Posts

Now, this is a little off-topic with regards to WordPress Development and Management, but it is important.

I received an email, after my last post about the ToR Browser. In it, I was asked if I believed that using a VPN will protect users’ anonymity – Well, the short answer is No.

Everybody that is up to no-good, wants to protect their identity online, I get that. What I don’t get, is that if you were to use a VPN and you visit an online store and buy something, your identity is no longer anonymous – I stated this in my last post.

Using a VPN (Virtual Private Network) has its’ pros and cons, like using the ToR Browser.

For those that are asking how or why a WordPress Professional would know anything about ToR Browser or the use of VPN’s, it’s very simple. Some of us place an emphasis on website security.

When dealing with eCommerce websites, for example, we need to know how to trace hackers, and other undesirables. Knowing how to secure a website is one thing, but actually helping law enforcement with the information they need to track down and take action against these criminals, is just another part of ‘the job’.

Another example, is that someone may send a threatening message through your website. We have the knowledge and tools available to track them down – even if they use ToR or a VPN. It can take some time, but it’s definitely something that we can do. Some ‘criminals’ are pretty stupid as well, so they make it easy for us to trace them. Quite simply, if you use a VPN, you are almost instantly traced back to the VPN, then it’s just a matter for us to find out through an ISP / Hosting company, who owns the VPN.

*I didn’t want to get right into this today, as I’m busy with something else, but I will get into more detail about using a VPN within the next few days.

EDIT. 30/10/2018

Okay, I said I’d post in a few days – as it turns out. I lied – it wasn’t deliberate though.

As I mentioned previously, “Why would a WordPress Professional know anything about ToR Browsers or the use of VPN’s?” – It’s because the stage where I’m at, I probably help to protect more WordPress websites through security, than I do customization, and I (for one) need to know how to do that. The only way to protect against a threat, is to get as much knowledge about that possible threat, and act on it.

There are tools (read code, if you like) that prevent ToR Browsers and VPN’s for example, from accessing your WordPress website. The implementation of these tools are extremely quick and easy.

Why would you want to protect yourself from people using ToR Browsers and VPN’s? Well, think of a bank robber. They wear balaclavas, right? Well, the only reason people want to protect themselves from being ‘seen’ online, is because, as I mentioned in another post, there are a select few types of ‘people’ that use these tools to be ‘anonymous’ – one of those types of people are petty common criminals, hoping to steal data, such as credit card details and email addresses from your website / backend.

On the flip side, you have the very genuine person who is paranoid about being seen doing things online, such as looking at porn.

The thing people need to remember, is that even if you do use a browser, such as ToR, or a VPN for that matter, the information can AND WILL be traced back to them. It slows the process down, but it’s most definitely doable.

And, for the record, when these individuals are caught, charged and found guilty of committing the crime (and they will), whilst being sentenced, the courts will take into account the fact that they tried to hide their identity, and that sentence will be a lot worse for them.

Anybody using a browser such as ToR or a VPN that uses these tools to commit crimes, may in fact commit several crimes whilst the ‘original’ crime is being investigated, leading to further charges when ‘found’. To me, there’s a certain level of comfort in that fact. They get caught, 99% of the time.

This is where people like me come into the equation. We can, and will, assist law enforcement.

Concerned about your website security? You should be. Tech is constantly changing the way we operate online. Hackers laugh at people who think VPN’s will protect them. Don’t become a victim. Usually, the one’s using VPN’s or browsers such as ToR, have something to hide – they are the people being targeted.

You don’t have to use my services, there are plenty of WordPress Professionals (not to mention cyber security experts) out there dealing with website security, but if you would like to contact me, simply click the contact me link at the top of this page, or click here.

Thanks for visiting!

I’ve only ever had to deal with a couple of clients who won’t do anything online unless they use a ToR Browser.

My intention was to write at length, what I’ve found out about ToR and the people who use it, but what I began to write (original post was 7000 words and counting), was just way to complex for the average internet user to understand, and if you could understand it – it was pointless. I’ve kept this post to just over 1200 words.

Simple terms. If you don’t want to accept the following, what happens, will happen.

In my opinion, the vast majority of people that use the ToR Browser fit into just a few categories. The rest? Well, they’re just misinformed.

Paedophiles. Yes, those pieces of scum that ‘get off’ looking at kids. You understand.

Common (not very good at what they do) criminals. You know the type, the one with a backyard drug lab that orders their chemicals and what-not online. They ‘chat’ with other common thugs and criminals online, share their stories and ‘get off’ believing they are smarter than other people – such as police and computer forensic workers (hackers). Then you’ve got the even more petty ‘common criminal’ that deals in stolen goods. You might have a neighbour, for example, that heard you talk to your missus about something you wanted to buy, and suddenly they have one and then one day tell you they ‘have a mate’ that can get you one ‘at mates rates’. Odds are, this neighbour uses ToR, and deals with stolen goods.

