Show Posts

This section allows you to view all posts made by this member. Note that you can only see posts made in areas you currently have access to.


Messages - astor

Pages: 1 ... 36 37 [38] 39 40 ... 208
556
Security / Re: Its like Privnote but made for TOR!
« on: July 28, 2013, 03:11 am »
That's cool. I didn't mean you specifically. I was using the "royal you", as in anyone reading this thread. :)

557
Security / Re: Full Tutorial - Installing Tails LiveUSB with a Persistent Volume.
« on: July 28, 2013, 03:08 am »
Quote from: onesickpuppy on July 28, 2013, 02:16 am
This is not bad. Better than Liberte. Just one question.. I tested a  user account on SR and when logging in it says:


The information you have entered is to be sent over an unencrypted connection and could easily be read by a third party.

Are you sure you want to continue sending this information?


I never got that message when using the tor bundle on windows....

That is a Firefox warning, because your connection to hidden services doesn't involve the SSL protocol, so it thinks the connection is unencrypted, but it is end-to-end encrypted by Tor and Firefox doesn't know that. They should patch Firefox to remove the warning for onion addresses but haven't done it yet. You can ignore/disable the warning for now.

558
Security / Re: Full Tutorial - Installing Tails LiveUSB with a Persistent Volume.
« on: July 28, 2013, 03:01 am »
Quote from: tbart on July 26, 2013, 03:48 pm
this TAILS thing has kind of opened my eyes to a lot of possibilities, and i'm curious to ask a couple of linux questions

 this linux seems to work beautifully, and easy - the fact that it has a windows "mask" makes it a little easier as well (i figured there was some sort of DOS screen, where i'd have to learn to type in commands.

haha no, but that's the stereotype. A lot more Linux users use a terminal than Windows users use the DOS prompt, but that's because they are more tech savvy in general. You can completely avoid it though.

Quote
- i've got a samsung notebook that i'd love to use, ie install TAILS on it and use it exclusively, wiping windows off the hard drive entirely. Now, the persistent volume i'd leave on the USB flash drive. Is this "do-able".

Sure. First check if your hard drive has ATA Secure Erase, because hardware based erasure is the most secure. From reading your description of the laptop, it probably doesn't. In that case, burn DBAN to a CD and use that to overwrite it. The default settings (2 random writes + 1 zero write) are fine.

Quote
2) i'm figuring, with Tails on the system, it should recognize the USB drive with the persistent volume - am i correct and is this possible?

So you want to put the Tails image on the hard drive? I'm not sure how you would do that. If you remove the hard drive, shouldn't the BIOS check for other bootable media and use whatever is available, even if doesn't let you change the default boot order in the case of multiple bootable devices? That might be an easier solution.

559
Security / Re: Full Tutorial - Installing Tails LiveUSB with a Persistent Volume.
« on: July 28, 2013, 02:44 am »
Quote from: TMan99 on July 27, 2013, 03:36 am
Quote from: TMan99 on July 25, 2013, 10:08 pm
What is the best option concerned with security:

Talis ---> Bridges ----> Tor
Tails ---> VPN ---> Tor
Tails ---> VPN ---> Bridges ---> Tor

The VPN I would use would most likely be private internet access

With the 3rd option the VPN hides TOR usage from your ISP, while the bridges hide your usage from the VPN. But mainly the bridges are in place in the case the VPN fails (this has happened to me before as I run VPN 24/7 on clearnet, and twice I have looked and saw that I had been disconnected) If this were to happen my tor usage would be seen by the ISP.

I am not an expert, so I thouhgt I would leave the options here for the experts
Does anyone have any info on the above?

The question is moot because you can't run OpenVPN on Tails and the developers are against adding that functionality.

Your only option right now is to manually enter bridges on each boot for persistence, and hope they add persistence presets in the near future. The easy solution is to symlink torrc to the persistent volume, but Tails is designed for non-techie people and the developers are probably strongly against letting them fuck with torrc.

560
Security / Re: Its like Privnote but made for TOR!
« on: July 28, 2013, 02:17 am »
There was a thread on this forum with a long ass debate with the site creator over a year ago. You may be able to find it.

That site suffers from the same problem as Privnote: you have to trust a third party, which increases your attack surface. It's dumb because you can trivially avoid that attack surface by using PGP.

