Silk Road forums

Quote from: MarsProtege on August 07, 2013, 12:06 am

Worse part of it is. I tried to get a vendor from China I deal with to start using pgp and they could not grasp the simple concept.

If one is not able to learn PGP, then one should not be transacting on SR.

Those Chinese chemical companies and drug suppliers are not transacting on SR. They are clearnet businesses, sometimes with clearnet web sites, and always with clearnet email addresses. They take fiat currency, not bitcoins. They probably don't know that the people they are selling to are SR vendors or buyers.

That is what makes unencrypted emails to these sources on the Tormail server such a big vulnerability, if it was indeed seized by LE. Sources up the supply chain will be compromised, as well as potentially the vendors who provided shipping addresses in plaintext that can be linked to them.

For fuck's sake, that info has been posted in 30 places on the forum. Read a little.

Also, it's the giant S in the Tor Browser toolbar. Click it and then click Forbid Scripts Globally. Works the same on all operating systems.

Java is not JavaScript.

That and I also read , if I understood correctly (I am not too computer savvy) that the feds made some kind of Trojan that will unmask your real ip that I think you get by logging into your tor mail account.

It doesn't depend on you logging into your account. It runs on older versions of the Tor Browser (specifically, Firefox version 17.0 - 17.0.6) on Windows and connects to a command and control server in Virginia that is probably run by the NSA or one of its contractors. Simply visiting a site with the malicious code under those conditions would get your IP address sent to the NSA along with cookies identifying the sites you were visiting.

I'm surprised you haven't read that, because it has been explained throughout the last 10 pages of this thread and on 30 other threads in this forum.

Worse part of it is. I tried to get a vendor from China I deal with to start using pgp and they could not grasp the simple concept.

So I figured tormail to be my next option.

I had no choice but to order from them through tormail. Then this happen. Luckily I had taken a break from ordering from them for a while before this happen. Once I got back and was ready to order again I had forgot my password. So I had to open a new User name, if they look back it doesnt look like I had much activity, thanks to the fresh account.

Did you send a plaintext shipping address in the old account? Did you delete those emails more than a month ago? If not, they are still on the Tormail server or its back up server, waiting for LE to read them

Sure enough when I ran a scan of my PC a few Trojans and a few other malicious things where on my PC.

That is likely to be unrelated to the FH exploit, which doesn't persistent on your computer for more than half an hour or until you close Tor Browser. Basically your computer is fucked from other random malware.

Is there any other thing I am missing?

Oh ya and I am looking into tails as well.

Yeah, it sounds like you should stop using Windows altogether.

I'm really interested to learn about whonix , It sounds like it can be a really good setup but is it that you have to configure routes for different applications and just isn't too user friendly to the noob,

No, everything is transparently proxied over Tor by default. There's no way to disable it from within the Workstation VM.

There is an option for stream isolation, but you don't have to worry about that starting out.

I'm no genius but am quite a tech person so would be interested to know  for starters how is it better than me running linux in a standard VMware VM with anonymous vpn.

If that VM is rooted, the attacker can bypass Tor. In the Whonix setup, Tor runs in a separate VM, called the Gateway, so the attacker would have to break out of the VM, which seems to be much harder than rooting an operating system, even Linux. I've always heard it's possible, but I've never seen a single article, blog post or security advisory about it happening in the wild.

With Whonix, you run two virtual machines on any operating system on any computer. You don't have to use Tails, and it's more secure than Tails.

However, the reason I took the tutorial down is because I decided newbies shouldn't be running any random OS in the Workstation VM. Yes, it's safer at the network layer in that Tor can't be bypassed, but that's like 20% of what can deanonymize you. Your behavior online can deanonymize you. Leaving unencrypted emails on a server that is seized by LE can deanonymize you. An operating system update that sends your license to Microsoft can deanonymize you. I think random newbs should run the Workstation that Whonix supplies.

https://whonix.org/wiki/Main_Page

I don't think Tails can remember an admin password because /etc/passwd is on a read-only system image. You shouldn't generally be running as administrator anyway. If malware used some exploit to gain your user privileges, it would literally root you because you are running as root. It could do anything, like bypass Tor.

A thread about this topic just slipped onto the second page. You gotta dig a little deeper.

http://dkn255hz262ypmii.onion/index.php?topic=196538.0