Silk Road forums

Discussion => Security => Topic started by: dwcoe on September 19, 2011, 12:10 am

Title: How to get to SR when starting from TAILS? Also, possible phishing attempt?
Post by: dwcoe on September 19, 2011, 12:10 am
I saw that the URL for the silk road on a tor director I often use was listed as 3wavqui2mpklpcn5.onion rather than ianxz6zefk72ulzz.onion -> was that a phishing attempt?

And if so, what's the best way to navigate here if you're starting from something like TAILS where you won't have access to bookmarks?

unrelated question: what email services do people use for interacting with SR, or is it usually exclusively done via SR's PM system?

Additional question - are these forums frequently down? I feel like half the time I come to look there's nothing around...

Thanks!
Title: Re: How to get to SR when starting from TAILS? Also, possible phishing attempt?
Post by: CaptainSensible on September 19, 2011, 01:38 am
You keep TAILS on one partition, which can be sized just big enough to keep the TAILS distribution.  On another partition, on the same USB flash drive you have TAILS on, you keep the Linux version of Truecrypt and an encrypted volume created by Truecrypt.  In that volume you keep all your bookmarks and everything else you want hidden, such as a backup Bitcoin wallet. When you're running TAILS you switch to the partition that has Truecrypt and unencrypt your sensitive data, such as the real SR address, passwords, etc. 

Or you could switch to Liberte Linux which must be unencrypted at startup.  It keeps a large encrypted volume for persistent files like bookmarks and other documents you want to keep private.  However, it's harder to use than TAILS -- there's more of a learning curve and you can't add other Linux programs like a password manager or Truecrypt.  But Liberte Linux at least allows for the persistent selection of guard nodes, something TAILS does not do.  This random selection of guard nodes is considered one of the weaknesses of TAILS.
Title: Re: How to get to SR when starting from TAILS? Also, possible phishing attempt?
Post by: dwcoe on September 19, 2011, 02:13 am
Great information; thanks!
Title: Re: How to get to SR when starting from TAILS? Also, possible phishing attempt?
Post by: banana on September 21, 2011, 07:39 am
Hi CS,  That's great information on Truecrypt thanks.  But I'm probably one step even behind dwcoe.  How do you find the non-fishing SR onion?  I'm a newbie, but I'm doing my homework:
- MITM attack means I can't trust my ISP or the TOR Exit node to Destination therefore encrypt
- Using TOR means Destination can not track back to me or my terminal
- TAILS means I have a amnesiac terminal to run
- Any point to point communications to "trusted" people must be encrypted
- ** Still about to research BitCoin and multiple wallets and how to get money into them

But to the point: If I search TORDIR for SR I get two listings.  Are both of these valid or is one phishing?

If I use the link TOR2WEB and not the .onion I get a head banner saying only use the .onion otherwise I'm not protected.  Okay, I understand that.  But it also says to not trust "Hidden Wiki" (which lists two different SR links - presumably a phishing site if the TOR header is to be believed).

Also, Wikipedia lists SR's .onion as *ulzz.onion (which is the same as one of the two listed in TORDIR).  Can this be trusted?  I would have thought this the first and easiest to corrupt by a phisher.

Can someone confirm my side observations please :

- Worst case scenario: If I only use an SR account once and upon transaction release BCs to trusted sellers immediate, then it doesn't matter if I'm phished in SR (if I only use encrypted external TOR PM to communicate to sellers outside of SR).

All help greatly appreciated.
Title: Re: How to get to SR when starting from TAILS? Also, possible phishing attempt?
Post by: CaptainSensible on September 21, 2011, 12:51 pm
There is only ONE Onion address for SR. As to "how do you find the non-fishing SR onion?" There's an easy way to get to the legitimate site if you are already here -- the Silk Road Forums.  Look through the postings on the SR Forums and at the bottom of some postings, especially the postings of veteran sellers, you'll see a link to their SR profile.  The root address of that link is the address of SR:  http://ianxz6zefk72ulzz.onion/

Better yet, copy the address of SR and any other links you have a hard time remembering to a file & then encrypt that file. 

Finally, "Using TOR means Destination can not track back to me or my terminal."  Unfortunately, that's not always true.  There are all sorts of attacks on Tor that have been made over the years.  If you do a search for ways to compromise the anonymity of Tor you'll find all sorts of research papers that show it can be done, sometimes with very few resources.