TOR history/traces left behind

Discussion in 'privacy technology' started by Stifflersmom, Jan 3, 2013.

Thread Status:
Not open for further replies.
  1. Stifflersmom

    Stifflersmom Registered Member

    Joined:
    Jan 3, 2013
    Posts:
    45
    If someone extracts the self-contained TOR browser bundle to its directory, uses it, then securely deletes that directory, is there any proof it was ever used on a system?
    Can anyone actually confirm that NO traces of use are left behind on a system?
     
  2. Mman79

    Mman79 Registered Member

    Joined:
    Sep 19, 2012
    Posts:
    2,016
    Location:
    North America
    I personally can confirm that I've had it leave registry traces before. But traces of TOR itself aren't going to do much because you can't track what it was used for by files/registry entries left behind of the program that I've ever been aware of at least.
     
  3. Marc05

    Marc05 Registered Member

    Joined:
    Oct 31, 2011
    Posts:
    8
    TOR itself won't leave any incriminating traces, but other programs in the system may have kept some sort of logs. Use a sandbox and that should be more than enough.
     
  4. Computer N00bie

    Computer N00bie Registered Member

    Joined:
    Jan 11, 2013
    Posts:
    2
    Or you could extract and install Tor from inside the hidden volume of an encrypted flash drive.
    First encrypt your USB stick with truecrypt's hidden volume option.
    Then open the hidden volume.
    Then extract, install, and run Tor Browser Bundle (TBB) from within the hidden volume of the USB.

    Never RUN TBB on your computer's HDD. Doing so will most likely leave unwanted traces on your HDD. Running TBB from an encrypted external flash drive should solve your problem.
     
  5. caspian

    caspian Registered Member

    Joined:
    Jun 17, 2007
    Posts:
    2,301
    Location:
    Oz
    I don't know about incriminating, but I have had Tor show up in a scan with Privazer after having already run Ccleaner, R-wipe, Bleachbit and Sweepi. I ran Privazer after all of the others as an experiment to see what Privazer could pick up that the other ones left behind when I first tried it out. I really don't understand what I was looking at, but it did show that I had connected to Tor on a certain date in the Privazer scan after supposedly cleaning all activity with the above cleaners.. Then I told Privazer to clean everything. I do that every so often.

    However, I don't see how there can really be that much to clean. First, I use Shadow Defender. Are there traces of stuff after reboot? I guess there probably are, but what? I doubt that it's much but I may be wrong.

    I think I will do some experiments to see if it can pick up Tor after I use it while Shadow is enabled.

    I did do those experiments with images showing up on the hard drive a while back. I don't know how to scan for anything else. I scanned after viewing images with Returnil and also with Sandboxie and Eraser. I deleted the sandbox and rebooted. Images show up that you have viewed from a web page while Returnil is enabled, and from within Sandboxie with eraser. Using Sandboxie and Eraser with Returnil enabled had no effect on images from browsing showing up in Recuva.. However, I ran the same experiments with an un-sandboxed portable browser from a USB stick. I could not find one single image.

    Nothing can stop images from showing up on a Recuva scan except for browsing from a USB stick or from within a Truecrypt container. I have portable browsers and chat installed in a Truecrypt container. And I open that container after I have already enabled Shadow Defender. And then I run my portable apps and browser with Sandboxie configured with eraser. So what is there really to recover after reboot? I wish I had the expertise to experiment and find out.

    I assume that if I can see images with Recuva from browsing in Sandboxie, with eraser, and returnil enabled, then there must be other personal data there too. Text files maybe? I don't know and I really don't know how to look for anything else but images. Maybe someone else here does and will do some experiments?

    But as people say here, if you truly have a lot of sensitive stuff then encrypting your hard drive is probably the only way to go. I don't know how to do that yet. It's not a top priority for me, but it's on my list of things that I would like to learn. The worst I have ever done is download some stuff for free and look at some porn. So shoot me. I am not really that worried about it. But it is private and I do care. What concerns me more is I participate in groups and discussion boards and that kind of thing. So I like to keep all of my identities separate. And I think I've got that covered petty well.
     
  6. Nebulus

    Nebulus Registered Member

    Joined:
    Jan 20, 2007
    Posts:
    1,582
    Location:
    European Union
    Can I ask you why is there a problem with TOR leaving any trace on the computer? After all, you DO leave network traces about your TOR usage...
     
  7. happyyarou666

    happyyarou666 Registered Member

    Joined:
    Jan 29, 2012
    Posts:
    802
    its always the same questions , boring, we got enough threads on how to avoid all this on a permanent OS install, just gotta click through a couple pages, here let me help you out abit, magic word for the day is ,truecrypt and hidden os and a vpn/vpns of your trust ;)

    or if lazy just use a live cd like TAILS with a ddwrt router connected to your vpn , no traces no logs about tor or anything else from your isp, protip read the threads here not just the first page ;)
     
  8. Mman79

    Mman79 Registered Member

    Joined:
    Sep 19, 2012
    Posts:
    2,016
    Location:
    North America
    So you're saying that Returnil, Sandboxie and such can't actually do the job they say they do? If you can retrieve images, you can retrieve much more.
     
  9. caspian

    caspian Registered Member

    Joined:
    Jun 17, 2007
    Posts:
    2,301
    Location:
    Oz
    They keep malware and stuff off of your computer. But I guess when you view images on a webpage, or lots of them anyway, your hard drive has to be used to reflect them back to you. At least that is what I think is happening. I posted about this a long time ago and no one offered any explanations.

    But here is what else I know. If I have some folders saved on my desktop and I enable Returnil, I can delete all of those folders, even wipe them, and when I restart my computer those folders will be there again. If I add folders *after* I have enabled Returnil and restart my computer, the folders will be gone when I restart. If I install some software while Returnil is enabled and restart my computer, that software will not be there when I restart. If I delete software while Reurnil is enabled, it will reappear when I restart my computer.

    And most importantly, if I get malware on my computer, either known or unknown, while Returnil is enabled, it will be gone after I restart. So it does quite a lot of what is suppose to do. But I do not know why it still leaves images. No one as offered an explanation as to why this happens. But I do think that it gets rid of most everything else. So if you browse from a USB stick or from inside of a TC folder, with your browser sandboxed, that should be pretty darn private as far as I can tell.

    Maybe the NSA or someone could gather something from that, but who cares? I'm not interested in them and I am sure that they would find me to be a very boring person. But for anyone else who wants to invade my space I think this is a pretty good approach.
     
    Last edited: Jan 20, 2013
  10. lotuseclat79

    lotuseclat79 Registered Member

    Joined:
    Jun 16, 2005
    Posts:
    5,094
    If you use Tails from a Live CD/USB - it wipes all of RAM at the end of shutdown before powering down.

    -- Tom
     
Loading...
Thread Status:
Not open for further replies.