Silk Road forums
Discussion => Security => Topic started by: q on May 29, 2012, 03:09 am
-
I see a lot of sellers posting links and images of their drugs on regular image uploading sites on the www.
This is sites can easily be monitored by police.
They can see when IP and a lot of other info of the uploader of the image.
They can see IP and lots of information about everyone visiting the image.
This is not good for security. Images should always be uploaded at a secure as possible place inside .onion.
No links outside should ever be visited for security reasons. The police can also place traps this ways, linking to seemingly legit stuff or whatever outside TOR and then monitoring everyone visiting it to gain information about users on SR.
If people visit this links by mistake without protection their identity can be compromised.
-
I agree and the following current events may be enlightening.
I have been following the Marsvolta BUSTED thread and it is interesting. He seems to be now more interested in security issues rather than drug scene. Seems out of character.
If you look at this thread http://dkn255hz262ypmii.onion/index.php?topic=24282.0
you can see him setup the question about the security of going to clearnet from Tor.
Then a new member called "Replay" chimes in and offers a clearnet link to check the security of your browser. It is also interesting that Replay appears on SR around the same time that Marsvolta said he was Busted.
Replay has two posts and they both contain clearnet links.
I hope nobody has clicked on them.
_X_
-
There is absolutely nothing wrong with clicking links that are not .onion
-
There is absolutely nothing wrong with clicking links that are not .onion
That may be true in general, but I would still be concerned with a link that is offered and claims to verify your Tor anonymity. It may be possible that there is a way to stealthily defeat some of the protections in the Tor browser if you go to the web site.
It may also be that the web address is only given to SR users which would create a connection to SR.
_X_
-
There is absolutely nothing wrong with clicking links that are not .onion
That may be true in general, but I would still be concerned with a link that is offered and claims to verify your Tor anonymity. It may be possible that there is a way to stealthily defeat some of the protections in the Tor browser if you go to the web site.
It may also be that the web address is only given to SR users which would create a connection to SR.
_X_
Would it matter though if your connection is Torified?
V.
-
There is absolutely nothing wrong with clicking links that are not .onion
That may be true in general, but I would still be concerned with a link that is offered and claims to verify your Tor anonymity. It may be possible that there is a way to stealthily defeat some of the protections in the Tor browser if you go to the web site.
It may also be that the web address is only given to SR users which would create a connection to SR.
_X_
Would it matter though if your connection is Torified?
V.
I don't think so. Your sending messages to the website and it is sending messages back --all through the Tor network. If there was a flaw in the firefox browser that could be exploited it might be possible the website could remotely activate scripts. Then send your IP back with the Torified data.
What software does not have some security flaws?
_X_
-
By checking the times of requests it may be possible to link a user to SR however they would need your originating IP address to do this. As I understand it if they have your IP address they can monitor your connection ashoal though the traffic is encrypted they could match your request time with the response time from the clearnet site. For LE to do this would take a lot of resources and they would probably need a big interet in you to undertake this work.
Regardless keep sr stuff on .onion sites and don't expose yourself to risk.
It may be a bit more hassle or a little slower. It essentially you will avoid LE scrutiny as they will spend their time either trying to bust big vendors or careless buyers.
-
By checking the times of requests it may be possible to link a user to SR however they would need your originating IP address to do this. As I understand it if they have your IP address they can monitor your connection ashoal though the traffic is encrypted they could match your request time with the response time from the clearnet site. For LE to do this would take a lot of resources and they would probably need a big interet in you to undertake this work.
Regardless keep sr stuff on .onion sites and don't expose yourself to risk.
It may be a bit more hassle or a little slower. It essentially you will avoid LE scrutiny as they will spend their time either trying to bust big vendors or careless buyers.
-
Clicking links to non .onion addresses is fine, no security risk as long as you can see the full URL and use proper judgement.
You may have a point about pictures though, someone posting up pictures uploaded on a non .onion URL is not very smart, which is why they have .onion image services, clicking them may have the potential to give up your IP if you open them outside of Tor but I mean seriously, it's grasping at straw here.
There are plenty of ploys LE could use to try and obtain IP addresses, but unless they can link that IP address to a vendor/buyer and a specific transaction with proof then they have nothing, which means they wouldn't waste the time and resources in the first place.
SR's main threats are going to come from security flaws found in TOR itself, any data that SR stores on vendors/buyers and transactions (hopefully they don't, but I've been surprised by the complete lack of intelligence/security in past carding forums as well), DPR getting busted (knocks on wood), or stepping up USPS security.
