How to access the Darknet. The safe way.
In the recent months more and more scary stories about the darknet and Tor showed up, most of them FUD. Which one can easily refute with basic technical skills and Tor knowledge. Newbies started to get scared and spread around the internet to ask the most ridiculous questions.
Lets try to clear some things up!
First of all, going on Tor is not illegal. Looking at specific stuff on Tor might is in your country. But Tor is here to protect your identity. If you accidentally stumble upon something that you should not see, chances are very high nobody really cares, if even someone saw it.
While this setup should work for most, it is far from safe. Your operating system could be infected or leaking information otherwise. Unique options could make you easy to track, you ignore some security rules or, at worst, you may experience IP leakage in some circumstances.
If you worry about this aspects, like when you plan to publish, live in a heavily censored country or plan to work with money you may rather use the live Linux Tails. You can just throw it on a DVD/USB Stick/SD Card and boot into it whenever you need to. Normally all your data is erased when you shut down the system, but you can create persistent storages on USB Sticks and SD Cards as well.
Another popular option is Whonix what is a Debian based Linux which routes everything trough tor as well and claims to prevent ip leakages.
Linux in a virtual machine
Many if you would probably prefer to install or run the linux in a virtual machine. But you need to know that this is also opening some further problems. If your host system is compromised, your virtual systems are most likely are as well. It is even possible that otherwise temporary data gets saved permanently this way. Everything depends on the security of your host system and your knowledge about the systems.
Conclusion is you should simply not do that except for testing, fun or if you really know what you are doing.
Using a VPN + Tor
I see this questioned regularly, and yeah it is generally a good idea. If you have a VPN provider that you trust to not keep logs, it can be a very good addition for your security setup.
Basic security rules
The best security setup helps nothing if you mess it up yourself. I've compiled a few rules for you to follow in order to keep yourself safer. Please note that this is not a complete list and you need to use your common sense as well.
- Do not login to your social media accounts and similar with the same Tor session you do other stuff. This should be common sense, but just to make it clear.
- Do not give out Information this also should be common sense. But keep that in mind, no real emails, real names, usernames, even places ... If you do, be always fully aware why you do it and what could go wrong.
- Flash/Java/... are a absolute NO NO! All of these make tracking and leaking your identity easy. Next to that they are common attack vectors. IMHO you shouldn't use them in any browser.
- Do not download executables of any kind. This includes .doc(x), JAR (Java) and PDF. Generally safe extensions are usually .txt, .html, .htm, .php, any kind of images like: .png, .jpg, .gif, and also media files like (assuming you use up to date media players): .mp3, .mp4, .mov, .webm...
Have some inputs? Let me know in the comments below.