Silk Road forums

kmfkewm mentioned that having iframe enabled might be enough for the exploit to work.

Fuck me but I did try to access bud porn on servers that were probably targeted by the feds  (I got the server maintenance page).

I don't view cp and never have but am screwed here because I tried to access one of the targeted servers?

I mean I've probably accessed nug porn images on any of those servers dozens of times.  Since the feds won't have access to my Tor browsing history, how will they differentiate between those that viewed cp and those that didn't?

I can imagine that them having a record of someone accessing the server (through the js exploit) would be enough probably cause for warrants but I would have to have them seize my computers for them to do forensic analysis to determine that I, indeed, don't and never had cp?

wtf???

They can probably differentiate between those who attempted to view CP and those who attempted to view drug images.

I hate that all of the tech stuff flies over my head for the most part. Should I be worried if all I use is a thumb drive with Liberte? I had two tormail accounts that I had never used to send anything. Nor have I logged into them for many months. I never reused passwords but had a tormail matching my sr username.

I don't think Liberte users are vulnerable because it doesn't use Firefox or Iceweasel does it?

Is there any information on how he was tracked down and arrested?

No I don't think there is. I don't think there is even any proof yet that this is actually him, although circumstantial evidence strongly suggests that it is. I do know that he used virtual machines to isolate his web servers though, that means if he was hacked the hackers had to break out of a virtual machine, which is pretty advanced compared to everything we have thus far witnessed LE hackers do. Another possibility is that his server was traced to its entry guards and then LE got a court order to tap an identified entry guard in order to locate his hidden service. Another possibility is that he fucked up in some other way, maybe social engineering got him or maybe the datacenter his server was at noticed he had 24/7 terabytes a day of Tor traffic.

It APPEARS that anyone using a non-windows system has nothing to worry about.  This includes tails and any other linux-based, or mac osx systems.  The exploit has been reported to only work on the windows OS.  While we cannot be sure this is the case, it does seem plausible.  However, if the exploit does work on non-windows systems then using tails, etc. would likely not protect you from having your IP address discovered, as the IP provided by your ISP would be the same whether you use tails or not.

The exploit only targets what looks like Windows OS, but Tor Button makes all Tor users look like they are using Windows. So it is not certain that it wont work against Linux users, it will try to exploit them anyway due to the fact that Tor Button spoofs user agent to look like Windows. I have seen a few peoples opinions on this exploit code so far, and nobody is yet willing to say if it works against Linux or not. So far I have not heard much that sounds very solid.

I have done quite a bit of research on javascript and IP address discovery.  There is no way that I have discovered to obtain your location's public IP address from javascript.  All that (non-hacked) javascript has the capacity to do is report the private IP address of the local computer it is running on, which is useless to LE.  Its clear that the FBI, or someone the FBI bought the exploit from (yes, the FBI buys shit off the black market too), has a way to do this.

Javascript directly cannot obtain IP address, but it can be used to take full remote control of a persons computer, because it can be used to exploit security vulnerabilities in firefox or whatever, and that is what people think has happened.

Was the Freedom Hosting owner even keeping his identity secret?  I assume he didn't provide free hosting services.  Perhaps he only allowed anonymous currency payments.  Its not clear from any of the reports I've read.  Its also not clear whether he was responsible for the child porn directly or his company hosted a hidden service that was responsible.

He kept his identity a secret and he did offer free hosting services.

Alright, so they got freedom hosting. The owner apparently had a history with child pornography. Illegal photographs were being hosted on freedom hosting's servers.. but they can't necessarily use that same tactic to shut SR down.. am I right? Yes, drugs are being sold here, but that doesn't give them any more than they already have to go after the company that hosts SR. Am I the only one who doesn't believe SR is next?

Of course they could use the same tactic to shut SR down.

Does anyone have any guess as to whether deleted messages on Tormail would be recoverable by an agency? Im thinking specifically ones that I deleted a year or so ago.

It may be possible, or it may not be, it depends on too many variables that we do not know. You should have used GPG.

I'm not entirely clear on what is/has happened here, are people saying the java script exploit was up and running before the FH sites went down or after?

The claim is that the exploit was injected during the down time, and during the time when the server is down message was coming up.

I think that FH was just allowing .onion sites to be hosted, I dont know if he directly was involved in CP or if it was just more of a "He allowed them to be hosted , Hes as guilty as the people downloading them"

He didn't host CP himself and he actually said in the rules that he wouldn't allow CP to be hosted, but he also turned a complete blind eye to it and obviously was fine with people using his server to host CP.

None concrete yet.

I am beginning to believe it was his own negligence that lead to his identification and arrest. He also ran a clearnet host (hostultra.com) and didn't seem too concerned about keeping his identity a secret (clearnet - http://www.webhostingtalk.com/showthread.php?t=157698). Freedom Hosting apparently had quite a lot in common with Host Ultra which, while circumstantial, could raise suspicion.

