Silk Road forums

Discussion => Security => Topic started by: DaleGribble on October 22, 2012, 10:31 pm

Title: Newbie Questions! Am I Secure, Are My Accounts Compromised?
Post by: DaleGribble on October 22, 2012, 10:31 pm
So I started using TOR, Silk Road, Bitcoins etc recently. Let me explain my setup and hopefully I can receive some feedback as to whether my identity is safe...

I have used both my home WiFi and mobile (tethered) for internet access. I have set up my Blockchain, Silk Road, Bitcoin Fog and TORMail accounts from this all via TOR. I have accessed the Clearnet but not logged into anything, nor have I tied myself to my real identity in any way whilst using TOR. I am running everything from the latest version of TAILS. My mobile I am tethered to for internet is synced with my Facebook account and sometimes I receive updates from Facebook on my phone whilst tethered. Does this leave me vulnerable?

If all my accounts are compromised, I have no problems starting from scratch with all new accounts for everything and heading over to Starbucks for public WiFi (whilst sitting out of view from CCTV cameras).

P.S. If I do something like use TOR unsafely even once (e.g. I access my SR/BTC accounts unsafely via a mobile or whatever) are all my accounts and laptop/internet connection I was using permanently tainted? Or am I only vulnerable during that session? So say I set up all my accounts on my home WiFi and it's unsafe, does that mean they are tainted forever?

Thanks so much! Hopefully I can start doing business with you all in the near future ;)
Title: Re: Newbie Questions! Am I Secure, Are My Accounts Compromised?
Post by: microRNA on October 22, 2012, 11:09 pm
On Keyboard, The Big D...Rusty Shackleford!

Face-to-face interfacing is obsolete. There's over 400 expressions that you can make with symbols online. You can only make two expressions with your face

Gun's don't kill people. The Government does.

Sometimes I wish the government would just ban itself. Wrap your heads around that, fellas.

sh sh sh shaaa..... squirrel tactic!

You mean I burned off my fingerprints for nothing?

Computers don't make errors. What they do, they do on purpose. By now your name and particulars have been fed into every laptop, desktop, mainframe and supermarket scanner that collectively make up the global information conspiracy, otherwise known as "The Beast."

... sounds like helicopters. UN helicopters.

I'm too pretty to go to jail!


My name is Shackelford, Rusty Shackelford, I refuse to speak without my attorney present, [stands, takes off his hat] I am Mr. Shackelford's attorney, Rusty Shackelford, My client pleads insanity.

If all you're goin' on is my confession, forget it, I'm simply not credible.
Title: Re: Newbie Questions! Am I Secure, Are My Accounts Compromised?
Post by: DaleGribble on October 22, 2012, 11:40 pm
On Keyboard, The Big D...Rusty Shackleford!

Face-to-face interfacing is obsolete. There's over 400 expressions that you can make with symbols online. You can only make two expressions with your face

Gun's don't kill people. The Government does.

Sometimes I wish the government would just ban itself. Wrap your heads around that, fellas.

sh sh sh shaaa..... squirrel tactic!

You mean I burned off my fingerprints for nothing?

Computers don't make errors. What they do, they do on purpose. By now your name and particulars have been fed into every laptop, desktop, mainframe and supermarket scanner that collectively make up the global information conspiracy, otherwise known as "The Beast."

... sounds like helicopters. UN helicopters.

I'm too pretty to go to jail!


My name is Shackelford, Rusty Shackelford, I refuse to speak without my attorney present, [stands, takes off his hat] I am Mr. Shackelford's attorney, Rusty Shackelford, My client pleads insanity.

If all you're goin' on is my confession, forget it, I'm simply not credible.

Hahaha! Usually going into a thread realizing your question wasn't answered is disappointing, but in this case it was still great...
Title: Re: Newbie Questions! Am I Secure, Are My Accounts Compromised?
Post by: Thedonkilluminati on October 23, 2012, 12:17 am
I have a GS3 and i dont have fb app in my phone and i dont even syns a shit with fb, fb is not much of  trustworthy.
I have downloaded no permission and rooted my GS3 and giving the permission to a app where i see it necessary other wise i tell to stfu and work without extra permission.
Computer is encrypted, extra drives encrypted, running latest eset nod32 on both phone and pc and some extra shit :D
Title: Re: Newbie Questions! Am I Secure, Are My Accounts Compromised?
Post by: microRNA on October 23, 2012, 12:39 am
sorry, i couldnt resist :) one of my favorite shows ever

i would definitely have left an actual response if i could help but i am no security expert so unfortunately i would not be much assistance on your safety

i do know that is not safe to run a tor browser and a normal web browser on the computer simultaneously. so it may apply to your phone as well, you might look into disabling facebook while on tor through your phone if possible

i dont actually know if its recommended to use tor on your phone at all really - there is a thread about it but i dont see it right now, i will post it if i find it

one thing i know is recommended is to keep your computer clean of tor and keep it on a secure usb... so id recommend setting it up that way on your phone too if possible somehow or you may consider removing it from your phone all together just to be as safe as possible

again i am just sharing my thoughts, i am definitely not knowledgeable enough to confirm your security
Title: Re: Newbie Questions! Am I Secure, Are My Accounts Compromised?
Post by: Aidoneus on October 23, 2012, 03:37 am
Are you running tails from a live cd/usb or directly from your HD? As microRNA mentioned, it's a really good idea to keep everything completely separate. Also, if you HAVE to use a USB drive, never plug it in while you're booted into your regular OS - registry records will appear. Shut down completely, insert, boot from USB.

