[cnvogel]

What's the standard way to use Tor for people who are really diligent with their operational security?

Personally I haven't used Tor except for short casual testing. But if my personal security would depend on the anonymity provided by Tor, I think I'd seriously consider adding an additional layer of protection to avoid information leaking out "to the sides".

[mikegerwitz]

Use Tails or Whonix which prevents leaking data outside of the Tor network. Qubes OS makes Whonix easy/transparent (though I haven't had the pleasure of trying out Qubes yet).

Never access files downloaded over Tor outside of those environments, and _never_ mix identities: if you're going to be pseudononymous, don't access files downloaded under another pseudonym or visit websites you'd access (especially if logging in) under another. If you're going to be anonymous, don't save the data: let it be ephemeral, which is easy in the case of Tails, which is ephemeral by default.

Always use Tor Browser, not Tor over Foxyproxy in a vanilla Firefox or something. Don't rely on torify on your normal setup for complete anonymity, for reasons above.

But it depends on your threat model. I _do_ do both things in the previous paragraph for my day-to-day stuff where my threat model involves e.g. advertisers and other privacy-invading trackers, where I'm reading tech-related articles or downloading videos of talks, for example. But that involves a number of other addons as well (e.g. Privacy Badger, HTTPS Everywhere, NoScript, uBlock Origin, self-destructing coookies, ...).

Edit: Forgot to mention: https://www.whonix.org/wiki/DoNot

[ryanlol]

>Use Tails or Whonix which prevents leaking data outside of the Tor network. Qubes OS makes Whonix easy/transparent (though I haven't had the pleasure of trying out Qubes yet).

Use Whonix, not Tails. Tails doesn't do a particularly good job preventing leaks outside of Tor network.

[dukeluke]

It's also a good idea to assume Tor is already pwned and to follow good opsec(burner devices, mac address cloaking, using open/pwned wifi APs, loading & running OS completely through ram, and use hard drive write blockers). True anonymity is tough nowadays.

[mikegerwitz]

Tails randomizes the MAC address by default, I believe.

(Edit: https://tails.boum.org/contribute/design/MAC_address/)

But yes, you need hardware you can trust. Burner won't be a bad idea if your life depends on your anonymity.

[chopin]

Out of curiosity: Why is this necessary? Being not exactly a network expert I would have assumed that leakage of the MAC address terminates at the next router or switch (which eg. would be my home router, if using TOR from home). Is the MAC address part of IP packets somehow?

[FungalRaincloud]

Typically, the MAC address is not public beyond the next router. Software could intentionally leak it, but I don't think that's likely on a system built for anonymity. However, it is possible that, should your traffic get traced to your true IP address, interested parties would attempt to then trace it to an individual. Any router you connect to could be storing access logs (or even passing them on to the next connection point) for a long enough time that they could narrow down which MAC the traffic came from. If they have you on camera, and the recorded MAC matches your PC, that's a bit more evidence. Sure, you could potentially fight it in court (MACs can be trivially spoofed, after all!), but why bother taking the risk?

[moyix]

It's not part of the IP packet, but in some previous cases exploits on Tor (such as the one the FBI used in the Freedom Hosting takedown) have explicitly queried the MAC address and then exfiltrated that information. I assume the intent was that they could then arrest the suspect and compare the captured MAC address to the physical machine to prove it was the same person.

[angry_octet]

In addition to providing confirmatory evidence, MACs are essentially serial numbers in a can. Every batch of chips sold can be traced to an OEM. If that was a laptop OEM then the manufacturer will know the serial number of the device with that MAC, and CPU ID etc. There is a good chance they can trace who initially purchased the laptop.

Also, if it is a WiFi MAC then your laptop is blasting that out constantly, and many services collect that info. Fortunately we are slowly seeing a move to randomisation of the MAC used when scanning. Unfortunately an active probe can pierce the veil by causing the true MAC to be used. Lots of venues (shopping malls) offer free Wifi because it causes the phone to reveal its true address when it connects, allowing tracking (lots of other entropy in Wifi apart from the MAC though).

There is no reason random MACs shouldn't be used for all transmissions in modern systems except for software inertia.

[mikegerwitz]

In addition to what the others said, it could be used to correlate you across multiple e.g. public wifi hotspots. Imagine some dissident in a repressive regime leaking information and law enforcement checking the logs of the routers for various public places. If they find a MAC at all locations, they might be able to check security cameras and see what individuals were present at that time and correlate that MAC with an individual, and then further use that information to track their movements.

Yes it can be spoofed and someone could potentially be framed, but it's just more information that can be used in conjunction with other data to help deanonymize a person.

[hrehhf]

Have you noticed that Starbucks has wifi sponsored from Google? Considering that Google tracks everything else, it is reasonable to assume they track MAC addresses at nearly every Starbucks, too. It has been reported that shopping centers do this as well. You do not have to actually be connected to their SSID either because your MAC address will be broadcast with any frames transmitted.

[kolme]

Hardcore people in the security circles do all their serious stuff inside one-use-only virtual machines, once their stuff is done, the machine is deleted and shredded.

That's the most clean-cut way of not mixing anonymous and regular files/configurations/whatever.

If my life depended on Tor, I would definitely do this.

[antocv]

Add to that - do not use full web-browsers, but curl/wget/links instead.

[swiley]

This! The fact that a Firefox fork is often used as the "secure for browser" is really pretty disturbing. You have no clue what Firefox is doing 90% of the time and you probably never will.