Silk Road forums
Discussion => Shipping => Topic started by: chronicpain on September 02, 2011, 05:57 pm
-
I know that there have been many posts saying that we shouldn't check the usps web site when checking DCN numbers or tracking numbers. My question is does anyone have concrete evidence that flags are raised by checking DCN, etc numbers through Tor?
I understand that its a good idea not to, but I was wondering if anyone has actually experienced a seizure or whatever due to them checking it through Tor?
-
I think that there is no danger to check dcn or tracking thru tor. It will show IP from node what you currently using and not that you are using a TOR service.
There can be 1000 inputs per day or even more, who can check that and what have from it, really..
If that was a case then if somebody check from internet caffe or have proxy settings - that would rose a flag also? I dont think so as that proves nothing and shows nothing.
Privacy is a freedom and right, so LE catch something on grounds if somebody tracked thru tor in that will be a big news and hell to pay.
-
I am pretty sure , that its just scary stories without any basis.
Can't imagine post offices adding checks for TOR and reporting :)
-
When in doubt, use a cyber café.
-
Um do NOT check tracking numbers through Tor. LE will DEFINITLY flag it and it's used by LE to intercept or flag certain addresses / individuals. The Tor nodes are just like IPs. Any server can easily detect if it's encrypted such as Tor. Want an example? Just go to google.com with Tor. It knows your using encryption, so does USPS.
-
Do you know how much man power would be need for do that? Try to go on google with proxy (no tor), same thing like with tor. Many users use proxy and cybercaffe so there is no need to panic doing that.
And that flags nothing, privacy is right and nit discriminaton.
As I know USPS does not hold addresses when cheking dcn, its only a code what is scanned when package is (try) to deliver.
Anyway, do you have an example from real case?
Speculation is not good thing and everyone should read privacy pages on USPS and think logic behind all facts what is going on when someone track package.
-
Um do NOT check tracking numbers through Tor. LE will DEFINITLY flag it and it's used by LE to intercept or flag certain addresses / individuals. The Tor nodes are just like IPs. Any server can easily detect if it's encrypted such as Tor. Want an example? Just go to google.com with Tor. It knows your using encryption, so does USPS.
Theres no doubt that it raises "some" flags when using Tor. But what I'm asking is this. Does anyone have concrete evidence that by using Tor will put the sender/recipient in danger? Granted, there are thousands of tor nodes out there, the only thing that they can do is (if they have a sniffer on a particular node) is to say "this hundred square mile area is where thisa address came from" I highly doubt that if we use tor that all sorts of flags go off at usps and the yell "STOP the presses!!! We have a Tor node!!" I just want one person to verify that they have been questioned or busted because they used tor.
My bet is that it doesn't matter. While Ill still play it safe and not use tor. I just think its more of a scare tactic.. Its smart not to use tor but I hightly doubt the us cash strapped post office is putting extra money into finding out if you are using Tor or not....
Still, though, Dont use Tor until its been verified that they dont use it. Its not that hard not too....
EDIT: The whole purpose of this thread is this: HAS anyone have concrete evidence that we are in danger by using tor when checking our DCN through the USPS? All I have heard is theories. While the theories could be true, I want to hear proof. Im not saying we are safe or not by not using tor or vice versa. But, we need correct information. Not just speculation or conspiracy theories....
-
It's very easy to see a client is connecting from a Tor exit... it takes minutes to implement.
-
Well, usps use ssl.
Overall, there is an difference in log visitor IP and what that visitor really check and his input.
I agree with CP. I searched and found nothing and if such tor scenario involved bust happened, article would be already published somewhere on internet.
-
USPS workers have warned us about this flagging system. You will never get any concrete evidence because it is used for intelligence gathering, not building a case on someone. If you think it doesn't exist you are naive.
-
So where is then real danger of someone being busted if its used only for gathering inteligence? Every site use some sort of tacking visitors for statistics, google use it too, but nobody were prosecuted because of that.
Many things can happen only after is somebody arrested and then issued search warrants and other LE methods, question to USPS for obtaining evidence of particular package.
But that particular parcel is flagged in real time when somebody use proxy, tor, jap and that info relayed to LE to act does not exist, and such case is public published data.
