Silk Road forums

Discussion => Security => Topic started by: babyshiva999 on April 30, 2013, 02:26 am

Title: How do you access SR?
Post by: babyshiva999 on April 30, 2013, 02:26 am
As you could see from my previous post, I'm still struggling to decide which method would be the best for me to use to access SR. Please share your comments, thoughts and insights.

Much obliged,
Title: Re: How do you access SR?
Post by: gerstoner on April 30, 2013, 02:49 am
Custom Debian Squezze, manually configured Tor and Privoxy, using Epiphany as Browser.
Title: Re: How do you access SR?
Post by: awhiteknight on April 30, 2013, 03:09 am
@gerstoner, did you set up a transparent proxy and firewall rules so that malicious scripts can't unmask you? If so, can you provide instructions?

I'd like to set up an Ubuntu-based flash drive OS where my browser passwords actually save and I don't have to jump through Tails's hoops to get stuff done, but would like it to also be secure.
Title: Re: How do you access SR?
Post by: peeweed on April 30, 2013, 03:26 am
Well you don't have my option... I use IE and weatherbug from a DEA computer:)

In all seriousness.... I use an encrypted drive that has TBB and USB version of PGP, and run from my normal windows computer.  Casual user here, so my needs aren't that robust.

For casual SR customer, I don't see a huge benefit of booting a whole OS from a liveUSB/CD.  Just too much of a hassle... I like to surf while waiting the normal 5 min to login to SR.

I did for a short while use VirtualBox and installed a separate instance of Win7.  You can encrypt either the OS or even the virtual disks/files themselves to keep people out, while still feeling safe that TBB won't leave "dirty" stuff on your normal computer.  Though I did some digging and found very little that TBB left behind.  Though you do have to be careful to keep your traffic entirely in TOR... don't upload/download files etc  Keep notes etc on your normal computer etc...

Ultimately I found even an VM was a pain... so I just use USB... and imo the only think USB adds is that extra layer of protection if LE searches your house and takes your computer, they might miss the drive.  Where as if they find encrypted files they could try and get you to give them the password.
Title: Re: How do you access SR?
Post by: babyshiva999 on April 30, 2013, 03:42 am
Some interesting comments here. I've used VM before on Fedora, and it worked just fine, it can slow down the comp and needs a lot of RAM, but it's a good way to go.

Another option that I was just thinking of - like for the extremely paranoid ones: running Liberte from usb on a laptop without HD. I haven't tried it myself but one hardcore technical guy that I know tells me this set up is possible.

Peace,
Title: Re: How do you access SR?
Post by: peeweed on April 30, 2013, 03:51 am
I don't think you gain too much from removing the HDD if running liberte...  Just booting to the USB and running the OS I would guess is 99.9% secure... I highly doubt Liberte will create a "Liberte for SR" file depicting your SR orders etc on the installed HDD.

Unless you are retarded and decide that Liberte's cool new feature is that big secondsary drive to store all your snapshots of you doing blow with a hooker and Bill Clinton while making a How to SR video using IE and weatherbug.
Title: Re: How do you access SR?
Post by: herbaman on April 30, 2013, 07:00 pm
Was wondering if adding .to suffix in TOR bundle with TOR browser is a notch safer?
Title: Re: How do you access SR?
Post by: Ro-Jaws on April 30, 2013, 10:55 pm
I don't think you gain too much from removing the HDD if running liberte...  Just booting to the USB and running the OS I would guess is 99.9% secure... I highly doubt Liberte will create a "Liberte for SR" file depicting your SR orders etc on the installed HDD.

Unless you are retarded and decide that Liberte's cool new feature is that big secondsary drive to store all your snapshots of you doing blow with a hooker and Bill Clinton while making a How to SR video using IE and weatherbug.

Quite right, same is true of tails and liberte. You have to try quite hard to screw yourself over with either, for1 thing you need the administrator password to mount the HDDs in both and in liberte there is no use of root after the 1st 2 minutes (assuming you remember to activate from the boot menu).

I use a live tails CD but I think its more pertinent where you store your info (private keys, account information and so forth). Personally I keep both encrypted off site to help with the whole deniability issue.
Title: Re: How do you access SR?
Post by: awhiteknight on May 01, 2013, 12:31 am
Was wondering if adding .to suffix in TOR bundle with TOR browser is a notch safer?

