Silk Road forums
Discussion => Security => Topic started by: Sahara on April 15, 2012, 10:25 pm
-
Evenin' all!
Each computer has its own identification number, just like each mobile phone has its own IMEI number. TOR bounces my signal around between different IP addresses, but IP addresses are geographical. (I know all about dynamic and static IP addresses.) It seems to me that TOR will hide my geographical location. But let's say, before I found TOR, I already used my computer overtly to register my real life identity on Facebook or Twitter.
Would anyone receiving my post-exit-node traffic be able to see my computer's ID? If so, then this could be cross referenced with Facebook's records and my real world identity would be compromised. Does this sound plausible?
-
You make Facebook's records sound like the public library :D It would take someone a lot of time and resources to link your ip/mac address to your facebook and even then you have to ask yourself, why would they do it? If you're truly paranoid I would backup any files that are important and wipe your hard drive several times using dban and then starting fresh. On top of that you should get yourself a usb stick and install liberte and only use it when you want to access SR or onion sites.
-
You make Facebook's records sound like the public library :D It would take someone a lot of time and resources to link your ip/mac address to your facebook and even then you have to ask yourself, why would they do it? If you're truly paranoid I would backup any files that are important and wipe your hard drive several times using dban and then starting fresh. On top of that you should get yourself a usb stick and install liberte and only use it when you want to access SR or onion sites.
Hmm..."Liberte" on a USB stick? Like loading the program off of that?! I must research this Liberte some more! Thanks for mentioning this!
-
You make Facebook's records sound like the public library :D It would take someone a lot of time and resources to link your ip/mac address to your facebook and even then you have to ask yourself, why would they do it? If you're truly paranoid I would backup any files that are important and wipe your hard drive several times using dban and then starting fresh. On top of that you should get yourself a usb stick and install liberte and only use it when you want to access SR or onion sites.
Hmm..."Liberte" on a USB stick? Like loading the program off of that?! I must research this Liberte some more! Thanks for mentioning this!
Yep just google "Liberte linux" and download it, it's only ~160mb and very easy to install. It runs completely on a usb stick so it'll never interact with your real hard drive, that way if the cops were ever to bust in your place and take your hard drive they wouldn't find any trace of you accessing TOR from that hard drive.
-
You make Facebook's records sound like the public library :D It would take someone a lot of time and resources to link your ip/mac address to your facebook and even then you have to ask yourself, why would they do it?
The authorities might do it if they wanted to find who I was and arrest me. If they had the legal backing, e.g. warrants and the like, it would take a few moments to search a data base and find a match. (We're only talking about finding a match for an alphanumeric string.) It's not just Facebook and Twitter; I've changed the address on my driving license online, and accessed many other official websites. I wouldn't be surprised if the authorities kept their own records on these things.
-
Would anyone receiving my post-exit-node traffic be able to see my computer's ID? If so, then this could be cross referenced with Facebook's records and my real world identity would be compromised. Does this sound plausible?
No. The only thing connecting your post-exit-node traffic to you is if you log on to Facebook with your real name / email address without using SSL.
-
Would anyone receiving my post-exit-node traffic be able to see my computer's ID? If so, then this could be cross referenced with Facebook's records and my real world identity would be compromised. Does this sound plausible?
No. The only thing connecting your post-exit-node traffic to you is if you log on to Facebook with your real name / email address without using SSL.
I would be very grateful of a more detailed response.
The premise was that I had had already done these things pre-TOR. Every mobile phone has a network number, i.e. your phone number, and a device number, i.e. an IMEI number. Every time you make a call with a mobile phone, both your phone number and your IMEI number are transmitted. (That's how they block stolen handsets, even after the SIM card has been changed: the networks refuse the IMEI number.) The same is true of a computer. We have an IP address/range which is the analogue of a phone number, and a machine ID which is the analogue of an IMEI number.
Are you suggesting that the exit-node's machine ID will be assigned to any traffic?
-
Personally I'd avoid using any personal info on the TOR network period.
Don't use TOR to access your mail/facebook/anything that you've ever or will ever do on network.
Enough relay's that are monitored and theoretically they could pinpoint your IP, plus with your personal info its enough circumstance to hold up in most courts of law.
