Silk Road forums

Discussion => Newbie discussion => Topic started by: greasyspoons22 on March 26, 2013, 10:51 am

Title: Security question
Post by: greasyspoons22 on March 26, 2013, 10:51 am
Hi guys!

I was hoping you could give me abit of advice.  I've sort of stumbled upon Tor and the Deep.net as it were.
I've been doing reading ... below is how I've got my setup.  I was wondering if anyone could comment on how secure, anonymous etc etc it is.

I'm a total noob.  I had a go reading the security forum.  But being a noob some of the terminology confused me even more.

Here's my setup.

JanusVM running on a Windows box.  Tor/Vidalia browser also running on the same box.  If I google whatsmyip .. it comes up with a totally bogus IP and not my own.  But I was wondering what your take on it was ?

How safe/anonymous am I ?

I've got my boins ready for spending.
Thanks for your thoughts guys!
Title: Re: Security question
Post by: Blue Dragon on March 26, 2013, 04:10 pm
GREETINGS!
I am by no means an expert but have also had the same questions as yourself. I have also educated myself with the forums, and they are very helpful! I have learned that you will always be timid and cautious about your anonymity, however, if you aren't, that's when you should worry:)
Do not browse clear net and tor at same time.
 Do not check mailing servers using tor.
 Always treat all communication as if it could incriminate you, and USE PGP when dealing with vendors.
 Never give away identity hints or location when communicating on forums or general discusssion.
These are a few standard things that are a must.
Your set up sounds secure, but there is always something better. There are some very intelligent and helpful SR and Hero member here, maybe they can offer more on the issue, We can all learn to be safer!
BlueDragon 8)
Title: Re: Security question
Post by: newbottles on March 26, 2013, 05:28 pm
The above response is very good.

One thing I disagree with is that there is a risk to having a clearnet browser open at the same time as Tor browser.  I am pretty sure there is no risk here.  If someone disagrees, please explain.

On a related note: it is extremely important that you don't load the same site in Tor as you do in clearnet!  Of course any dummy isn't logging into Gmail on Tor with SR in another tab, but also don't open for example the same bitinstant.org unique URL in Tor if you already did in clearnet. 

The IP anonymity part is pretty straightforward.  Make sure you do your homework on safe BTC practices as well.

Never send your address without PGP! 

Enjoy the road.
Title: Re: Security question
Post by: greasyspoons22 on March 27, 2013, 12:38 am
Hi fellas.

Thanks for the replies.  Your pointers really help!



Title: Re: Security question
Post by: fugitive189 on March 27, 2013, 12:44 am
The above response is very good.

One thing I disagree with is that there is a risk to having a clearnet browser open at the same time as Tor browser.  I am pretty sure there is no risk here.  If someone disagrees, please explain.

On a related note: it is extremely important that you don't load the same site in Tor as you do in clearnet!  Of course any dummy isn't logging into Gmail on Tor with SR in another tab, but also don't open for example the same bitinstant.org unique URL in Tor if you already did in clearnet. 

The IP anonymity part is pretty straightforward.  Make sure you do your homework on safe BTC practices as well.

Never send your address without PGP! 

Enjoy the road.

There isn't a clear risk that I can see. Even if you're logged in to your Facebook/Twitter account at the same time as an order is processed on SR, this is hardly going to prove anything in a court of law. Nevertheless it's good practice to have a separate OS for more nefarious activities such as using SR. TAILS is an excellent one for beginners as it can boot from a USB stick and will automatically wipe the RAM of your computer when ejected. See tails.boum.org for more info.

Hope this helps,

V.
Title: Re: Security question
Post by: greasyspoons22 on March 27, 2013, 01:08 am
Awesome guys!

That's great.  I was thinking of  a dedicated Windows box running Janus and Tor browser which I remote desktop/control into from another machine.  Anyone run this method ?

I lke the idea of the bootable USB ..especially when there is no power and the contents goes!
Title: Re: Security question
Post by: fugitive189 on March 27, 2013, 01:12 am
Forgive my addled brain but would using a separate machine in itself make your goings on more anonymous? If you want to use a separate machine, suggest you encrypt it to the hilt but use it directly rather than use remote desktop. Perhaps there is something I'm missing though?

V.

Awesome guys!

That's great.  I was thinking of  a dedicated Windows box running Janus and Tor browser which I remote desktop/control into from another machine.  Anyone run this method ?

I lke the idea of the bootable USB ..especially when there is no power and the contents goes!
Title: Re: Security question
Post by: greasyspoons22 on March 27, 2013, 01:26 am
Thanks fugiitive.

The Windows box that is running tor browser & janus ... It would be v.handy to remote desktop into from other devices.
Is this got risks ?  Thanks!

Google sometimes refuses to answer queries - saying my network is giving automatic responses.  I get round that my going to another site directly, following a link - then directly back to Google.  Bang it works.

When googling for my IP address. The IP reported is completely bogus - I know that for a fact.  Infact, tracker sites that plot your location .. plotted mine in the middle of the south atlantic.

Title: Re: Security question
Post by: fugitive189 on March 27, 2013, 02:27 am
Yes if you're using the Tor browser then your IP will be masked as your connection is channeled through a series of computers. The Tor project website gives an in depth explanation of how this works if you're interested!

You could certainly access a computer remotely via a VPN which in turn could be used to run Tor but this wouldn't be any more secure if the machine could still be traced back to you. I imagine you have something in mind like you want to be able to connect to your home computer from work in order to browse the Silk Road in your lunch break for instance?

If you really want to access the deep web on the go, I would personally recommend getting yourself a cellphone which runs a recent version of Android, encrypting the device with a strong password then installing OrBot and OrWeb which will allow you to access .onion sites like the Silk Road and Tormail from your phone over 3G. The connection itself may be no more secure but it would save you having to leave an unattended computer running Tor back home. Just my thoughts on the matter of course, I don't pretend to be an expert!

Rather than use Google, suggest you use DuckDuckGo if that's still around.

V.

Thanks fugiitive.

The Windows box that is running tor browser & janus ... It would be v.handy to remote desktop into from other devices.
Is this got risks ?  Thanks!

Google sometimes refuses to answer queries - saying my network is giving automatic responses.  I get round that my going to another site directly, following a link - then directly back to Google.  Bang it works.

When googling for my IP address. The IP reported is completely bogus - I know that for a fact.  Infact, tracker sites that plot your location .. plotted mine in the middle of the south atlantic.
Title: Re: Security question
Post by: greasyspoons22 on March 27, 2013, 02:42 am
Wow!  THanks for your reply dude!  Great.

Neat idea surfing SR at lunch .. but I wouldn't risk it   :)  This is simply a home set up question.  Just want to remote desktop over a LAN.  But I was just wondering if remote desktop could potentially poses any security breach ?

The machine I've secured is a Windows box .. running the Janus VM.  An Connected to the Tor network.  I can remote desktop into that machine from other machines on my LAN .. guess was being paranoid if Remote desktoping was ok ?

Thanks!
GS