Hear-say, rumors and conspiricy theory exist everywhere especially on forums where everybody has an opinion.
Do not search SR or something in google because they also gather inteligence, but how that affect an person, you and me? IMO zero
I do not live in USA but if I send a parcel to US I can check tracking on 2 site; on my national post service and USPS, if I send it to canada then I check with my national post and canada post..so again, they can gather ip from visitors but no other data (dcn or tracking#) On USPS is clearly stated that (obviusly they need a warrant)
To intercept a http trafic or any other LE action warrant must be issued, without it is against the law and dismissed on court of law.
Finally, I believe that checking tracking or dcn should be made only when needed and without tor. Why to bother with things when nobody can know real true.
-
Technically it is very easy to detect TOR usage but the fact is NOT a single documented case arising from this has EVER been posted. TOR, for good or bad, is associated with nefarious activities. Do you want to be the FIRST published case of LE using TN#'s accessed by TOR to be arrested? Probably not.
This is what I do. I use a VPN service which deletes ALL logs daily. I use this for my general surfing combined with browsers in privacy mode (PM) or a completely locked-down FF browser. Unless I am dl'ing large files, I am using VPN + PM all the time. So when I check my TN#'s, it is purely via VPN which is much harder to identify and or flag.
The method I use to surf to SR: VPN ----> TOR ---->SR
My recommendation: Resist the urge to check TN's frequently using ANYTHING! Do you realize it would be so simple to build a dB (if they don't already have one) which analyzes the number of times a package is checked? In virtually no time they could establish acceptable, average ranges and the fools checking their TN's 100 times in 24hrs would so clearly stand out.
-
So where is then real danger of someone being busted if its used only for gathering inteligence?
What people are saying is that if someone checks their package's tracking number using TOR, that it will be red-flagged for further inspection. Postal inspectors can get a warrant to open any package (except maybe legal mail), all they have to do is say it looks suspicious.
Anyways, as was mentioned in the other thread, the solution to this problem is to "use TOR to check tracking for legit stuff".
-
This is what I do. I use a VPN service which deletes ALL logs daily. I use this for my general surfing combined with browsers in privacy mode (PM) or a completely locked-down FF browser. Unless I am dl'ing large files, I am using VPN + PM all the time. So when I check my TN#'s, it is purely via VPN which is much harder to identify and or flag.
The method I use to surf to SR: VPN ----> TOR ---->SR
What is your VPN client?
This works just for SR, but what about to track an order?
-
What is your VPN client?
This works just for SR, but what about to track an order?
Not sure I follow. Only TOR works for SR and VPN for everything else, including mail tracking.
-
Do you know how much man power would be need for do that? Try to go on google with proxy (no tor), same thing like with tor. Many users use proxy and cybercaffe so there is no need to panic doing that.
And that flags nothing, privacy is right and nit discriminaton.
As I know USPS does not hold addresses when cheking dcn, its only a code what is scanned when package is (try) to deliver.
Anyway, do you have an example from real case?
Speculation is not good thing and everyone should read privacy pages on USPS and think logic behind all facts what is going on when someone track package.
Almost none power at all... Allready the traffic shapping machines can do that without using any more power at all...
Its pretty simple...
There's a table know online with the IPS that make the TOR exit points, so the IPs are known...
All "they" have to do is to do the NORMAL TS and check the source IP and destination IP, just that. If the source IP is one from the IPs on the TOR exit points AND the destination IP is one from an Mail Postal Service then it would register that and then store that or whatever...
If you think that the internet doesn't do that NORMALLY then you don't know shit about how it works..... All internet providers and security agencies do Traffic Shapping in order to control the flow of their networks... so it easy as it can be!
-
I meant for LE manpower analisys. Tor detection is not difficult and true fact is that using tor is not ilegal activity.
Do you really beleive that USPS send logs to LE if somebody check a dcn if they use tor? What if they use free proxy? Or internet caffe what use a proxy? Another thing is who is an visitor and what he check on the site.There are privacy laws and LE can obtain such logs or data only if they have a warrant and valid prove what they must present to state judge for approval.
No judge will sign a warrant just if somebody check a tracking using tor or another proxy service. I have read many forums and majority agree that this is a nonsense.
