Silk Road forums

Discussion => Silk Road discussion => Topic started by: LSD on November 20, 2012, 11:06 pm

Title: People using alternate ways to access SR
Post by: LSD on November 20, 2012, 11:06 pm
Not to be the guy who tells how the trick works and then it stops working, but......

I am wondering why exactly Onion.to will get you logged into SR when you were just unable to do it without! Several people have said this works. Tried. Tested, and True. So now you may have access to SR but at what cost? How strong is the login code for SR? MD5 maybe? Could somebody at Onion.to get hold of your Password and/or PIN? What about messages being sent and unknown Monitoring of traffic through onion.to.

Folks, I love you all too much, this might not be OK.
I think this might deserve some speculation

---- could it be possible that forwarding services like this are TAXING the resources of the site's server? Can those things be banned?
Title: Re: People using alternate ways to access SR
Post by: fyg on November 20, 2012, 11:20 pm
do not use the .to extension to access silkroad. you are using a clearnet web site to access a tor website which completely defeats the purpose of using tor in the first place.
Title: Re: People using alternate ways to access SR
Post by: kyato on November 20, 2012, 11:59 pm
services like that allow clearnet IDIOTS and journalist to have some kind of knowledge of the sites existence. They allow clearnet bots to scan the darknet and it is not a good thing for anybody.
Title: Re: People using alternate ways to access SR
Post by: Funbagz on November 21, 2012, 12:31 am
I do not think it is a very good idea doing that.

send your password an Pin to me and ill log in for you if you're desparate.... could be the same thing you're doing at onion.to
Title: Re: People using alternate ways to access SR
Post by: iaskquestion on November 21, 2012, 12:53 am
i'm an example of someone that can only log in through onion.to most of the time.

As long as you access onion.to with TOR browser I think you're relatively safe (i'm no expert)

although this post concerns me: 65bgvta7yos3sce5.onion/viewtopic.php?f=4&t=689   
Title: Re: People using alternate ways to access SR
Post by: Funbagz on November 21, 2012, 03:35 am
i'm an example of someone that can only log in through onion.to most of the time.

As long as you access onion.to with TOR browser I think you're relatively safe (i'm no expert)

although this post concerns me: 65bgvta7yos3sce5.onion/viewtopic.php?f=4&t=689

I Think LSD was pointing out the fact that you are sending YOUR password (of unknown encryption level) actually through Onion.to
so no you're not secure.
unless unless Silk Road's login page is very securely encrypted... but even using MD5 cryptology, the server must send the user a KEY to be used to encrypt (exactly like PGP to your customers) so that key could be compromised by Onion.to meaning your password is revealed.
Title: Re: People using alternate ways to access SR
Post by: Christy Nugs on November 21, 2012, 04:05 am
i'm an example of someone that can only log in through onion.to most of the time.

As long as you access onion.to with TOR browser I think you're relatively safe (i'm no expert)

although this post concerns me: 65bgvta7yos3sce5.onion/viewtopic.php?f=4&t=689

save tor bookmarks - erase tor - using firefox download new tor - extract to wherever - update bookmarks - logon  :P
Title: Re: People using alternate ways to access SR
Post by: jakers on November 21, 2012, 06:43 pm
Yes I concur, it is horrible, this idea..

However it does bring up an interesting question -- why is onion.to able to get such a good connection to SR (and presumably other dark sites) when it is almost always slower outside of it?  Well, not always.. but usually.  It does seem that connectivity is improving.  I suppose that somehow they're able to find routes that are fast using some criteria for allowing or abandoning connections that are too slow.  Then this route stays up permanently, or as long as the chain doesn't break and they have to find a new route.  It would seem to make it easier for someone else to snoop, if they aren't a honeypot already (I have not done any research into onion.to or its origin, so that's pure speculation)

I'd advise if anyone has used it, go ahead and change your password on SR immediately.
Title: Re: People using alternate ways to access SR
Post by: dirtybiscuitzz718 on November 21, 2012, 07:22 pm
IDK about this Onion.to business. I havnt been able to get to the log in page for over an hour now, but I refuse to take the chance of compromising my account info due to lack of patients=0)
Title: Re: People using alternate ways to access SR
Post by: darthdelights on November 21, 2012, 07:36 pm
Yes I concur, it is horrible, this idea..

However it does bring up an interesting question -- why is onion.to able to get such a good connection to SR (and presumably other dark sites) when it is almost always slower outside of it?  Well, not always.. but usually.  It does seem that connectivity is improving.  I suppose that somehow they're able to find routes that are fast using some criteria for allowing or abandoning connections that are too slow.  Then this route stays up permanently, or as long as the chain doesn't break and they have to find a new route.  It would seem to make it easier for someone else to snoop, if they aren't a honeypot already (I have not done any research into onion.to or its origin, so that's pure speculation)

I'd advise if anyone has used it, go ahead and change your password on SR immediately.


I would guess it's faster because it's hosted in a datacenter with multiple backbone connections, and possibly more than one instance of tor running. compared to personal computers hooked to last mile/km connections.
Title: Re: People using alternate ways to access SR
Post by: jakers on November 21, 2012, 08:41 pm
it would still have to go through 6 or however many (preferably random) relays though, right?  Maybe the multiple tor instance point has merit though..

In any case, avoid onion.to.  They put it accurately enough in their disclaimer: 

"By using this service instead of connecting directly to the Tor network you are trading off security and anonymity for convenience. Know that we can identify the IP of visitors using this service (but chooses not to). We strongly recommended to access Tor Hidden Services directly using the Tor Browser Bundle to increase your security and anonymity. "
Title: Re: People using alternate ways to access SR
Post by: asdfsquared on November 21, 2012, 08:58 pm
I'll use onion.to THROUGH TOR to access silk road every now and then when I can't seem to access it any other way.

As long as you use it through tor, they can't tell who you are. It is possible that someone over at onion.to could get your password and poke around your account, but there isn't much you can do to someone's account without a PIN. I would strongly advice you NOT to enter your pin using onion.to.
Title: Re: People using alternate ways to access SR
Post by: rebufo on November 21, 2012, 09:11 pm
The risk is too high.
Title: Re: People using alternate ways to access SR
Post by: fyg on November 26, 2012, 05:00 pm
ok, so i will say it again. do NOT use onion.to EVER! not thru tor, not thru clearnet, not ever. if you are doing this, you probably dont understand what you are doing, otherwise, you wouldnt be doing it.

some of you are using tor to access a clearnet site to access tor. i dont even want to go into how much this doesnt make any sense to do.
Title: Re: People using alternate ways to access SR
Post by: KidCharlemagne on November 26, 2012, 07:43 pm
If you are going to use it, at least put an "https://" at the front of the URL..
Title: Re: People using alternate ways to access SR
Post by: 800hobo90 on November 26, 2012, 10:28 pm
If you are going to use it, at least put an "https://" at the front of the URL..
Ha...

For you newbies: He's kidding.
Title: Re: People using alternate ways to access SR
Post by: KidCharlemagne on November 26, 2012, 11:30 pm
;)
Title: Re: People using alternate ways to access SR
Post by: sunny1 on November 27, 2012, 12:25 am
If you access sr through onion.to and get in via a cookie, it might not be compromising anything but if you log in then definitely they have your login name and password. No doubt about it. I think they bring you right to the login screen and that is where you should bail out.

Be sure to change your password if you ever logged in via onion.to. If you used your pin while on one of the sessions, change your pin.