Quote from: MrJoshua on April 15, 2013, 04:32 amAs a vendor, is it okay for me to leave tor running with silk road all day, or should log in and out as quickly as possible?That's a tricky one. There's a few layers to that question and I'm not certain of the answers to them. Some information may help you make a decision. I think it's really two separate questions.1. Is having Tor running all the time a threat to my anonymity?2. Is connecting to a hidden service for a long time a threat to my anonymity?The main attack vector that occurs to me is that an entry guard could be compromised. See here for an explanation of what that means:https://www.torproject.org/docs/faq#EntryGuardsI believe the Tor Browser Bundle now does persistent entry guards. But if you're using Liberte, then Tor is forced to choose new entry guards each reboot. The result is that you're more exposed to a timing attack on your anonymity if you're accessing regular clearnet websites. If you are using bridges then you are also using persistent entry guards. If you are using a private bridge you've setup yourself, then you're using a persistent entry guard that you know is good.I'm inclined to say that the answer to (1) is no, with the proviso that you're using the TBB. Possibly investigate obtaining a private bridge if it concerns you.--Just because you're connected to the Tor network, doesn't mean that you're using it a lot. My point is that you could stay on Tor for 24 hours, and only be communicating with SR's hidden service for a relatively small fraction of that time because you're not actively using the site and therefore not generating lots of HTTP GET requests for different webpages. Conversely you could be connected for 1 hour, and actively generating lots of HTTP GET requests by clicking around the place like a mad person.I'm also inclined to say that the answer to (2) is no. I would suggest that you act as a relay if you're on Tor for very long periods e.g. days or weeks. Acting as a relay introduces some new attack vectors similar to that of a hidden service I believe, but on the other hand it makes it very difficult to disassociate traffic from the relay operator from the other traffic that is being relayed, which would improve your anonymity. Eventually all Tor users will be relays anyway. As an added bonus, using Tor shall be faster too.Quote from: StrangeHuman on April 15, 2013, 05:22 amMy good pine! I am sure you can help me, I would just like to get some experience using PGP could you send me an encrypted message with my public key so I can decrypt it? It would be super awesome of you.-----BEGIN PGP PUBLIC KEY BLOCK-----Version: GnuPG v2.0.19 (MingW32)It appears that your PGP key lacks an encryption subkey. You need to make a new PGP key that includes one, then I'll send you a test message. I think maybe you got halfway through making a PGP key on the command line, it's unusual to see this with one made via the GUI. Whatever the case, just make a new one and get back to me. Thanks.Quote from: Hunter Guy on April 15, 2013, 08:58 pmHey, pretty general question but any tips for keeping anonymous online? Like any programs or recommendations. Hope that isn't too broad.Some of us are pretty hardcore. Not all of this will apply. The most important thing is your threat model. There is no security precaution high enough if your threat model is serious enough. Conversely for others their threat model is low and so some security precautions would be overkill. The following information is not intended to be comprehensive. Keep a notebook and search these forums and you'll quickly accumulate more useful information.Programs:GPG - to encrypt your emails. I have a thread linked in my sig which describes how to use GPG in an anonymous way.Tor - to encrypt your internet traffic. Use bridges as persistent entry guards.FDE - to encrypt your hard drive. Super glue your RAM to the motherboard (lulz).If you're doing that, you're already way out ahead of 99% of people. It's still pretty basic though.--Outside of that, don't use social networks, don't use your real name anywhere. Use different emails and nyms and avatars for every website you use. Some email services allow you to use aliases for your email such that you can do this easily. This makes life hard work for the algorithms rooting through the Deepweb. When using public transport always use cash and never, ever use loyalty cards of any kind.At this point congratulations! You're on the terrorist watch list :) It was probably supergluing your RAM that did it. :)It's ok. Anybody with an IQ over 100 is probably already on it, you got tested, right? :) Use a unique writing style you have adopted for each nym to defeat stylometric analysis. People talk differently to different people anyway, depending on what circles they're in. Push that tendency to an extreme.In a way, the people building the Utah faculty are making a huge strategic mistake. Huge numbers of people are already adopting measures which make linkability extremely difficult. It's not that the data is hard to find or decrypt, it is that the data does not exist. No amount of intelligence agents or analysts can counter that. It's practically a filter for people stupid enough to form networks based on personal relationships. I mean politicians, most corporations are fucked. We'll be good though. Outside of spy school (possibly), nobody is as paranoid as hackers, and no hackers are as paranoid as the cypherpunks, it goes with the territory. The best allies. As enemies your worst nightmare.In practice most people are caught out by operational security flaws such as opening their big mouths too often or to the wrong kind of people, not technical measures. That's partly what got Sabu. That's what got Bradley Manning.Quote from: Slacka on April 15, 2013, 10:05 pmA technical question for you, Pine.I use GPG4USB (ver 0.3.2-1) on my linux (Ubuntu) box, and would like to change my GPG private key password to something stronger. I have researched the Internet for the answer, but can't seem to nail it.Your thoughts?Yes, this is something useful you can do. Sometimes people assume you can't, but PGP is very flexible. You can edit your PGP key to change the name, email address(es), comment, password, and even add a small picture. Export your private key first from GPG4USB. The option is in the context menu when you right click on your PGP key. Once you have that, import it to your Ubuntu version of GPG (gpg --import blahblah.asc) from whatever directory you put it in.Once it's there, you need to type the following into the terminal.gpg --edit-key [keyID or name]Command> passwdEnter passphrase:Enter the new passphrase for this secret key.Enter passphrase:Repeat passphrase:Command> saveNow export the private key from the Ubuntu version of GPG and import it back into GPG4USB. Once that is done, there is the little matter of the two copies of your secret key on the hard disk. Use shred -fuv filename1, shred -fuv filename2 to overwrite them. That's it.