Silk Road forums
Discussion => Newbie discussion => Topic started by: staywavy72 on June 22, 2013, 02:14 am
-
So i realized ive been using a link to access the road that ends with ".onion.to" apparently the ".to" is so you can access the hidden web for users who dont have tor ......is it still secure if i placed orders from silkroadvb5piz3r.onion.to if i was using that link in tor, like i have the tor browser installed routing me to another ip adress, but is that still secure if i have to go through the onion.to link?
-
from what im gathering the onion.to just takes ur ip adress, which would be the one generated for me by tor, right? stressing so hard about getting caught using the service, someone please let me know
-
I think that as long as you're in TOR, you should be okay.
I'll check back to see what the pro's have to say.
-
Security is not absolute, so there's never such a thing as "secure" and "not secure".
But I'm sorry to say that accessing SR over onion.to is A LOT LESS SECURE than accessing it over tor.
When accessing over onion.to, the operators of every network over which your communication is carried (from your computer to the onion.to server) can see exactly what you're doing and from exactly what IP address you are connecting (the communication isn't even over HTTPS, so there is no encryption whatsoever). This includes the operators of the onion.to machine itself, and probably numerous government "listening points" within the Internet infrastructure.
However, just because they CAN see it doesn't mean that they're paying attention. That said, I don't think I'd want to risk it.
-
Catalan i was IN THE TOR BROWSER WHEN I ACCESED ONION.TO so i believe it is safer right?
-
Hi,
I wanted to make my first post here because I can relate so much to this confusion and want to forewarn you before you make a big mistake.
A little while ago my ex-boyf was in the same position. He heard from one of his friends about this drug marketplace and he google'd SR and he used to access it through a .to extension thinking it was always safe.
He started making orders from international sellers only worried about price and quality. He started off with personal amounts to be safe but then when a few of those came through, he thought he was untouchable so he upped the anti. 2 months and 5 semi bulk packages missing later there was a full blown raid at his house.
They had been building a case up since the very first time that he got drugs ordered. They got his IP, were able to geographically link it to his address and linked all the mail going to the address ordered from SR. With around 10 packages which amounted to drugs way more than in the "personal use" category, he didn't even get a chance to get a "what the fuck" out, before he was pinned to the ground, his 2 dogs shot and his house turned inside out with 3 laptops of his and 2 belonging to his family members taken (all he would do was change which laptops he used, thinking that was being "safe")
So a warning to the wise. Always take your security as paramount. I try to put myself in the shoes of a paranoid meth tweaker or a high level crime boss. Whatever precautions they take for their safety, I take with mine.
I suggest getting tails on a bootable USB (encrypted with truecrypt of course) and to always use security measures like Tor for your browsing, GPG for message encryption etc.
When risk can be avoided easily, why do you want to take it unnecessarily and make life harder for yourself. My ex was absolutely stupid. He used his phone call (I assume they get one) on me. I heard his voice, told him to get a lawyer and just hung up. It hurt and I guess people and my ex hate me for it, but personal security is paramount
TL;DR Safety is paramount. Use every safety and security feature you possibly can. I have an encrypted USB with Tails which I boot through a VM, spoofing my MAC address and only ever accessing internet off neighbors/public wi-fi with cheap $200-300 laptops that I can replace every month or so.
-
miszkay, your response scared the shit out of me.....
SOME PRO PLEASE TELL ME, MAKE SURE TO NOTE I WAS ACCESSING WITH THE TOR BROWSER BUT CONNECTING WITH THE ONION.TO LINK
-
miszkay is correct.
Do not use the onion.to browser. It is not tor, therefore it is not safe.
Please use tor in the future and always make sure you're accessing the correct websites before you input any sensitive information.
Also, read up on using pgp/gpg, and memorizing silkroad's url.
Be safe, good luck.
-
Ok so heres why i am SWEATING BULLETS thinking the cops might raid me right now.
1. I ordered a 1g sample of wax and 14g of wax from the same vendor, no FE
2.these were at different times but in the same day
3.he said he shipped out the 1g and would ship out 14g the next morning
4.the 1g arrived 2 days ago
5.the 14g is marked in transit still hasnt arrived today
6.i was using the .to link
HOW LIKELY ARE THE CHANCES I AM FUCKED AND MY LIFE IS
O
V
E
R
-
I'm new here too. Its easy to stress over something - anything.
I'm sure you sent some redflags to the wrong people. But if you received the first gram, if I were you, I'd ignore any future package that wasn't ordered on the TOR browser.
I'd also talk to my ISP and ask for a new IP before doing anything else related to TOR, SR, or even Bitcoin.