If you were worried about the safety of your info when Privnote went offline for a while, then you should have realize that you don't ultimately trust it and shouldn't use it. If LE takes the SR server offline, you don't have to worry about your PGP encrypted messages being compromised.

561
Security / Re: how safe is it to upload a public key to the GnuPG key server?
« on: July 27, 2013, 01:24 pm »
The risk is that key servers log IP addresses, like 99.9% servers on the inernet. So if you are a vendor and you upload your key over clearnet and tell everyone to get your key from that key server, then LE can go to the server operators and ask which IP that specific request came from. Even if the vendor used a proxy, LE could enumerate some of his buyers by looking at which IPs have been retrieving the key.

You can configure some PGP clients to use proxies. In fact, you can configure them to connect over Tor if you use an HTTP proxy to forward to Tor's SOCKS port, but there's way too much risk of fucking up for the average person to do that.

You should do not use key servers for any SR related activity. Vendors should never use key servers, and therefore buyers have no reason to use them, as they shouldn't.

562
Silk Road discussion / Re: twitter
« on: July 27, 2013, 07:45 am »
I had to go through the account suspension process too. They send you an email and then you have to write a response.

They didn't send me an email when it was reinstated but expect that within 24-48 hours.

It's a bitch because Twitter gets thousands of accounts created every day by bots over Tor. Blame the spammers, not Twitter. At least they let you create an account at all. The easy solution for them would be blocking account creation from exit node IPs.

563
Security / Re: IS it safe to use tor using your home network?
« on: July 25, 2013, 04:24 pm »
Bridges are unpublished entry guards. While it's possible for someone to query the BridgeDB many ways and try to enumerate all the bridges, it is unlikely anyone has done it for the almost 2000 bridges, other than China. So practically speaking you can hide your Tor use by using bridges, and they are free. Check out bridges.torproject.org

564
Security / Re: Full Tutorial - Installing Tails LiveUSB with a Persistent Volume.
« on: July 25, 2013, 04:21 pm »
Quote from: helpmywife on July 25, 2013, 05:54 am
if i can get a fiend or two to set up relays inside network only then is he unsafe? and also i really only need one friend to do it right?
and thanks for your help and prompt responce sir! its much appreciated.

On its face this shouldn't be a problem as long as your friend is trustworthy and won't record or mess with your connection, but I have this bias that I'd rather not know any of the people who run the relays that I use. I guess it comes from thinking about exit bridges and plausible deniability.

565
Security / Re: Full Tutorial - Installing Tails LiveUSB with a Persistent Volume.
« on: July 25, 2013, 04:19 pm »
I think kmf has the best description of the three main anonymity networks, along with the benefits and weaknesses of each. Take a look at this thread:

http://dkn255hz262ypmii.onion/index.php?topic=170508.msg1216201#msg1216201

566
Silk Road discussion / Re: Silk Road Vendor Questions - Just 2 more vendors please
« on: July 25, 2013, 04:09 pm »
Oh, I see. I thought you meant they were completely anonymous.

567
Silk Road discussion / Re: Silk Road Vendor Questions - Just 2 more vendors please
« on: July 25, 2013, 02:58 pm »
I just skimmed through the other thread. You mentioned several times that some people took your survey without identifying information. Given the number of trolls on this forum, how do you know they were all vendors? How do you know they were different people? 10 of your 28 respondents could be one person trolling you with different accounts and making up whatever answers he wants. I don't see how you can draw any firm conclusions from this research.

568
Security / Re: do you think tormail has been shut down for good?
« on: July 25, 2013, 01:23 pm »
Do you guys notice this thread is almost 3 months old?

569
Newbie discussion / Re: Plain text password sniffing from our Tor exit nodes?
« on: July 25, 2013, 07:34 am »
That happened in 2007 and everyone should be well aware by now that your connections are only encrypted inside the Tor network. Once they leave an exit node they are not encrypted unless you use SSL, so yeah a malicious exit node can sniff the traffic. Connections to hidden services are fully encrypted because they never leave the Tor network, they go from Tor client to Tor client.

570
Security / Re: Tor and state surveillance
« on: July 25, 2013, 07:27 am »
Google "IP geolocation tool".

Pages: 1 ... 36 37 [38] 39 40 ... 208