Silk Road forums
Discussion => Silk Road discussion => Topic started by: LSD on November 20, 2012, 11:06 pm
-
Not to be the guy who tells how the trick works and then it stops working, but......
I am wondering why exactly Onion.to will get you logged into SR when you were just unable to do it without! Several people have said this works. Tried. Tested, and True. So now you may have access to SR but at what cost? How strong is the login code for SR? MD5 maybe? Could somebody at Onion.to get hold of your Password and/or PIN? What about messages being sent and unknown Monitoring of traffic through onion.to.
Folks, I love you all too much, this might not be OK.
I think this might deserve some speculation
---- could it be possible that forwarding services like this are TAXING the resources of the site's server? Can those things be banned?
-
do not use the .to extension to access silkroad. you are using a clearnet web site to access a tor website which completely defeats the purpose of using tor in the first place.
-
services like that allow clearnet IDIOTS and journalist to have some kind of knowledge of the sites existence. They allow clearnet bots to scan the darknet and it is not a good thing for anybody.
-
I do not think it is a very good idea doing that.
send your password an Pin to me and ill log in for you if you're desparate.... could be the same thing you're doing at onion.to
-
i'm an example of someone that can only log in through onion.to most of the time.
As long as you access onion.to with TOR browser I think you're relatively safe (i'm no expert)
although this post concerns me: 65bgvta7yos3sce5.onion/viewtopic.php?f=4&t=689
-
i'm an example of someone that can only log in through onion.to most of the time.
As long as you access onion.to with TOR browser I think you're relatively safe (i'm no expert)
although this post concerns me: 65bgvta7yos3sce5.onion/viewtopic.php?f=4&t=689
I Think LSD was pointing out the fact that you are sending YOUR password (of unknown encryption level) actually through Onion.to
so no you're not secure.
unless unless Silk Road's login page is very securely encrypted... but even using MD5 cryptology, the server must send the user a KEY to be used to encrypt (exactly like PGP to your customers) so that key could be compromised by Onion.to meaning your password is revealed.
-
i'm an example of someone that can only log in through onion.to most of the time.
As long as you access onion.to with TOR browser I think you're relatively safe (i'm no expert)
although this post concerns me: 65bgvta7yos3sce5.onion/viewtopic.php?f=4&t=689
save tor bookmarks - erase tor - using firefox download new tor - extract to wherever - update bookmarks - logon :P
-
Yes I concur, it is horrible, this idea..
However it does bring up an interesting question -- why is onion.to able to get such a good connection to SR (and presumably other dark sites) when it is almost always slower outside of it? Well, not always.. but usually. It does seem that connectivity is improving. I suppose that somehow they're able to find routes that are fast using some criteria for allowing or abandoning connections that are too slow. Then this route stays up permanently, or as long as the chain doesn't break and they have to find a new route. It would seem to make it easier for someone else to snoop, if they aren't a honeypot already (I have not done any research into onion.to or its origin, so that's pure speculation)
I'd advise if anyone has used it, go ahead and change your password on SR immediately.
-
IDK about this Onion.to business. I havnt been able to get to the log in page for over an hour now, but I refuse to take the chance of compromising my account info due to lack of patients=0)
-
Yes I concur, it is horrible, this idea..
However it does bring up an interesting question -- why is onion.to able to get such a good connection to SR (and presumably other dark sites) when it is almost always slower outside of it? Well, not always.. but usually. It does seem that connectivity is improving. I suppose that somehow they're able to find routes that are fast using some criteria for allowing or abandoning connections that are too slow. Then this route stays up permanently, or as long as the chain doesn't break and they have to find a new route. It would seem to make it easier for someone else to snoop, if they aren't a honeypot already (I have not done any research into onion.to or its origin, so that's pure speculation)
I'd advise if anyone has used it, go ahead and change your password on SR immediately.
I would guess it's faster because it's hosted in a datacenter with multiple backbone connections, and possibly more than one instance of tor running. compared to personal computers hooked to last mile/km connections.
-
it would still have to go through 6 or however many (preferably random) relays though, right? Maybe the multiple tor instance point has merit though..
In any case, avoid onion.to. They put it accurately enough in their disclaimer:
"By using this service instead of connecting directly to the Tor network you are trading off security and anonymity for convenience. Know that we can identify the IP of visitors using this service (but chooses not to). We strongly recommended to access Tor Hidden Services directly using the Tor Browser Bundle to increase your security and anonymity. "
-
I'll use onion.to THROUGH TOR to access silk road every now and then when I can't seem to access it any other way.
As long as you use it through tor, they can't tell who you are. It is possible that someone over at onion.to could get your password and poke around your account, but there isn't much you can do to someone's account without a PIN. I would strongly advice you NOT to enter your pin using onion.to.
-
The risk is too high.
-
ok, so i will say it again. do NOT use onion.to EVER! not thru tor, not thru clearnet, not ever. if you are doing this, you probably dont understand what you are doing, otherwise, you wouldnt be doing it.
some of you are using tor to access a clearnet site to access tor. i dont even want to go into how much this doesnt make any sense to do.
-
If you are going to use it, at least put an "https://" at the front of the URL..
-
If you are going to use it, at least put an "https://" at the front of the URL..
Ha...
For you newbies: He's kidding.
-
;)
-
If you access sr through onion.to and get in via a cookie, it might not be compromising anything but if you log in then definitely they have your login name and password. No doubt about it. I think they bring you right to the login screen and that is where you should bail out.
Be sure to change your password if you ever logged in via onion.to. If you used your pin while on one of the sessions, change your pin.