Silk Road forums
Discussion => Silk Road discussion => Topic started by: performance on June 18, 2011, 02:47 pm
-
Requiring an email address to register in the forum wasted about 2 hours of my time. I couldn't create a new Yahoo! mail account because my Tor browser doesn't have flash. gmail also would not generate an account for me. I tried 4 other free web mail hosts and I couldn't create an account on any of them either (due to the Tor browser environment limitations). For example, the CAPTCHA wouldn't display. Also, client/server javascript communication would time out (i.e. registration scripts that send each keystroke upstream run slow on Tor circuits).
All in all it was a giant cluster fuck and I wish that the password database was simply replicated from Silk Road instead of requiring a new registration.
Requiring an email address is a vulnerability. I wonder how many people are going to use their existing email, not realizing that it will strip their anonymity if they have accessed that email from an unshielded IP.
Requiring users first to see the archived forum before bringing them to the new forum is silly. I predict we will see a drastic reduction in forum usage. Pressing "Community Forums" from Silk Road should take you HERE. Add an "Old Forums (Read-Only)" link if you want to provide access to the old forum.
-
I used http://www.guerrillamail.com/ via tor. Worked like a charm. Also, since it (SR Forums) does not require e-mail verification you can always make up a random fake address.
I see your point though, some people will use their legitimate e-mail addresses. Hopefully we have some smart people, and SR makes this option either go away, or be optional.
-
Agreed. User migration is tough because SR and SMF almost certainly use different hashing methodologies for password (salt + hash algo) so as to be incompatible.
There's no excuse for requiring email though. That's almost certainly a flag in either the admin control panel or the code somewhere (I'm unfamiliar with SMF).
-
Guess what, you can put a fake email.
-
No only can you put ANYTHING in E-mail , but it doesn't even E-mail you. Good job SR, first thing I did was try to get the forum to leak the hidden services IP address by E-mailing around Tor. Glad to see you knew enough to take care of that little side channel, it bites a lot of noobs in the ass.
-
we couldn't find an option for disabling the email, but yea, just put in a fake.
-
Requiring users first to see the archived forum before bringing them to the new forum is silly. I predict we will see a drastic reduction in forum usage. Pressing "Community Forums" from Silk Road should take you HERE. Add an "Old Forums (Read-Only)" link if you want to provide access to the old forum.
I agree with that one: not a major deal, but just one xtra click...since we had to re-sign up and do all separate login, would be nice to just go rite here...I can't remember more'n a couple days back anyway ;)
-
I think the login and logout bugs are because everyone appears to be from the same IP address as well. OVDB has the same issues. You should probably disable attachments by the way.
-
Haven't you guys ever heard of anonymous email? Even on forums or sites that require a valid email address for the purpose of auto-sending out a verification link ...well that's what mailinator.com and mailcatch.com is for.
-
You can sign up for an AOL (aim.com) e-mail through Tor. I realize I could've registered with a fake, but figured having an anonymous e-mail address would be a good idea.