Independent encyclopedia — Tor connectivity, endpoints, and verification (not an operator site)
Copied

Security — Verification & OpSec Reference

Security documentation on this wiki covers hostname authenticity, phishing indicators, and research isolation — not destination-service internals. Treat every clearnet page as untrusted until signatures are validated.

PGP verification

Documented signing key fingerprint for mirror list verification:

A7F3 9C2E 1B84 D560 4E8A 7F21 0C93 5D6E B1A4 8F72

Import from public keyservers. Verify detached signature files before trusting hostnames from any source, including this wiki. Signature rotation should be noted in article revision history.

Phishing indicators

  • Hostnames shared only via paste sites or unsolicited chat messages
  • Pages lacking valid PGP signatures over the address list
  • Clearnet domains mimicking wiki branding with different onion strings
  • Urgency language pressuring immediate connection without verification

Research isolation

Analysts often use amnesic OS images (Tails, Whonix) dedicated to Tor sessions. Separate research profiles from daily browsing to reduce cross-context leaks. Do not reuse passwords or browser profiles between clearnet identity and Tor research containers.

Fingerprinting

Maximize Tor Browser security level during research. Avoid maximizing window size, disable unnecessary extensions, and verify WebRTC leak settings on mobile clients documented in the Tor Access article.