- Stay safe
-
Personally I'd avoid using any personal info on the TOR network period.
Don't use TOR to access your mail/facebook/anything that you've ever or will ever do on network.
Sadly it seems that you haven't read the thread.
It's only five or six posts long.
I shan't repeat myself.
Please spend 120 seconds to read the previous thread...
-
Personally I'd avoid using any personal info on the TOR network period.
Don't use TOR to access your mail/facebook/anything that you've ever or will ever do on network.
Sadly it seems that you haven't read the thread.
It's only five or six posts long.
I shan't repeat myself.
Please spend 120 seconds to read the previous thread...
Sigh, I did read it. Exit nodes see the destination/content you are going to. So absolutely yes its a real possibitly they have your personal info.
They don't directly know who its going back to. But there are methods to monitor/log it. Its something that I imagine would be hard to do retroactively.
With enough compromised nodes if you happend to be 1st/last hop with one of them, then they likely would be able to ID the traffic. Again this is not retroactive.
However i'm just suggesting you stop doing this, clean your computer, and breath easy.
-
Would anyone receiving my post-exit-node traffic be able to see my computer's ID? If so, then this could be cross referenced with Facebook's records and my real world identity would be compromised. Does this sound plausible?
No. The only thing connecting your post-exit-node traffic to you is if you log on to Facebook with your real name / email address without using SSL.
I would be very grateful of a more detailed response.
The premise was that I had had already done these things pre-TOR. Every mobile phone has a network number, i.e. your phone number, and a device number, i.e. an IMEI number. Every time you make a call with a mobile phone, both your phone number and your IMEI number are transmitted. (That's how they block stolen handsets, even after the SIM card has been changed: the networks refuse the IMEI number.) The same is true of a computer. We have an IP address/range which is the analogue of a phone number, and a machine ID which is the analogue of an IMEI number.
Are you suggesting that the exit-node's machine ID will be assigned to any traffic?
Your IP address when browsing with Tor is that of the exit relay you are currently using (which changes every 10 minutes or so). Facebook will just see that you are in a new location (say, Germany, or the UK, or the US, or Poland).
-
But let's say, before I found TOR, I already used my computer overtly to register my real life identity on Facebook or Twitter.
Would anyone receiving my post-exit-node traffic be able to see my computer's ID? If so, then this could be cross referenced with Facebook's records and my real world identity would be compromised. Does this sound plausible?
Yes, because you already signed up to facebook using your real life identity and IP it's held forever by facebook and anybody wanting at your account can get a list of all previous connections. So you would have to make a new facebook account. If that's what you're asking. I don't trust SSL through Tor Exit nodes due to paranoia and instead torrify ssh into an anonymous VPS and use that to setup stuff like facebook, with socks5 proxies dumped into FoxyProxy for Firefox.
-
I don't trust SSL through Tor Exit nodes due to paranoia and instead torrify ssh into an anonymous VPS and use that to setup stuff like facebook, with socks5 proxies dumped into FoxyProxy for Firefox.
[/quote]
this sounds interesting
-
I don't trust SSL through Tor Exit nodes due to paranoia and instead torrify ssh into an anonymous VPS and use that to setup stuff like facebook, with socks5 proxies dumped into FoxyProxy for Firefox.
this sounds interesting
This really awesome talk given at Blackhat 2011 conference explains how terrible Cert authorities are at accidentally leaking signing certificates, and even tracked down the guy who invented SSL in the 90s who said it was only meant to be temporary: http://www.youtube.com/watch?v=Z7Wl2FW2TcA
After watching that you'll never trust SSL again :X
-
Would anyone receiving my post-exit-node traffic be able to see my computer's ID? If so, then this could be cross referenced with Facebook's records and my real world identity would be compromised. Does this sound plausible?
No. The only thing connecting your post-exit-node traffic to you is if you log on to Facebook with your real name / email address without using SSL.
I would be very grateful of a more detailed response.
