SR Discount Pharmacy, let me handle some of this a bit out of the order you brought it up in, so I can save the long-assed shit for last.Quote from: SR Discount Pharmacy on July 31, 2011, 09:01 pmi am on anonymous 3g wireless bought with prepaid plastic which negates any problem with my real IP leaking.Ever since CALEA, obtaining pretty darned accurate location data (i.e. within 20 yard) from a cellular device is trivial, no warrant required. If you're sitting at home expecting that to offer an extra layer of protection, forget it. If any agency is to the point where they know the cellular device you're using, it's only a matter of time.Quote from: SR Discount Pharmacy on July 31, 2011, 09:01 pmThe reason i said TOR is bullshit is because of the "evil exit nodes" problem. I didnt mean to say its bullshit. Its a great system, however i dont beleive it is enough for a seller. What if the DEA makes an exit node that looks at all the data? They get what the seller is saying and even his real IP. Then what comes next is easy to figure out. (warrants,raids,arrests)Any exit node should be considered malicious.TOR encrypts traffic to the surface web from your computer, through several hops, and right up to the point it hits the exit node. If it is non-SSL traffic, it is sent unencrypted from the exit node to the website, and ANY exit node can sniff the contents.However, while malicious exit nodes deserve a long explanation in their own right, the short version is that when you are using TOR to access an .onion site, you don't have to worry about them. Traffic to an .onion site is encrypted end-to-end, and there is no 'exit' node as your traffic never leaves the TOR protocol.Understand how TOR works.First, to build a TOR circuit when you first start TOR, you are connected to one of two of your Guard Nodes. For a simple explanation, these Guard Nodes never change. Whenever you fire up TOR, it always seeks out the same Guard Nodes. If you check your TOR log during the initialization process, you will see where it 'guesses' your current IP address, according to another IP address. This is it 'pinging' one of your guard nodes, and it responds with the IP address it believes you are on. This sets up the first part of your secure circuit.The next step, is a Relay Node.Generally speaking again, you will get a different Relay Node every session, and the Relay Node has no idea where the fuck you are, only that the Guard Node is passing some encrypted traffic to it for you. If traffic varies wildly, or your Relay Node goes down or is swamped, it may change, but for the most part it's yours for as long as you are using the current session. The Relay Node cannot read your traffic, nor does it know where the final destination is. All that it does is pass the encrypted traffic along to an Exit Node. The Exit Node is the only node that knows where your traffic is going, and if it's going to an .onion site, it DOES NOT, in fact CAN NOT decrypt it, all it can do is pass it on to the final site. Furthermore, it doesn't even know WHAT .onion site it is passing the information along to. In this case, it believes it is acting as a Relay Node, and not an Exit Node. So there can be no malicious exit node behaviour when accessing an .onion site.By design, your exit node changes approximately every 10 minutes, whether you are visiting a .onion site or a surface web site, or even combinations of both at the same time. Even when surfing in combination, you only have one exit node.Now, let's get on to the big question.Quote from: SR Discount Pharmacy on July 31, 2011, 09:01 pmThe general school of thought is to chain things and that makes it more secure due to if one place is logging then nobody will have your real IP. (i.e VPN+Proxy). This is a lot easier to explain in a conversation than it is to put down in text and hope to be understood, but I'll give it a try.Threat models.Firstly, understand the threat model you are protecting yourself from.If, say, I'm torrenting the shit outta every hit movie and song from the last twenty years, then my threat model tells me that the *IAA goons are going to try and track me down and extort money from me.So, I fork over a few bucks a month to BTGuard or Ivacy and get a ridiculously high-speed vpn connection that doesn't log access, and I can torrent away to my hearts content. The *IAA goons have the VPNs IP address, but they say, hey, 'safe harbour DMCA provisions' that say they can't be held responsible for traffic over their network if they don't have knowledge of the content. They also don't have to keep logs, so the *IAA guys can go pound salt up their asses.Perfect, right?Yeah, if you're worried about getting sued for torrenting.New threat model.I'm doing some illegal shit, and there are some three letter agencies that would be interested in it. When you're talking drugs, they are all interested. Pick one - DEA, FBI, CIA, NSA...Keep in mind the DEA has a budget of over a BILLION US$ A WEEK, and the NSA probably spends more on pencils in a week than the whole DEA budget. And the FBI never gave up on Carnivore.So, you have one or more of your TLA's merrily monitoring every scrap of traffic on the internet, and that's not science fiction. 10 days of the DEA budget a year would buy it the storage capacity for every byte that moves accross the country, and you'd better believe the NSA doesn't just hijack ATT backbones, they copy traffic on every undersea fibre optic cable out there.The good news is most that traffic is crap. Shitloads is encrypted, lots is broken up between several paths during the trip, and makes no sense in pieces, and the very vast majority of it is, to use the technical term, boring as shit to any of these TLA's.So they look for anomalies.Chaining VPNs is an anomaly.The software asks itself, why is this traffic leaving a VPN, only to hit another VPN. Or, why is this traffic leaving a VPN, only to start it's way on a TOR circuit. (TOR relays are known, btw - a for the most part complete list of them can be found here: hxxps://metrics.torproject.org/networkstatus.html)See, if you're doing that, they're pretty sure you're up to what's technically known as 'no good'.And these guys at those TLAs aren't the goons from the *IAA.They have WAY more resources, and aren't limited to doing things like asking for logs.So they do what's called traffic analysis.They compare the size, speed and frequency of the traffic from VPN to VPN, or VPN to TOR, that's coming out of the VPN, with the traffic that's going IN to the VPN. Now, by nature, your traffic to the VPN is 'tunnelled', that is to say encrypted. But it is designed to keep the information travelling back and forth secure, not the source and destination of that traffic.Traffic analysis like this is what's known as a side-channel attack, and are very effective.Everytime traffic leaves the VPN for TOR, they compare the traffic going in to the VPN for size, speed, etc. After a very short while, they can say with a great deal of accuracy, that the traffic leaving that VPN for another VPN, or for TOR, initiates at your IP address.Now, while they still don't know WHAT you're doing, they're pretty sure it's 'no good' by their definition.You've now got their attention.And they know your IP.They can even compare your outgoing traffic and use traffic analysis to correlate that with posts you make on an .onion site, if they decide to put the resources into it.So, to put it in the jargon, using a VPN is contra-indicated for the threat model you are facing.Now, set up TOR, and always runs as a relay, btw, and DO NOT add those extra layers of complexity that actually expose more than they hide, and you're golden. Unlike VPNs, which are designed to provide SECURITY for the data in transit, TOR is designed to offer ANONYMITY to you, and as a side effect also secures your traffic end to end when visiting an .onion site.