Would you like to inspect the original subtitles? These are the user uploaded subtitles that are being translated: 1 00:00:00,690 --> 00:00:08,100 These aren't concluding thoughts on tour and then some mitigations to reduce the risk where your adversary 2 00:00:08,100 --> 00:00:10,270 has little resources. 3 00:00:10,500 --> 00:00:17,830 All the consequences all low torments your ISP or local network from knowing what sites you visit to 4 00:00:17,920 --> 00:00:23,840 or prevents a site you visited from knowing who you are unless you tell them in some way. 5 00:00:23,970 --> 00:00:29,620 And Tor prevents corporate tracking and it helps to evade censorship. 6 00:00:29,660 --> 00:00:34,900 But world intelligence agencies have declared war on toll. 7 00:00:34,920 --> 00:00:40,000 They are concerned about what they cannot see what you are doing and why. 8 00:00:40,120 --> 00:00:48,100 Tor is arguably the best anonymizing network but it's far from perfect and under constant attack to 9 00:00:48,100 --> 00:00:52,950 deal anonymize the uses against a well resourced adversary. 10 00:00:52,950 --> 00:01:00,240 Staying anonymous is extremely difficult even with Tor because of the fundamental nature of the Internet 11 00:01:00,240 --> 00:01:00,590 . 12 00:01:00,600 --> 00:01:07,230 If you think you are specifically targeted by well-resourced adversary with international reach or visit 13 00:01:07,230 --> 00:01:14,580 locations that might be targeted and the consequences are high toll should not be relied upon to anonymize 14 00:01:14,580 --> 00:01:15,300 you. 15 00:01:15,330 --> 00:01:21,570 The biggest weaknesses as I see it number one is not maintaining good OPSEC. 16 00:01:21,570 --> 00:01:24,270 You are likely to make human errors. 17 00:01:24,270 --> 00:01:27,280 This will always be your biggest weakness. 18 00:01:27,370 --> 00:01:34,850 All the big concerns for Tor traffic co-relation and civil attacks attacks against the browser. 19 00:01:34,920 --> 00:01:42,870 As I said that's a concern and also attacks against the host operating system which is a soft target 20 00:01:42,870 --> 00:01:43,250 . 21 00:01:43,290 --> 00:01:50,400 You can mitigate and reduce the possibility of a well-resourced or nonwork resource adversary from de 22 00:01:50,400 --> 00:01:55,370 anonymising you and here are my recommended security controls. 23 00:01:55,530 --> 00:01:59,550 First as mentioned get a control of your OPSEC. 24 00:01:59,550 --> 00:02:01,240 This is priority one. 25 00:02:01,260 --> 00:02:06,240 Review the OPSEC section and make any needed changes. 26 00:02:06,240 --> 00:02:14,730 Use isolation compartmentalisation to reduce the impact and possibility of browser exploits being successful 27 00:02:14,730 --> 00:02:14,870 . 28 00:02:14,880 --> 00:02:20,160 You can use hardened virtual machines physical isolations sandboxes and so on. 29 00:02:20,160 --> 00:02:23,240 Never install it or browse when your main operating system. 30 00:02:23,250 --> 00:02:24,990 If the consequences are high. 31 00:02:24,990 --> 00:02:28,470 See the section on isolation compartmentalisation. 32 00:02:28,620 --> 00:02:32,950 More information on how to do that with the Tor browser. 33 00:02:33,120 --> 00:02:38,090 Take extra steps to not maintain history through non-persistent. 34 00:02:38,160 --> 00:02:44,520 You can get this through options such as live operating systems like tails and VM snapshots and you 35 00:02:44,520 --> 00:02:50,130 can further mitigate with things like special deletion like secure deletion and whole disk encryption 36 00:02:50,130 --> 00:02:50,200 . 37 00:02:50,220 --> 00:02:53,470 A number of sections cover this on the course. 38 00:02:53,520 --> 00:02:59,010 Always use it or browse with high security settings and don't add extensions. 39 00:02:59,010 --> 00:03:06,450 Consider using Unix or tails in the ways I have recommended in those sections and you could also consider 40 00:03:06,540 --> 00:03:14,730 using multiple chained anonymising systems and offsite connections to help reduce the risk from some 41 00:03:14,730 --> 00:03:17,010 types of DNA on amaizing attacks. 42 00:03:17,010 --> 00:03:20,680 Now see those sections on how to do that but warning. 43 00:03:20,700 --> 00:03:23,500 Doing that wrong could put you more at risk. 44 00:03:23,520 --> 00:03:29,880 Apply all of the other security controls detail through out the course as is relevant to your situation 45 00:03:29,880 --> 00:03:30,490 . 46 00:03:30,510 --> 00:03:36,780 Assume all locations you visit are in the control of your adversary and mitigate appropriately. 47 00:03:36,780 --> 00:03:43,200 Assume the network you traverse is in the control of your adversary and mitigate appropriately. 48 00:03:43,200 --> 00:03:51,330 Assume your adversary has a zero day remote code browser exploits mitigate appropriately and assume 49 00:03:51,450 --> 00:03:58,860 an active traffic confirmation and Sibyl attack while you are using Tor and mitigate appropriately as 50 00:03:58,860 --> 00:04:00,300 just described. 51 00:04:00,660 --> 00:04:08,760 I recommend periodically checking the Tor Project blog for status updates and also check toll client 52 00:04:08,790 --> 00:04:10,220 and relay accounts. 53 00:04:10,230 --> 00:04:12,710 Make sure they look normal. 54 00:04:12,720 --> 00:04:21,420 I also recommend reading the whole design documents which are here so that Tor witnesses and the recommended 55 00:04:21,420 --> 00:04:25,290 security controls to help mitigate against those weaknesses. 56 00:04:25,290 --> 00:04:30,830 I hope that helps you in using Tor and what you can do to reduce your risk 6027