The premise was that I had had already done these things pre-TOR. Every mobile phone has a network number, i.e. your phone number, and a device number, i.e. an IMEI number. Every time you make a call with a mobile phone, both your phone number and your IMEI number are transmitted. (That's how they block stolen handsets, even after the SIM card has been changed: the networks refuse the IMEI number.) The same is true of a computer. We have an IP address/range which is the analogue of a phone number, and a machine ID which is the analogue of an IMEI number.
Are you suggesting that the exit-node's machine ID will be assigned to any traffic?
Your IP address when browsing with Tor is that of the exit relay you are currently using (which changes every 10 minutes or so). Facebook will just see that you are in a new location (say, Germany, or the UK, or the US, or Poland).
I realise this. I'm asking about my computer's own ID number, and not its IP address.
-
"Would anyone receiving my post-exit-node traffic be able to see my computer's ID" I am assuming you are referring to your network card's MAC Address. This is a burned-in numeric value, but there's all sorts of operating systems and strategies to accomplish what's called "MAC spoofing." Liberte Linux, when used with a wireless network card, will "spoof," or create a MAC Address different from the one actually assigned to your network card. Plenty of other Linux distros can do the same thing with both ifconfig and macchanger.
-
Would anyone receiving my post-exit-node traffic be able to see my computer's ID? If so, then this could be cross referenced with Facebook's records and my real world identity would be compromised. Does this sound plausible?
No. The only thing connecting your post-exit-node traffic to you is if you log on to Facebook with your real name / email address without using SSL.
I would be very grateful of a more detailed response.
The premise was that I had had already done these things pre-TOR. Every mobile phone has a network number, i.e. your phone number, and a device number, i.e. an IMEI number. Every time you make a call with a mobile phone, both your phone number and your IMEI number are transmitted. (That's how they block stolen handsets, even after the SIM card has been changed: the networks refuse the IMEI number.) The same is true of a computer. We have an IP address/range which is the analogue of a phone number, and a machine ID which is the analogue of an IMEI number.
Are you suggesting that the exit-node's machine ID will be assigned to any traffic?
Your IP address when browsing with Tor is that of the exit relay you are currently using (which changes every 10 minutes or so). Facebook will just see that you are in a new location (say, Germany, or the UK, or the US, or Poland).
I realise this. I'm asking about my computer's own ID number, and not its IP address.
You can relax. I've never heard of the computer equivalent of an IMEI number ever used for anything but software piracy. Windows is very sophisticated in knowing when you've moved it to a new piece of hardware. To the best of my knowledge, these hardware level id's are never sent thru the web browser.
The easy way around this is to create a new encrypted user account on your machine. then login to that when using tor in a non-personally identifiable way (no logins to fb, etc). +1 security points if its a mac or ubuntu.
The peeps telling you to wipe your computer are computer geeks that actually get a thrill outa installing operating systems. they are not normal people like us.
But if you REALLY fear that some hardware number is listed next to your name in some database, you need to change the hardware. easiest way is wiht a virtual machine. (see installing operating systems for kicks), I recommend you encrypt the virtual image (look for it in the config options when creating) and i also reco that you install something easy and snappy for Virtual machines, like lubuntu. thats right its a lite version of ubuntu with an awesome software bundle.
As far as MAC address's are concerned, again, don't i don't think web browsers even touch them, but operating in a virtual machine will protect you there if you are not accessing hte hardware directly, eg, you are using shared networking (Network Address Translation)
you can spoof the mac address of your wireless card if you really need to. very easy to do in os x .... linux should be the same
-
If i were the government the first thing id want to do is disable tor. then i would seek to intercept those downloading pgp software, i would want to add something else that would allow me to no have to break encrpytion but just read it when you write it , pre encrpyption stage
-
If i were the government the first thing id want to do is disable tor. then i would seek to intercept those downloading pgp software, i would want to add something else that would allow me to no have to break encrpytion but just read it when you write it , pre encrpyption stage
Its too late. Cats out of the bag. DOJ has given up fighting encryption, at one point it was technically illegal to "export" such code. the beauty of encryption is that its just math. Very hard to break, and any breach would likely become known. Its all open sourced baby....