-
staywavy72 you said you were in the tor browser but using the onion.to address? you should be fine if that's the case as the tor browser would have given you a new fake IP every time you opened it.
-
morphjow is right. The TOR browser bundle would have given you a new fake IP each time you logged in. It's still not a smart move to use the onion.to link - those running the .to service could have access to your login credentials - but you definitely don't need to worry about a raid on your house.
I'm curious about the case involving miszkay's ex, even though I assume it's at least partially made up: if it were true, sharing the story publicly would be a far greater threat to her personal security than if she accessed TOR from her home network or something. (Also, I don't remembering hearing any SR related busts that involved two dogs being shot.) Was the ex - unlike the OP - not even using the TOR browser bundle? Who was the "they" who got his IP address? Local law enforcement? The DEA? Customs? And why assume his IP address had anything to do with it? Wouldn't it be more reasonable to think that Customs had started intercepting his packages and used them as evidence enough for a raid? I do think it's worth sorting out whether it was his computer use or the deliveries themselves that brought him down. If internet service providers are be turning over information about those even visiting SR through the .to service it's something people should know about.
-
morphjow is right. The TOR browser bundle would have given you a new fake IP each time you logged in. It's still not a smart move to use the onion.to link - those running the .to service could have access to your login credentials - but you definitely don't need to worry about a raid on your house.
I'm curious about the case involving miszkay's ex, even though I assume it's at least partially made up: if it were true, sharing the story publicly would be a far greater threat to her personal security than if she accessed TOR from her home network or something. (Also, I don't remembering hearing any SR related busts that involved two dogs being shot.) Was the ex - unlike the OP - not even using the TOR browser bundle? Who was the "they" who got his IP address? Local law enforcement? The DEA? Customs? And why assume his IP address had anything to do with it? Wouldn't it be more reasonable to think that Customs had started intercepting his packages and used them as evidence enough for a raid? I do think it's worth sorting out whether it was his computer use or the deliveries themselves that brought him down. If internet service providers are be turning over information about those even visiting SR through the .to service it's something people should know about.
yeah i dont know why that story is on here, why would you come on the SR forum to post that? doesn't make sense to me. and additionally, it is definitely customs or some other agency intercepting the items long enough to warrant a raid. i also have never heard this story, i am skeptical but interested
-
Don't sweat the small stuff! 14 grams of wax is nothing! ( depending on your location )
How would your life be over?
-
DO NOT USE ONION.TO SERVICES!
They deanonymize you, and your ISP/LE can read everything you do on SR and other hidden services.
They also log your id/password, if they have bad intentions, they can log in to your account and withdraw all of your BTC.
Again:
DO NOT USE ONION.TO SERVICES!
Either use the Tor browser bundle or Tails or don't log in to Tor hidden services AT ALL (especially SR)!
Since you already used the onion.to services, download the Tor browser bundle, access SR through that, and change your password and pin.
I'd also change my userid by creating a brand new account. Any addresses you used for shipping should be considered compromised.
-
I feel like some people didnt even read the part that i was in the tor browser bundle, but THANKS for those who did. answers are very reassuring, talked to the vendor and it just took him an extra day to ship it out and didnt get it out till night time. I am new here so the paranoia comes easy, i will take your advice and do all my btc deposits and orders from a diff IP. Thank you for the help guys!!!
-
Catalan i was IN THE TOR BROWSER WHEN I ACCESED ONION.TO so i believe it is safer right?
You are right that I overlooked this fact in my previous response. Because you were accessing onion.to over tor, your ISP etc will NOT have been able to see the comms and the operators of onion.to will NOT have known your IP address; however, as both Lorimer and p3nd8s have mentioned, the operators of onion.to WILL still have been able to see your activity (including your login credentials, what you purchased, and any cleartext messages you sent to other parties).
Therefore, you may still have a problem IF:
1. you ever provided identifying information, e.g. your shipping address, in plaintext (rather than PGP encrypted);
and
2. onion.to collaborates with LE (whether knowingly or unknowingly).
Should BOTH OF THE ABOVE be true and this comes back to bite you, having records of the purchases may not be sufficient evidence to charge you (as the purchases could have been made by someone else using your shipping details) - so be warned that they may try to coerce a confession from you in order to make a case they otherwise wouldn't have. Say NOTHING, no matter how much they try to pretend that "you're only making matters worse for yourself" - this is a common LE tactic to extract confessions when they do not have sufficient evidence. After all, as soon as they have sufficient evidence (at least in the UK) they are required to end questioning and charge you.