Dcn does not hold addresses or names. Its a bar code what is when delivered marked status. Post office does not hold any dcn records.
USPS use ssl protocol so content is encrypted.
And do you know why? Because that is legal thing to check tracking or dcn online, no matter do you use tor or not.
Suspicius is not prove and not enough to LE take actions against you/me.
Only ilegal activity what can be connected with suspect and evidence can be used against.
Anyhow, this is my opinion. I can suggest just because nobody of us can know for sure what is going behind a scene to not check tracking or dcn with or without tor.
Check it only if is really necesary.
-
Most folks in this thread seem to agree that checking through tor is just a scare tactic. I've scoured the forums here looking for someone who actually had a package intercepted because of this and have found nothing.
People want to hate on me because buyers "keep asking for more" but tracking is a big part of shipping so I don't think I'm out of line in asking for the DCN that sellers hold secretly. This discussion should be reopened so we can dispell old myths and make SR a better place.
-
People who are saying that it's legal to check your packages with Tor are missing the point and approaching this backwards. There is no such thing as protecting yourself too much, and you want to protect yourself from two things, evidence and intelligence.
Evidence is solid data that can connect you to a crime (you had a key of ketamine intercepted and got a controlled delivery). Intelligence is data that can be used to narrow in on evidence (you checked the tracking with Tor, not illegal in itself).
Statistically speaking, you are far more likely to have contraband on the way if you check the tracking information with Tor. The online drug community knows this, postal inspectors know this, and we know that it's a utilized attack vector.
To look at this another way, since intelligence leads to evidence, you want to employ counter-intelligence to keep authorities away from evidence. You may say it is intelligence to use PGP for example, since drug traffickers use PGP. However, the crowd size of PGP users is so large that it's very weak intelligence at best. The crowd size of people who track their packages through Tor though is very small and this is therefore strong intelligence. You can use counter-intelligence by simply not using Tor to check your packages, or using a third-party package tracking site.
Lastly, please take heed of envious' post and never underestimate your enemy.
-
Very well said, QTC. Basically, why risk it if you can check it elsewhere?
I personally agree with the vendors who don't release the DCN unless there's a problem with it, because all it's there for is for proof of delivery for both parties. Most of the time you just shouldn't even need to check it.
Carry on.
-
Statistically speaking, you are far more likely to have contraband on the way if you check the tracking information with Tor. The online drug community knows this, postal inspectors know this, and we know that it's a utilized attack vector.
I understand that this is the thinking, but we advance as a society by questioning everything.
You seem very sure that checking through Tor will lead to an intercept, but how did you get so sure? There are no threads in here that detail anything of this nature. Please show me how come I'm the asshole in here for asking for something other than "because I said so that's why."
-
It's been said by numerous people who have been in this scene for long enough to know best practices about things like this. Why are you seemingly on a crusade to discredit this?
Whether or not there's any concrete proof of this tactic being used by LE is kind of irrelevant. It is absolutely trivial to obtain a list of tor exit relay IP addresses, and setup an automatic flagging system to flag DCNs tracked by these IP addresses. It is a simple, easy way for packages to be flagged with a much higher probability that the package contains contraband than just about any other method.
If you can do something so simple, like not using Tor to check DCNs, that will protect yourself, why wouldn't you do it?
-
Why are you seemingly on a crusade to discredit this?
I'm not trying to discredit the theory, I'm trying to solidify it.
I never check tracking through Tor and don't plan too, but I'm an adult, and my wife and kids have a habit of opening mail, so while most may not care, I'd rather use my spare money in SR and not on divorce attorneys.
So I'm finding all these vendors that will not allow me to track a package and therefore I cannot order from them. They're biggest gripe against giving me tracking is that I'll use tor to track, so I'm trying to figure out if their gripe is legitimate or if this is just another case of bad information ruining a vital feature like tracking.
I've been clear on this and yet all I get in response are unreasoned replies with nothing more than "just shut up noob."
-
If you are paranoid with Tor, use a proxy.