-
all open sourced - got it
-
If i were the government the first thing id want to do is disable tor. then i would seek to intercept those downloading pgp software, i would want to add something else that would allow me to no have to break encrpytion but just read it when you write it , pre encrpyption stage
The US government is not only currently the largest funder of Tor, but also are the people who originally invented the concept, and one of the implementers of the current version of the product was fresh out of the NSA when he implemented it. The US government likes Tor because it is used by dissidents in countries like China, Iran, Libya and many others to circumvent their government censorship of Western information sources and ideologies. They also probably use it to some extent for covert communications with assets in enemy territory and for hiding their own field agents communications back to them (this was what it was originally intended for when the United States military designed it). It is also an invaluable source of OSINT as they spy on exit traffic. They probably also use it to avoid attribution when engaging in cyber warfare and espionage, and of course to protect communication patterns between politically important people, definitely many embassy workers are required to use Tor to protect from spies (although this has backfired on them since they don't all understand that exit traffic isn't encrypted!). Also, many large corporations use Tor to protect from corporate espionage, law enforcement and military use Tor to gather information online without using IP addresses that can be tied back to government or military agencies, etc. Indeed Tor has many uses for them, enough that they spend millions of dollars a year in donations to the project. They however suffer from cognitive dissonance in that they see quite clearly that Tor protects dissidents in hostile governments, without recognizing that the people using SR and other hidden service sites, are equally dissidents protecting ourselves from a hostile government.
Also the vast majority of Tor traffic is lawful in the United States. It's primary use is apparently downloading legal pornography (there are at least two studies backing this), a big secondary use seems to be getting around firewalls (for example maybe your university blocks traffic on a certain port when you use their network, so you can't access IRC on standard ports, but they don't block Tor or if they do they don't block bridges).
-
You can relax. I've never heard of the computer equivalent of an IMEI number ever used for anything but software piracy. Windows is very sophisticated in knowing when you've moved it to a new piece of hardware. To the best of my knowledge, these hardware level id's are never sent thru the web browser.
The easy way around this is to create a new encrypted user account on your machine. then login to that when using tor in a non-personally identifiable way (no logins to fb, etc). +1 security points if its a mac or ubuntu.
The peeps telling you to wipe your computer are computer geeks that actually get a thrill outa installing operating systems. they are not normal people like us.
But if you REALLY fear that some hardware number is listed next to your name in some database, you need to change the hardware. easiest way is wiht a virtual machine. (see installing operating systems for kicks), I recommend you encrypt the virtual image (look for it in the config options when creating) and i also reco that you install something easy and snappy for Virtual machines, like lubuntu. thats right its a lite version of ubuntu with an awesome software bundle.
As far as MAC address's are concerned, again, don't i don't think web browsers even touch them, but operating in a virtual machine will protect you there if you are not accessing hte hardware directly, eg, you are using shared networking (Network Address Translation)
you can spoof the mac address of your wireless card if you really need to. very easy to do in os x .... linux should be the same
Thank you very much. I appreciate your reply. I think the best bet is to get a bootable, encrypted USB that carries a lightweight Linux based OS. I wouldn't like to install a VS on my laptop. I
-
http://sourceforge.net/projects/advtor/?source=directory
This program will help you =)
No it won't. Advtor is not an official Tor project. I wouldn't trust it.
-
I was wondering about that link... I was wondering that would it not be easy for certain "helpers"??? around here to drop some "Helpful"??? link(s) with which to compromise integrity or is that link just not official?
So is it correct in understanding that Tor specifically hasn't been cracked or identity breached strictly through tor? I think it's important to expect ellees lurking these waters and offering any sort of "helpful" hints/links/dl's.
Anyone?
-
I was wondering about that link... I was wondering that would it not be easy for certain "helpers"??? around here to drop some "Helpful"??? link(s) with which to compromise integrity or is that link just not official?
So is it correct in understanding that Tor specifically hasn't been cracked or identity breached strictly through tor? I think it's important to expect ellees lurking these waters and offering any sort of "helpful" hints/links/dl's.
Anyone?
The security level of TOR is something that is debated. I guess the best way to answer this is to explain how TOR works (or at least how i understand it to work).