The Paranoid. Some people are just generally paranoid about their internet usage. For example, you might like looking at porn, but don’t want ‘other people’ to know that you look at it. But who exatcly are the other people? The ones that run the porn site?I’ve got some very general and basic news for you (Mr Paranoid). That person that runs the porn site just does not care who you are. They do not care where you came from or what you do. All they want you to do, is to click on some advertisements, or sign up for premium content. And funnily enough, you have people using ToR Browser because they want to be anonymous, but end up signing up and paying for premium content – WITH their Credit Card. You’re no longer anonymous people!

The Misinformed. Fair enough, you’ve heard your friends mention this thing called the ToR Browser. They speak of it like it has it’s very own halo around it. It doesn’t, and it’s very far from it.

In my opinion, the Tor Browser is even more sinister than Torrent Sites like PirateBay. I say this because even though torrent sites ‘allow’ movie studios, and software developers (for example) to lose money, they don’t peddle in criminal activities, like the ToR Browser allow people to do. You’ve heard of the ‘dark web’, well unless you’re accessing ‘sites’ through ToR, you’re actually not on the ‘dark web’. The misinformed form a very strange group of people. On the one hand, they listen to people they ‘trust’, but these people they ‘trust’ have absolutely no knowledge or training with regards to internet security. Then, a person with even a fraction of basic knowledge will tell them that what they think they know, is false, the misinformed then ‘attack’ the one with an understanding.

Browsers such as Google Chrome and Microsoft Edge are very secure browsers. For the vast majority (99%+) of users, these browsers are more than enough to secure your connections. Need more security? That’s a whole new topic.

BUT, at the end of the day, if you are accessing a website that is not secured, data you enter on that website may be compromised. This has much more to do with the website you’re dealing with, rather than the browser you’re using. In fact, your Chrome / Edge Browser may have provided a safe browsing experience for you, but if the website you accessed it not secure, your data could be hijacked / stolen from THAT end (from the server the website is hosted on) – after you’ve provide your credit card details, for example.

This brings me back to the purpose of this post. WordPress.

WordPress can be slow. If you are using a cheap hosting company, if you built your own WordPress website, or if you are using a lot of plugins and a slow theme, and if you haven’t optimized your website, it will be slow. It’s just a Fact.

If you have visitors using ToR Browser, they are being routed and re-routed all over the world – attempting to hide who they are. Personally, I don’t get it. As I gave in the example above, they want to be anonymous, yet hand over their credit card details to pay for a good / service. With more and more sites now using WordPress for eCommerce, it makes no sense to use ToR. The fact that ToR reroutes around the world, it slows down their connection time to your website. EVERY time they click on a link, there’s latency (wait time) for the linked page to load its’ resources.

THIS now explains the purpose of the post. It’s only happened a couple of times, but when clients have suggested their site is slow, I’ll do a quick 2 minute test. The website will load in under 3 seconds, which isn’t all that bad.

I have several suggestions.

  1. If customers complain that your WordPress website is very slow, ask them what browser they are using.
  2. If they are using ToR, ask them why. If you operate a secured site, tell them it’s secure, and to use Chrome or Edge.
  3. Block ToR Browser. It’s very simple. See below.

Think about where your customers are based. Do you operate internationally, nationally, or locally? If all of your clients are based in Australia, why do you need an international reach?

There are several ways to stop users of ToR Browser accessing your website. The easiest way is to use an IP Blocker, such as iQ Block Country. They are extremely easy to install and set up. You can select what countries you do or don’t want to access your website. You can leave a comment or message to people trying to access your website, such as “We only operate in Australia. If you are located in Australia, please use a Browser such as Google Chrome or Microsoft Edge.”

There are websites such as GeoPeeker.com that will show you how your website looks, when viewed in other countries.

I’ve set this website, for particular reasons, to be viewed by just a handful of countries. Knowing that some people use ToR Browser to send spam, they can attempt to visit my site, but they’ll keep hitting speed bumps, and eventually fail. I waste their time.

Not only does it prevent attempted website hacks, or prevent you from getting spam emails, it also speeds up your website because your server is not working as hard.

See below;

A Final Note.

If you are using ToR Browser, why? If you believe that what you are doing online is being protected, it isn’t. Your internet provider knows what data is coming and going from your location, including browser type, and even your machine name – plus other information. Using ToR Browser holds up a red flag, do you really want police to investigate you?

Anybody that has an understanding, can access your home router / wifi connection. There is always a ‘back door’ into everything. It’s not easy, but it’s doable. The days of having a van parked outside your home are gone. Access to your computers and internet usage is mostly done remotely now. If the authorities believe you’re up to ‘no good’, they’ll get you. Fact.

And just think about this – EVEN IF YOU USE ToR Browser, the data you read and accessed, is still on your machine.

There is no hiding. Even with ToR.