Silk Road forums

Discussion => Security => Topic started by: Joey Terrifying on March 17, 2013, 02:12 pm

Title: TOR for iPhone .....safe?
Post by: Joey Terrifying on March 17, 2013, 02:12 pm
do any of you guys use silk road from a smart phone?  is it just as safe as using TOR from my home computer?
Title: Re: TOR for iPhone .....safe?
Post by: TheSauceIsHot on March 17, 2013, 02:23 pm
Hard to tell what your Carrier holds onto.  I'd say a wifi spot would be safer than mobile coverage.
Title: Re: TOR for iPhone .....safe?
Post by: onezero32 on March 17, 2013, 08:30 pm
The risk probably isn't with your cell carrier if you use TOR on an iphone, you can use openVPN before you use TOR on an iphone to mask what you're doing.

The risk lies in what data your iphone gathers and keeps saved in it's own files. There's a fair bit of information on the clearnet about the kind of things law enforcement can find out if they forensically examine your iphone, and some if it is frankly terrifying!
Title: Re: TOR for iPhone .....safe?
Post by: SudoMan on March 17, 2013, 09:44 pm
What Tor client are you using for your iphone? I was looking for a few myself and came across Onion Browser, which works, but I do not trust it's security. Apple has restrictions on what applications can and can't do. With that being said, any web browser application you see in the AppStore is based off of Apple's WebKit, which is why most of the alternative browsers you see are not much better than Mobile Safari, if anything they may be slower.

I would say it is ok to use a Tor client on the iPhone to browse, but I would make a separate account than your primary account. I def would not make any purchases and would be careful about posting on the forums too.

Also beware of any java exploits too as developers have to build their apps in compliance with Apple's WebKit

I used to work for Apple, so I know a little bit about these things ;)

Hopefully you find this information helpful! Be Safe!
Title: Re: TOR for iPhone .....safe?
Post by: Wadozo on March 19, 2013, 02:53 pm
This has been discussed many, many times before here on the forums. IMO, it's NOT safe to use any mobile device to access SR via Tor. Even Silk Road Support wrote a response to a question posed to them on this issue stating Tor is not designed for a mobile device. They stated it was very dangerous to use a mobile device to conduct your SR activities. That's not to mention Java exploits, hardware exploits, exploits sent through phone updates, etc, etc. A mobile device is in actual fact a live GPS tracker and if your under the watchful eye of LE, that's something you need to avoid at all costs. Search the forum for an article where world renowned hacker Jacob Applebaum explains the myriad of potential vulnerabilities on a mobile phone which could easily be exploited by a hacker if so desired. If SR Support, effectively DPR himself who designed the website, doesn't think it's a safe practice, I won't be using a mobile device to access SR anytime soon. :)
Title: Re: TOR for iPhone .....safe?
Post by: Joey Terrifying on March 19, 2013, 03:16 pm
thanks very much for the replies!

i think i will refrain from doing anything criminal on my phone.  the only reason i was asking is because i am leaving town for a few days and might need to finalize an order if it doesn't arrive before i leave.

i'll figure out something else tho

thanks again!
Title: Re: TOR for iPhone .....safe?
Post by: sellitall99 on March 19, 2013, 03:57 pm
If you add ".to" to any TOR link on your mobile phone, it will work. Ive done it on my iphone a few times.
Title: Re: TOR for iPhone .....safe?
Post by: Wadozo on March 19, 2013, 04:39 pm
If you add ".to" to any TOR link on your mobile phone, it will work. Ive done it on my iphone a few times.

Please explain in a little more detail?  ???
Title: Re: TOR for iPhone .....safe?
Post by: onezero32 on March 19, 2013, 08:44 pm
If you add ".to" to any TOR link on your mobile phone, it will work. Ive done it on my iphone a few times.

Please explain in a little more detail?  ???

Don't do this.

.to uses a clearnet proxy to access TOR, effectively removing your anonymity.
Title: Re: TOR for iPhone .....safe?
Post by: Wadozo on March 20, 2013, 09:15 am
I wasn't going to. I was just curious about what this person was getting at. Tor and Mobile's DON"T MIX.
Title: Re: TOR for iPhone .....safe?
Post by: OuterLimits on March 20, 2013, 01:13 pm
The issue isn't the mobile carrier network because with TOR any connection to an .onion site such as SR or the forums is encrypted, so they can't see what you're doing anyways. The problem would be if the tor browser application for the iPhone "Onion Browser" is saving any history on the phone. While I don't actually ever notice it saving my browsing history etc, I don't know for sure if it's leaving any traces of info deep in the iOS file system.

Tip: If you use Tor and access SR from your iPhone, setup a pin or password lock and select the option that completely wipes out all the data on the phone after someone enters the lock pin number 10 times in a row.
Title: Re: TOR for iPhone .....safe?
Post by: Wadozo on March 21, 2013, 02:05 pm
The issue isn't the mobile carrier network because with TOR any connection to an .onion site such as SR or the forums is encrypted, so they can't see what you're doing anyways. The problem would be if the tor browser application for the iPhone "Onion Browser" is saving any history on the phone. While I don't actually ever notice it saving my browsing history etc, I don't know for sure if it's leaving any traces of info deep in the iOS file system.

Tip: If you use Tor and access SR from your iPhone, setup a pin or password lock and select the option that completely wipes out all the data on the phone after someone enters the lock pin number 10 times in a row.

A PIN or Password lock on an iPhone is as useful as an ashtray on a motorbike. It's a pointless exercise as with minimal effort and a 100% success rate, it can easily be bypassed enabling the end user to have complete access to the phone and any potentially incriminating files/documents/emails/info etc kept on your phone.
If you read the interview with Jacob Applebaum, world renowned hacker, where he details a few of the ingenious techniques skilled hackers can employ to get what they want from a user of a mobile phone. I don't have time to find it for you now but if you look through my posts in the Security section, a link is there in a few of my previous posts.
Title: Re: TOR for iPhone .....safe?
Post by: Wadozo on March 21, 2013, 02:57 pm
Also, the app "Onion Browser" is not Tor. It has some caveats which if read by the user, would set off alarm bells immediately. One of the most alarming is - "Javascript cannot be disabled. HTML5 Geolocation API cannot be disabled. There are others such as possible DNS leaks but having Javascript enabled is leaving the user wide open for a hacker to execute an attack and get what they want.
There is an issue with the mobile carrier network as a mobile phone is effectively another term for a tracking device, especially when you cannot disable the Geolocation API in HTML5. This coupled with other reasons such as the majority of users using Onion Browser on iOS, who don't disable scripts and browser add-ons when browsing using a mobile device (including Android devices), meaning your real I.P Address, Location, etc can be given away very easily using Java drive by's, Javascript exploits (could be sent to your phone hidden in phone updates), etc.
Title: Re: TOR for iPhone .....safe?
Post by: tempo on March 22, 2013, 03:04 am
the only reason i was asking is because i am leaving town for a few days and might need to finalize an order if it doesn't arrive before i leave.

Burn a Tails dvd or use http://www.pendrivelinux.com/universal-usb-installer-easy-as-1-2-3/ to place the Tails iso on a usb stick (more handy). If you use a usb stick, create two partitions. One for tails and a smaller one for the tor bundle. (in case of you can't choose boot medium/ bios lock... perhaps in a internet cafe...)

Update: universal-usb-installer creates a fat32 partition, so no need for two partitions. Just copy the tor bundle for win32 to the usb stick after universal-usb-installer is done.