Don’t use your mobile phone for 2-Step verification on Tor
Most websites provide a 2-Step verification using a mobile number in which an OTP (One Time Password) is sent to your mobile number to safely login to your account. You need to be careful with it when you are using TOR browser for accessing your account.
If you provide your mobile number to a website, it will only hamper your anonymity status online as it will be easier to track you down with your number. Note that even if you are using a SIM card registered in some other person’s name, your telecom operator can easily track you down as they also keep your device’s IMEI number in their database and can be used to track you.
Don’t operate user accounts outside TOR
If you use TOR browser for checking your Facebook, Twitter or email accounts, don’t ever use those accounts outside the TOR browser as it will expose your online identity to the website. Almost every website now logs information like your login and logout time, your location, your IP address, and other details. Using your account in the open internet even once will be enough to get your IP address logged and eventually reveal your identity.
Don’t post your personal information
You must engrave this point in your heart, do not post any sort of information like name, address, birthday, credit card number while using TOR. It will uncover your identity and there will no point using the TOR, hope you can understand.
To keep yourself completely hidden, you need to be pseudonymous. Now, what’s that? It means you need to assume yourself as a disparate person while you use TOR. The new person should have dissimilar likes and hatreds, food choices, fantasies, etc.
For that purpose, create a new user account with a new email address that doesn’t reflect even a bit of your real identity. You can use that email for your social accounts and enjoy your anonymity and praise the power of TOR.
Also, don’t confuse between anonymity and pseudonymity.
An anonymous connection is the one in which the server which is being requested a connection has no idea about your real IP address/location and your identity.
A pseudonymous connection is the one in which the server which is being requested has no idea about your real IP address/location, but does have an identity it can associate the connection with.
Don’t send unencrypted data over TOR
While you were reading the article about TOR, you definitely came across the fact that TOR encrypts your connection not your data and TOR’s exit nodes are vulnerable. So, it is highly advisable not send unencrypted data over the TOR network, as someone might access your information while the data is on the last node.
Don’t use TOR with Windows
Microsoft’s Windows is the world’s most used operating system for desktops, but it doesn’t seem to do well when you would like to use TOR browser on it. The credits are bagged by the vulnerabilities that exist on the operating system and may reveal your identity even if you are using the TOR to access the internet.
Linux systems will serve you well for this purpose. Linux distributions like Tails and Whonix are pre-configured with TOR or you can configure it manually on any distribution you may like.
Don’t forget to delete cookies and local website data
When you access a website it sends a small file to your computer which keeps the record of your browsing habits and other data so that the website can recognize you on your next visit, the file is called a cookie. Some website may also store data locally on your hard drive.
It is strongly recommended that you delete those cookie files and local website data after every browsing session you perform on TOR as these things may allow the website to gather information about you and track you location and IP address.
Don’t use TOR for Google Search
If you really want to be anonymous while using TOR, don’t use Google to search your queries. Though it sounds weird, but this is because Google collects information like your search requests, stores cookie files on your computer and tracks your browsing habits to power its advertisement services. But you don’t want to reveal that, do you? So, you can use other search engines like DuckDuckGo and StartPage as they don’t log your IP address or any other activity.
Don’t use HTTP website on TOR
You very well know that TOR can be exploited using the vulnerabilities that exist at its end-nodes, so if you access HTTP websites using it, there are chances someone might access your information while it is on the end points. The data transferred to and from an HTTP website is unencrypted and can be accessed at the end points as TOR only encrypts the connection inside its network.
You can prevent such situations by the use of HTTPS websites. They use end-to-end encryption protocols like SSL (Secure Socket Layer) and TLS (Transport Layer Security). So, all your data remains safe even if it is outside the TOR network.
Don’t connect to the same server with and without TOR simultaneously
Here is one important thing you need to pay attention. If you are accessing a particular remote server using TOR (anonymously), don’t access the same server from outside the TOR network (non-anonymously) as it may lead to a revelation of your actual identity. This is because in case your internet is down, both your connections will terminate at the same moment and it will not be much difficult for someone spying on you to relate the pieces and complete the puzzle.
Also, a web server might try to correlate the two connections by increasing or decreasing speed on one of your TOR or non-TOR connection to see whether the speed fluctuates on the other one and consequently trace your real IP address.