Silk Road forums

Alright it went away, I uninstalled mcafee (aka NSA puppet tool) and stopped using the .to suffix. Working well now.

I hope you realize that if McAfee could see you were accessing that URL (and even changed it), other apps, malware, etc. could too. McAfee was probably reporting that URL to their servers.

Stop using regular browsers, people! Stop taking short cuts with your security!

Here's a work around for the next time the captcha gets screwed up

Install these two add ons:

https://addons.mozilla.org/en-US/firefox/addon/cookie-exporter/

https://addons.mozilla.org/en-US/firefox/addon/cookie-importer/

You can install them in Tor Browser just fine. Login to the market and use the first add-on to export your the cookie to a text file. I believe it expires after 2 weeks, so you'll have to do it every two weeks. Then if the captcha is screwed up, use the second add-on to import your login cookie.

Works like a charm.

I've been told TAILS is the most secure method for browsing SR/Darkweb.... but how is having an USB with an obvious Hidden/encrypted partition laying around safer than a simpler truecrypt file container with multiple key-files which are all disguised as legitimate files, including the container.

The down side to Truecrypt files is that information about the contents might leak onto the unencrypted parts of the hard drive. For example, if you open a document that is stored in the encrypted file, it may be added to a Recent Documents or Recent Files list in whatever program.

Take a look at the traces that the browser bundle leaves behind on Windows:

http://dkn255hz262ypmii.onion/index.php?topic=148291.msg1152452#msg1152452

Presumably some of those traces are left behind when it is run from an encrypted file too. Full disk / volume encryption, where there is no unencrypted area to leak data to, is much safer.

But Tails isn't really about the encrypted persistent volume. That's just one feature. Even if Truecrypt volumes were just as good or safer, the reasons to use Tails include:

-- it's Linux, so there's effectively no malware to worry about <-- this is the main reason it's safer
-- it transparently torifies network connections  <-- the second biggest reason
-- it comes with many apps that are configured to use Tor
-- it implements new Tor features early, such as obfsproxy bridge support and stream isolation
-- it never touches the main hard drive, so there is absolutely no data leakage
-- it's run from media (DVD, USB) that is easy to get rid of

Tails is definitely safer than running TBB from a Truecrypt file on Windows.

Yeah, about 20% of vendors don't have PGP keys, and a majority of buyers don't encrypt their addresses.

Some vendors are pretty explicit about not using PGP. Here's what RxKing's profile says:

PGP:
If you want to use pgp...go to another vendor. If SR ever gets compromised they will want ME--NOT YOU!! And they sure as fuck won't look at orders and find your address and do something. I don't have the space to get into it...but it is the biggest myth on SR. I have heard so many lame reasons. But they all love to say it is an added layer of security. Total bullshit...but whatever...NO PGP FOR THE KING

He also says:

Privnote---
If you must be secretive(no need at all) with sending me your address and you believe all those morons in the forum ---- I ONLY USE privnote.com. You can use it for your address. Part of the reason my operation runs so fast is because I don't have to waste extra time trying to read secretive messages or use that stupid time wasting pgp. Don't be the one slowing the packaging and shipping down with your privnote last second after my time cut off time with a long message for me to read and respond to. I am very busy!

Privnote is safe, fast, and easy. And totally not needed. BUT if you feel you need to..then use it. I don't care. But don't use it to send me a question..A big waste of time. You are too paranoid and stupid... Go to another vendor or jump off a building.

Search the forum for reviews or a thread about him. Judging by the rating, I doubt it, though.

Also, you only need to encrypt sensitive info, not every message. It wastes vendors' time if they have to decrypt a lot of messages that don't need to be encrypted in the first place.

That was a lot of work yet every number for the new commission is wrong because you applied it to the USD price, not the BTC price.

Quote from: Jack N Hoff on July 11, 2013, 02:38 pm

Maybe because it really doesn't matter.

Maybe/maybe not but it would stop these fucking rumors flying about!

LOL, no it wouldn't.