The browser sends all requests to a socks server running on your machine (vidalia, part of the bundle). Vidalia takes your request, some how encrypts it, and sends it through several other tor users clients (known as a hop). Other users are relaying your packets. they are encrypted between you and the exit node. the so called exit node is able to decrypt and see your traffice when you are browsing hte web. Again the exit node reaches out and accesses the site. this is how annonymity is achieved bc the final destination only sees the exit node. it is as if the exit node itself is browsing on your behalf, encrypting the results and sending it over various hops. Even the exit node itself does not know your ip.
Now this mean you have to be careful what kind of info you send thru tor and out to the net. There are people running exit nodes specifically to try to mine info. they look for people trying to access email thru a pop account without encryption. guess what they can scrap your password in the clear, and copy all your email. The exit node is literally a man in the middle of all your communications through tor, that actually exit and got to places on the net. in other words the exit node is responsible for actually reaching out over the net and connecting your packets to where they want to go.
If you use https (SSL) you can conceal your traffic from the exit node, because it adds another layer of encryption. that is ssl encryption between you and the ultimate destination, as well as tor encryption within the net. The exit node *could* screw wiht the SSL handshake by sending you to a bogus site that looks like the one you are trying to reach, and feeding you a bs certificate. That is a very sophisticated attack. the tor bundle has https everywhere extension built in. Its a plugin that tries to force all your connection to use https, but it doesn't do so for all sites b/c it may not be available. Further, you can add the 'check observatory' option which will send a copy of every ssl cert you get to the observatory and check it against a database of other users who hit that site to see if its the same. Another layer of protection from this attack.
now as far as using silk road, and the forums. your tor traffic never leaves the network. I don't know hwat encryption method tor uses, but i think its better than SSL (i could be wrong on that). the algorithms it uses are all publicly known (probably sha or ecds or some combination of really good algos). So intercepting traffic that stays within the tor network (hidden services that have .onion at the end) is really hard because it bouces to across different routes and its very well encrypted. Even IF some how the routing of tor was messed with to divert you to a bogus server it wouldn't work. the tor address is essentially used as a public key, and the private key that decrypts it can not be feasibly generated from the public address. Therefore the olny reasonable way some one takes over a hidden service site and lets say runs it as a honey pot to nail more people would be to get access to the private keys stored on the actual server that silk road is running on.
you see the challenge for LE don't you. First you have to find the SR server, then hope you can seize it w/o the keys being destroyed. The SR guys are very technically adept and i wouldn't be surprised if somehow the keys are loaded into memory from offsite some how and blow up at the first sign of trouble. A server siezure may not reveal much to LE. they might be able to just load a back up somewhere else and force LE to go through the trouble of finding it again.
now how would they find it. i think it would involve setting up many government run nodes and trying to analyze the traffic patterns. It would require a packet analysis matched up between node's records. it would be a lot of data to chomp. it would be very sophisticated, and then they might be able to figure out the ip of the SR server. this technique probably could also identify the ip of users connecting to SR, but not what they are doing on SR. maybe just browsing, or buying/selling legal items.
Even if they seized the SR server, my understanding is that the messages containing buyers addresses are encrypted on their end and your password is needed to decrypt the messages. listings are probably stored in the clear, but a lot of critical information needed to make a case against users might be very hard to come by even if they seized the server somehow.
Now if they break tor somehow to get to SR, wow, i don't they would use that power against TOR. We know that both US and foreign goven't use Tor for many things. if some one figures out how to break tor they are not going to want it to be known or else they'll patch it. They would use this ability to go after high priority shit like terrorism...or snoop on international communications going on between intelligence assets.
Hope that overview helps. Plz post more if any of you can, i hope i got it all right.
-
I was wondering about that link... I was wondering that would it not be easy for certain "helpers"??? around here to drop some "Helpful"??? link(s) with which to compromise integrity or is that link just not official?
So is it correct in understanding that Tor specifically hasn't been cracked or identity breached strictly through tor? I think it's important to expect ellees lurking these waters and offering any sort of "helpful" hints/links/dl's.
Anyone?
The security level of TOR is something that is debated. I guess the best way to answer this is to explain how TOR works (or at least how i understand it to work).
