Silk Road forums
Discussion => Security => Topic started by: BigScrote on April 13, 2013, 08:54 pm
-
Let's say I set up a new hotmail account, while using TOR. I use fake information, name, etc and set up the whole thing on a TOR browser. Can my IP or identity be traced back to me in any way?
Thanks
-
For some reason, people think that hidden services are safer than clearnet sites. Hidden services are designed to protect the server. As a Tor user, you have the same level of anonymity, whether you are browsing a hidden service or a clearnet site. There are a few advantages to hidden services, such as LE doesn't know where they are located or who to subpoena. Using a hidden service can protect you against accidentally connecting to a site in a way that reveals your IP (for example, configuring an IRC client to use a hidden service is safer, because if you turn off the proxy settings it will fail instead of connecting you to the IRC server with your real IP address). However, in general, you have the same amount of anonymity with clearnet site as with a hidden service -- there are three proxies between you and the IP address the server sees.
So the short answer is, if you use Tor correctly (TorBrowser in the default configuration), your real IP won't be leaked to Hotmail.
However, there are lots of things you can do to accidentally deanonymize yourself, even when Tor works as intended.
Read this article about how the FBI found a guy who was using Tor because he revealed 4 or 5 pieces of information about himself:
http://arstechnica.com/tech-policy/2012/03/stakeout-how-the-fbi-tracked-and-busted-a-chicago-anon/
So don't reveal personal info.
-
Thank you very much for the reply. It actually cleared up a few things on which I was confused. I also read that hotmail masks outgoing IPs as of a few months ago, but figured on TOR it was impossible (or nearly, anyway to trace).
But I have another question, if you don't mind. Why do people give those big CLEARNET warnings when pasting a .com link instead of a .onion link?
-
I think it's mainly because of the false belief that clearnet sites are more dangerous.
One thing you should keep in mind is that you should only visit clearnet sites posted on this forum over Tor.
I could easily create a site, astorsite.com, and post a link to it here. Maybe it would be a unique URL, and since the robots.txt file blocks search engines, only people on this forum would know about it. Then I look at the server logs for IP addresses accessing that URL. It is trivial to download a list of the exit node IPs and filter them out. Anyone could easily enumerate hundreds of forum users that way.
That's why you should only visit clearnet links over Tor. I am surprised when other people are surprised when I point this out. Apparently lots of people copy the link into another browser and visit it directly.
I think that's fine for a large site like cnn.com, because it gets tens of thousands of hits to each page, but it's good practice to visit all sites over Tor, that way you don't accidentally mess up.
-
because they are dumbasses is my first guess. My second guess is because they think we might be.
-
I could easily create a site, astorsite.com, and post a link to it here. Maybe it would be a unique URL, and since the robots.txt file blocks search engines, only people on this forum would know about it. Then I look at the server logs for IP addresses accessing that URL. It is trivial to download a list of the exit node IPs and filter them out. Anyone could easily enumerate hundreds of forum users that way.
This is if it is accessed over Clearnet, right? Sorry, I'm slow today. If I accessed astorsite.com on TOR, you'd have no access right? And if I sent an email through hotmail over TOR to you on that site (or anywhere) - you wouldn't know who it was I assume?
Thanks for clearing that up, and the issue about the TOR. For some reason, it made me nervous to click on a clearnet link from TOR, like it was a big red alarm or something.
because they are dumbasses is my first guess. My second guess is because they think we might be.
I think I have been :(
-
because they are dumbasses is my first guess. My second guess is because they think we might be.
:D
-
I actually hold the opposite opinion. I think hidden services are more dangerous than clearnet sites, because the operators know that the people visiting hidden services have something to hide. Do you think that operators of google.com, hotmail.com or cnn.com give a shit about people coming from exit nodes? Someone running a hidden service has a reason to be much more interested in their visitors' identities.
I generally browse hidden services with NoScript enabled, but I browse clearnet sites with NoScript disabled, 1) because blocking javascript breaks 80% of clearnet sites, and 2) because I figure they are far less interested in who I am. Even sites that make money through advertising and tracking, they can trivially track 95% of their users with cookies. They don't care about the people behind proxies.
