TOR history/traces left behind

If someone extracts the self-contained TOR browser bundle to its directory, uses it, then securely deletes that directory, is there any proof it was ever used on a system?
Can anyone actually confirm that NO traces of use are left behind on a system?

 

I personally can confirm that I've had it leave registry traces before. But traces of TOR itself aren't going to do much because you can't track what it was used for by files/registry entries left behind of the program that I've ever been aware of at least.

 

TOR itself won't leave any incriminating traces, but other programs in the system may have kept some sort of logs. Use a sandbox and that should be more than enough.

 

Or you could extract and install Tor from inside the hidden volume of an encrypted flash drive.
First encrypt your USB stick with truecrypt's hidden volume option.
Then open the hidden volume.
Then extract, install, and run Tor Browser Bundle (TBB) from within the hidden volume of the USB.

Never RUN TBB on your computer's HDD. Doing so will most likely leave unwanted traces on your HDD. Running TBB from an encrypted external flash drive should solve your problem.

 

I don't know about incriminating, but I have had Tor show up in a scan with Privazer after having already run Ccleaner, R-wipe, Bleachbit and Sweepi. I ran Privazer after all of the others as an experiment to see what Privazer could pick up that the other ones left behind when I first tried it out. I really don't understand what I was looking at, but it did show that I had connected to Tor on a certain date in the Privazer scan after supposedly cleaning all activity with the above cleaners.. Then I told Privazer to clean everything. I do that every so often.

However, I don't see how there can really be that much to clean. First, I use Shadow Defender. Are there traces of stuff after reboot? I guess there probably are, but what? I doubt that it's much but I may be wrong.

I think I will do some experiments to see if it can pick up Tor after I use it while Shadow is enabled.

I did do those experiments with images showing up on the hard drive a while back. I don't know how to scan for anything else. I scanned after viewing images with Returnil and also with Sandboxie and Eraser. I deleted the sandbox and rebooted. Images show up that you have viewed from a web page while Returnil is enabled, and from within Sandboxie with eraser. Using Sandboxie and Eraser with Returnil enabled had no effect on images from browsing showing up in Recuva.. However, I ran the same experiments with an un-sandboxed portable browser from a USB stick. I could not find one single image.

Nothing can stop images from showing up on a Recuva scan except for browsing from a USB stick or from within a Truecrypt container. I have portable browsers and chat installed in a Truecrypt container. And I open that container after I have already enabled Shadow Defender. And then I run my portable apps and browser with Sandboxie configured with eraser. So what is there really to recover after reboot? I wish I had the expertise to experiment and find out.

I assume that if I can see images with Recuva from browsing in Sandboxie, with eraser, and returnil enabled, then there must be other personal data there too. Text files maybe? I don't know and I really don't know how to look for anything else but images. Maybe someone else here does and will do some experiments?

But as people say here, if you truly have a lot of sensitive stuff then encrypting your hard drive is probably the only way to go. I don't know how to do that yet. It's not a top priority for me, but it's on my list of things that I would like to learn. The worst I have ever done is download some stuff for free and look at some porn. So shoot me. I am not really that worried about it. But it is private and I do care. What concerns me more is I participate in groups and discussion boards and that kind of thing. So I like to keep all of my identities separate. And I think I've got that covered petty well.

 

Can I ask you why is there a problem with TOR leaving any trace on the computer? After all, you DO leave network traces about your TOR usage...

 

its always the same questions , boring, we got enough threads on how to avoid all this on a permanent OS install, just gotta click through a couple pages, here let me help you out abit, magic word for the day is ,truecrypt and hidden os and a vpn/vpns of your trust

or if lazy just use a live cd like TAILS with a ddwrt router connected to your vpn , no traces no logs about tor or anything else from your isp, protip read the threads here not just the first page

 

So you're saying that Returnil, Sandboxie and such can't actually do the job they say they do? If you can retrieve images, you can retrieve much more.

 

They keep malware and stuff off of your computer. But I guess when you view images on a webpage, or lots of them anyway, your hard drive has to be used to reflect them back to you. At least that is what I think is happening. I posted about this a long time ago and no one offered any explanations.

But here is what else I know. If I have some folders saved on my desktop and I enable Returnil, I can delete all of those folders, even wipe them, and when I restart my computer those folders will be there again. If I add folders *after* I have enabled Returnil and restart my computer, the folders will be gone when I restart. If I install some software while Returnil is enabled and restart my computer, that software will not be there when I restart. If I delete software while Reurnil is enabled, it will reappear when I restart my computer.

And most importantly, if I get malware on my computer, either known or unknown, while Returnil is enabled, it will be gone after I restart. So it does quite a lot of what is suppose to do. But I do not know why it still leaves images. No one as offered an explanation as to why this happens. But I do think that it gets rid of most everything else. So if you browse from a USB stick or from inside of a TC folder, with your browser sandboxed, that should be pretty darn private as far as I can tell.

Maybe the NSA or someone could gather something from that, but who cares? I'm not interested in them and I am sure that they would find me to be a very boring person. But for anyone else who wants to invade my space I think this is a pretty good approach.

 

If you use Tails from a Live CD/USB - it wipes all of RAM at the end of shutdown before powering down.

-- Tom