Silk Road forums

Discussion => Security => Topic started by: sharonneedles on August 12, 2013, 09:06 am

Title: 2 Different Privnote URLs?
Post by: sharonneedles on August 12, 2013, 09:06 am
There seems to be privnote.com and certified.privnote.com working at the moment, one with the apparent European certification and the other without. It looks like the original privnote.com is back online and it doesn't require javascript while the other one does. Is this suspicious? Why would the owner have two separate websites?
Title: Re: 2 Different Privnote URLs?
Post by: spectrum on August 12, 2013, 04:31 pm
privnote.com and certified.privnote.com have different IP addresses in the same /16 net block, 174.143.172.154 and 174.143.171.185. Both of these IP addresses belong to Rackspace and the MaxMind geolocation tool says they are both in San Antonio, TX. That means Privnote is subject to demands from the US government, including National Security Letters.

I don't know why anyone would post sensitive information on Privnote.
Title: Re: 2 Different Privnote URLs?
Post by: spectrum on August 12, 2013, 04:47 pm
BTW, both web sites require JavaScript. For a long time it was theoretical that Tor users could be deanonymized by malicious JavaScript, but we saw it used in the wild against Tor users who visited Freedom Hosting. Even if you access Privnote over Tor, you are putting yourself in danger by allowing JavaScript to use the site. LE knows that criminals post sensitive information on Privnote. It's only a matter of time before LE contacts the operators and forces them to change the JavaScript to store your sensitive info, and possibly send you malicious JavaScript that tries to deanonymize you.
Title: Re: 2 Different Privnote URLs?
Post by: farmer1 on August 12, 2013, 07:25 pm
Privnote was always risky. After the recent attack on FH it is clear that those worries were well founded.

Vendors should not use Privnote to accept addresses anymore (for their own self-preservation).
Title: Re: 2 Different Privnote URLs?
Post by: sharonneedles on August 12, 2013, 09:32 pm
privnote.com and certified.privnote.com have different IP addresses in the same /16 net block, 174.143.172.154 and 174.143.171.185. Both of these IP addresses belong to Rackspace and the MaxMind geolocation tool says they are both in San Antonio, TX. That means Privnote is subject to demands from the US government, including National Security Letters.

I don't know why anyone would post sensitive information on Privnote.

They are US based with European certification? Is the cert fake?