, like that Dexter's Dark Passenger (for analogy haha) (and should be tackled of course). But the control should only reside on log based systems for the general public (unless under rightful investigation), because IF necessary, then the data would be accessed.

That's a really huge conversation, that take a lot of time and would probably go on. We have ethics to deal with. We have a lot to deal with. We need law enforcement. But we also need respect. So that is some times a thin line that is crossed. And it seems in a lot of situations that the line is purposefully crossed... even if not necessary...