Silk Road forums

Discussion => Security => Topic started by: tunedin on August 28, 2013, 07:33 am

Title: TOR2WEB Message on top on screen
Post by: tunedin on August 28, 2013, 07:33 am
Hello friends

since i have upgraded tor browser bundle, i get this message on top of screen


onion.to does not host this content; we are simply a conduit connecting Internet users to content hosted inside the Tor network..
onion.to does not provide any anonymity. You are strongly advised to download the Tor Browser Bundle and access this content over Tor.

For more information see our website for more details and send us your feedback.
This page is accessible also on the following random mirror: tor2web.blutmagie.de
hide Tor2web header



can please anyone tell me about this??

all my links on tor browser appear like this:
https://dkn255hz262ypmii.onion.to/index.php?action=post;board=3.0    or
https://silkroadvb5piz3r.onion.to/messages

thank you
Title: Re: TOR2WEB Message on top on screen
Post by: kittenfluff on August 28, 2013, 09:44 am
Hello friends

since i have upgraded tor browser bundle, i get this message on top of screen


onion.to does not host this content; we are simply a conduit connecting Internet users to content hosted inside the Tor network..
onion.to does not provide any anonymity. You are strongly advised to download the Tor Browser Bundle and access this content over Tor.

For more information see our website for more details and send us your feedback.
This page is accessible also on the following random mirror: tor2web.blutmagie.de
hide Tor2web header



can please anyone tell me about this??

all my links on tor browser appear like this:
https://dkn255hz262ypmii.onion.to/index.php?action=post;board=3.0    or
https://silkroadvb5piz3r.onion.to/messages

thank you

OMG, I would not trust this browser bundle! May I recommend you obtain a version of Liberte Linux, verify the download checksum, and install on a USB stick for future use. After the exploit used by the FBI to unmask IP address' I think this is the only safe way to go... unless anyone else has any suggestions?

BTW - what borwser bundle is it and where did you download it? If you trust the bundle it might be something else - try deleting the '.to' part of the URL and manually typing in the SR URL... but if I were you, to be safe, I'd switch to a more secure option...
Title: Re: TOR2WEB Message on top on screen
Post by: tunedin on August 28, 2013, 10:49 am
its the normal Tor browser bundle - vadalia control panel

if i remove .to part of url it still works

but when i open tor it just automatically by default go to the url which is https://ssssssomething.onion.to
Title: Re: TOR2WEB Message on top on screen
Post by: tunedin on August 28, 2013, 10:58 am
also when i do a ip check on http://whatismyipaddress.com/ through my tor browser, it shows my TOR ip and not my real ip so i guess that is a good thing that my tor is working properly

should i be worryied?

Title: Re: TOR2WEB Message on top on screen
Post by: kittenfluff on August 28, 2013, 11:06 am
also when i do a ip check on http://whatismyipaddress.com/ through my tor browser, it shows my TOR ip and not my real ip so i guess that is a good thing that my tor is working properly

should i be worryied?

Well, it looks like maybe you're connecting to TOR2WEB via a TOR connection, so I guess you should be ok for stuff you have already done (like post here), but I would stop the bundle connecting to any 'onion.to' address in future and I would set the startpage to the TOR check page:

https://check.torproject.org/?lang=en-US&small=1&uptodate=0

And also disable all scripts, especially JAVA.

And I would still recommend using Linux/TAILS on a USB - I could be wrong in my assessment and you shouldn't take your own security lightly.... and the situation sounds highly suspect...
Title: Re: TOR2WEB Message on top on screen
Post by: ECC_ROT13 on August 28, 2013, 11:16 am
Your browser bundle is probably fine.   But you still have a problem:

This is really important to understand.     And if anyone can't follow it, they need to stop using hidden services until they understand it..  Seriously, it's not for you.

onion.to is a Tor-to-web gateway.  If you're going to a URL that ends in onion.to, you're not connecting directly to the hidden service.   You're connecting to a website (onion.to), that THEN connects  to a hidden site for you and sends you back the results.   And onion.to can see all of your traffic.  So the connection looks like You->Tor->Exit Node-> (onion.to, a site ran by people you'd be an idiot to trust)->Hidden Service.

Hidden services end in .onion.   Not .onion.to.

If you're EVER connecting to a hidden service via onion.to, you've made a serious mistake.   The admins of onion.to have the ability to see what you do, can capture your passwords if they want, and you're not connecting securely to a hidden service.   The admins at onion.to can't see your real source IP if you're using Tor, but they can definitely see everything you see and steal your credentials if they want to.

This needs to be second nature for anyone connecting to hidden services.   You can't search Startpage, Google, etc, and expect to find direct links to .onion sites.    They're going to show you links to onion.to sites, since the normal web can get to hidden services that way.

I'm not picking on the OP (hell, everybody makes a mistake), but I'm somewhat surprised that everyone else didn't know immediately what happened to the OP.   onion.to is not a secure way to visit hidden sites. 
Title: Re: TOR2WEB Message on top on screen
Post by: ECC_ROT13 on August 28, 2013, 11:20 am
And to be very clear:  If you typed a password into a onion.to link for a hidden service, you need to go directly to that service, by it's .onion address (not it's onion.to address), and CHANGE YOUR PASSWORD NOW.

I don't know that the onion.to folks are up to anything, but you'd be foolish to put yourself in the position where you have to trust them.
Title: Re: TOR2WEB Message on top on screen
Post by: tunedin on August 28, 2013, 11:30 am

my god, thanks for pointing out

i just change all my password, thankfully homepage is set at https://check.torproject.org/?lang=en-US&small=1&uptodate=0 so it tells me every time i am connected to tor succesfuly

also just once again checked what my ip was showing and it was of tor

i have never accessed tor with my normal browser through onion.to or whatever, never will do that also

i think this should be a sticky for newbies out there - NEVER ACCESS TOR WEBSITES FROM .TO Links

Also i just realise - how many people have .to links in their signatures - seems like a lot of people dont know about this - even vendors have .to links in their profiles as signatures
Title: Re: TOR2WEB Message on top on screen
Post by: kittenfluff on August 28, 2013, 11:34 am

Also i just realise - how many people have .to links in their signatures - seems like a lot of people dont know about this - even vendors have .to links in their profiles as signatures

They are idiots and shouldn't be trusted.
Title: Re: TOR2WEB Message on top on screen
Post by: FreedomOutlaw on August 28, 2013, 06:44 pm
The [.to] gateway does censor questionable content. I don't even think you get the Hidden Wiki on [.to].

However, [.tor2web.org] does not not censor any content. If you accidentally end up on a site with illegal content, it can be traced back to your IP address.

Either way, you have no anonymity.