Silk Road forums

Discussion => Security => Topic started by: golf on May 04, 2012, 08:21 pm

Title: Updating TOR - paranoia
Post by: golf on May 04, 2012, 08:21 pm
Been using the out of date TOR bundle for a month or so now (firefox) it tells me I'm browsing anon. but should update to be fully secure... I'm pretty sure I should do this, but in the back of my mind I'm thinking the new updated TOR could possibly be compromised .. no reason to suspect this just mind playing tricks :)

..I'm being stupid right? No way the TOR project could have been infiltrated by LE for cash?

..and is using the out of date version actually that bad?

,Sorry if this is a stupid question  :)
Title: Re: Updating TOR - paranoia
Post by: Anon-Assassin on May 04, 2012, 08:25 pm
it was more an issue with firefox just make sure you have java script turned off. Try and stay up to date
Title: Re: Updating TOR - paranoia
Post by: phubaiblues on May 05, 2012, 04:27 am
Always want to keep it simple.  Tor is our friend, and when they say update, or start sending us to the site for security updates, I just go ahead and take fifteen minutes, and delete the old one, and reinstall...
Title: Re: Updating TOR - paranoia
Post by: cindylove on May 05, 2012, 06:44 am
Been using the out of date TOR bundle for a month or so now (firefox) it tells me I'm browsing anon. but should update to be fully secure... I'm pretty sure I should do this, but in the back of my mind I'm thinking the new updated TOR could possibly be compromised .. no reason to suspect this just mind playing tricks :)

..I'm being stupid right? No way the TOR project could have been infiltrated by LE for cash?

..and is using the out of date version actually that bad?

,Sorry if this is a stupid question  :)

I share the same paranoia. I updated the to the new ubuntu version and there have been quite a few changes (differeft icons, font seems slightly different) Can't help thinking if it's some LE trap.
Title: Re: Updating TOR - paranoia
Post by: Kappacino on May 05, 2012, 07:04 am
Been using the out of date TOR bundle for a month or so now (firefox) it tells me I'm browsing anon. but should update to be fully secure... I'm pretty sure I should do this, but in the back of my mind I'm thinking the new updated TOR could possibly be compromised .. no reason to suspect this just mind playing tricks :)

..I'm being stupid right? No way the TOR project could have been infiltrated by LE for cash?

..and is using the out of date version actually that bad?

,Sorry if this is a stupid question  :)

I share the same paranoia. I updated the to the new ubuntu version and there have been quite a few changes (differeft icons, font seems slightly different) Can't help thinking if it's some LE trap.

That's gold  8)
Title: Re: Updating TOR - paranoia
Post by: golf on May 06, 2012, 10:10 pm
.. thing is I look at the problem from the point of view of the authorities, would it be easier to try and crack the system or give the 'TOR project' a bribe for a little info/seat round the table.. nudge nudge.. say no more

I guess to those that fully understand the TOR system such paranoia is laughable..
Title: Re: Updating TOR - paranoia
Post by: kmfkewm on May 07, 2012, 08:14 am
There are two major ways that the Tor developers could fuck us if they really wanted to or were forced to. For one they own the majority if not all of the directory authority servers, it is possible for them to lie and say only nodes they own are part of the Tor network. This would allow them to become a global active adversary, which means that they could entirely defeat all security advantages of Tor for all of its users, but it would require them to own the amount of bandwidth required to relay all Tor users traffic. This would not be possible for them to do without some people noticing all of the node IP addresses suddenly changed, but the Tor client does not warn you if such a strange event happens, and you will need to look for yourself or wait for someone who realizes to point it out. They take some protections from this though, for one the people who run the dirauth servers and the servers themselves are situated in a few different international jurisdictions around the world. Also, four out of nine servers need to agree to a consensus, so at least four of them will need to be compromised (via force or via bribes) by cooperating attackers. The people who run the dirauths seem to be largely libertarian, and I think they are absolutely opposed, with firm moral grounding, to compromising the Tor network in any way. Another possibility is that they could bug the code, but this would eventually be detected in an audit and might never get added in the first place.  I believe they also have the full support of EFF when it comes to dealing with legal matters, and that EFF claims they will take any attempts to force the Tor developers to backdoor their product in any way to court, and they think that they will win in USA anyway.
Title: Re: Updating TOR - paranoia
Post by: golf on May 07, 2012, 05:41 pm
Great info! Thanks!  :)
Title: Re: Updating TOR - paranoia
Post by: Veetano on May 07, 2012, 07:52 pm
Keep in mind. Not every single Tor user access onion sites. The person who introduced me to Tor actually was back in school to bypass the server.

Same with ubuntu. Not every person using it, is a suspect of something illegal lol.
Title: Re: Updating TOR - paranoia
Post by: dave00 on May 07, 2012, 10:25 pm
ahaha man i was thinking the same thing with all this security updates  ;D
But it's only for the updates of firefox
and tor needs to be at the best!
Title: Re: Updating TOR - paranoia
Post by: cindylove on May 08, 2012, 11:55 am
ahaha man i was thinking the same thing with all this security updates  ;D
But it's only for the updates of firefox
and tor needs to be at the best!

No wonder. I guess I'll update now :D
Title: Re: Updating TOR - paranoia
Post by: blacksunshine on May 08, 2012, 02:15 pm
I finally did the updates yesterday and now it seems a bit slower when starting the browser.  Just me?
Title: Re: Updating TOR - paranoia
Post by: dave00 on May 08, 2012, 02:27 pm
maybe just a lil bit
but it's not very important...
i've noticed it only when it starts but after 5 min it return to the normal speed
Title: Re: Updating TOR - paranoia
Post by: fasttrip on May 08, 2012, 03:47 pm
Go to:
ip-check.info/?lang=en,
And if you see any red sign, then you can be tracked!!
Title: Re: Updating TOR - paranoia
Post by: Tittytwister on May 08, 2012, 04:08 pm
are you talking about the firefox 3.6.18 update or have i missed a notification from my tor bundle?
Title: Re: Updating TOR - paranoia
Post by: peterkoff8273 on May 08, 2012, 05:58 pm
This thread is pure gold. What makes you think the old version wasn't "compromised"? You people should stop smoking so much grass ;)
Title: Re: Updating TOR - paranoia
Post by: dave00 on May 08, 2012, 05:59 pm
good information on this ipcheck  ;D
Title: Re: Updating TOR - paranoia
Post by: cindylove on May 08, 2012, 08:13 pm
What makes you think the old version wasn't "compromised"?

Wee, I'm not in jail, am I?
Title: Re: Updating TOR - paranoia
Post by: CaptainSensible on May 08, 2012, 08:32 pm
A more likely concern would be about the integrity of the Tor package you download.  While it's a remote possibility, you could be the victim of a man-in-the-middle attack where an attacker makes a connection between you and your intended website.  In that case, the entire connection is controlled by the attacker. Like I said, this is unlikely, but the chance of getting Tor software that's been modified by a third party is greater than the unlikely chance of Tor developers writing back door code to screw us.

To verify that you have downloaded the actual Tor software that has not been tampered with, you want to check the ISO image integrity.  For Tails you can download the Tails signing key and check the integrity of your download (but also be sure to check the integrity of the signing key!). 

See tails.boum.org/download/ for how to do this. 
Title: Re: Updating TOR - paranoia
Post by: Ordos on May 09, 2012, 01:57 am
You should actually be checking the GPG signatures or MD5/SHA1 hashes of any security related software (that means TAILS, Ubuntu, GPG, GPA, or the Browser Bundle).  I do this for my clearnet stuff as well.  Stay safe out there.