Silk Road forums
Discussion => Shipping => Topic started by: NoDough on March 21, 2013, 09:34 pm
-
Yes questiion is simple and i found various answers on this one. Can we sort it one time for all?
And if the feds are building a case thats one of the first things they will do?
-
Noone? Odd :-[
-
I don't know if it is actually happening and hope someone who does know will say something here.
The theory, as I understand it, is that the USPS looks at your IP address and flags your package/address if you are using TOR (coming out of a TOR exit node). I think any website can record the IP address you appear to be coming from when you connect. I think using tor keeps your real IP address hidden and that makes the USPS think you are up to no good. Even if this sort of thing is being done (tracked), I don't know if any agency doing it would admit that they are until they had to. There is also the conspiracy-like theory that "they" are recording all this stuff for a future time when they can use it against us.
-
Folklore, ancient urban legends, overly flogged to death!
But if concerned, just don't check through USPS.
NCK
-
This is starting to sound the game of Telephone or Chinese Whispers.
No, of course they can't get your IP address if you're making a data request via the Tor network.
The issue is that it's likely (and easy) for this sequence to occur.
Accessed by Tor exit node (the list of these IP addresses is publicly available). Throw up a red flag. It is interesting that somebody who wants to be anonymous is checking their package delivery data. Record data request and monitor future deliveries to that address for suspicious packages.
I never understood why people thought this was a spectacularly strange endeavor. Homeland Security, Anthrax anyone? Seems more like common sense from the perspective of the postal inspectors surely, they can't look at all the packages but they sure can look at all the packages that are looked at from Tor exit nodes.
The other thing is that checking your package delivery data from a 3rd party provider may not be the help you imagine, it's simple for the 3rd party to relay the IP address being used to access their service as part of the tracking package request. This is a bit less likely maybe, but there is no great technical difficulty in them doing so. I advise people not to use tracking, and that if they really need to use it, that they use it exclusively as a way for the vendor to prove that package A went from Y to Z if the package goes missing.
You shouldn't on one hand claim you never expected a package containing drugs and then on the other hand check it umpteen times on Tor. Sure nothing can be proven, but it looks hella suspicious.
Other people have other opinions, it's been discussed before exhaustively, but those are mine.
-
I didnt think it would be strange but i got a PM with my tracking number and the seller wrote this under.
"Dont check your tracking number in TOR, and dont check it to much in the clear web."
I mean shouldn they say something that a "lookup" on your package can get you in trouble if it get caught by customs? I mean if so, no-one should ever ever check their packages if they get them with tracking, its like admitting that the package of drugs is yours.
As i said, thats why i was starting to wonder a bit. And if this was the case the info would have been out here on the Road way before my post.
Go on.
-
tracking is tricky. Checking it with Tor is a good way to get a package flagged, checking it without Tor is a good way to get your IP address associated with an illegal package. One option is to try one of the third party tracking proxies and hope they do not forward on your Tor IP address, another option is to use open WiFi from random location although even that can be fingerprinted and seen as suspicious and flag worthy.
It is a tricky question too because checking tracking can save the day if you have a box registered to a fake ID. I have seen them say right on tracking that a package has been seized , if going to a fake ID box that means you just drop the box and get a new one.
-
tracking is tricky. Checking it with Tor is a good way to get a package flagged, checking it without Tor is a good way to get your IP address associated with an illegal package. One option is to try one of the third party tracking proxies and hope they do not forward on your Tor IP address, another option is to use open WiFi from random location although even that can be fingerprinted and seen as suspicious and flag worthy.
It is a tricky question too because checking tracking can save the day if you have a box registered to a fake ID. I have seen them say right on tracking that a package has been seized , if going to a fake ID box that means you just drop the box and get a new one.
Yeah i hear you. But should not this be out there, very known as a golden rule like many other things for keeping you safe(like keeping your home clean before receiving etc etc). And wouldnt there be more storys of ppls getting convicted because of that proof? I have red none.
