Silk Road forums
Discussion => Security => Topic started by: unbiased on October 06, 2013, 03:08 am
-
This was always debated - can you be on TOR/SR at the same time as the regular internet and be untraceable? Not only is it not safe, but enforcement folks actively check for this. It turns out that it's not safe to use TOR and the internet from the same ISP.
The arrest articles on DPR describe how they tracked him by viewing the ISP records from the coffee shop he went to, and matched him accessing his normal email address from the same ISP as the SR admin console.
Lesson learned.
-
That had nothing to do with Tor. He accessed Silkroad admin through a VPN, not Tor.
-
That had nothing to do with Tor. He accessed Silkroad admin through a VPN, not Tor.
+1
This. In the complaint it says that the SR Admin console was coded to only accept the VPN IP. He didn't use TOR because he needed a static IP for access based on the way he set it up. That didn't change until late Spring/early Summer. They were able to correlate that IP with his Gmail logins.
But it has nothing to do with TOR because those logins would have had DIFFERENT IP addresses, not the same, if he were using one TOR and one non-TOR browser That doesn't answer the question at all, not even indirectly.
-
I use TOR and Non Tor browsers at same time all the time..
Is that safe to do??
-
My bad. I thought I was really on to something there.
-
My bad. I thought I was really on to something there.
You were on to something in pointing out that they use old-fashioned, simple police work to identify TOR users rather than doing sophisticated attacks on TOR itself. They haven't been able to completely defeat TOR anonymity, but they can use some pretty simple tactics to identify individual TOR users.
-
My bad. I thought I was really on to something there.
You were on to something in pointing out that they use old-fashioned, simple police work to identify TOR users rather than doing sophisticated attacks on TOR itself. They haven't been able to completely defeat TOR anonymity, but they can use some pretty simple tactics to identify individual TOR users.
You're buying the gov's BS hook, line, and sinker.
It's very clear the feds found SR's server first, then worked backwards to find all these other little mistakes. Guess they call this illegal methodology "parallel construction".
http://www.washingtonpost.com/blogs/the-switch/wp/2013/08/05/the-nsa-is-giving-your-phone-records-to-the-dea-and-the-dea-is-covering-it-up/
Astor and kmfkewm were talking for some time that Tor is already dead, I'm afraid they might be right.
-
My bad. I thought I was really on to something there.
You were on to something in pointing out that they use old-fashioned, simple police work to identify TOR users rather than doing sophisticated attacks on TOR itself. They haven't been able to completely defeat TOR anonymity, but they can use some pretty simple tactics to identify individual TOR users.
You're buying the gov's BS hook, line, and sinker.
It's very clear the feds found SR's server first, then worked backwards to find all these other little mistakes. Guess they call this illegal methodology "parallel construction".
http://www.washingtonpost.com/blogs/the-switch/wp/2013/08/05/the-nsa-is-giving-your-phone-records-to-the-dea-and-the-dea-is-covering-it-up/
Astor and kmfkewm were talking for some time that Tor is already dead, I'm afraid they might be right.
Oh I'm not buying anything. When I say "old-fashioned police work" I mean that they found the server and worked backwards from there. That they can identify individual TOR users has been well known for as long as SR existed. And the NSA does use malware to exploit flaws in Firefox. Both the NSA and GCHQ are also known to operate exit nodes, although not enough to unmask everybody. But they can watch traffic patterns.
If you think I buy that FBI "we'll get you eventually because we're all-knowing and all-powerful," you're mistaken. With that said, it's easy to get people who are lazy and who believe they are infallible thanks to the TBB.
What I said was, they used ISP and VPN records to show the association between Ulbricht and DPR using Gmail and the SR admin console log-ins.
-
This was always debated - can you be on TOR/SR at the same time as the regular internet and be untraceable? Not only is it not safe, but enforcement folks actively check for this. It turns out that it's not safe to use TOR and the internet from the same ISP.
The arrest articles on DPR describe how they tracked him by viewing the ISP records from the coffee shop he went to, and matched him accessing his normal email address from the same ISP as the SR admin console.
Lesson learned.
This is nonsense.