Comments by "Perhaps" (@NoEgg4u) on "IBM Technology" channel.

  1. @7:41 "You may also want to double up and use a virtual private network (VPN) that carries your traffic end-to-the end." No. No. No. Do not do that. Brilliant minds created TOR network to keep you anonymous. You are not going to improve on it. In fact, adding a VPN into the mix will expose you (your VPN service will see everything). Never use a VPN with TOR. In fact, never use a VPN unless you have something specific where a VPN service is your only solution. When you use a VPN service, they will see 100% of what you are doing. No matter what claims they make about privacy, you cannot verify any of their claims. If a court orders them to keep logs and rat on you (or rat on anyone visiting some site), they will. If you want to visit the dark web with the highest level of safety, then use one of the following operating systems: -- TAILS -- Parrot OS (with its "AnonSurf" feature enabled) -- Qubes OS (via its whonix virtual machine option) You can access the dark web via Windows, via installing TOR browser. That is the least safe. If you download that browser, there is only one place to obtain it (well, to safely obtain it). If you download it from anywhere else, you are asking for trouble. Whichever option you choose, disable java-script, because it allows web sites to run code on your computer. That will break the functionality of countless web sites, but will keep you safe.
    60
  2. @5:57 -- "A lot of people think they have end-to-end anonymity, and that's not true." Our host is mistaken. If, for example, you visit twitter, via the dark web (via TOR), then as long as you do not sign in, no one at twitter will know who you are. You can read all of the postings that you want. Twitter will know that you (not you, specifically) read those postings. If you sign in to twitter, then it was you that gave up your anonymity. It was no fault of TOR network. @6:17 "I have to encrypt and decrypt, encrypt and decrypt, encrypt and decrypt, and so forth." That is not how TOR functions. Your data gets encrypted by you own computer, and then those packets of encrypted data are encrypted, again (not yet decrypted), and then encrypted again by the next TOR node, and only when your data reaches the final TOR node (the exit node) does that final node do a triple decryption (peeling back each layer of encryption).
    12
  3. correcthorsebatterystaple
    3
  4. @1:20 -- The deep web is basically anything that will not show up in with a search engine. For example, when you use your browser to see your bank balances, you certainly would not want someone to be able to search for that content and see your balances. When you login to any site to see something, then that content will not be found via a search engine. Even if someone (or a search engine) knew exactly where that content is located, that content cannot be indexed by a search engine, because without a password for that information, the search engine never sees that content, and therefore cannot index it. The search engine cannot get to it, and neither can anyone else. Even though you can use a search engine to view postings on facebook, the search engine cannot access all content on facebook, because some of it is private. In a nutshell, if it is password protected, then it is part of the deep web.
    3
  5. This is my password: ±Ä:$Çÿuj»¡y¸ïܲ¥¨7Û0IBMtechnology
    1
  6. @9:02 "Also, check it (your password) against a database, like we've talked about before; these known passwords; known, vulnerable passwords, and make sure it (your passwords) doesn't match any of those". There are sites where you can plug in your password, to conduct such a test. I don't think that you should use such a site, because you are giving them your password. Find a site where you can download such a database of passwords, and then search that database of passwords, yourself, on your own computer, to see if your password is in there. One other recommendation: Do not use browser extensions. They can monitor 100% of your browser activity, including every password that you use to login to any sties. Browser extensions make using the internet convenient. But with convenience comes compromised security. The more you have of one, the less you have of the other. Most browser extensions are safe. But bad actors know that people love browser extensions, and so a small percentage of browser extensions contain malware -- and even some very popular browser extensions have been found to be doing nefarious deeds. As our host recommended, use a password manager. When downloading one, triple check that you are getting it from a legitimate source. The last thing you want to do is download a password manager from a bad actor. They would love nothing more than for you to create your passwords with their app, and then their app sends them all of your passwords. So be 100% sure that you are using a genuine password manager from a legitimate source. And never use a password in two different places (never re-use a password). Every site that you login to should have a separate, unique, strong password (and that is where a password manager shines, making doing so less of a chore). And make a copy of your password manager's database, on a separate storage device.
    1
  7. @2:10 "...and they all synchronize, up to a cloud (someone else's computer)". Isn't it taboo to let anyone else have your private key? @8:35 "...they may be able to crack those, and come out, with what is the actual password, if given enough time". If your password manager creates a 15+ character, cryptic password, then the amount of time would be half of forever. And with a password manager, you can use a 20+ character, cryptic password. You would have a better chance of winning the lottery, three times in a row, before being able to crack a 20 character password, such as this: ayba]{(<[%+H JS616@A And, the attacker would need to know which hashing algorithm was used, and would also need to know if multiple iterations of hashes were used, and if salt or pepper was used to further complicate generating the hash. If you lose your computer, it is somewhat simple to change a user's password, making it somewhat simple for whoever has your computer to login to your computer. Now that they are logged in as you, your passkeys are at their disposal. And if you ever bring your computer in for a repair, they can clone your drive, plug in the cloned drive to their own computer, login as you, and they have your passkeys. With a good password manager, then as long as you use a strong master password, and you also have the password manager create virtually unbreakable passwords, then you should be fine. And some password managers will not paste in your password if the site is a fake. A user might not detect a similar (but different) URL. But a password manager will detect it as a different site. Passkeys do not do that. Lastly, password managers allow you to easily make copies of your encrypted password database. You can store those copies anywhere, even on your arch nemesis's computer.
    1