More opinions/experiences please.
-
While this seems to be a thread of more what if rather than what does . . .
There was an old time vendor here when we got started that used to track their packages only on TOR. There has never been any concrete evidence that by doing so ANY problems EVER occurred. They never used USPS to check, but always were on TOR to check. While it may not be the wisest decision, and there could be ways of tracking it back, there has never been any clear evidence that any problem has occurred by doing this. In other words, no one has yet shown any proof that any package has been "flagged" by using TOR, but there has been boatloads of speculation since it really wouldn't be that hard to do apparently. My suggestion is to use a VPN on a 3rd party, but it's great to see Pine back with some wisdom on the forums again!
NCK
-
It is a tricky question too because checking tracking can save the day if you have a box registered to a fake ID. I have seen them say right on tracking that a package has been seized , if going to a fake ID box that means you just drop the box and get a new one.
Mindblown. Yup. I definitely didn't think of that :D
While this seems to be a thread of more what if rather than what does . . .
There was an old time vendor here when we got started that used to track their packages only on TOR. There has never been any concrete evidence that by doing so ANY problems EVER occurred. They never used USPS to check, but always were on TOR to check. While it may not be the wisest decision, and there could be ways of tracking it back, there has never been any clear evidence that any problem has occurred by doing this. In other words, no one has yet shown any proof that any package has been "flagged" by using TOR, but there has been boatloads of speculation since it really wouldn't be that hard to do apparently.
NCK
Yeah i hear you. But should not this be out there, very known as a golden rule like many other things for keeping you safe(like keeping your home clean before receiving etc etc). And wouldnt there be more storys of ppls getting convicted because of that proof? I have red none.
More opinions/experiences please.
See, it is possible this is all overblown. Or that they are keeping this 'card' to themselves. LE agents, at least properly trained ones don't explain this kind of tradecraft (perhaps dimly reminded of the fatal flaw genetic to Bond villains) to their, ahem, guests of the state. Either way I'm not willing to take the chance, which is why I was promoted to platypus.
My suggestion is to use a VPN on a 3rd party, but it's great to see Pine back with some wisdom on the forums again!
NCK
Thanks :)
-
We have checked more the a 100 packages the last 10 years without a VPN and there have never been any problems with this. But they haven't been to the US. I have also tracked at least 20 packages the last month to the US troue my VPN without any seized. I have tracked so thru Tor without any problems. In most cases in check the same packaged many many times. So i really believe this isent a problem.
-
Check from a public place like a library! Or bring a laptop and use a coffee shop wifi or other crowded place.
-
Having a solid VPN will repay you many times over. You won't have to worry about your IP address getting seen.
DNScrypt + VPN + TOR = relative peace of mind.
DNScrypt + VPN1 + VPN2 + TOR = even more peace of mind...
Add all of this to a Virtual Machine & you can sleep well at night.
catch my drift ;)
-
I'll second what sofish89 said (Starbucks wi-fi).
Or, here's a quaint idea, use an old-fashioned proxy. :D
-
While it may not be the wisest decision, and there could be ways of tracking it back, there has never been any clear evidence that any problem has occurred by doing this. In other words, no one has yet shown any proof that any package has been "flagged" by using TOR, but there has been boatloads of speculation since it really wouldn't be that hard to do apparently.
Yes, it's trivial to do. There are only 900 exit nodes. They could run every tracking request against that list of IP addresses, or a more comprehensive list of tens of thousands of known proxies and VPN end points, to flag suspicious packages. That's why it's surprising there's no concrete evidence of it.
Then again, it's surprising that LE fails to do a lot of things, either through incompetence, lack of resources, or just not caring.
More importantly, the threat is entirely avoidable: don't check tracking over Tor. So why would you want to test that?
-
Buy a burner phone (or get the Burner app for iPhone/Android....? I haven't checked out how anonymous that actually is...) and use the 1800 number to track USPS shit. 1-800-222-1811.
