I’ve used Tor for several years on Tails booting from first a DVD then from USB on an old desktop I had, which was a computer I’ve used before. This was all done at home on my own personal desktops/laptop.
But I see a lot of evidence that parts of my browsing history was captured by data brokers. And my employer has indicated this as well. So Tor did not work for me was my initial thought, but I now believe the old computer had bit of identifying data that they tied to me. So I think I need another computer that I’ve never sent email from and never logged into anything from, and has no connection to me. Will look on craigslist I guess.
It would be nice if all these issues were covered somewhere on the torproject.org but I don’t see it
Before buying another device, you should understand what happened to deanonymize you, or it may happen again. If there is a bug in Tails, a new computer won’t fix it. If you made a mistake, a new computer won’t prevent you from making it again. If someone was snooping over your shoulder, a new computer won’t blind them (and tor can’t help at all).
Of course, investigating is not easy. If you are comfortable sharing what kind of evidence you have, or what kind of data was leaked, someone may help you here.
Note that a known limitation of Tails is that it makes it clear that you are using Tor and probably Tails, so if your employer bugs you because he discovered that you use tor, this is kind of expected.
That page lists important warnings (most importantly, Tails is safe but not magic). You should read it if you didn’t already, and if you find it misses some they can be added.
But I see a lot of evidence that parts of my browsing history was captured by data brokers
In order for us to help you will need to share at least the kind of evidence you are seeing that lead you to the conclusion that you’ve been de-anonymized & what kind of sites you visit. Do you log in to anything and then browse elsewhere afterwards, for example (the web forms point in the guide you linked to)?
Speaking personally, I try to keep every browsing session as short as possible and renew my Tor Browser identity frequently (by closing and re-opening the browser). I also do so every time I’ve visited a site that uses CloudFlare’s DDoS protection service (the annoying “Verifying you are human” ‘turnstile’ and/or associated Google’s captchas). Browsing across such sites with the same identity essentially defeats Tor Browser’s 2nd level domain isolation cross-origin unlinkability design feature. HTTPS encryption ends at a single company’s nameservers (CloudFlare’s) for all such sites. This company can therefore potentially both read decrypted traffic to all the sites you visit which use their DDoS service and ask your browser to store cookies for a common domain (cloudflare.com). I have recommended this particular issue be investigated/addressed.
Sometimes my wife and I view content on an adult sites, to give more spark to our bedroom activities. We thought enough privacy should be attainable with Tor and Tails. Even though employers do significant background checks, should be able to stay out of that with Tor, and anyway what business reason would they have to care about this. But people at work made crude comments and jokes so there was no doubt it was known. I change jobs alot, went to another company, it was the same.
Sticking with one site 99%, seemed to be safer, would search for keywords with duckduckgo(almost the same words every time) and for sure would never log into anything. But did once try google, it tried to verify I’m human, so I killed the window. Also checked the weather in my state, but I doubt that query of vaguely local conditions would be an issue.
Would occasionally click the little broom icon to switch user, after an hour or 2 would kill the Tor session and pull the network cable from that old desktop(which was my primary PC years ago, but booting to Tail should make it like a new machine, except for hardware details, which I think might be the problem)
Although about more than 8 years ago did not use tor for this browsing, so I could have that old history coming back to haunt me, but I think it’s too old.
We should probably assume that modern background checking agencies have access to pretty much your entire public digital life. So far so good, but combining data mining of the internet with facial recognition technology could give them the ability to, for example, discover whether someone had ever published anything to an adult site (not saying you have ofc).
Perhaps more relevant is that fact that adult sites are notorious for utilizing very invasive tracking technologies and while Tor Browser can largely protect you from static browser fingerprinting, I’d be very surprised if these sites don’t utilize behavioral fingerprinting techniques (“behavioral biometrics”) to try and identify regular users as unique. This technology may even have reached the stage where your behavioral biometrics can be tracked across sites. Perhaps someone here has expertise in this area.
On this subject I’ve seen folks here recommend Kloak, a Whonix technology, as a defense against this. You can read about the subject here. The gold standard is to use Edward Snowden’s favorite OS; Qubes OS which includes all the Tor/Whonix goodness and also includes something called “event buffering” to help defeat behavioral biometric user profiling. Staying truly anonymous in our Brave New World is a dark art to be sure.
I can’t see how an employer would link your browsing history to a particular PC - unless it belongs/belonged to them or has at least been used in the workplace. In any case a clean machine can’t hurt. Good luck anyhow.
Nothing was published by us. And behavioral fingerprinting is a stretch, since it’s not very specific, not like a search for “left handed Ukrainian twins with red hair”.
What about this, when Tor starts I always select “Connect to Tor Automatically”.
The other option “Hide to my local network that I’m connecting to Tor” has never worked, I don’t know why. It would be a little better if the ISP did not see Tor.
I’m not inclined to try Kloak, or Qubes or any more obscure option, if correct use of Tor on Tails does not provide with this level of privacy then I won’t trust anything else. I’m not trying to hide from the NSA or or authorities after all.
Not exactly possible. All Tor IPs are public knowledge so there is no hiding unless using a VPN and then the ISP would know you are using a VPN.
So why would the ISP know even though they could know by checking all connections clients make. Why would they care. It does not seem you are in a region where connections are checked. You never mentioned that.
I’ll apply Occam’s razor. If the only evidence is gossip from coworkers, and no shouting from the employer, I suppose someone discovered your habits by chance or guess (maybe they snooped on yoyr phone, if you store contents there, or made a random rude joke and you were betraied by your reaction). Then gossip spread. If you work in a niche field, gossip may follow you across employers, especially if they ask for references to previous ones.
I wouldn’t appeal to behavioral biometrics, targeted surveillance or tor/Tails failures to explain your situation, unless you have specific hints for them. Adults sites (as most of websites in general) do track users and do sell such data, but most people are sold on stacks for advertising purposes, not on a name-by-name basis. Also, employers do build dossiers on their (willing-to-be) employees, but I believe they rely on social networks much more than on advertising surveillance.
If you suspect your employer built a dossier on you or surveils you (especially outside your workplace and/or on your personal devices) and your jurisdiction grants employees any fair amount of protection, such surveillance is probably illegal and a labor union should be able to help you. In the EU, the GDPR also grants you the right to receive a copy of all the data your employer has on you and to know exactly how they got it.
If it’s “only” coworkers gossip, I fear there is nothing to do: it’s normal human social behavior.