Absolutely not. You're going out across clearnet through an exit node that may be sniffing your traffic, through "onion.to" who may be watching what you do. That's nowhere near as safe as staying in the Tor network.
Title: Re: How do you access SR?
Post by: DrugsAndCash on May 01, 2013, 01:27 am
Where encryption connection can be sniffed? On entrance or on exit ? I guess encryption is to protect from it. All connection to .onion websites is encrypted.
Title: Re: How do you access SR?
Post by: curiositymatrix on May 01, 2013, 01:31 am
I wonder if you could "nest" the .to proxy... like, silkroadvb5piz3r.onion.to.to.to
 it'd be less secure, but a funny sort of clusterfuck across the network, no?
Title: Re: How do you access SR?
Post by: lukeuser on May 01, 2013, 02:55 am
I wonder if you could "nest" the .to proxy... like, silkroadvb5piz3r.onion.to.to.to
 it'd be less secure, but a funny sort of clusterfuck across the network, no?

I don't think you can actually access clearnet sites through onion.to, which you would be doing to access onion.to since it is a clearnet site. But even if you could, the address wouldn't be silkroadvb5piz3r.onion.to.to.to because that would mean the operator of onion.to would have to own all the domains of .to that correspond to all the possible TLDs (com.to, org.to, uk.to etc.) which would probably cost a bit.
Title: Re: How do you access SR?
Post by: awhiteknight on May 01, 2013, 10:07 am
Where encryption connection can be sniffed? On entrance or on exit ? I guess encryption is to protect from it. All connection to .onion websites is encrypted.


On exit. consider this where => means encrypted and -> means not encrypted:


your tor browser => tor node => tor node => tor node => silk road

(that's safe)

your tor browser => tor node => tor node => tor exit node -> onion.to => tor node => tor node => tor node => silk road

(that's slower and not safe)
Title: Re: How do you access SR?
Post by: Jack N Hoff on May 01, 2013, 11:26 am
I wonder if you could "nest" the .to proxy... like, silkroadvb5piz3r.onion.to.to.to
 it'd be less secure, but a funny sort of clusterfuck across the network, no?

I don't think you can actually access clearnet sites through onion.to, which you would be doing to access onion.to since it is a clearnet site. But even if you could, the address wouldn't be silkroadvb5piz3r.onion.to.to.to because that would mean the operator of onion.to would have to own all the domains of .to that correspond to all the possible TLDs (com.to, org.to, uk.to etc.) which would probably cost a bit.

I just tried and YES YOU CAN!

BEHOLD THE CLUSTERFUCK dkn255hz262ypmii.onion.to.onion.to.onion.to
Title: Re: How do you access SR?
Post by: Jack N Hoff on May 01, 2013, 11:27 am
That's so fucking funny to me.

dkn255hz262ypmii.onion.to.onion.to.onion.to.onion.to.onion.to
Title: Re: How do you access SR?
Post by: lukeuser on May 01, 2013, 11:44 am
I wonder if you could "nest" the .to proxy... like, silkroadvb5piz3r.onion.to.to.to
 it'd be less secure, but a funny sort of clusterfuck across the network, no?

I don't think you can actually access clearnet sites through onion.to, which you would be doing to access onion.to since it is a clearnet site. But even if you could, the address wouldn't be silkroadvb5piz3r.onion.to.to.to because that would mean the operator of onion.to would have to own all the domains of .to that correspond to all the possible TLDs (com.to, org.to, uk.to etc.) which would probably cost a bit.

I just tried and YES YOU CAN!

BEHOLD THE CLUSTERFUCK dkn255hz262ypmii.onion.onion.to.onion.to

 ???  :o
Title: Re: How do you access SR?
Post by: tree on May 01, 2013, 11:52 am
The most secure way to go on TOR is using whonix over a secure OS (not windows). Whonix prevents anyone from discovering your real IP even if you download PDFs and run java applets (it's still not recommended but whonix developpers haven't managed to get their real IPs discovered yet), only the spoof IP that whonix generates. It's not that hard to configure too. For added security, use whonix with physical isolation, using two computers.
I've tried it and it's pretty cool but I did it over windows which wouldn't be secure anyways..
I just use TBB, since I'm a casual user. TAILS is cool too but it makes my computer overheat.
Title: Re: How do you access SR?
Post by: Jack N Hoff on May 01, 2013, 12:10 pm
This is how I access Silk Road for now on

silkroadvb5piz3r.onion.to.onion.to.onion.to.onion.to.onion.to.onion.to.onion.to.onion.to.onion.to.onion.to.onion.to.onion.to

Works great!
Title: Re: How do you access SR?
Post by: babyshiva999 on May 01, 2013, 11:04 pm
According to the poll - more than 40% of users access SR via TBB on Windows. I am not sure whether this really is a security issue, but I personally would be scared as fuck to use Windows for this task, hell I don't even use it for buying shit from amazon.