-
astorsite.com is a great site
FREE MIDGET PORN!
-
This is if it is accessed over Clearnet, right? Sorry, I'm slow today. If I accessed astorsite.com on TOR, you'd have no access right? And if I sent an email through hotmail over TOR to you on that site (or anywhere) - you wouldn't know who it was I assume?
Right, accessing a link over clearnet will give that server your real IP address. Anybody could post a link to a honeypot to get the IP addresses of forum users. That's why you should access every link over Tor.
-
Let's say I set up a new hotmail account, while using TOR. I use fake information, name, etc and set up the whole thing on a TOR browser. Can my IP or identity be traced back to me in any way?
Thanks
No.
The longer answer is:
You might prefer to setup a Tormail account ([http://jhiwjjlqpyawmpjx.onion/], like hotmail on the Tor network). It's simpler. Although you can't be sure who runs Tormail, you can be absolutely certain Microsoft or Gmail or Yahoo or any clearnet mail provider will hand over your login times, drafts, emails to LE. Just one person who doesn't encrypt their emails to you could drop some useful information to LE.
The other advantage is that using Tormail impresses on you the need to use PGP when communicating with people. Since you don't know who runs it, your paranoia is at the correct level it should be.
The last reason is that you might login to your "darknet" email by sheer accident one day out of familiarity with the UI. Something like this caught Sabu when he logged into IRC. You only need to give LE your real IP once. This is one reason I wish that the Tor developers would choose a slightly different UI than the standard Mozilla Firefox one. The firefox icon used to have a different color, which was a useful thing. In general you should keep your filternet browser and your Tor browser open at separate times so as to prevent mistakes of this kind.
If you don't use a Tormail, I highly recommend using email services from the Republic of Iran, Syria, People's Republic of China and other cheerful friends of the United States. Not that they're friends of mine, I would always use PGP when communicating via their services, but they are the least likely jurisdictions on earth to cooperate with American law enforcement. Even if you don't use them, a language barrier is always highly convenient. Globalization <3 So if you want an anonymous email account that isn't a hidden service, learn PGP and head on over to Google Translate.
One good use of clearnet webmail providers is as a Tormail shield. Get them to relay email to your Tormail. This way you are handing 'normal' non-red-flagable email addresses to people who won't realize they don't really have a point of contact with you. Often people subliminally assume that the more contact information they receive from you, the more 'legit' you are or the more they have a handle on who you are.
Ensure you do not use a password that you:
A: have used before elsewhere.
B: that has information connected to you in it.
C: has a pattern that is unique to the kinds of passwords you choose.
I say so, because people have a habit of thinking that passwords are secret information, and sometimes they put them in a different mental category to other information they give to the server. You shouldn't do this. Yes, passwords are hashed and the server doesn't look them up directly when it checks if they are correct, but if LE is interested in your webmail account they will intercept your real plaintext password the next time you login to see if it's of any use to them in some way.
One thing you should keep in mind is that you should only visit clearnet sites posted on this forum over Tor
That's why you should only visit clearnet links over Tor. I am surprised when other people are surprised when I point this out. Apparently lots of people copy the link into another browser and visit it directly.
This is the reason why I think lots and lots of people on here really need to study a tiny bit of web/networking theory so they are comfortable about concepts like IP addresses, DNS, port numbers and so forth. That this ****CLEARNET WARNING**** meme is so pervasive points to a need for a general education. Isn't this stuff taught in schools in computer class? If not then it should be, it's pretty basic and I'm in no way tooting my horn here or anything. I initially thought people were posting those warnings to be super polite or something, which is now hilarious to me.
If you want to be putting big WARNING SIGNS everywhere, you really ought to be putting them over links to the Silk Road and other Darknet hidden services. Why?
