Show Posts

This section allows you to view all posts made by this member. Note that you can only see posts made in areas you currently have access to.


Messages - astor

Pages: 1 ... 4 5 [6] 7 8 ... 208
76
Off topic / Re: dear everybody
« on: September 13, 2013, 01:33 pm »
The notify button was never broken.  Go to this link to see your notifications. - http://dkn255hz262ypmii.onion/index.php?action=profile;area=notification;u=21296

That link is for Ballzinator only because his username number is on the end of it.

So it does exist, there's just no link to it. Or is there somewhere? I've never seen one.

I thought notifications would show a message or highlight a link somewhere at the top, like when you get a PM.

77
Silk Road discussion / Re: HOWTOFIX
« on: September 13, 2013, 01:06 pm »
Even with Google Translate it doesn't make any sense. :)


I am/soo fucking tired and accidentally typed in the address to SR in a normal non-tor browser.

All traffic gets logged here. Not everything ofcourse. SO I was wondering if there were apllications or somet5hing to randly there also go out as that no one can .....

Well, first I get here honesty and deluidelijkheid. And one wants grrag go to a clinic for a week, but I do not. That's 1-2 welen sheer boredom, stress, learn bad things from people etc. ..

Logs are not infirine and if it's been read already.. dunnoo.. if I still have nw  chance to fix this...
Otherwise I'm toally fucked for sure



All you did was DNS leak the fact that you tried to access the onion address. Nobody will be busting down your door for that.

78
Security / Re: Dissent: accountable anonymous group communication
« on: September 13, 2013, 12:53 pm »
He said a long time ago it would work over Tor.

79
While some people used Tormail to email clearnet recipients (and could use many clearnet email providers over Tor to do the same), the majority of Tormail users used it as an internal messaging system. Something as simple as TorPM could be an effective replacement, as long as it is stable and easily accessible (bonus if you can add attachments to messages).

The down side is that you have to trust the operator of a centralized system to not read your messages or look at the metadata of who you are communicating with if you use PGP, but a messaging system like TorPM is easy to set up. I'm surprised a replacement hasn't come along yet.

80
How are you trying to verify the signature?

81
Security / Re: Rasberry Pi + Tor = Onion Pi....Thoughts?
« on: September 12, 2013, 04:23 pm »
Actually, the Raspberry Pi that they recommend is $90. You could accomplish the same thing (anon middle box) with a much cheaper router. If you look at the Github page for PORTAL:

https://github.com/grugq/portal

It lists some recommended routers that are in the $20-$50 range.

Other advantage may include that it's easier to setup and probably more secure. thegrugq is highly respected in security circles. You should prefer solutions that are made by people who know what they are doing. :)

82
Security / Re: Rasberry Pi + Tor = Onion Pi....Thoughts?
« on: September 12, 2013, 01:52 pm »
Selling preconfigured Onion Pi's sounds like a vendor opportunity. ;)

This makes using an anon middle box easier because you can switch the wifi AP that you connect to in order to Torify your main box. Obviously that's not the safest setup, if you have sensitive files on your computer. Also, an attacker who gains access to your system can connect to the non-Torified router, but it's much safer than TBB on Tor. I would still run Linux in a VM and perform all Tor activities in that. In fact, you can bridge a VirtualBox VM directly to a specific device, like this Onion Pi, so you could do non-Tor stuff on the host, and physically/virtually isolated Tor stuff through the VB VM - Onion Pi.

Hmmm, a preconfigured VirtualBox appliance to use with the Onion Pi would be a nice second listing... :)



83
Security / Re: Rasberry Pi + Tor = Onion Pi....Thoughts?
« on: September 12, 2013, 05:49 am »
And disable automatic updates, if you are proxying Windows through that thing.

84
Security / Re: Rasberry Pi + Tor = Onion Pi....Thoughts?
« on: September 12, 2013, 05:46 am »
This is basically an anonymizing middle box that provides physical isolation of Tor, the strongest protection available.

It definitely looks promising, but have you read the setup instructions? It isn't a preconfigured device. You will have to install Debian (technically a spin called Raspbian) and Tor, and manually setup iptables rules. If you are ready to do that, then go for it and let us know how it works. :)

Keep in mind that there are many ways to deanonymize yourself besides IP leaks. You should still use the browser bundle with the transparent proxy settings.

85
Silk Road discussion / Re: Difficulty accessing Tor hidden services
« on: September 12, 2013, 04:56 am »
Really there is nothing anyone can do about this IMO. You can seize a domain, but how do you take down a hidden service? That's the entire reason they moved the botnet on to Tor, so authorities couldn't seize the domain. It's actually kind of scary considering one group has control of this many Tor nodes. We could all easily be deanonymized if they ran them as guards/exits,

Unless the botnet owner is running dozens of hidden services, it shouldn't be hard to find. Run a bunch of service directories. The C&C server would be the one receiving 500K descriptor fetches per day at a single service directory (3 million total). Also, a few people are running entry guards that are getting killed right now, again unless there are many C&C hidden services, or one has increased entry guards to like 30.