Well, I guess to each his own. Or is that I am just too paranoid and using TBB on Windows is no worse than TBB on Debian?

Peace,
Title: Re: How do you access SR?
Post by: PerPETualMOtion on May 02, 2013, 01:57 am
Well you don't have my option... I use IE and weatherbug from a DEA computer:)

WTF? ? ? ???

Quote from: Casual Investigator
In all seriousness.... I use an encrypted drive that has TBB and USB version of PGP, and run from my normal windows computer.  Casual user here, so my needs aren't that robust.

For casual SR customer, I don't see a huge benefit of booting a whole OS from a liveUSB/CD.  Just too much of a hassle... I like to surf while waiting the normal 5 min to login to SR.

WTF, indede. Just too much of a hassle to opt for security in these times of billions spent on national security--NSA, CIA, FBI, Boeing, Halliburton, AT%T, Brown and Root, DEA, the Drug War.... You do realize that hundreds of billions of dollars have been privately contracted to DOD contractors for pillaging profits from the Drug War, Terrorism, and global sociopolitical coups.

Quote from: Casual Investigator
I did for a short while use VirtualBox and installed a separate instance of Win7.  You can encrypt either the OS or even the virtual disks/files themselves to keep people out, while still feeling safe that TBB won't leave "dirty" stuff on your normal computer.  Though I did some digging and found very little that TBB left behind.  Though you do have to be careful to keep your traffic entirely in TOR... don't upload/download files etc  Keep notes etc on your normal computer etc...

Ultimately I found even an VM was a pain... so I just use USB... and imo the only think USB adds is that extra layer of protection if LE searches your house and takes your computer, they might miss the drive.  Where as if they find encrypted files they could try and get you to give them the password.

Was wondering if adding .to suffix in TOR bundle with TOR browser is a notch safer?

Absolutely not. You're going out across clearnet through an exit node that may be sniffing your traffic, through "onion.to" who may be watching what you do. That's nowhere near as safe as staying in the Tor network.

 >:( BEWARE  >:(

THERE IS A LOT OF BAD INFORMATION IN THIS THREAD.
Title: Re: How do you access SR?
Post by: PerPETualMOtion on May 02, 2013, 02:00 am
If you rely on this forum to supply you with good information, then you must be careful at evaluating reliable information.


Silk Road

silkroadvb5piz3r.onion

SR Forums

dkn255hz262ypmii.onion

TOR CHECK

https://check.torproject.org/

Panopticlick

http://panopticlick.eff.org/

Hidden Wiki

http://kpvz7ki2v5agwt35.onion/wiki/

Liberte

http://dee.su/liberte

 ;D Good Luck  ;D
Title: Re: How do you access SR?
Post by: prophetjack on May 02, 2013, 06:39 am
I run a full disk encrypted Ubuntu 10 with piratepack installed. (piratelinux.org)
Title: Re: How do you access SR?
Post by: tree on May 02, 2013, 08:58 am
According to the poll - more than 40% of users access SR via TBB on Windows. I am not sure whether this really is a security issue, but I personally would be scared as fuck to use Windows for this task, hell I don't even use it for buying shit from amazon.

Well, I guess to each his own. Or is that I am just too paranoid and using TBB on Windows is no worse than TBB on Debian?

Peace,
TBB on Debian is better than TBB on windows, simply because Debian is a safer OS by being open-source.
Title: Re: How do you access SR?
Post by: PerPETualMOtion on May 03, 2013, 04:20 pm
According to the poll - more than 40% of users access SR via TBB on Windows. I am not sure whether this really is a security issue, but I personally would be scared as fuck to use Windows for this task, hell I don't even use it for buying shit from amazon.

Well, I guess to each his own. Or is that I am just too paranoid and using TBB on Windows is no worse than TBB on Debian?

Peace,
TBB on Debian is better than TBB on windows, simply because Debian is a safer OS by being open-source.

+1