Silk Road forums
Discussion => Security => Topic started by: aksu on February 22, 2012, 04:58 am
-
So, I think everyone here starts out coming to silk road and poking around long before they have a good, or even basic, idea of what their security is supposed to look like.
How do we deal with our prior visits to silk road when we were running Tor bare out of windows 7 or some shit like that? surely we've already been pegged as having visited the site, and I don't think LE's memory is so short that it will forget our addresses once the time comes to order.
Is there any way to scrub ourselves clean? or keep ourselves "clean enough" in the future? I am poking through the general security setup now... for people like me this is really complicated stuff, and even after implementation i'm still not too sure what the hell is going on lol.
-
Eh, the very most LE knows is that you used TOR network. If that.
That is it. They certainly don't know what hidden service you visited.
-
Eh, the very most LE knows is that you used TOR network. If that.
That is it. They certainly don't know what hidden service you visited.
I find Tor utterely incredible because of this - even your ISP cannot know what you are looking at unless they really try hard.
-
If you take the right steps (using bridges, obfsproxy), they won't even know you're using Tor. ;-)
-
I wouldn't be concerned about your ip address being logged. Like pine said, the most your ISP, probably, knows is that you connected to the TOR network. I'd say the biggest thing is browser vulnerabilities, like super cookies and some of the about:config options. From BetterPrivacy extension:
Some Flash-cookie (LSO) properties in short...
- they are never expiring - staying on your computer for an unlimited time.
- by default they offer a storage of 100 KB (compare: Usual cookies 4 KB).
- browsers are not fully aware of LSO's, They often cannot be displayed or managed by browsers.
- via Flash they can access and store highly specific personal and technical information (system, user name, files,...).
- ability to send the stored information to the appropriate server, without user's permission.
- Flash applications do not need to be visible
- there is no easy way to tell which Flash-cookie sites are tracking you.
- shared folders allow cross-browser tracking, LSO's work in every flash-enabled application
- the Flash company doesn't provide a user-friendly way to manage LSO's, In fact it's incredible cumbersome.
- many domains and tracking companies make extensive use of Flash-cookies.
This kind of cookies is not harmless.
The scariest thing about flash cookies is that one is generally used as an ID cookie, which then immediately downloads all previous regular cookies. There is no way to "scrub" yourself clean. Indicative data was produced, but it may not have been collected. As long as you ran the tor-browser-bundle, you have reasonable protection; just Vidalia, worst off, just TOR script, even worse.
---------------------------------------------------------------------------------
"Only to live, to live and live! Life, whatever it may be!"
-
How do you delete the transaction notes in settings? Should I be worry about this?
:o
-
If you take the right steps (using bridges, obfsproxy), they won't even know you're using Tor. ;-)
Has any n00b guides been posted on this ? I would love to learn more.
Sometimes I wish I was smarter :( and younger
-
Any tips on Tor bridges? I am currently having a search but a bit of first hand help would be much appreciated.
-
Has any n00b guides been posted on this ? I would love to learn more.
Sometimes I wish I was smarter :( and younger
Tor bridge basics: http://www.cs.uml.edu/~xinwenfu/paper/Bridge.pdf
obfsproxy basics: https://blog.torproject.org/blog/obfsproxy-next-step-censorship-arms-race
Bridges are just Tor relays that aren't listed in the main directory so it's harder to detect that you're on Tor. If you want to use a bridge, go to https://bridges.torproject.org/ and pick one of the volunteer bridges that runs on port 443. I would not use more than three bridges personally. Deep packet inspection will reveal that you're using Tor though, obfsproxy attempts to defend against this by transforming the traffic into something that looks innocent. I think these membership concealment measures are really cool and vendors especially should be using them.
-
QTC:
Thanks for the info, I know my greatest defense will ultimately be my never ending quest to improve it.
ggg