The botnet accounts for 85%of activity on the Tor network right now. The hidden service should be much easier to find than most hidden services.

86
Silk Road discussion / Re: Difficulty accessing Tor hidden services
« on: September 12, 2013, 04:49 am »
Atlantis is not as deeply (safely) hidden and so traffic has an easier time reaching it,

Atlantis just has a lot less traffic. As you say, accessing SR is worst in the USA daytime, when traffic peaks, but during USA night time it's not bad. There's no difference in how "deep" they are hidden, just the amount traffic that adds onto the botnet load to prevent you from accessing SR in the daytime.

87
I just noticed this tidbit from the Tor Blog:

Quote
Not all new Tor users are computer programs! According to their latest report, Tails is now booted twice as much as it was six months ago (from 100,865 to 190,521 connections to the security feed).

Could we call that the SR bump? :)

88
Switch isn't the only option. SR could offer both login methods, and let the user choose which method to use on each login.

Maybe in the beginning only 20% of us would use the crypto method and be thus protected from phishing, but that same protection would always be offered to the other 80% if they would only receive it. And for those who will not, the login process will be exactly as it is now, no harm done.

And in the longer term it might encourage a few more people to start using PGP. Small steps.

But the people who choose the PGP method are least likely to fall for phishing scams anyway. In fact, I would go so far as to say that only the people who never use PGP will fall for phishing scams. :)

89
I thought the reason it is impossible to provide over sight for intelligence agencies is because they are professionals at lying and hiding stuff, and if you bother them too much you will get a mysterious case of radiation poisoning or have a poisonous pellet shot into your leg from the tip of a hollowed out umbrella.

Or fall out a window.

https://en.wikipedia.org/wiki/Frank_Olson


90
Security / Re: i2p as a backup for recent TOR slowdown
« on: September 11, 2013, 04:20 am »
Could i2p work as an alternative to TOR until they figure out how to tackle the botnet?  Is it too complicated for the average SR user?  Would it fix the problems we are all having accessing the main site?  Is it as safe as TOR? 

I2P has the potential to offer better anonymity than Tor, but at its current size, it is not as safe as Tor. The one thing it currently offers that Tor doesn't is plausible deniability. Since every node relays traffic, it's difficult for a connected peer to determine whether traffic is originating from you or being relayed by you. However, overall I2P presents more problems for SR users:

1. The network has 10K - 20K concurrent nodes. Each node learns about ~200 other nodes and relays traffic for about a dozen. That means 200 other nodes will know your IP address. An adversary could spin up a few hundred nodes, and even with a lot of overlap, they could enumerate the IP addresses of most users.

2. That in itself is not so bad, because of plausible deniability, but it is extremely bad for vendors, who can be reduced to a very small geographical area. Given the size of the network, there won't be more than a handful of I2P users in any city. If LE can determine which city or geographical area a vendor lives in (trivial), it would not be hard to investigate a handful of users to identify the vendor (starting with a list obtained from the attack above).

3. A paper was recently published which demonstrates several "practical" attacks on the I2P network, including one that links users (source IP addresses) to the sites they are visiting: http://wwwcip.informatik.uni-erlangen.de/~spjsschl/i2p.pdf

4. Identifying eepsites (the equivalent of hidden services) is not as well researched and probably easier than identifying hidden services.


Problems 1 and 2 can be countered several ways. A VPN can protect against fishing expeditions on vendors; I2P has a "hidden mode" that reduces your exposure to other nodes; and presumably if we all migrated to I2P, the network would gain at least 50K users. There are still problems with these solutions.

Most SR users don't use anonymity networks the way you are supposed to use I2P. On I2P, everyone is a relay, so you are supposed to keep your client running all the time. Most SR users want to hide the fact that that they use Tor. They use leave-no-trace-behind operating systems and get on the network only when they need to. So if the average SR user gets on Tor for half an hour a day to check the status of an order, then at most we would be adding 50,000 / 48 = 1040 concurrent users at any one time, not enough to make I2P safe to use. Of course, that's an average and there are noticeable swells in activity at certain times of day, where there may be 5K - 10K SR users on Tor, who would be on I2P, but I don't think that's enough to make the network safe.

Making the network safe would require SR users to change their behavior -- AND a few hundred thousand more users. :)

Furthermore, nodes in hidden mode don't relay traffic, so if thousands of SR users joined I2P in hidden mode, they would probably DOS the network with their traffic like the botnet is doing to Tor.

There are probably other problems I haven't considered, but these alone should be sufficient to convince SR and our community not to move to I2P.


What does I2P need before it's a good alternative for SR? 500K users. A million users. Something in that range. That would probably mitigate the problems I listed above.

Pages: 1 ... 4 5 [6] 7 8 ... 208