-
going to the clearnet links can be harmful, best bet it to have noscript enabled while useing the torbrowser
-
If you use the TOR-browser to visit those links, AND you follow all the instructions given on torproject.org (ie not allowing scripts, not downloading, etc), I don't see what the risk is (educate me if I miss something).
-
If you use the TOR-browser to visit those links, AND you follow all the instructions given on torproject.org (ie not allowing scripts, not downloading, etc), I don't see what the risk is (educate me if I miss something).
You're right, there's always risk but it's minimal. Direct links to images are the ones I would be wary of, as images can contain hidden scripts and .exe's.
-
I'm primarily here because I'm interested in security and I'm amazed by how insecure some people really are.
Everyday they get paid. Paid to spend their time doing one thing. To bust YOU. Imagine you doing their job. They will go through every possible way they can to get information.
All small infos they get adds up. That's how they work. And this is not something that must take a lot of resources. It could possibly be automated a lot. They have good custom made tools for all kinds of forensics and they are not dumb.
Even being online and writing shit here is bad for your personal security and anonymity. Read about text and spelling forensics. You can be traced by your spelling. You have no idea how effective it can be unless you have seen it in action.
You must do everything you can to protect yourself. Don't you ever take any stupid risks and never underestimate whats possible.
Posting links and uploading images of drugs on clearnet is a security issue as it can be monitored easily. Don't click those links ever.
If someone tells you it's safe to take risks and be stupid like them. Don't trust them. Don't do what they say. Use your brain and stay safe.
Unless you want your anonymity compromised.
-
Don't you ever take any stupid risks and never underestimate whats possible.
+10
-
I'm primarily here because I'm interested in security and I'm amazed by how insecure some people really are.
Everyday they get paid. Paid to spend their time doing one thing. To bust YOU. Imagine you doing their job. They will go through every possible way they can to get information.
All small infos they get adds up. That's how they work. And this is not something that must take a lot of resources. It could possibly be automated a lot. They have good custom made tools for all kinds of forensics and they are not dumb.
Even being online and writing shit here is bad for your personal security and anonymity. Read about text and spelling forensics. You can be traced by your spelling. You have no idea how effective it can be unless you have seen it in action.
You must do everything you can to protect yourself. Don't you ever take any stupid risks and never underestimate whats possible.
Posting links and uploading images of drugs on clearnet is a security issue as it can be monitored easily. Don't click those links ever.
If someone tells you it's safe to take risks and be stupid like them. Don't trust them. Don't do what they say. Use your brain and stay safe.
Unless you want your anonymity compromised.
I generally think a dose of paranoia is a good thing, but this is a little much.
As long as you have no script and don't download anything you should be reasonably fine. The biggest threat outside of those two things (that I've read) is using a SOCKS4 or SOCKS5 proxy due to possible DNS leaks. You should use SOCKS4a as it has the lowest possibility of DNS leaks.
The TOR website has very detailed information. Tor is like birth control, highly effective but not 100%. You can make it closer to 100% by following the directions carefully AND wearing an Internet rubber (Noscript).
Going to clearnet links with Tor enabled is almost entirely safe unless you're stupid or very unlucky (like birth control).
EDIT: Anonymous DNS servers are a good idea. Should I post a link to the clearnet?
-
I just seen this after my post/rant about privnote
-
At least add a plugin to use anon.to to redirect people from SR to the links they click on for the clearnet
-
There is absolutely nothing wrong with clicking links that are not .onion
That may be true in general, but I would still be concerned with a link that is offered and claims to verify your Tor anonymity. It may be possible that there is a way to stealthily defeat some of the protections in the Tor browser if you go to the web site.
It may also be that the web address is only given to SR users which would create a connection to SR.
_X_
Would it matter though if your connection is Torified?
V.
I don't think so. Your sending messages to the website and it is sending messages back --all through the Tor network. If there was a flaw in the firefox browser that could be exploited it might be possible the website could remotely activate scripts. Then send your IP back with the Torified data.
What software does not have some security flaws?
_X_
somebody who finds and exploits a firefox vulnerability could probably root SR in the first place
-
this thread is full of lols. .onion sites are safe but not clearnet sites! Uh, there is no real significant difference between the two unless you have misconfigured something and accidentally don't use Tor to follow clearnet links. DNS leaks can happen for .onion or .com. Hackers can target you from .com or .onion it makes no difference. I guess it is easier to watch a clear net end point and then try to watch peoples entry guards too, but it ain't that hard to trace hidden services so it is barely an improvement.
