Silk Road forums

Quote from: Horizons on March 15, 2012, 01:00 am

... while it did point out (correctly) that Tor is mostly used for trading drugs and CP, it also made a point of explaining that this isn't what the software is for ... 

Tor is mostly used for trading drugs and CP?  I doubt if that's true.  There are all types of people using Tor for reasons that are in keeping with the original goals of the Tor project.  See
Hxxps://www.torproject.org/about/torusers.html.en

If we let censorship zealots redefine Tor as a network used only to facilitate criminal activity then that makes it much easier to shut down Tor.  Tor administrators have made targeted efforts to help activists in China, Iran, and Syria, just to name a few countries with repressive regimes.  If I had to guess, I'd say that drug traffic on Tor is but a small minority of overall traffic.  Right now the biggest illegal use of Tor is probably for file sharing (such as pirated DVDs).

I seem to remember a research paper showing that the majority of Tor exit traffic consists of legal adult pornography. In several countries with large Tor userbases all porn is illegal, so it is not really a big surprise.

What is unsafe about it?

Quote from: kmfkewm on March 15, 2012, 12:52 am

And one could break out typologies of CP offenders and show that only a tiny fraction of producers, extreme exhibitionists, produce CP merely because they know others will view it. Some CP is produced for commercial reasons, although this is incredibly rare today. And the payment for child pornography production is an entirely different matter than the possession or distribution of child pornography, these issues are not mutually inclusive. In some cases CP trading groups require the posting of unique material every certain period of time, in order for membership to be maintained. This sort of distribution structure does encourage the creation of new child pornography, as after a while members will have trouble finding new unique material without producing it themselves. From a strict libertarian point of view even this sort of membership structure would not be outlawed, as it merely promotes harm rather than technically ensuring it. From a risk to rights perspective it should probably be outlawed though, simply because it strongly encourages production and is not required for either the possession or distribution of CP. A significant amount of CP is also self produced and in some cases intentionally distributed.

One may also argue that viewing child pornography increases the probability of CP offenders victimizing children.
One may also argue that viewing child pornography decreases the probability of CP offenders victimizing children.
Both people will be able to cite many research papers.
The people who publish the research papers arguing for the first opinion can also quickly have many citations given for instances where they falsified statistics. I also see that they routinely falsify data in all areas in which they operate.

I don't care about whoever viewing computer generated  CP, If there isn't a child involved. But that child/person is still out there somewhere and was exploited? Its fucked up! The Holocaust needs to be seen so we will not repeat it. And its most def not good for the road!

What about pictures of murdered bodies? Bank robberies? Battered people? Bodies killed in drunk diving accidents? 'Was' is the key word in your sentence, but you are using it to argue for 'is currently being' for some reason.

you can test billions of passwords per second with a high end GPU. I just learned that on wikipedia when looking up if your laptop would be capable of guessing hundreds of thousands or millions of passwords per second, I think it is hundreds of thousands though.

edit Hm appears to be low millions per second with most modern CPUs. 

I think this comic sums up secure password creation:

https://xkcd.com/936/

And one could break out typologies of CP offenders and show that only a tiny fraction of producers, extreme exhibitionists, produce CP merely because they know others will view it. Some CP is produced for commercial reasons, although this is incredibly rare today. And the payment for child pornography production is an entirely different matter than the possession or distribution of child pornography, these issues are not mutually inclusive. In some cases CP trading groups require the posting of unique material every certain period of time, in order for membership to be maintained. This sort of distribution structure does encourage the creation of new child pornography, as after a while members will have trouble finding new unique material without producing it themselves. From a strict libertarian point of view even this sort of membership structure would not be outlawed, as it merely promotes harm rather than technically ensuring it. From a risk to rights perspective it should probably be outlawed though, simply because it strongly encourages production and is not required for either the possession or distribution of CP. A significant amount of CP is also self produced and in some cases intentionally distributed.

One may also argue that viewing child pornography increases the probability of CP offenders victimizing children.
One may also argue that viewing child pornography decreases the probability of CP offenders victimizing children.
Both people will be able to cite many research papers.
The people who publish the research papers arguing for the first opinion can also quickly have many citations given for instances where they falsified statistics. I also see that they routinely falsify data in all areas in which they operate.