Also as was mentioned... not a good idea to use a regular browser at the same time. While it's pretty unlikely the two could be connected, it's really a 'better safe than sorry' situation. As far as using your phone as internet - same thing applies. Whenever you get a FB notification or whatever else, it's technically coming directly to the phone, not back through Tor. Tor traffic is encrypted in addition to it's other safety measures, the other traffic is not. So disabling anything else that might request or receive data while using it as your connection is a good idea for sure.

As far as your question 'are your accounts compromised?' If you are just starting out and haven't made a purchase or anything yet, it's pretty much impossible that you're on anyone's radar. Just practice secure protocols from here on out and you SHOULD be fine. If you're the paranoid type, then by all means feel free to establish new accounts... but it probably isn't necessary.

Using home wifi - many people have different views on this. Ultimately it would always be 'safer' to use a wifi connection that is in no way tied to you. Is it necessary? Again, many different views. If you do choose to go use public wifi - don't go into the location. Try to find a place you can use a connection from as far as possible. Obviously you don't want to look suspicious like sitting in the sidewalk or something. But if the place next door has outdoor seating or maybe a parking lot while you're in the car still... be creative. There ARE cameras everywhere.

Overall I'd say you're fine. Cheers!
.Hades.
Title: Re: Newbie Questions! Am I Secure, Are My Accounts Compromised?
Post by: Thedonkilluminati on October 23, 2012, 09:44 am
afaik there is No problem att all running other browser while running Tor.
if your still some how Think they May be connected, check both Tor and other browser and see if both using same ip.
whatsmyip.com
Title: Re: Newbie Questions! Am I Secure, Are My Accounts Compromised?
Post by: quinone on October 23, 2012, 10:10 am
Just maintain a modicum of respect for the principles of Plausible Deniability :)
Title: Re: Newbie Questions! Am I Secure, Are My Accounts Compromised?
Post by: DaleGribble on October 23, 2012, 07:34 pm
Are you running tails from a live cd/usb or directly from your HD? As microRNA mentioned, it's a really good idea to keep everything completely separate. Also, if you HAVE to use a USB drive, never plug it in while you're booted into your regular OS - registry records will appear. Shut down completely, insert, boot from USB.

Also as was mentioned... not a good idea to use a regular browser at the same time. While it's pretty unlikely the two could be connected, it's really a 'better safe than sorry' situation. As far as using your phone as internet - same thing applies. Whenever you get a FB notification or whatever else, it's technically coming directly to the phone, not back through Tor. Tor traffic is encrypted in addition to it's other safety measures, the other traffic is not. So disabling anything else that might request or receive data while using it as your connection is a good idea for sure.

As far as your question 'are your accounts compromised?' If you are just starting out and haven't made a purchase or anything yet, it's pretty much impossible that you're on anyone's radar. Just practice secure protocols from here on out and you SHOULD be fine. If you're the paranoid type, then by all means feel free to establish new accounts... but it probably isn't necessary.

Using home wifi - many people have different views on this. Ultimately it would always be 'safer' to use a wifi connection that is in no way tied to you. Is it necessary? Again, many different views. If you do choose to go use public wifi - don't go into the location. Try to find a place you can use a connection from as far as possible. Obviously you don't want to look suspicious like sitting in the sidewalk or something. But if the place next door has outdoor seating or maybe a parking lot while you're in the car still... be creative. There ARE cameras everywhere.

Overall I'd say you're fine. Cheers!
.Hades.

Wow, top poster, that's fantastic information. Thank you!

Okay, so currently I've made the USB TAILS mistake. So I will be burning onto a DVD. Question: Is Liberte safer than TAILS? I never knew I had any options other than TAILS when I made the bootable USB. I do like how TAILS erases it's data on shutdown... But can't figure out how to install software on there permanent (been unable to figure it out despite Googling efforts)... But if Liberte is more secure I'll definitely switch over. Either way I am going to make a bootable CD instead of USB.

Anyway to elaborate on my question... When I said tainted... I don't believe I am being tracked right now... BUT, say one day I am a target for authorities, when they try to hack me (or however you'd put it) would they be able to see "ah, when this guy created this TORMail account he was logged into Facebook during that session! Now I can find his real identity!" Like if I make a stupid mistake, or don't create accounts/log into them in a completely secure way and leave loopholes, is my anonymity PERMANENTLY tainted? Will my real identity/real IP forever remain associated with those accounts? It's hard to explain but hopefully you understand where I am coming from.

About the public WiFi thing, that's interesting about not entering the premises, is it likely I need to buy a USB WiFi antenna thing to pick up a Starbuck's WiFi signal from the car park, for example? Or am I totally safe just sitting outside assuming there's a bench or something? Was your suggestion to not enter the building based on the presence of cameras which I could avoid by staying outside?

Again thanks, top stuff! Are there any other ninja stealth tactics you can suggest to me (and any other SR hopefuls who will read this)?
Title: Re: Newbie Questions! Am I Secure, Are My Accounts Compromised?
Post by: DaleGribble on October 24, 2012, 10:04 pm
Question: Seeing as blockchain, instawallet and easywallet are all Clearnet addresses, is it safe to access them whilst using TOR logged into SR etc...? All the accounts would have been opened and NEVER accessed outside of TOR, but does opening Clearnet addresses leave me vulnerable?

I think I have this process down now. Just having problems with Liberte, I don't understand if MAC Address spoofing is automatic, and if I need to install extra software to ensure NONE of my hardware can possibly be identified by an outside source.