Someone could hack you from a .onion just exactly the same as they could from a .com sure it is safer to stay entirely on SR because it reduces attack surface, but at the end of the day someone who can remotely pwn firefox can probably pwn SR then PWN you from SR server
I guess what it boils down to is, it is more secure to stay only on SR because it reduces exposure, and it is very slightly more secure to only stay on .onion because it protects you from accidentally not using Tor and ending up in server logs and might protect you from an end point timing attack a little more, but the security difference between staying .onion only versus also using clearnet via Tor is very minimal and borders on non existent if you have things configured correctly
-
Going to clearnet websites is fine. That's kind of the whole purpose of TOR... For my noscript I have ALL scripts blocked and I UNBLOCK the ones that I have verified or can be properly verified. I like the condom analogy that one of the above posters used.
Behavior management + Proper TOR configuration = you should be fine*
* = Never have the mindset of total safety no matter how much you cover up.
-
I guess what it boils down to is, it is more secure to stay only on SR because it reduces exposure, and it is very slightly more secure to only stay on .onion because it protects you from accidentally not using Tor and ending up in server logs and might protect you from an end point timing attack a little more, but the security difference between staying .onion only versus also using clearnet via Tor is very minimal and borders on non existent if you have things configured correctly
I am curious. How many users do you think have their Tor configured perfectly? Should that be part of your risk assessment? There may be more than one answer here. I think reducing exposure is correct for the majority of users though.
_X_
-
Everyone using Tor browser bundle should be fine. Everyone who has a totally isolated browser that never accessed the internet except via Tor should also be fine.
-
When I'm on tor I keep two windows open, one is my Tor browser bundle window and one is my normal firefox. I use silkroad and this forum through the tor window and I only use the clearnet through my normal firefox window. I assume this is safe.
-
I agree and the following current events may be enlightening.
I have been following the Marsvolta BUSTED thread and it is interesting. He seems to be now more interested in security issues rather than drug scene. Seems out of character.
If you look at this thread http://dkn255hz262ypmii.onion/index.php?topic=24282.0
you can see him setup the question about the security of going to clearnet from Tor.
Then a new member called "Replay" chimes in and offers a clearnet link to check the security of your browser. It is also interesting that Replay appears on SR around the same time that Marsvolta said he was Busted.
Replay has two posts and they both contain clearnet links.
I hope nobody has clicked on them.
_X_
Hey go back to the original thread, we answered a bit more.
-
onion image uploader is your friend.
-
Adding my two cents in on this one...
Any security leaks that could happen is a direct result of the user's system setup and their personal internet habits. Any links outside the tor network(.onion) are not traceable because the site would get the IP address of the public proxy gateway you are using for that connection.
If you are not using the Tor Bundle then there are scripting exploits that could capture your cookies and various other information exposing you. The tor bundle uses an embedded firefox browser which is separate from your normal browser with the exploits turned off. Any other exploit is caused by the user accidentally installing something on their PC that would allow detection such as a trojan or add-in.
You also need to keep in mind that anything is hackable with enough effort.
My own security consists of a linux virtualbox machine inside a truecrypt dual encrypted file. The linux box runs tor/privoxyd on startup and i turn off as many of the exploits in firefox that i can. This is kind of to the extreme paranoia side but at least i know i can't be traced. :)
-
When I'm on tor I keep two windows open, one is my Tor browser bundle window and one is my normal firefox. I use silkroad and this forum through the tor window and I only use the clearnet through my normal firefox window. I assume this is safe.
This is a good example why clearnet links it not safe here, users like davebowman don't understand how to access them safely.
Let say government has surveillance on thousands of clearnet links that is only posted here, they will be able to fish ips from users visiting the links.
Davebowman visit those links from his IPS IP and therefore he exposes himself every time he visit a clearnet link from here.
If the clearnet link is uniquely posted here your ip can easily be connected to the source where you came from, this illegal drug market.
If you don't believe governments don't have resources to do this, get updated.
For example USA have one of the biggest network spying systems in the world. All traffic is under surveillance and they have epic datacenters to handle and mine all data they want.
Don't expose yourself in any way while doing shady business. Unless you want to have your name on a list.
-
Clearnet sites are not less safe than onion sites -- as long as you are accessing them over Tor.
The real problem is that a lot of people have a bad habit of copying clearnet links that they find in onionland into a regular browser. There seems to be a persistent myth, especially in this community, that Tor is only for onion sites. That's not true. It was created for the purpose of providing anonymous access to the regular internet (ie clearnet). The hidden service protocol is an experimental "proof of concept", as the Tor developers themselves have described it, but not the main purpose of Tor.
tl;dr If you find a link over Tor, you should only visit it over Tor.