Quote from: motek on April 20, 2013, 11:10 amWOW Pine just wow! TF it wouldn't run properly and I dont use/have it on my computerBut wow ... I KNOW IRL someone who was done by the Oz feds for VioP to china for RC's ...they had everything :(But a "keylogger" as well ... shitAND that " onion.to " site must be scoring HEAPS of noobs .... It got me on my first attempt ...this is #3 :D and I'm "pretty sure it is safe" BUT I "could do 'batter(linux) and be 'safer' ...but for us ... coz we are small, the level of security we have seems adequate .... but that wont stop motek from learning about Linux soon :P It must be done :) 8)OP ..."cease and desist" :o Dude try WTF at Reddit NOT the fuckinn SR forums ::)Good! Others should heed that too: drop Skype, use Linux or BSD.Encrypted VOIP is supposed to use a one time session key, which is then deleted after a call is finished. If you know somebody who had info intercepted then you've second hand knowledge that the crypto... wasn't. InfoSec and opSec are a lifestyle, adopted by conspiracy theorists (often ineffectively due to being unable to assess an appropriate threat model, or simply having the wrong personality type), drug smugglers, hackers and intelligence agents/analysts and other people who have a clue in the modern world such as professional whistle-blowers, professional soldiers and cypherpunks. In this world, which is everybody's world if only they knew it, a tool is useless until it has proven itself. Guilty until proved innocent. Natural selection encourages extreme conservatism. As a result having the correct instincts is extremely important, because it is difficult to teach no matter how hard you try.One shortcut to experience, because we cannot all collectively live like this, is to rely on second hand red flags thrown up by others with more experience than ourselves.Take this newsgroup post by Roger Dingledine, the Tor Project leader:http://archives.seul.org/or/talk/Mar-2007/msg00060.htmlQuote...(I personally don't use Skype, because I don't know what the heck itdoes. But for Windows users, I guess that's par for the course. YMMV.)Good luck,--RogerHere is somebody who is not only exceptional exceptional intelligent, but also has the correct instincts. You've got an axiom of InfoSec there, which is never trust propriety security software. That post quoted was written in early *2007*, and signs of Skype's exploitation only seem to start in 2008 as far as I can tell. So that was the canary in the coal mine. It's a good idea to regularly visit the Tor blog, Schneier's blog. To be honest, we need a Darknet equivalent of Khan Academy to teach InfoSec/opSec.Here is another interesting titbit:Quotehttps://trac.torproject.org/projects/tor/wiki/doc/TorifyHOWTO/InstantMessagingNew Advice (March 2012)SkypeSkype usage is highly discouraged. It can be used for leak testing purposes as it's very good with firewall tunneling. Skype is closed source and users have no control over the encryption keys used. Skype can therefore decrypt and monitor communications arbitrarily. It is unwise to communicate in an unsafe manner over Tor. Skype also collects a large amount of personal data and reports back to a central server.Source: Skype reads your BIOS : http://www.theinquirer.net/inquirer/news/1010607/skype-reads-biosQuote from: vashthestampede on April 20, 2013, 03:46 pmQuote from: pine on April 20, 2013, 08:21 amRunning Tor and also running other internet using programs at the same time does not by itself compromise your anonymity.There is a special collection of circumstances that could produce problems, but information does not somehow move from your regular internet browser to the TBB. It does not happen. Different applications use different port numbers.since you seem to know what you are talking about would you be able to answer my question for me what if I am using my android phone can using the applications orweb and orbot to access to SrIt's fine. Both of those are using Tor. I would add this though:Now - I don't like phones in general. As others have said: they're tracking devices that happen to make calls. But if you have a spare phone, ideally acquired with cash, that you can park away, strip of extraneous programs and use orweb or orbot then you're probably good. I wouldn't use your regular phone. If you figure you've goofed up somehow, you can always drop your phone under a steamroller at some roadworks or something, and just like that there is no physical evidence to connect you anymore.One problem is securely storing passwords, usernames, but I'm sure you can figure that out yourself.Some people tell me that orbot/orweb don't allow you to disable JavaScript, but I haven't looked into myself. Ideally you should try to disable JavaScript on orbot/orweb if you can do it. This reduces the attack surface for you. Same thing for anybody using the TBB. It will break clearnet websites, but you don't need it when you're using hidden services. In fact a hidden service that requires JavaScript would be a dead giveaway as a place you don't want to go.Quote from: abby on April 20, 2013, 02:07 pmIs it bad of me that I don't know what Topix is?No. I feel dumber just for knowing Topix is a real place.If online black markets were a city, then Silk Road would be the Seattle or Chicago and Topix would be a 3rd world country like the DR Congo where the citizens occasionally eat each other, but nobody gives a shit because it has become normal. It impresses on pine the absolute necessity for having strong institutions for our community to function optimally.