Silk Road forums

Are you extracting the bundle into the same folder, over top of a previous version? You can't do that with the latest bundles, because the update to Firefox 17 is incompatible with Firefox 10, which is in the previous bundles.

You have to extract to a different folder.

Since you are only experiencing this problem with version 4 and up, which is when they switched to FF17, I'm almost certain this is your problem.

Thanks for your tips, especially since the file I was trying to download was from your recommended GPG4USB. You're right in that my download problem has nothing to do with TBB. I tried to download other files via a clearnet browser on the same laptop and I run into the same problem. Downloading then disappearing file. Something must be wrong with this machine.

Have you tried going through all the steps outlined in the link I posted above?

I did however download GPG4USB via clearnet connection successfully. However after I downloaded, I went to unzip the file by clicking start_windows. It unzips GPG4USB to a new folder, but the folder is empty. I am unzipping to my laptop, not a USB. I don't know if this matters.

Would you know what is going wrong here? Thanks for the help as usual!

start_windows.exe is in the zip file, which is called gpg4usb-0.3.2.zip, in the latest version. If you were clicking start_windows, then you already extracted the zip file, so I think you're getting confused somewhere along the way. start_windows should start GPG4USB.

I'm wondering if again the files are being deleted or quarantined because of some security policy on your computer.

Can we agree that with a legitimate version of the TBB, even with a MITM, it's very hard to know the exit node of your Tor circuit ?

If an attacker can decrypt your connection, he can read the data. He doesn't need to know your exit node. That is much harder to do with a Tor circuit than with an HTTPS connection. Like the poster above said, HTTPS connections can be intercepted at the exit nodes with widely available programs like sslstrip. However, this interception is noticeable if you are paying attention, because you lose the lock icon. This is why mixed content is bad, it gets us used to losing the lock icon.

I wonder how strong is the encryption used in Tor. Would it really hold long supercomputers ?

Tor uses the TLS protocol with a 128 bit AES stream cipher and 1024 bit RSA keys for authentication. If you want the nitty gritty details, you can read the protocol spec:

https://gitweb.torproject.org/torspec.git?a=blob_plain;hb=HEAD;f=tor-spec.txt

In terms of encrypting the stream, Tor circuits are basically the same as HTTPS connections (they could be made stronger with AES-256 encryption, but AES-128 would take longer than your lifetime to decrypt with today's technology). The important difference between Tor circuits and HTTPS connections, as I said in a previous post, is that it's much harder to break Tor's authentication mechanism.

Oh and finally, can someone confirm that when you connect to a .onion website, the full path to server is encrypted ?

Since you're connecting Tor client to Tor client, yes, the entire path is encrypted.

Concerning clearnet sites through Tor: Why is there so much warnings about accessing clearnets sites over Tor ? Is the end server of a clearnet website able to know your own IP address ? Or it's just because of the flash/scripts and other stuff that can give this information to the end server.

Yeah, it's mostly the dangers of Flash and Java. I think the dangers of JavaScript are exaggerated. Yes, JavaScript can be dangerous too, but it's much better sandboxed inside the browser. Flash and Java are run by plugins that are separate processes and can more easily bypass the browser's proxy settings. That's why NoScript was added to the browser bundle. It blocks Flash and Java even when it is disabled.

In other words: Would a perfectly configured/UpToDate TBB leave any compromising information on a clearnet site ?

Well, if you post your name on the site, there's nothing Tor can do to save you.

But I get what you're saying, and the answer is that the browser bundle is specially configured to greatly reduce data leaks and fingerprinting attacks that could be used to identify you. Nothing is perfect of course, but browsing clearnet with TBB in its default configuration is considered safe enough by the Tor developers that they distribute it that way.

I'm surprised anyone would use a TorMail address with a legitimate business like Green Dot. That just screams "I'm doing illegal shit."

Yeah, still getting Database Error: Connection Failed.

And of course the only way to get a hold of the admins is to... email admin@tormail.org.

Past performance is not always indicative of future results, but yeah, when this happened before, it came back after a few hours.

This is a broad topic and there have been dozens of threads written about Tails and Liberte, so I invite you to search the forum for more detailed info, but here's my opinion.

Whonix is the most secure of the three. In fact, the only thing more secure would be an anonymizing middle box (equivalent to the Whonix Gateway) on a separate physical device from your main computer. However, Whonix is overkill for your purposes. It also consumes the most resources, because you're running 2 VMs simultaneously. Unless you download potentially dangerous files a lot, you don't need it.

Between Tails and Liberte, I've seen a lot of people post about both on the forum, and my general impression is that Liberte is more hardened and advanced in *some* of its security features, while Tails is less buggy and more user friendly. For one thing, Tails uses the standard TorBrowser for web browsing, while Liberte uses a patched and torified version of Epiphany, which is the default browser in the Gnome desktop environment. Unfortunately, I've never heard of Liberte's Epiphany undergoing a thorough security review, and multiple people have complained on the forum of not being able to connect to sites over Tor. I consider it very experimental and potentially unsafe.

TorBrowser is more than just Firefox with Torbutton. It is a heavily patched version of Firefox that disables potentially deanonymizing features (which is why you should only use the TorBrowser for Tor activities, not vanilla Firefox with Torbutton). TorBrowser is the default way of using Tor. Officially built and released by the Tor Project, it has undergone the most security auditing and it the safest (not to mention the most reliable) way to browser web sites over Tor.

Tails also gets regular updates, which fix bugs and security issues, and implement new features. The latest version of Tails came out 3 days ago. The last version of Liberte came out 7 months ago. Liberte almost looks abandoned, while Tails has an active developer community behind it, and it is officially supported by the Tor Project.

If your main use case is browsing SR, I recommend Tails out of those options.

Ralf Heim is becoming the heir apparent in the line of succession of psychedelic chemistry gods. Shulgin, Nichols, now Heim.

Sure there were others, like William Leonard Pickard and Nick Sand, who innovated on production methods, but these guys created whole new classes of drugs.

This is one reason why the War on Drugs can't be won. We haven't sampled a fraction of the space of possible organic molecules.