Silk Road forums
Discussion => Security => Topic started by: bluedev1 on August 02, 2013, 08:03 am
-
Forgive my computer illiteracy.
If I use Tor, putting the tracking # into the usps.com box creates a new URL with the tracking # clearly in it. That means tor nodes could see it right? Even if it's over HTTPS, the url string itself is not hidden right?
Add to the the fact the the tracking doesn't work on TorBrowser unless scripts are enabled for usps.com. I'm not going to enable scripts that might compromise my security.
I tried going to the mobile version of the site instead to see if they used a different implementation, but scripts are needed there too.
So how do you track a package anonymously? Do you think they have set it up this way on purpose, to aid in investigation if need be?
-
You need to get a burner phone just to check tracking.
I have never done it before but people on here will know more.
There is a number to call and you enter in the tracking number and it gives you the update.
You may be able to use a pay phone also, just make sure they can't see your face so you still can deny that you ever ordered it as they will trace back to where the tracking was checked and look at video of you calling USPS.
-
damn, really? I thought there would be a way to run TorBrowser in a sandbox or something that no matter what script ran it wouldn't compromise security... oy. How the hell do vendors check tracking?
-
damn, really? I thought there would be a way to run TorBrowser in a sandbox or something that no matter what script ran it wouldn't compromise security... oy. How the hell do vendors check tracking?
If you check the tracking using TOR it will alert USPS that someone checked the tracking using a TOR anonymous IP. Meaning that they would flag that package suspicious.
I am sure you could check it also spoofing your mac address on something like Tails and using just a regular web browser at somewhere with free internet. Or using a public internet cafe to check it...
It is never a good idea to check the tracking using TOR because that will flag the package as suspicious.
Again I have never done this so I am sure someone who has can share more.
-
I seriously doubt what you're saying. Do you have ANY substantial evidence to back that claim up?
BTW -- problem solved. Mobile site does in fact work for tracking, doesn't put the tracking # in the URL, and doesn't require scripts enabled -- I just needed to click Search twice and be a little more patient.
-
It has been noted before that the USPS site flags tracking queries via tor. I've never heard that it is not their procedure to do so. I do not know the real facts of the matter but I can say that evidence suggests that your caution could be well warranted.
.02
-
Seriously? Tracking a package using tor could mark it as suspicious? Thats crazy! Not that I don't believe you, but it seems insane.
What if, say, you've ordered something off ebay and happen to be browsing through tor, so out of laziness you tracked the package through your open browser window rather than starting regular firefox or whatever. Do you have reason to expect a knock at the door?
-
These are what you'd call proxy tracking services. It's better to do it through tor. But the best is not to track at all, except if the package is exceedingly late or never shows up at all. They all require javascript, I think.
http://packagemapping.com/
http://www.packagetrackr.com
http://www.track-trace.com
goblin
-
What if, say, you've ordered something off ebay and happen to be browsing through tor, so out of laziness you tracked the package through your open browser window rather than starting regular firefox or whatever. Do you have reason to expect a knock at the door?
Interesting points...
Cheers for the confusion of our enemies! ;)
-
Agreed. Better to not track at all. And that is why vendors should not send tracking #s unless there is a dispute that needs to be resolved.
I guess there might be other situations where you need to track a package but otherwise, don't let that 'Is it Christmas yet?' feeling tempt you into compromising your safety.