Silk Road forums

Discussion => Security => Topic started by: The Doctor on November 23, 2012, 12:05 pm

Title: Detecting TOR use
Post by: The Doctor on November 23, 2012, 12:05 pm
So a thread on the main board had me wondering. Since I have checked DCNs with TOR, how would the USPS website detect that it was from a TOR connection? I thought your info was just shot through a ton of different hosts and appeared to be the IP whichever one it exits from. Also I have taken a flash drive with the browser bundle loaded in it and used it at work, would they be able to detect that? That was months ago and I would have gotten a talking to by the IT folks or my boss for looking at SR at work. if they knew. Anyone have the answer?
Title: Re: Detecting TOR use
Post by: lockdown on November 23, 2012, 12:15 pm
Without perpetuating or discounting any of your above theories, I will just say that people theorize that usage can be detected because of the encrypted traffic and the fact that most tor nodes are public and therefore it wouldn't be difficult for the government to know that the traffic is coming from a tor node. This still wouldn't tell them who the traffic is originally coming from.
Title: Re: Detecting TOR use
Post by: The Doctor on November 23, 2012, 12:28 pm
I see, and as far as packages being flagged if you look at a DCN from TOR. all of them I checked that way made it to their destination. So I would think I have nothing to worry about as there is no evidence of anything only that the DCN was checked from TOR, and if it was LEO ordering from me they would get the DCN off the package anyway.
Title: Re: Detecting TOR use
Post by: pakak1 on November 23, 2012, 01:26 pm
Its super easy to detect that the traffic is coming from tor because:
1) everyone knows the Ip's of most TOR's exit nods
2) it sends encrypted traffic which leaves a distinct pattern

(like when you search google with tor they detect right away that somthing is diffrent,

BUT -   it does't really matter that the server knows its getting TOR traffic (unless its being blocked completley) since he is unable to know the origin of the traffic just the IP of the exit node,  so i wouldnt worry about that too much (for now at least)
Title: Re: Detecting TOR use
Post by: Party Girl on November 23, 2012, 04:25 pm
I see, and as far as packages being flagged if you look at a DCN from TOR. all of them I checked that way made it to their destination. So I would think I have nothing to worry about as there is no evidence of anything only that the DCN was checked from TOR, and if it was LEO ordering from me they would get the DCN off the package anyway.

Totally possible but more rumor than fact on this one IMO.  I know plenty of ppl who use Tor to check their packages weekly, both domestic and foreign, and they have not been arrested.  I would personally use a third party tracking site to add another layer if you're checking with Tor.

Besides, the PO lost over 15 billion dollars last year.  Do you really think they care more about Tor traffic than their pensions/ jobs?  I imagine the FBI could link to their tracking system easy enough.  Like most things, it comes down to resources.  Tor traffic monitoring would likely be way down their list.
Title: Re: Detecting TOR use
Post by: robust on November 23, 2012, 08:13 pm
hey thedoctor, smarten up

just because you got away with checking your packages while on Tor doesnt mean its 100% in the clear
dont  give out bad advice, thats what LE does, its called disinformation

just dont do it

Title: Re: Detecting TOR use
Post by: RadioDog on November 23, 2012, 08:28 pm
The Doctor, I believe you were referring to my thread here : http://dkn255hz262ypmii.onion/index.php?topic=82938.0

I think this is a good discussion to be had but I'm sick of everybody's theories. It seems like everyone has something to say about it and thinks they are right, but everybody has a different theory. We need to get some facts, otherwise it just turns into everybody bitching at each other.
Title: Re: Detecting TOR use
Post by: alex on November 23, 2012, 09:31 pm
I already said this is in the other thread, but all you are going to get is theories. The only people who would know if the post office checks or decides to in the future is whatever employees would be making decision to comply with the federal agency that requested the information. The point is, you are putting out information that could POTENTIALLY compromise your receiving address and beyond that providing demographic information on how SR packages are shipped.

If you go through a basic web-proxy or third party tracking website, that third party site or web-proxy would need to be compromised before determining which packages were checked through a Tor-ified connection. I don't understand why anyone would not want to spend a few extra seconds to do it this way rather than take such risks when they have already gone through the trouble of getting BTC and using Tor.
Title: Re: Detecting TOR use
Post by: nusakan on November 24, 2012, 05:43 am
I think if it weren't for this rumor spreading like a virus on here, we could have had a good decade or two before any federal agency came up with even the idea of matching Tor exit node checks with mail inspections.

As of now it's probably, and of course this is conjecture, on LE's To-Do list IF the Road ever becomes really mainstream in future.

Paranoia can be so self-defeating...
Title: Re: Detecting TOR use
Post by: Novartis on November 24, 2012, 08:47 am
We NEVER check DCN's unless we're on an internet connection we've never used before, a laptop we never use, a location we never use, and we do not use tor - in fact, unless there is a dispute, we prefer to let the SR admins check the DCN because even with extensive security precautions, it still worries us. I don't advise it but I also have no proof that there is a potential problem checking DCN's.