Silk Road forums
Discussion => Security => Topic started by: CALiGREEN on August 14, 2013, 07:55 pm
-
Im concerned with the browser exploits being used to gain IP info. It seems common sense that a government site like USPS would have these embedded.
How do you guys all check your tracking #'s safely? I was using firefox with a elite proxy with noscript with java/iframe checked, but with java enabled within FF. Not using tor of course.
Is this sufficient do you all think?
Also, I noticed that with java disabled in FF the 'track' button does not work on USPS. However if you enable it, and forbid java in noscript...it works. Does this mean noscript is not functioning?
Trying to be safe! :)
-
Most vendors don't check tracking info unless it's been at least a few days since it was expect to arrive. Reason being that USPS flags tracking numbers checked through Tor.
-
If checking tracking while running a VPN, would it then matter if one was using Tor or not? Or I guess the larger question is this: Does a VPN mask Tor use from outside snoopers?
-
If checking tracking while running a VPN, would it then matter if one was using Tor or not? Or I guess the larger question is this: Does a VPN mask Tor use from outside snoopers?
No. Your local IP would be routed through the VPN and then through TOR. It would on the outside appear to be TOR. If the FBI used the browser exploit thats public knowledge and you were on a VPN, it should reflect the VPN's ip and not your local IP.
-
VPN is prob the way to go
So you're willing to put your freedom on the line by only using a VPN to check the tracking? If you're a large enough target, LE would acquire your IP from USPS, and then request logs from the VPN provider (and don't tell me that they don't keep logs, 95% of them do). You should be using Tor and then an elite proxy to disguise the torified IP.
-
It's probably best if you don't check tracking with Tor or VPN, because that could be seen as suspicious. Maybe drive around and find an open wifi in your city. There are apps you can use with your smartphone which log all wifi in range and create output which you can use in Google Earth. Though you shouldn't use your smartphone to check it either. Use a notebook with a virtual machine or something.
Using a normal ISP customer IP address doesn't look suspicious. Checking tracking from a VPN in a country which is neither sender nor receiver does look suspicious.
XKeyscore does include a (probably incomplete) list of VPN IP addresses. Making a list of public Tor exit nodes is even easier. Maybe they don't use it to find suspicious mail, but they could.
-
This might be a totally retarded question, but why would you need to disguise yourself when checking tracking info for a package that is addressed to you @ your real life house?
Is this simply to maintain plausible deniability in case LE discovered the drugs and is waiting for you to inquire? I just thought of that...is that it?
-
If you check tracking with your own IP then this leaves an even bigger case against you as they can claim that you knew the package was coming as you checked the tracking. This gives them more evidence to lock you up. Never ever do that.
I would say either check at a non-local library or internet cafe, wearing a disguise that does not look like you. Or, check using TOR on a VM with USPS seeing either a VPN or Proxy and not being able to detect tor use in any way. This latter option is more attractive.
-
There are clearnet alternative tracking sites that will query usps for you. Using tor with javascript disabled and nonscript options blocking all, you can still use some of them safely (this is the presumption based on current knowledge of the exploits)
This is the best information I have been given regarding tracking anonomously.
-
There are clearnet alternative tracking sites that will query usps for you. Using tor with javascript disabled and nonscript options blocking all, you can still use some of them safely (this is the presumption based on current knowledge of the exploits)
This is the best information I have been given regarding tracking anonomously.
GO on... can you give some examples? This would definitely come in handy.
-
There are clearnet alternative tracking sites that will query usps for you. Using tor with javascript disabled and nonscript options blocking all, you can still use some of them safely (this is the presumption based on current knowledge of the exploits)
This is the best information I have been given regarding tracking anonomously.
GO on... can you give some examples? This would definitely come in handy.
We need some examples! I would love to see those...