So TOR just logged me into my Trade Route account

I power up tails, connect to internet, start vpn, open TOR, paste TradeRoute link (from Deeptdot), BOOM, No login info was needed. I was logged into my account. I double checked the address and it was correct. How did this happen?

EDIT: Every new boot with every login requires persistence pw which, in my case, does not contain any information which would skip through all the login steps. I also have two step for login.


Comments


[49 Points] weeeeee6:

How are those bars


[8 Points] wombat2combat:

time travel?

but seriously: you should store the trade route link as a bookmark once you cross-checked it with the superlist and dnstats. otherwise you are just asking to get phished.

that you got automatically logged into your market account can only mean that your session was still stored which should not be the case if you completely shut down tails after your last market login. but I would not worry too much about it and see if it persists.


[7 Points] elfer90:

start vpn on tails?


[2 Points] unkn0wnklone:

This doesn't make any sense because:

  1. Tr auto logs out if you not active

I'm not saying it's not possible I'm jus saying if you leave your shit for 15 mins and come back and your still active something bigger is at play. I would be far more concerned that I was on a phishing site.


[1 Points] ferRealBruh:

try to delete your cookies, then reload the page. a true test...


[1 Points] MandyThatGirl:

You are the Admin. (Very sneaky question)


[1 Points] rocketmantastic-:

A protocol logged you into an onion site? Highly unlikely. OH.. the TOR Browser Bundle, or more accurately, Firefox logged you in automatically. Gotcha.


[1 Points] Lucid_Enemy:

I'm also logged into your tr account thank you for depositing that Bitcoin I sure needed it


[-1 Points] MyKneeHurtsBadly:

Use KeePassX that comes with Tails. Save the market/forum URL right when you register along with your username and generate a random password from KeePass. No need to remember that password because your KeePass file is password protected so all you have to do it open KeePass and unlock with password, copy and paste url, username, and password, Done! The only password you'll need to remember is the KeePass one to unlock your database.


[0 Points] _PrinterPam_:

One word: Cookies. It's why you don't have to enter credentials every-time you do anything once logged in (on most sites).

Hypothesizing imminent: You have persistence enabled, you've changed your TBB's security settings to retain info (cookies, history, etc.), and you were logged in to TR and restarted within a certain time-frame (a guess since you didn't mention any pre-"power up tails" info)...resulting in the cookie still being valid for a session.

If you didn't have Tails up and running for more than, say, 15-30mins (or whatever TR's time-out is set for), then I have a strong feeling it your scenario shouldn't play out. Maybe you're having a laugh. I dunno. If not, toss that copy of Tails and create another (back-up any PGP keys, market links, btc wallet seeds, passwords, etc.). For extra safety: Change your passwords after you've made a new copy of Tails.

VPNs are a no-no in the security arena and they raise far too many questions. I can't think of any particular reason why this would affect this particular issue, though. So this is just a general point of advice.


[-1 Points] sharpshooter789:

Windows user right? Sounds like sessions weren't cleared when you closed the browser. Use a better OS next time and try again.