Silk Road forums

Discussion => Security => Topic started by: zenvoboy on November 23, 2012, 06:54 pm

Title: List of websites NOT to access via Tor
Post by: zenvoboy on November 23, 2012, 06:54 pm
I figured it could be useful to compile a list of websites that we SHOULD NOT be accessing via Tor, where red flags might be raised by doing so. Please comment and add more to the list. I'll try to keep this first post updated as much as I can.

List of websites NOT to access via Tor:
MtGox
Facebook
YouTube
bzwbk.pl (for people with IBAN/BIC reloadable VISA electron debit cards)
Websites requiring Javascript

Other points:
It may not be a good idea to attempt to track your letter/parcel via Tor - doing so could raise suspicion about your package.
Title: Re: List of websites NOT to access via Tor
Post by: rmsher on November 23, 2012, 07:39 pm
What if i used tor to just browse mtgox.com? I dont have an account on there yet.
Title: Re: List of websites NOT to access via Tor
Post by: zenvoboy on November 23, 2012, 07:52 pm
What if i used tor to just browse mtgox.com? I dont have an account on there yet.

Yeah I guess that would be ok. But if you decide to register an account, it'd probably be best to use a standard browser.
Title: Re: List of websites NOT to access via Tor
Post by: robust on November 23, 2012, 08:08 pm
dont track any packages when your on Tor, USPS or any other mailing company

in fact if you need to track your package, dont do it from your place of residence, go to a coffee shop or sometin
Title: Re: List of websites NOT to access via Tor
Post by: goblin on November 23, 2012, 10:29 pm
dont track any packages when your on Tor, USPS or any other mailing company

in fact if you need to track your package, dont do it from your place of residence, go to a coffee shop or sometin
I've read enough on this topic to decide that's just an urban legend, IMO.

goblin
Title: Re: List of websites NOT to access via Tor
Post by: CoolGrey on November 23, 2012, 11:07 pm
- don't log into your MtGox account through Tor (they'll block your account)
- don't track your packages using Tor (I've heard reports that you'll package gets flagged as suspicious)
Title: Re: List of websites NOT to access via Tor
Post by: HassleHoff on November 24, 2012, 04:51 am
I wouldn't log into any sites that require a password and don't use SSL (HTTPS) . Remember the tor exit nodes might be snooping on your traffic. If you want to log into Facebook or something be sure to use HTTPS everywhere and enable ssl on your account.
Title: Re: List of websites NOT to access via Tor
Post by: kipperswithcheese on November 26, 2012, 12:54 am
Anything that requires Javascript, obv.
Title: Re: List of websites NOT to access via Tor
Post by: RKL on November 26, 2012, 06:08 am
good point on fbook.also ytube they can track your ip is different from your home computor
Title: Re: List of websites NOT to access via Tor
Post by: zenvoboy on November 26, 2012, 10:15 pm
Anybody know if it's okay to access blockchain.info via Tor? Or does it raise suspicion about your account?
Title: Re: List of websites NOT to access via Tor
Post by: lolheisenberg on November 26, 2012, 11:00 pm

dont track any packages when your on Tor, USPS or any other mailing company

in fact if you need to track your package, dont do it from your place of residence, go to a coffee shop or sometin

how can mailing company tell that you're using Tor ?
Title: Re: List of websites NOT to access via Tor
Post by: ShardInspector on November 26, 2012, 11:16 pm
It has been suggested above to not use TOR to access Facebook, and YouTube.

While that's all good (assuming you are OK with such sites building detailed statistical pictures of you and your links to your acquaintances) there is something to keep in mind.

I suggest never ever following a link posted here at the road to ANY site, especially FB and YT by copy and pasting the link into a non TOR enabled browser (or even a TOR enabled browser with JavaScript turned on).

The reason for that, as many of you may be aware, is that the particular HTTP link way well be uniquely posted only to SR, therefore enabling an adversary who has access to the destination servers logs to know with certainty that the IP of the visitor to the unique URL was just browsing the road. What I have just described is a known law enforcement tactic and has been used widely.

Worse, you might be logged into your FB or whatever account when you open a new window and paste the link into the browser.Then they don't even have to reconcile the particular IP against their logs to determine the user.

Additionally, even using the Tor Browser Bundle with JavaScript enabled can reveal you internet facing IP address to a third party (if not connecting to a 'hidden service' like SR is).

This is because some rogue exit node operators have the ability to rewrite the returning (to you) HTML page 'on the fly' to 'inject' a small amount of additional JS into the page that will make a request ,bypassing the TOR network, directly to whatever server they choose where they can grab your IP by examining their logs. That's bad of course if any part of the HTML page you just requested from the exit node (who can see the web page unencrypted) includes your username, the details of transactions etc etc.They can even set it up to only inject the malicious JS into the returning page if certain keywords exist on the page like drugs or lsd or bitcoin etc etc

Basically, always use the TBB with Noscript enabled and JavaScript disabled and don't follow links found here at the road to external sites using any browser configuration other than that just mentioned if you want to ensure you are anonymous.
Title: Re: List of websites NOT to access via Tor
Post by: ShardInspector on November 26, 2012, 11:20 pm
"how can mailing company tell that you're using Tor ? "

Because the list of  Tor exit nodes is published public ally and it is trivial for a script to be written that checks against the list of exit nodes, the IP now trying to connect to the mailing companies server and from there flag the account as noteworthy or suspicious whatever. Whether they are actively doing this one can never know unless they admit to it.
Title: Re: List of websites NOT to access via Tor
Post by: Guns on November 27, 2012, 12:52 am
For those of you who have one or more of those "IBAN/BIC reloadable VISA electron debit cards" (for some reason, some vendors sell them as MasterCards, even though their picture clearly shows a VISA, however, if you have a card with 2500$ yeaqrly limit, 200 per day or so, then you hqave one of those most probably.

http://www.prepaid.bzwbk.pl/

or better, all of bzwbk.pl should not be accessed via TOR, it took me (and a very helpful vendor on HackBB, freefox, whom I haven't even bought from before, and who didn't ask for money, he just sent me two cards and we both tried our ways, his was right, I did connect with Tor, he didn't, his (i.e. my, but he also had the PIN of course) card worked, mine didn't)

The mean thing is, they don't tell you right away that you are blocked or something, they just tell you, *after* all the registration data have (correctly) been filled in, that "the account couldn't be registered". Maybe that's just a software error, or pure meanness on their part, I don't know ;)