Silk Road forums

Discussion => Security => Topic started by: antigrid on July 02, 2012, 05:12 am

Title: Other info used to track besides IP address?
Post by: antigrid on July 02, 2012, 05:12 am
What other information might be used to trace vendors or buyers on SR besides IP address such as host / computer name, system time etc? Are they commonly used? What is the best counter measure for these?
Title: Re: Other info used to track besides IP address?
Post by: chipolino on July 02, 2012, 01:21 pm
use vpn. You can get one for $40 a year now
Title: Re: Other info used to track besides IP address?
Post by: Green on July 02, 2012, 05:55 pm
Meta data in photos you upload. Make sure you scrub them! There was a hacker that uploaded a photo and was caught, not realizing that his iPhone stored GPS data of where the photo was taken! Lol.  ;D

http://now.msn.com/now/0413-hacker-boobs-captured.aspx
Title: Re: Other info used to track besides IP address?
Post by: kmfkewm on July 02, 2012, 07:17 pm
One of the primary techniques used by law enforcement to deanonymize people they can't technically trace is simply data mining and profiling. People give away enough bits of information about themselves over long enough a period of time, law enforcement gathers all these bits and makes a profile of the person, and eventually the profile they make is good enough for them to determine who the person is. Saying one or two little things about yourself is probably no big deal in itself, but if you do this enough times eventually you will probably deanonymize yourself.
Title: Re: Other info used to track besides IP address?
Post by: kmfkewm on July 02, 2012, 07:23 pm
Actually for vendors you can probably deanonymize yourself very quickly by saying things about yourself. LE is already aware of your rough location based on shipping information. So if you say something like "fuck I got in a car wreck the other night" law enforcement can quickly check records of such events and find a list of potential suspects. Even saying something as innocent as "I rented this movie within the past two weeks" can get your name on a short list of suspects.

I would say this sort of attack is the leading cause of deanonymization in people who are technically secure.
Title: Re: Other info used to track besides IP address?
Post by: antigrid on July 02, 2012, 08:33 pm
A tight browser setup with No Script and the usual suspects will not release much if any info of value.  You get most of that with the newest TOR release.

When I worked for MS, installation of the software for the Gaming Zone (name at the time) allowed us to read and block you by your MAC address as well.  All you had to do was flip in another Ethernet card, and go back and harass the shit out of mods but few knew how MS was blocking them.

PK

Wait, what? How were you able to see peoples MAC address? Does anyone think LE is able to do that with people on here?
Title: Re: Other info used to track besides IP address?
Post by: CaptainSensible on July 02, 2012, 10:02 pm
Panopticlick will open your eyes to how identifiable you are as you surf.  Point your browser at http://panopticlick.eff.org/ if you want to get a "uniqueness" score & an idea of how much info your browser is giving away. 



Title: Re: Other info used to track besides IP address?
Post by: antigrid on July 04, 2012, 06:56 am
Panopticlick will open your eyes to how identifiable you are as you surf.  Point your browser at http://panopticlick.eff.org/ if you want to get a "uniqueness" score & an idea of how much info your browser is giving away.

Cool site, I see that the UserAgent is the first thing to take care of but the problem I see would be that all firefox addons are disabled for security via TorButton (in the Firefox browser that comes in the Tor Browser bundle) so how would I be able to use a useragent switcher if you can't have addons?

Second thing to address would be the HTTP_Headers ACCEPT, not sure what to do with this and how to change it, need to read the pdf they have, but open to any suggestions on this as well.
Title: Re: Other info used to track besides IP address?
Post by: antigrid on July 04, 2012, 05:45 pm
torbutton already provides protection against fingerprinting

Well I have it enabled (as it comes enabled by default in the browser bundle) and it is NOT properly protecting me from fingerprinting as I have the same user agent and HTTP_ACCEPT values after testing on Panoptclick again.