Hello,
I am new to Tor, and so I have some questions I’d like to ask:
Thanks in advance.
You can reinstall if you want. You never mentioned Windows or Linux.
How do I know which sites are safe to visit? By safe, I mean that I won’t get a virus JUST BY visiting them.
First of all, Tor is for anonymity and not for safety. You can get a virus even from just using Tor to a malicious site. Safety is a job for your anti-virus software. None of the 3 nodes being traversed going from the server to your browser can be analysed because it is encrypted. Your browser can decrypt the data (payload) because it did the initial SSL/TLS connection to the server and has the key.
I’m assuming your computer is not already compromised.
You still need a good AV and I will leave “good” for someone else to respond.
The basics to keep safe still apply and I will leave that too for someone else to respond.
Thanks for the reply.
I am using macOS, which has built in XProtect (basically an antivirus). I also have installed Malwarebytes (free version) and run frequent scans. No viruses so far.
You see, I am asking how I can detect sites that infect a computer which JUST VISITS them (no downloads, pop-ups, redirects etc.). I know one could scan them with VirusTotal, but I am unsure if this suffices. Essentially, I am asking: how do I know what’s safe?
how do I know what’s safe?
@torquestion78 it is impossible to know, as even trustworthy sites can potentially be compromised and infected with malware. Browsing in TB’s Safest mode (no JavaScript) should greatly increase your safety, but sadly today’s internet is a wall of CAPTCHAs, turnstiles etc. and most sites simply don’t work without JS. As you are potentially at risk every time you go online the balance is always between safety and convenience.
If your primary goal is protection from sites running malicious code - rather than anonymity (Tor’s core USP) you might want to consider using Tor Browser inside a Virtual Machine. This way all your web browsing is isolated from the rest of your system. Whonix is one way to go. Whonix is a Linux-based OS which includes Tor Browser. You can install it inside a VM running on macOS (VirtualBox or KVM). When you are done browsing you shut down the VM and any nasty stuff you may have picked up in your session is destroyed with the VM.
For the truly paranoid Qubes OS is the way to go. Qubes uses Whonix but take it to the next level and isolate everything in its own VM, with each app’s qube assuming others have been pwned. Qubes has a learning curve, is only effective on a machine that has not already been compromised (including at firmware level) and is best used in conjunction with Qubes’ certified hardware.
Ultimately it is up to you to decide how much effort you are prepared to invest in protecting yourself. Best of luck.
From what I read most infections are caused because of user interaction. I have heard about infections with no user interaction but don’t remember many details except maybe some site which may load something in memory by whatever means and then execute that code. It’s vague. There is also zero-day malware which will fool even the best of them. I use a paid AV and even it could get fooled.
I know it does. I specifically download things while at Phishtank and then ask my AV to scan it getting a green light. A few days later I scan again and the light is red. My instinct was right.
Essentially, I am asking: how do I know what’s safe?
With or without Tor you don’t. Experience, instinct, and safe “hex” all help. 
100% safe is a computer which is off, locked in a vault, and protected by armed guards and a rabid pit-bull. But then it’s useless.
I think you are doing good by being aware.
Maybe someone here with more insight about the workings of Tor could jump in.