HOWEVER, if you conducted any other identifying activity over the same service (such as buying bitcoins), they may already have been able to link the two for a much stronger case. Forensic examination of your computer or financial records may also provide sufficient evidence to corroborate mere suspicion. It goes without saying that anything found in your possession (narcotics or paraphernalia) can also help their case.
Sorry I can't be any more reassuring than that.
-
It doesn't matter if you used tor bundle or not, onion.to logs your data.
Read the SR wiki, it says the same thing.
-
Anyone who hasn't heard of UglySurfer, and his Darknet extreme bootable usb stick's or machine's needs to make it a matter of urgency to look up this product on SR.
The usb comes pre loaded with Ubuntu and has a virtual machine on it as well. The VM is in a truecrypt encrypted container, which is in turn is hidden in an outer container , also truecrypt encrypted.
u get 2 passwords for this - the one which gives u access to the vm which you access TOR, and in turn SR from, and the password that opens the outer container, which just has a few files on it's ubuntu vm, nothing incriminating.
It is fucking awesome! I realize there are no absolutes as far as security goes, especially having SR accounts and buying drugs go, however, I'm more than happy to boot my machine from this usb stick, start a VM (which is connected to my home wi fi, but has a totally made up mac address and is also spoofed after that, as well as a made up ip address) get on TOR and SR and order drugs, or come here and talk with people about ordering drugs..
Have only been on SR 3 months, but have spent 8500
bucks in 16 transactions, but the best transaction I made ( aside from 1/2 an ounce of meth from Kush) was the one where I spent 70 bucks on that usb stick!
-
As said, don't ever use the .to. But you have to understand that if the government see that you have order 14 grams they probably don't ever bother. You can relax, nothing is gonna happen haha. They are of course more interresed in the sellers and big orders.
-
Can't agree more with others. Don't use .to.
-
damn just reading this has me thinking twice about about some things
-
Just keep using tor 8)
-
Ok so heres why i am SWEATING BULLETS thinking the cops might raid me right now.
1. I ordered a 1g sample of wax and 14g of wax from the same vendor, no FE
2.these were at different times but in the same day
3.he said he shipped out the 1g and would ship out 14g the next morning
4.the 1g arrived 2 days ago
5.the 14g is marked in transit still hasnt arrived today
6.i was using the .to link
HOW LIKELY ARE THE CHANCES I AM FUCKED AND MY LIFE IS
O
V
E
R
trippin that bad over some bud aha and the prices on here are horrible but hey why not get your green card obviously not meant to deal with that shit. on silkroad for weed lol someone u know has it just ask ha.
-
Hi,
I wanted to make my first post here because I can relate so much to this confusion and want to forewarn you before you make a big mistake.
A little while ago my ex-boyf was in the same position. He heard from one of his friends about this drug marketplace and he google'd SR and he used to access it through a .to extension thinking it was always safe.
He started making orders from international sellers only worried about price and quality. He started off with personal amounts to be safe but then when a few of those came through, he thought he was untouchable so he upped the anti. 2 months and 5 semi bulk packages missing later there was a full blown raid at his house.
They had been building a case up since the very first time that he got drugs ordered. They got his IP, were able to geographically link it to his address and linked all the mail going to the address ordered from SR. With around 10 packages which amounted to drugs way more than in the "personal use" category, he didn't even get a chance to get a "what the fuck" out, before he was pinned to the ground, his 2 dogs shot and his house turned inside out with 3 laptops of his and 2 belonging to his family members taken (all he would do was change which laptops he used, thinking that was being "safe")
So a warning to the wise. Always take your security as paramount. I try to put myself in the shoes of a paranoid meth tweaker or a high level crime boss. Whatever precautions they take for their safety, I take with mine.
I suggest getting tails on a bootable USB (encrypted with truecrypt of course) and to always use security measures like Tor for your browsing, GPG for message encryption etc.
When risk can be avoided easily, why do you want to take it unnecessarily and make life harder for yourself. My ex was absolutely stupid. He used his phone call (I assume they get one) on me. I heard his voice, told him to get a lawyer and just hung up. It hurt and I guess people and my ex hate me for it, but personal security is paramount
TL;DR Safety is paramount. Use every safety and security feature you possibly can. I have an encrypted USB with Tails which I boot through a VM, spoofing my MAC address and only ever accessing internet off neighbors/public wi-fi with cheap $200-300 laptops that I can replace every month or so.
miszkay, Please describe yourself.... Are you still single? Are you well-built and attractive? If so, you could possibly be that missing soulmate of mine that I have yet to find........ ;)