JAVASCRIPT ATTACK on me?

TLDR - "javascript console" error related popup on black background while on AB and AB forums today on TOR, with JS enabled. Security noob needs reassurance and advice pls.

So, I've had javascript enabled over the last 2 months running TOR by accident. I used a VPN at all times, I occasionally went on clearnet sites at the same time as Dream and AB. I use the forums, but use different passwords but same username.

Today I was on AB and on AB forum at the same time. I'm writing a forum post, there is a small chance I clicked on the forum messaging service, but I think I just hovered over it as it's usually bullshit.

I'm in the middle of writing a reply to a forum thread. Suddenly I get a popup in a black box saying something about Javascript and the JS console, like some sort of error or warning. To be honest I was too panicked to read it so I just shut down TOR, switched my VPN address to a new locations rebooted and turned on JS.

First of all, what's the risk here? I'm on Windows and want to keep this system as clean as possible for other uses. I only used DNM like once a year. Is my system as a whole possible compromised, or just maybe my identity a little revealed somehow?

Would my AB accounts be compromised in any way? They couldn't have found out my pword etc could they?

There is no BTC or transactions of any kind pending ATM, but I did want to do some more shopping this week. There is also an Electrum wallet on my system that is one of a few wallets I use and may have a small amount of funds coming through it soon.

Is a full reformat and a switch to Tails worth it for this momentary black box? Or would my (is it MAC address?) still be the same for this system whether I reformat or not. Are there other things I need to change to be super safe? Like PGP, passwords, wallets etc.

OR am I being super paranoid and this was just a small legitimate bug?

How can I get the javascript console log to see what it was? if possible (now that I have rebooted TOR)

thanks


Comments


[2 Points] FrozenSignal:

For most regular users a vpn isnt neccessary, HOWEVER,

Tor is not sandboxed yet...they're working on it for the upcomming release. This means that when they run the Js exploit against you while your vistigin a hidden service, If your not using a Vpn, They run the exploit they get your real ip address just like the playpen busts.

If you were using a trustworthy vpn...even if the exploit made your ip phone home they would only get the vpn ip and not your actual ip.

Alot of us use Vpns and tor together in a chain. But for regular buyers i would say it isnt necessary but will give you some positive security properties depending on your particular use case.

Also a vpn can give you up. When you switch to using a vpn and tor or a chain your security properties change a little. I use a Vpn provider that has been called into court and they couldnt give them the information they requested because they dont keep logs..they dont keep anything. Some vpn providers claim they dont keep logs but we know now that some of them keep logs anyway and will be happy to give that information to any govt agency. ((Fuck you HideMyAss!!!!! ))

In my honest opinion you gain alot more security using a trustworthy vpn with tor then just tor by itself. Tho i believe its a little overzealous for the normal dnm buyer. BUt with the exploits their writing now...maybe not.

Its your decision to make for yourself. Everyone has their own individual threat model. Dont let someone make choices regarding your security. Do some research and make your own decisions.


[0 Points] wombat2combat:

I used a VPN at all times

useless, follow the dnm bible and you do not need a vpn https://www.reddit.com/r/darknetmarketsnoobs/wiki/bible/buyer

I'm on Windows and want to keep this system as clean as possible for other uses

not possible. use tails.

if ab really delivered malicious js code it would probably already be known. however you need to set up tails.