Silk Road forums
Discussion => Security => Topic started by: Nemesis0914 on July 31, 2013, 11:46 pm
-
So im using a clearnet email linked to this silk road account....im worried because i dont know how to change it. i tried setting up a tormail but the thunderbird software fucks up. can someone tell e how important it is to use tormail? i use pgp. is that enough?
-
I personally would not use a clearnet email. If that e-mail is tied into your real identity, then I suggest making another SR account and asking to transfer your stats. NOTHING should tie to your real identity.
You can use tormail in the TOR browswer, with javascript disabled. There's no reason not to.
-
The question is wheter the clearnet email can be traced back to you. If not, I don't see a problem with using it. Have you ever logged into this email account without Tor?
-
The question is wheter the clearnet email can be traced back to you. If not, I don't see a problem with using it. Have you ever logged into this email account without Tor?
All it takes is logging-in even ONCE to a clearnet email account without Tor, and you're screwed. This is similar to how the Feds nabbed Hector, one of the LulzSec dudes, and turned him. He forgot to engage Tor prior to logging-into an IRC channel that the Feds were monitoring. The reason that Tormail is so frequently recommended is that you cannot access the service, unless Tor is up and running, thus preventing your real IP address from being determined.
Nightcrawler
4096R/BBF7433B 2012-09-22 Nightcrawler <Nightcrawler@SR>
PGP Key: http://pgp.mit.edu:11371/pks/lookup?op=get&search=0xB8F1D88EBBF7433B (MIT clearnet keyserver)
PGP Key: https://keys.indymedia.org/pks/lookup?op=get&search=0xB8F1D88EBBF7433B (IndyMedia https: clearnet keyserver)
PGP Key: http://qtt2yl5jocgrk7nu.onion/pks/lookup?op=get&search=0xB8F1D88EBBF7433B (IndyMedia .onion keyserver)
PGP Key: http://dkn255hz262ypmii.onion/index.php?topic=174.msg633090#msg633090 (Silk Road Forums PGP Key Link)
PGP Key Fingerprint = 83F8 CAF8 7B73 C3C7 8D07 B66B AFC8 CE71 D9AF D2F0
-
So im using a clearnet email linked to this silk road account....im worried because i dont know how to change it.
I'm not entirely sure what you mean when you say the accounts are linked -- how are they linked? If you have used your clearnet email address on your PGP key, just genearate a new key, with a Tormail address. If you have your clearnet address linked to your Forum account, then it's a simple matter to go into the Forum click on your name (e.g. on one of your posts) and then click on Modify Profile. You can then change your email address, so when people click on the email link, the email will be sent to your Tormail address as opposed to your clearnet email address.
i tried setting up a tormail but the thunderbird software fucks up.
You can use Tor with Thunderbird, but it takes some configuration. You might want to look into using Torbirdy, a Thunderbird plugin that is designed to facilitate the use of Tor with Thunderbird.
See: https://addons.mozilla.org/en-us/thunderbird/addon/torbirdy/
See also: http://lifehacker.com/5983635/torbirdy-protects-your-identity-in-thunderbird (clearnet)
can someone tell e how important it is to use tormail? i use pgp. is that enough?
Is PGP enough? Absolutely NOT. Here's why -- the one thing you absolutely have to understand is that PGP is for privacy; Tor is for anonymity -- they are NOT the same thing. Ideally you want both, but if you cannot have both, it is more important to be anonymous.
Here's an example:
Consider the case of two users: Alice and Bob. Alice uses a Tormail account, while Bob uses GMail. Let's assume that Alice and Bob are both investigated by the Feds. What can the Feds get on each of them?
Because Alice uses Tormail, it is impossible for her to access the service without Tor being engaged, thus she never risks exposure of her real IP address. Furthermore, because Tormail is run on a hidden service, the Feds cannot determine who runs the service, nor where the server is physically located. Accordingly, the Feds cannot arrest the operator to pressure him/her to hand over information, nor can they seize the server to get access to the emails themselves.
For Bob, on the other hand, the Feds have a much easier job. Google has policies and procedures in place for the handing over of information, as well as manuals they provide to LEA telling them what information they keep and how to access it. Under the Stored Communications Act (SCA) the Feds have automatic access to email 180 days old or older -- no warrant required, all they have to do is ask for it. Likewise, a warrant is NOT required to gain access to ancillary information, i.e. thje email headers containing (among other things) From:, To:, and Subject: lines. They can also get a list of the IP addresses used to access the account. Google keeps the IP address used to establish an GMail account permanently, and they also store the last 10 IP addresses used to access that GMail account. With a warrant, they can get access to all your email -- they can see who you've been writing to, who's been writing to you, and they can read the email contents. (Much the same applies to other clearnet email providers).