-
You could also ask the vendor to instruct USPS.com to email you updates on the package. Granted, the updates are spotty, and usually you just get one when it's delivered, but at least you know when to go to your drop. Obviously, you use a fake email address, and it won't set off any red flags.
-
I'll assume "Tacking" was meant to read "Tracking" - as I've had packages "tacked" ie; opened by customs, then "tacked" - (stapled back together, rather sloppily as the workers themselves are).
Here's and interesting quote. "They never used USPS to check, but always were on TOR to check" - How do you check a tracking number w/o using USPS? Assuming we're talking the "lower 48", is there an alternative way to track US mail???
So many questions, and really, nothing to worry about.
For a noob, you've created quite the stir!
Cheers~!
If you're a buyer, and purchasing personal use amounts, give or take, just relax and enjoy. There's no busts happening. Unless you know something I don't know.
Coming up on 1 year here, with more money spent than I possibly can afford, no PGP, using real name, and real address.
Even got a letter from customs telling me basically, "uh, you're not supposed to get illegal drugs in the mail, so we threw them out, just wanted to let you know"
That was the very same day, the very same substance arrived untouched, without incident, from the same great drug capital of the world!
Of course be careful and take whatever precautions you can, or feel are necessary.
I wish all these 'experts' had jumped on the topic of the guy that wanted to start selling Silk Road T-Shirts with the green camel and all. - Now that's asking for it.
The people pro and con that idea were like 60/40, in favor of walking around proudly with that T-shirt on.
That should worry all of you, more than the stupid lazy US postal "Union" employees.
Just my 2-cents.
Peace
jagfug
PS. If they really want someone, they can get a warrant, and sit in the CO (central office) of your ISP, and record every keystroke and screenshot, including your PGP.
The likelihood of that happening is less than Obama making the world a better place. In other words, highly doubtful.
-
We have checked more the a 100 packages the last 10 years without a VPN and there have never been any problems with this. But they haven't been to the US. I have also tracked at least 20 packages the last month to the US troue my VPN without any seized. I have tracked so thru Tor without any problems. In most cases in check the same packaged many many times. So i really believe this isent a problem.
I wouldn't do that as a customer, and I really wouldn't do that to a customers package... just because you're comfortable tracking over TOR doesn't mean they would appreciate it!
Why poke the bear?
Security best practices are necessarily tight, I won't take any chances I don't have to.
There's no reason to track a customers package unless they haven't finalized close to the 17 days, or if they're asking where it is.
-
It is unclear what is actually happening but certainly wise to assume tracking with Tor will be noticed.
I would say: only track if absolutely necessary. Never track with Tor. Never track from your actual IP address/ISP. Use a third party tracking website but don't assume that is secure. Use public wi-fi, or ideally a public computer as well.
And ask vendor to use PGP when providing tracking number!
-
Fact of the matter is that even if we assume that we don't know they flag packages that are checked with Tor, if they start to do so they will likely be able to intercept a ton of drug packages. So it is best to assume that checking a package with Tor flags it, and vendors and customers alike should avoid doing so. If a customer has something being sent right to their house, the only advantage they get from not checking tracking directly is increased plausible deniability. I am not sure if that is going to save the day, but I am sure checking tracking with Tor could ruin the day. Using Tor to access third party tracking sites, and hoping they don't flag packages / pass on that you checked with Tor, is a superior option but may very well fail in itself. Using open WiFi from random locations is a superior option as well, but even this can be flagged (hmm this address has packages going to it and the person checking tracking seems to use a different IP address every time!). Obviously if you are getting things sent to a fake ID box or a place not tied to your identity, checking tracking without Tor or similar anonymity completely ruins the point of doing so. It is a complicated matter, and one that requires a great deal of attention to be paid to it, because tracking is certainly an attack vector that could lead to a large amount of interceptions if we are careless with how we utilize it. On the other hand, tracking can help us prevent being busted in the event of an interception as well (provided they still leave artifacts of interception on tracking, I know for a fact that they have in the past).