Silk Road forums
Discussion => Security => Topic started by: Colonel Sanders on June 28, 2011, 05:50 am
-
In the unlikely event that Silk Road gets seized and kept online as a honeypot... And the feds embed some script or executable that sends our IPs back to them...
Should we all be using a script blocker like NoScript for Firefox or something just in case?
Gonna let those of you who know more about this shit than me advise.
-
>And the feds embed some script or executable that sends our IPs back to them...
Lol. You don't seem to understand how Tor works. But yes, you should use noscript to prevent against certain types of attacks that could compromise your computer.
-
In the unlikely event that Silk Road gets seized and kept online as a honeypot... And the feds embed some script or executable that sends our IPs back to them...
Should we all be using a script blocker like NoScript for Firefox or something just in case?
Gonna let those of you who know more about this shit than me advise.
I use 'tails' that usb/linux tor imbeeded distro, and it does all that automatically anywayverybody's different on here. I think for a buyer, our main concern is when we send out address, but some sellers don't use gpg, and that's scary for us...but when sending that out, I'd make sure everything is in place, and also maybe use a library or coffeehouse, tho I really doubt that much work goes into tracking down buyers....our biggest concern should be point of pickup...make sure to be protected and have good story ahead of time...
some sellers I really like still don't have public key posted for gpg, and that sucks...I think we are all sort of feeling our way, my concern is that we focus most on what we know, or like messing with, when maybe we should focus more on other areas. I really don't think there is some highpower operation in place to sort my addy out from all the rest...I figure more it'll come from crappy packaging, and some panicky youngster spilling too much beans...who knows, we'll have to see what happens...
YOu might want to read the *old* forums, that you can get to from the SR site itself...I've been browsing them, and they had some good info on privacy concerns...
-
> Should we all be using a script blocker like NoScript for Firefox or something just in case?
Yes. It's safest to leave javascript DISabled -- in .onion-space or clearnet -- whenever possible. Flash, too.
ip-check.info will show you what's enabled/disabled in your browser.
-
>Lol. You don't seem to understand how Tor works. But yes, you should use noscript to prevent against certain types of attacks that could compromise your computer.
Well, I appreciate the hell out of the condescension, g4bb3r, but maybe you could explain why I'm wrong then or where I'm misunderstanding Tor?
Because from what I understand, even on an .onion site, there are certain executable exploits (like Flash or even Javascript) that can be embedded in a webpage and harvest your real IP address and pass it along to somewhere else.
If I'm mistaken about that and it's completely impossible for the Feds to do such a thing if they were to gain control of Silk Road, please feel free to explain how and why instead of being unhelpful.
-
Yes, I recommend the NoScript firefox plugin.
I'm using the bundled Torbrowser, which has all the plugins pre-installed and settings configured for the best possible anonymity. It's great, and easy to use! Now I use it for all of my secure browsing, which also keeps everything separate between my clean browser and my, ahem, not so clean browser.
To test and see if there's any info your browser might be leaking, try this tool by the EFF that highlights browser fingerprinting:
https://panopticlick.eff.org/
-
> ...try this tool by the EFF that highlights browser fingerprinting: https://panopticlick.eff.org/
That's another good site to know and use. Brought my fingerprint down from 1-in-100,000 to 1-in-50. (Got some more work to do, too.)
-
>That's another good site to know and use. Brought my fingerprint down from 1-in-100,000 to 1-in-50. (Got some more work to do, too.)
In this case, bigger is better. 1-in-50 is way easier to track than 1-in-100,000. You want to be as unrare and common is possible.
-
> In this case, bigger is better. 1-in-50 is way easier to track than 1-in-100,000.
Now, think about that for a second.
I'm looking for a particular person. All I know of the person is that they own a red Toyota. Is it easier to find *that particular person* if one out of *ten* people in the world owns a red Toyota or if one in *one million* does?
> You want to be as unrare and common is possible.
Correct. 1-in-50 is more common than 1-in-100,000.
-
> In this case, bigger is better. 1-in-50 is way easier to track than 1-in-100,000.
Now, think about that for a second.
I'm looking for a particular person. All I know of the person is that they own a red Toyota. Is it easier to find *that particular person* if one out of *ten* people in the world owns a red Toyota or if one in *one million* does?
> You want to be as unrare and common is possible.
Correct. 1-in-50 is more common than 1-in-100,000.
It actually took me a second to figure out what you were saying. I got what you're saying now.
-
@CrunchyFrog: You're correct, I don't know why I thought about it incorrectly before. My apologies, carry on everyone.
-
No problem, g4bb3r. It *is* a sort of counterintuitive concept.
(Confession: I was actually ok with 1-in-100,000 until I remembered there's only an estimated 300,000 or so Tor users worldwide. <gulp!>)