The browser sends all requests to a socks server running on your machine (vidalia, part of the bundle). Vidalia takes your request, some how encrypts it, and sends it through several other tor users clients (known as a hop). Other users are relaying your packets. they are encrypted between you and the exit node. the so called exit node is able to decrypt and see your traffice when you are browsing hte web. There are people running exit nodes specifically to try to mine info. they are litterally a man in the middle of all your communications through tor, that actually exit and got to places on the net. in other words the exit node is responsible for actually reaching out over the net and connecting your packets to where they want to go.
The browser sends all requests to Tor. Tor takes the request, wraps it in three layers of encryption, and passes it on to the first hop (out of three) in your circuit. Tor will encrypt your traffic between you and all three hops, but it cannot encrypt your traffic between the exit relay and the destination server (that's where use of SSL comes in). Exit relays can sniff unencrypted traffic, but ONLY for normal web traffic and NOT for traffic going to a hidden service.
If you use https (SSL) you can conceal your traffic from the exit node, because it adds another layer of encryption. that is ssl encryption between you and the ultimate destination, as well as tor encryption within the net. The exit node *could* screw wiht the SSL handshake by sending you to a bogus site that looks like the one you are trying to reach, and feeding you a bs certificate. That is a very sophisticated attack. the tor bundle has https everywhere extension built in. Its a plugin that tries to force all your connection to use https, but it doesn't do so for all sites b/c it may not be available. Further, you can add the 'check observatory' option which will send a copy of every ssl cert you get to the observatory and check it against a database of other users who hit that site to see if its the same. Another layer of protection from this attack.
now as far as using silk road, and the forums. your tor traffic never leaves the network. I don't know hwat encryption method tor uses, but i think its better than SSL (i could be wrong on that). the algorithms it uses are all publicly known (probably sha or ecds or some combination of really good algos). So intercepting traffic that stays within the tor network (hidden services that have .onion at the end) is really hard because it bouces to across different routes and its very well encrypted. Even IF some how the routing of tor was messed with to divert you to a bogus server it wouldn't work. the tor address is essentially used as a public key, and the private key that decrypts it can not be feasibly generated from the public address. Therefore the olny reasonable way some one takes over a hidden service site and lets say runs it as a honey pot to nail more people would be to get access to the private keys stored on the actual server that silk road is running on.
SHA is not an encryption algorithm, but you are correct in saying that the encryption used for each layer is stronger than what SSL is using. I recommend reading the Tor spec if you'd like to learn more about the ciphers used.
you see the challenge for LE don't you. First you have to find the SR server, then hope you can seize it w/o the keys being destroyed. The SR guys are very technically adept and i wouldn't be surprised if somehow the keys are loaded into memory from offsite some how and blow up at the first sign of trouble. A server siezure may not reveal much to LE. they might be able to just load a back up somewhere else and force LE to go through the trouble of finding it again.
now how would they find it. i think it would involve setting up many government run nodes and trying to analyze the traffic patterns. It would require a packet analysis matched up between node's records. it would be a lot of data to chomp. it would be very sophisticated, and then they might be able to figure out the ip of the SR server. this technique probably could also identify the ip of users connecting to SR, but not what they are doing on SR. maybe just browsing, or buying/selling legal items.
Even if they did have access to the server hosting Silk Road, they would not be able to get the IP addresses of users visiting the page. I highly doubt LE will focus on breaking Tor when they are working on taking down a hidden service, as there are far easier ways (such as social engineering).
Even if they seized the SR server, my understanding is that the messages containing buyers addresses are encrypted on their end and your password is needed to decrypt the messages. listings are probably stored in the clear, but a lot of critical information needed to make a case against users might be very hard to come by even if they seized the server somehow.
I have no idea where you got this from, but I doubt it's true. And if it is, I'd encourage the Silk Road admins to reconsider the way they encrypt messages on disk.
Now if they break tor somehow to get to SR, wow, i don't they would use that power against TOR. We know that both US and foreign goven't use Tor for many things. if some one figures out how to break tor they are not going to want it to be known or else they'll patch it. They would use this ability to go after high priority shit like terrorism...or snoop on international communications going on between intelligence assets.
They are not going to break Tor, they are not even going to try to break Tor. It will take too much time and resources and money.