Silk Road forums

Is there any way to actually hide our use of TOR?  Surely, anyone using TOR is automatically 'flagged'?

It's unlikely that Tor users are being flagged in Western countries. You come to this forum and see thousands of drug users on Tor, but you have a biased view. Millions of people use Tor for dozens of reasons. Picking out the drug users would be difficult without other evidence, in which case it's only the other evidence that matters. Using Tor isn't evidence of committing any specific crime. Some regimes detect and block access to Tor. They are mainly in the Middle East and China, although there are others, like Burma. Some people in Russia want to ban access to Tor, but that's another shithouse country under Putin. That isn't happening in any Western countries.

All the being said, your ability to hide your Tor use depends on the sophistication of your adversary. In some countries, using bridges is sufficient to bypass restrictions on accessing the Tor network. The Chinese government actively probes for and blocks bridges, including those that use the obfsproxy version 2 protocol. That's why the Tor developers have created a more sophisticated version 3 protocol. As far as I know, it is working. The Chinese government hasn't found a way to detect those bridges yet.

So even if you think your adversary is as sophisticated as the Chinese government, and actually cares about watching you, an obfs3 bridge *should* be enough to protect you, for now.

What's the deal with using TOR and being flagged?  Can LE work out what's happening in TOR?  Is it better to just leave it on to make pattern analysis harder or something?

They can "work out" what's happening if they can watch both ends of the circuits you build through the Tor network. For example, if they ran your entry guard and exit node, they could see who you are (your IP address) and what you are doing (the site you're visiting). That applies to clearnet sites. For hidden services, they would have to be positioned as either the hidden service's entry guard, an introduction point, or the hidden service directory. Given the size of the network and the long rotation period of entry guards, it's difficult to target a specific person to watch both ends of their circuits. An adversary can spin up relays and observe a few random people, though. Same with hidden services. They could spin up a bunch of relays and brute force a key to become a hidden service's directory, and then wait for people to randomly select their entry guards.

Bridges are a solution to this problem as well. Once you configure the browser bundle to use a few bridge IP addresses, it will always use them. So as long as those bridges are not malicious and stay that way, you won't rotate entry points and select malicious guards.

Really annoying we have to behave like this.  Lets all hope and push for a more humane society that doesn't treat mature adults like naughty sinful children, at our own expense through our taxes.  It's just ridiculous.

I can cheers to that!

Sad as it is...but I remind all posters that it will be for the benefit of us all if we don't publish our thoughts about any of DPR's details 

You're joking, right? OP is a troll and everyone knows he is. Usually I skip these threads but I'm drunk as shit right now.

I had .0001 BTC in an account and it didn't get deleted after 6 or 7 months. When they say zero, I think they mean zero, so you should be able to leave a little bitdust in there to keep it active, but don't quote me on that.

Or you can click that Remove Thread button at the bottom there.

The mods aren't going to do anything unless you violated a forum rule, so it's on you.

OP updated. If you are a Tails user, please re-read the original post. Don't change your proxy settings from the Tails default.

It seems as though, while there may be some database with everything I've ever thought stored within, there's no real cross-referencing or algorithm analyzing the data for warrant-producing gains.

There probably are, but with massive data sets, they are mostly useless. "Big data" is the most overhyped thing in tech right now, like "cloud" services were a few years ago. If you have a data set with thousands of parameters and you analyze it a million ways, than even with a rigid standard like "1 in 1000 probability of being spurious", which is more formally called a p-value of .001, you are going to find a thousand associations like that! There are ways to address it, like the Bonferroni correction, but it is extremely difficult to find the 10 true associations and exclude the 990 false ones. You are bound to get high false positive and false negative rates. Then you will waste your time raiding innocent people, or spend a lot of money following false leads, and really a judge should never sign a warrant based on evidence that has a 40% chance of being false. The NSA's current standard is a 51% probability of being true, or what John Oliver described as "a coin toss, plus one percent".

With signal analysis specifically, large data sets suffer from the base rate fallacy: http://www.raid-symposium.org/raid99/PAPERS/Axelsson.pdf

A Tor developer named Mike Perry has argued at length that many of the threat assessments against Tor don't take it into account. Many of those assessments also suffer from publication bias (he claims) and are not reproducible under real world conditions, even when the researchers run their analyses on the live Tor network, because there are still components they control, such as the hidden service they are trying to find.

In one sense, it's good that the NSA is collecting vast amounts of data. It makes drawing robust conclusions more difficult, so the more the better

Nothing that sticks out far beyond the rest, but on the forum some of the best moments are the Gummy Stars thread, the Pine - LouisCyphre debate, and the epic thread started by InfiniteSource a month or two ago.