Silk Road forums
Discussion => Security => Topic started by: marti on June 13, 2013, 05:26 pm
-
I see a lot of warnings like "Clearnet link!"
That's because we should open these links in normal browsers? What I know is that I should not login in any clearnet page. But opening clearnet pages -without login- is safe?
TYVM
-
When you follow a clearnet link you have to use an exit node.
An exit node may be hostile to you. Anyone can setup an exit node and act as a gateway for random tor users. They can monitor and even modify/inject the web pages you are using.
Hidden services such as this forum and the Silk Road use end-to-end encryption with host authentication making hostile tor nodes unable to modify or read your communication.
Even when using SSL over tor an attacker can still see where you are going and thus can make guesses about the identity of other traffic on the same exit node.
With hidden services a hostile relay has no way of know who you are talking to.
-
Then I understand I am doing well copying the clearnet links and opening them in a normal browser.
Thank you very much
-
No you should open all links from SR with Tor.
-
Dam I am a big idiot with these things.
-
I create a web site that isn't indexed by any search engines. I post the the link on this forum so only SR community members know about it. Like all web servers, mine records the IP address of everyone that accesses my site. I filter out the Tor exit nodes. Now I have a list of SR members' real IP addresses.
Some people use VPNs, but those are relatively easy to filter out too, since the IP address belongs to a hosting provider instead of a residential ISP. Mullvad uses Leaseweb, Private Internet Access uses FDC Servers. If I was serious about performing the attack, I would get lists of the top residential ISPs in the most represented countries: US, UK, Australia, Germany and on down the list. It would be easy to identify the people accessing the site from home.
Visiting a link like cnn.com is probably safe because so many people visit that site, but if it's some obscure web site, or a site you've never heard of before, definitely only visit it over Tor.
-
Fantastic, easy to understand example, astor. Thanks!
Do all your business and browsing over Tor, except for pages/accounts associated with your real identity. Never open PDF posted here (Tor or otherwise); get somebody else to copy and paste the content instead.
marti, you are doing well just by asking these questions and having security on your mind. Lots and lots of dummies here who will likely go down way before you do!
-
Thank you very much guys, I have it very clear now!
-
I create a web site that isn't indexed by any search engines. I post the the link on this forum so only SR community members know about it. Like all web servers, mine records the IP address of everyone that accesses my site. I filter out the Tor exit nodes. Now I have a list of SR members' real IP addresses.
Astor can you clarify this for me...first of all...this is a hypothetical situation you are describing...correct...?
Now my confusion is about your use of "filtering" out tor exit nodes...what do you mean by that...?...I assume you just pick those out and set them aside...so that you are left with real IP addresses...?
That filtering out does not somehow imply that you can get the real IP address from those who accessed the site through tor...?...does it...?
Regards,
Topper...
-
I create a web site that isn't indexed by any search engines. I post the the link on this forum so only SR community members know about it. Like all web servers, mine records the IP address of everyone that accesses my site. I filter out the Tor exit nodes. Now I have a list of SR members' real IP addresses.
Astor can you clarify this for me...first of all...this is a hypothetical situation you are describing...correct...?
Now my confusion is about your use of "filtering" out tor exit nodes...what do you mean by that...?...I assume you just pick those out and set them aside...so that you are left with real IP addresses...?
That filtering out does not somehow imply that you can get the real IP address from those who accessed the site through tor...?...does it...?
Regards,
Topper...
You filter out proxy IP addresses and you are left with the IP addresses of everybody who opened the site in a regular browser because they were misled by the asinine ********************OH MY FUCKING GOD IT IS CLEARNET1111111!!!!!oneoeneonegrejgje89gj8349gj8934jgu34jg8u34jg8u3*************************** warnings
-
I am legit LMAO, kmf. Every good punchline comes right at the end.
topshelf, that's exactly what I'm saying. By filtering, the attacker removes all the IP addresses that are proxies, VPNs, Tor exit nodes, and he's left with real home IP addresses.
-
Thanks for the info here, I'm ok with computers but did not know about opening a clearnet webpage on Tor and the security risks.
Acually, someone said that if you type in usernames on the forums in goggle images, you can see the avatars.
Not sure how true this is.
I only use Tor for he darknet, but sometimes have used clearnet.
-
Fantastic, easy to understand example, astor. Thanks!
Do all your business and browsing over Tor, except for pages/accounts associated with your real identity. Never open PDF posted here (Tor or otherwise); get somebody else to copy and paste the content instead.
The worry with opening PDF's is that there could be a script or malware embedded in it that could try to start communicating without your permission, correct?
If you are using Tails is it safe to download (but not open) a PDF, physically turn off your internet connection, and then open the PDF? What if you're running Tails (or any other OS) from ROM so there's no persistent storage - is it then safe to open PDF's when you're not online?
-
I use clearnet sites occasionally while on tor. For example, if I'm on the SR forums or website and I want to check something on reddit, usually about bitcoin, I'll open a new tab and search reddit, never logging into anything and never doing anything other than obtaining information.
Is this a bad idea? If a person with an exit node could see what I'm viewing, does that mean they can also view what I'm doing on SR? Or does their ability to see my activity only apply to the clearnet sites I'm viewing?
thanks for the help!
-
I use clearnet sites occasionally while on tor. For example, if I'm on the SR forums or website and I want to check something on reddit, usually about bitcoin, I'll open a new tab and search reddit, never logging into anything and never doing anything other than obtaining information.
Is this a bad idea?
No, it's a great idea. By doing a lot of regular web browsing, you increase the diversity of users and usage of the network, giving more plausible deniability to everyone who uses Tor.
If a person with an exit node could see what I'm viewing, does that mean they can also view what I'm doing on SR?
No, SR is a hidden service. The connection is end-to-end encrypted from the Tor client on your computer to the Tor client on the SR server, and you will be using different circuits to the exit node and the rendezvous point.
Or does their ability to see my activity only apply to the clearnet sites I'm viewing?
Yeah, pretty much. If you are viewing two web sites in different tabs, you will probably be using the same exit node and it can see both of them unless you use SSL.