Also, Anonymous leaked specific software information about the Freedom Hosting server in fall of 2011. He was the wrong guy in their witch hunt but the information they collected I'm sure was filed by the FBI.

There is speculation of him running other deepweb services (I've read he ran OnionBank? any confirmations on that?) and there is also mention of large amounts of money running through his own bank account which is unlikely to be from Freedom Hosting as his plans were all unmetered. He could have been taking under-the-table payments to keep CP sites online above normal fees, and that would leave a paper trail if the client had been caught or was under investigation - or if a client that paid him under the table was actually law enforcement. There's also a bit of focus on a transaction to Romania (6000 euros) from his own bank account, which he claims is investment in another business. It's been mentioned in a couple of threads the possibility of "real life" social engineering.

It says the FBI has been investigating him for a year. He is also a US citizen, though living in Ireland since age 5 and the warrant is issued from Maryland.

Sorry I can't provide more info.

ER.

I don't think he was too stupid or anything, he had some of the best technical security of anyone in onionland and he has been running Freedom Hosting for quite a lot of years now with no issues. He also didn't charge anything for hosting anything. Also the person who is busted used his credit card to withdraw 6,000 Euro in romania but also sent about half a million dollars worth of Euros to Romania through his bank account.

I always thought it was stupid that Tor Project left javascript on by default in Tor Browser. I really question a lot of choices that they make in the name of making their software more user friendly. Leaving javascript on to "hide your browser fingerprint in a larger crowd" might turn out to be about the same as wrapping a rope around your neck , tying it to a fan, and jumping off a chair, because you don't want to step on a tack on the floor.

I heard somewhere that Uraguay is going to legalize Cannabis for personal recreational usage.

All drugs are already legal for personal use in Uraguay, they are making cannabis legal to produce and sell (legal for anybody to grow, legal for the government to sell).

Czech Republic has similar laws, personal use amounts of all drugs are completely legal, you cannot even get a ticket for them or have them seized from you.

Portugal has also decriminalized personal use amounts of all drugs but it isn't quite to the same degree as Czech Republic for example. If you get caught with personal use drugs you can still have them seized from you, and you can still be taken to court. If the Judge at court determines you are an addict they can sentence you to drug treatment, otherwise they can give you a small fine, or they can just let you off. So it isn't really like drugs are decriminalized in Portugal it is just that for personal use amounts of anything the worst sentence you can get is outpatient drug treatment and a small fine.

Here is the thing about DMT. 50% of the time it will have no effect or very little effect. 50% of the time you will massively overdose on it and feel like you just smoked ten tons of crack. I have not been able to find the mystical in between place for DMT, and I know a lot of other people who have similar things to say about it.

100mg is a bad dose imo, you want to either k hole or do nothing is my opinion. Some people like low dose ketamine but for me it just feels uncomfortable. Unless you only weigh 100 pounds 100mg is a low dose. Try taking 1mg per lb that you weigh and see how you like it. I like it a lot more at that dose than something like 100mg, which isn't enough to k hole and just makes me feel kind of woozy.

Quote from: kmfkewm on August 02, 2013, 09:22 pm

Actually in a libertarian world this would be much less likely to happen. Libertarians are more in favor of gold standard, and most are very against fiat money. One of the main things the banks do is fractional reserve banking, where they can loan out more money than they actually have. This is only made possible because of the government, and the only reason fiat currency has any value at all is because the government demands that taxes are paid in it. Libertarians are generally against the idea of taxation, which means they generally view fiat currency as being inherently worthless. In a libertarian society, a bank that loaned out more gold than it has would be considered to be engaging in fraud, and all of the fiat currencies in the world would be seen as about as valuable as toilet paper.

Just to be clear, are you proposing a strict gold standard? Where banks can literally only issue paper to the value of gold they hold?  Surely not? Fractional reserve banking came about because it is extremely useful. It is possible for a bank to engage in it entirely alone, based on its customers confidence in its ability to meet its obligations. It is not inherently fraudulent. Nor does it need government backed fiat currency to work. Banks have been issuing many times more currency than holdings since the 17th century. Its something they can do completely independent of government backing.
         Of course, at various points in history governments or more usually monarchs have become enraptured by the seemingly magical ability to print money to pay their debts and this is where many of the problems begin.

I am proposing a strict whatever the hell people want standard. People don't want money that has value because it is used to pay off the mafia. The dollar is only worth anything because taxes are paid in it. Fractional reserve banking is pretty close to inherently fraudulent. If you have 10 bars of gold how can you loan out 80 bars of gold? Banks have pretend money and it is used for them to make real money. If I write a check to the bank for 10 times more money than I have, and then I use the cash for investments, it is considered fraud right? So why can the bank give out 10 times more money than it actually has? The only reason it can is because the government says that it can. The bank makes money out of nothing and then gets rich from it. That wouldn't happen in a libertarian world, because nobody really wants pretend money, and you can't really loan out 80 bars of gold when you only have 10.

I didn't know you double posted I was just trying to start a pattern .