-
My intention was not to start a debate. I think its VERY good practice not to use Tor when checking a DCN. I just wanted to see if anyone could verify that packages are"Flagged" if you use Tor. I agree. dont chance it and never use Tor when searching. I just want to know if its true or not, thats all...I didn't mean that we are ok by using TOR, we all should be as safe as possible and even if there is the slightest chance of raising a red flag with the USPS it should only be used with clearnet. I hope I made myself clear...
-
Why are you seemingly on a crusade to discredit this?
I'm not trying to discredit the theory, I'm trying to solidify it.
I never check tracking through Tor and don't plan too, but I'm an adult, and my wife and kids have a habit of opening mail, so while most may not care, I'd rather use my spare money in SR and not on divorce attorneys.
So I'm finding all these vendors that will not allow me to track a package and therefore I cannot order from them. They're biggest gripe against giving me tracking is that I'll use tor to track, so I'm trying to figure out if their gripe is legitimate or if this is just another case of bad information ruining a vital feature like tracking.
I've been clear on this and yet all I get in response are unreasoned replies with nothing more than "just shut up noob."
I don't know if you're trying to imply that I'm a kid and don't understand your adult reasons for doing things, but I'm much older than you probably think I am. If you're an adult with a wife and kids, surely you have a job that gives you enough income to be able to afford a PO Box? Just open one and get your SR purchases sent there. Your family doesn't even have to know you have one, and you can be 100% sure they won't be opening your mail that way.
I understand your frustration with not always being given tracking numbers, but that's the vendor's choice. I think if they are using the argument that buyers will be careless and track through Tor, they're totally justified in that. There are far too many buyers that don't know enough about security, or who just don't care enough. Since it's impossible for vendors to know how educated every one of their buyers is, it's just safer for them to take the matter into their own hands. Just look at the difference in membership between SR and the forums - almost 150k members on SR, but barely 10k registered on the forums. Unfortunately people don't like to take the time to read and educate themselves, or get involved in the community.
-
Am starting to get paranoid using Tor to check tracking. Think will use a simple proxy instead, hehe.
-
I don't think anyone is sure or not if it flags the package, but in our situation it's best to be on the paranoid side and assume they do. Spoofing your mac address and using an unencrypted or poorly secured wifi spot is the way to go.
-
All Tor exit nodes are public. So it's easy to tell if a web user is using Tor.
For example, when someone first starts the Tor Browser Bundle it goes to this page to check if Tor is working:
https://check.torproject.org/?lang=en-US&small=1&uptodate=1
That page says it is powered by TorDNSEL.
https://www.torproject.org/tordnsel/
I assume it does that by seeing your IP address and looking for that IP on the list of Tor exit nodes:
http://exitlist.torproject.org/
Although I guess that has to be accessed by running this Python script:
https://check.torproject.org/cgi-bin/TorBulkExitList.py
You can see the IP of the exit node you're using at the following sites:
https://check.torproject.org/?lang=en-US&small=1&uptodate=1
http://onion.is-found.org/client-check
http://torcheck.xenobite.eu/
If you go to an .onion site on Tor, the site sees your IP as 127.0.0.1. You can verify that here:
http://32rfckwuorlf4dlv.onion/client-check
If there is anyone at USPS with a brain, I assume they would figure out that a tracking number being checked by a Tor exit node dramatically increases the probability that it contains illegal goods. So I can understand why vendors would be unwilling to give out the tracking numbers.
If a buyer obtains a tracking number and feels the need to check it, I don't know, maybe do it at a library with internet access or a place with free wifi or something.
-
just dont do it
no need to test the waters
-
just dont do it
no need to test the waters
Or we could test the waters with non-illegal shipments and see if they get inspected. That's how science works.
-
I think the level of appropriate caution is directly proportional to the amount of time you could serve. And, really, think of it this way: it's better to look back and say 'damn I was overcautious' than to look back and say 'if only I'd listened...'
-
Why bother when a hundred sites like these exist:
http://www.packtrack.com
http://www.trackapackage.com
http://www.packagemapping.com
https://ontrac.com/tracking.asp
If you've ever run a website, you know all about blacklist IPs that show up in logs alerting you. I just checked my current Tor exit node IP and it showed up as blacklisted on 92 different DNS lists. cbl.abuseat.org lists my exit IP as spamming child pornography in Nov 2011, and being infected with Torpig. Not something I want to broadcast to a government website