Because the URLs are not intuitively memorable because they have an odd assortment of characters in them. So it would be easy for a LE agent to build a phishing scheme, possibly using unicode hacking to make it less obvious to the naked eye (hack may be a little gratuitous, but some unicode characters look very similar to each other). I'm not sure if hidden service onion links can actually use unicode chars, but even if they use plain old ASCII characters, you can still make some characters look a lot like others, the old 1 for I replacement and so on.
Anyway the end result would be that somebody naively copies a URL from this forum to go look at something on SR and then has to enter his passphrase, handing it straight over to the LE agents who setup the phish.
Never ever copy a url to SR from this forum folks. You should always have the original URL stored somewhere, and append the directory address (the bit after .onion) to any URL you wish to visit. Otherwise you might not even be on the Silk Road, you could be somewhere else that looks totally identical. If I were a LE agent, this would have been literally the first thing I would have thought of, it's like the oldest trick in the book.
-
I actually hold the opposite opinion. I think hidden services are more dangerous than clearnet sites, because the operators know that the people visiting hidden services have something to hide. Do you think that operators of google.com, hotmail.com or cnn.com give a shit about people coming from exit nodes? Someone running a hidden service has a reason to be much more interested in their visitors' identities.
I generally browse hidden services with NoScript enabled, but I browse clearnet sites with NoScript disabled, 1) because blocking javascript breaks 80% of clearnet sites, and 2) because I figure they are far less interested in who I am. Even sites that make money through advertising and tracking, they can trivially track 95% of their users with cookies. They don't care about the people behind proxies.
We need a better mechanism for secret webmail. Some kind of open system like the bitcoin block chain, where all emails are accessible, but in which traffic analysis is impossible, and all non-PGPed emails are dropped. Then there is no incentive to seize the servers and the service can be endlessly replicated by people not connected to the service operators.
You should know that any website could probably make an educated guess that you're on Tor without checking your IP. Here take a look:
***** CLEARNET WARNING !!! ******
****** EXTREMEEE DANGER ******
https://panopticlick.eff.org/
****** EXTREMEEE DANGER ******
***** CLEARNET WARNING !!! ******
:D Couldn't resist.
Although Tor is the most resistant against a panopticlick style fingerprinting, it'd still be easy to use it as an educated guess. As for everybody else with a clearnet browser, with Flash and Java and JavaScript switched on. Well. They're fucked really, a big number of them are unique.
-
We need a better mechanism for secret webmail. Some kind of open system like the bitcoin block chain, where all emails are accessible, but in which traffic analysis is impossible, and all non-PGPed emails are dropped. Then there is no incentive to seize the servers and the service can be endlessly replicated by people not connected to the service operators.
It sounds like you are describing Bitmessage.
http://dkn255hz262ypmii.onion/index.php?topic=125663.0
You should know that any website could probably make an educated guess that you're on Tor without checking your IP. Here take a look:
***** CLEARNET WARNING !!! ******
****** EXTREMEEE DANGER ******
https://panopticlick.eff.org/
****** EXTREMEEE DANGER ******
***** CLEARNET WARNING !!! ******
:D Couldn't resist.
LOL. :)
-
We need a better mechanism for secret webmail. Some kind of open system like the bitcoin block chain, where all emails are accessible, but in which traffic analysis is impossible, and all non-PGPed emails are dropped. Then there is no incentive to seize the servers and the service can be endlessly replicated by people not connected to the service operators.
It sounds like you are describing Bitmessage.
http://dkn255hz262ypmii.onion/index.php?topic=125663.0
You should know that any website could probably make an educated guess that you're on Tor without checking your IP. Here take a look:
***** CLEARNET WARNING !!! ******
****** EXTREMEEE DANGER ******
https://panopticlick.eff.org/
****** EXTREMEEE DANGER ******
***** CLEARNET WARNING !!! ******
:D Couldn't resist.
LOL. :)
Yeah I have got to take a proper look at BitMessage and review it or something. Should do same thing with Liberte's Cables system. I thought it would be a great idea for a back-up system for a SR blackout. I know most people have been storing copies of the email addresses in the PGP keys for those vendors they need to have but we ideally want something more consistent and not as Tormail dominated as it is.