Hi, I don't want to hijack this thread, but I'd not heard of Ironkey before reading this. Looking at their website, it obviously includes it's own "stealth browser" (based on FF) and it states the following:

Quote

"IronKey maintains a secure private Tor network with it's own high-performance servers (separate from the public Tor network). This improves the overall security in at least two ways:
1. Since Ironkey controls the exit-node in your encrypted Tor circuit, we can ensure that no one is injecting unwanted or malicious content into your online communications, such as ads or spyware.
2. Ironkey can also make sure that no exit-node is redirecting your web traffic by providing additional DNS protections. This anti-pharming [sic?] measure can also help mitigate phishing attacks and other threats"

Would there be any benefits, or hazards, to using their "private Tor network" for SR stuff? Seems a bit too good to be true, and an excellent way for LE to connect to a big fat pipe of all sorts of interesting stuff...

Using their private Tor network is about as secure as using any other VPN, maybe a wee bit more since it is actually based on the Tor software, which protects better than most VPN software does from website fingerprinting and such. They also exit traffic through their trusted servers, so you can be more certain that traffic through the exit node wont be modified or spied on by random malicious parties. Of course it also ensures that all of your traffic can be modified and spied on as soon as the feds issue a warrant and force ironkey to cooperate. I don't know how much they have modified Tor or if they use any of its servers other than theirs. I am also not clear on if they are using Tor nodes they have added to the public Tor network or if they are using a fully private Tor network. In any case it is probably about as anonymous and secure as a VPN managed by a company like ironkey can be, which means potentially better than nothing but I certainly wouldn't rely on it. Do they even caim to not keep logs? It seems like they are selling it more as a tool to encrypt your internet traffic than as something to keep you anonymous, but in either case that is all you should really expect from it.

Ironkey is not immune from being hacked. It has a hardware encryption system with some neat features though. It protects from being brute forced because it securely erases your encryption key if too many bad attempts are made. It also is filled with encapsulation material and has a metal skin, to make it difficult to get to the encrypted key without damaging it and erasing it from memory, although (ex)military hackers have gotten around systems like this before:

http://www.nzherald.co.nz/technology/news/article.cfm?c_id=5&objectid=10625082&pnum=0

Tarnovsky needed six months to figure out his attack, which requires skill in modifying the tiny parts of the chip without destroying it.

Using off-the-shelf chemicals, Tarnovsky soaked chips in acid to dissolve their hard outer shells. Then he applied rust remover to help take off layers of mesh wiring, to expose the chips' cores. From there, he had to find the right communication channels to tap into using a very small needle.

The needle allowed him to set up a wiretap and eavesdrop on all the programming instructions as they are sent back and forth between the chip and the computer's memory.

Those instructions hold the secrets to the computer's encryption, and he didn't find them encrypted because he was physically inside the chip.

Even once he had done all that, he said he still had to crack the "huge problem" of figuring out how to avoid traps programmed into the chip's software as an extra layer of defence.

"This chip is mean, man - it's like a ticking time bomb if you don't do something right," Tarnovsky said.

Joe Grand, a hardware hacker and president of product- and security-research firm Grand Idea Studio, saw Tarnovsky's presentation and said it represented a huge advancement that chip companies should take seriously, because it shows that presumptions about security ought to be reconsidered.

"His work is the next generation of hardware hacking," Grand said.

 

Ironkey is a nice high quality thumb drive with built in encryption and some nice difficult to defeat physical security features, but it is not the completely unhackable magic device you are making it out to be. It is FIPS140-2 level two certified, but the military probably uses level 4 certified stuff mostly.  Anything without physical intrusion detection features can only get level 1 certification, level 4 needs to be able to detect any potential physical intrusion.

Meh you can learn everything I said here from reading case studies. I have read the case studies of pretty much every major CP operation in USA and lots in other countries as well. There is no better way to see the cutting edge of police operations against cyber crime, the amount of documentation and level of technical detail provided is actually quite substantial.