Nightcrawler
4096R/BBF7433B 2012-09-22 Nightcrawler <Nightcrawler@SR>
PGP Key: http://pgp.mit.edu:11371/pks/lookup?op=get&search=0xB8F1D88EBBF7433B (MIT clearnet keyserver)
PGP Key: https://keys.indymedia.org/pks/lookup?op=get&search=0xB8F1D88EBBF7433B (IndyMedia https: clearnet keyserver)
PGP Key: http://qtt2yl5jocgrk7nu.onion/pks/lookup?op=get&search=0xB8F1D88EBBF7433B (IndyMedia .onion keyserver)
PGP Key: http://dkn255hz262ypmii.onion/index.php?topic=174.msg633090#msg633090 (Silk Road Forums PGP Key Link)
PGP Key Fingerprint = 83F8 CAF8 7B73 C3C7 8D07 B66B AFC8 CE71 D9AF D2F0
-
If you wish to use a clearnet address there are some things you can do for anonymity:
1) If possible use a local cafe or hotspot that you do not own to do your business
2) There are non-tor proxy services
3) Use thunderbird with the torbirdy addon enabled. this runs your email through TOR
I gave up on tormail because of it's regular downtime so I do all three of the above with a clearnet email
mm
-
So im using a clearnet email linked to this silk road account....im worried because i dont know how to change it.
I'm not entirely sure what you mean when you say the accounts are linked -- how are they linked? If you have used your clearnet email address on your PGP key, just genearate a new key, with a Tormail address. If you have your clearnet address linked to your Forum account, then it's a simple matter to go into the Forum click on your name (e.g. on one of your posts) and then click on Modify Profile. You can then change your email address, so when people click on the email link, the email will be sent to your Tormail address as opposed to your clearnet email address.
i tried setting up a tormail but the thunderbird software fucks up.
First of all i would like to thank you for that informative reply. excellent. Secondly, i was using an account that isnt linked to my name. i was using a service from safe-mail. have you heard of it?
You can use Tor with Thunderbird, but it takes some configuration. You might want to look into using Torbirdy, a Thunderbird plugin that is designed to facilitate the use of Tor with Thunderbird.
See: https://addons.mozilla.org/en-us/thunderbird/addon/torbirdy/
See also: http://lifehacker.com/5983635/torbirdy-protects-your-identity-in-thunderbird (clearnet)
can someone tell e how important it is to use tormail? i use pgp. is that enough?
Is PGP enough? Absolutely NOT. Here's why -- the one thing you absolutely have to understand is that PGP is for privacy; Tor is for anonymity -- they are NOT the same thing. Ideally you want both, but if you cannot have both, it is more important to be anonymous.
Here's an example:
Consider the case of two users: Alice and Bob. Alice uses a Tormail account, while Bob uses GMail. Let's assume that Alice and Bob are both investigated by the Feds. What can the Feds get on each of them?
Because Alice uses Tormail, it is impossible for her to access the service without Tor being engaged, thus she never risks exposure of her real IP address. Furthermore, because Tormail is run on a hidden service, the Feds cannot determine who runs the service, nor where the server is physically located. Accordingly, the Feds cannot arrest the operator to pressure him/her to hand over information, nor can they seize the server to get access to the emails themselves.
For Bob, on the other hand, the Feds have a much easier job. Google has policies and procedures in place for the handing over of information, as well as manuals they provide to LEA telling them what information they keep and how to access it. Under the Stored Communications Act (SCA) the Feds have automatic access to email 180 days old or older -- no warrant required, all they have to do is ask for it. Likewise, a warrant is NOT required to gain access to ancillary information, i.e. thje email headers containing (among other things) From:, To:, and Subject: lines. They can also get a list of the IP addresses used to access the account. Google keeps the IP address used to establish an GMail account permanently, and they also store the last 10 IP addresses used to access that GMail account. With a warrant, they can get access to all your email -- they can see who you've been writing to, who's been writing to you, and they can read the email contents. (Much the same applies to other clearnet email providers).
Nightcrawler
4096R/BBF7433B 2012-09-22 Nightcrawler <Nightcrawler@SR>
PGP Key: http://pgp.mit.edu:11371/pks/lookup?op=get&search=0xB8F1D88EBBF7433B (MIT clearnet keyserver)
PGP Key: https://keys.indymedia.org/pks/lookup?op=get&search=0xB8F1D88EBBF7433B (IndyMedia https: clearnet keyserver)
PGP Key: http://qtt2yl5jocgrk7nu.onion/pks/lookup?op=get&search=0xB8F1D88EBBF7433B (IndyMedia .onion keyserver)
PGP Key: http://dkn255hz262ypmii.onion/index.php?topic=174.msg633090#msg633090 (Silk Road Forums PGP Key Link)
PGP Key Fingerprint = 83F8 CAF8 7B73 C3C7 8D07 B66B AFC8 CE71 D9AF D2F0