Silk Road forums

Discussion => Newbie discussion => Topic started by: psychomanbr on August 05, 2013, 08:54 pm

Title: Security Measures to take on ToR - How not to be ass-fucked by FBI
Post by: psychomanbr on August 05, 2013, 08:54 pm
Hi folks!

In light of the recent (and most unfortunate event) of Freedom Hosting getting busted by the feds, I'm reading a shitload of posts here and in some other forums about people soiling themselves out of fear of NSA, FBI and other types of law enforcement assholes worldwide.

So here are a few things I'd like to share about what types of security measures I take to make it if not impossible, extremely harder for police dudes to find my ass:

1 - Use Tails OS or Linux to browse ToR: Linux is waaaaaay more secure than Windows for that type of thing, as well as its exploit vectors are smaller, so in case of a breach, damage can be more perceivable and less destructive.

2- Always use a primary proxy or vpn service PRIOR to your connection to ToR: I'm using privatvpn.se, but there are many others around that can tunnel your connection even before establishing a ToR circuit. By using a primary vpn tunnel, my connection goes from my PC to the vpn tunnel (that's one external IP), then through some ToR nodes (second external and possibly traceable IP) and only then, after the ToR tunnel, it reaches the desired website and returns me with the webpage I'm trying to see. If our friend Marques used this method, even with FBI exploiting his browser to display his external IP, all they would get is the external IP of the VPN provider. Since that vpn provider doesn't store logs or connection data, and the external IP is shared between hundreds of nodes, he would still be at the comfort of his home (or bunker, whatever) and my freaking e-mail at tormail would be working right now >:(

3- DO NOT USER TOR BROWSER BUNDLE: Surprised? Don't be. The browser bundle was made for folks that do not know their way around the networking behind ToR, AND its standard for everyone that uses it, meaning that if you find one flaw in it, everyone using it can consider themselves fucked the same wat the first dude was. I'm using the standard Iceweasel install in Debian and I have disabled everything, JavaScript, Java, Flash, Moonlight, and etc. I only turn on javascript if I know the website to be reliable, and even so with extreme care on what I'm clicking. By making yourself different from others you also won't fall in the same traps. It can make you stand out a little bit more for the servers eyes, but still, a little tweaking to your user agent makes you invisible again.

4- GOD FREAKING DAMMIT, USE GPG FOR EVERYTHING!!!!: Yes, you've heard it right. Use GPG for ALL of your emails/communications under ToR. Except for this forum for instance, given that you're using all of the previous methods for safety. If you're paranoid like me, you can get hackingdefined's 16384 bit GPG build here: http://hackingdefined.org/?p=284 <<< CLEARNET LINK! BE CAREFUL! >>>

5- Never open downloaded files or clearnet links while using ToR: Needless to say exploit vectors within files are huge. Open whatever you've downloaded from ToR only after a massive scan at virustotal {dot} org, followed by a scan from your antivirus, and open the file after you're FULLY DISCONNECTED from the internet. And I mean FULLY. Not on ToR, not on your regular Internet, not even in your local LAN. Shutdown your wifi card or unplug your network cable before opening the file. What they can't see they can't hurt.

6- If in doubt, examine the webpage source code: You can hide a shitload of stuff on hidden iframes under webpages. If in doubt, view the webpage source code in your browser and search for the word "iframe" with broad word matching. If there's something in there about "iframes" or the word "hidden" next to it, GTFO!

7- If possible, do not use your home connection when browsing ToR: You've got that right. Use a neighbours wi-fi (given he's not a computer freak like me or you'll get busted and they would steal your freaking bitcoins :D). If you're using the VPN+ToR method, you can even use a unsuspecting public-wifi. Just keep an eye for others, what they're doing and etc. Best thing is to have a quick IP scan on the network you're in to see who's active. If you have a coffee shop nearby and there's just you and on other IP browsing stuff at 3AM on a Monday, GTFO!

EDIT: A little something i've forgot:
8- Encrypt your hard-drive: At least the partition of the OS you're using to access ToR from. You can find very good tutorials online using TrueCrypt (the best one ever), Google it :)


Hope this helps some of you not to be scared the shit out of this freedom hosting incident. Remember, fear is the biggest weapon they'll have.
Feel free to ask me whatever you want about this, please do it so in here (admins, can I?) cause my beloved tormail is now confiscated :)

Be safe! Cheers!
Title: Re: Security Measures to take on ToR - How not to be ass-fucked by FBI
Post by: ethnophile on August 05, 2013, 09:46 pm
rathergood
Title: Re: Security Measures to take on ToR - How not to be ass-fucked by FBI
Post by: omegaflarex on August 05, 2013, 09:51 pm
In response to this thread and other thread:

http://dkn255hz262ypmii.onion/index.php?topic=196587.15

- use cryptoheaven.com - an ISP email provider which is located in Canada - it's outside of US jurisdiction. This email use AES256 bit encryption, this transmission cannot be intercepted and decrypted. It would take NSA 10,000 years to decrypt it regardless, much longer for all LE agencies. Use it:

http://www.cryptoheaven.com/

There, problem solved. LE is a bunch of noobs - TRY HARDER!
Title: Re: Security Measures to take on ToR - How not to be ass-fucked by FBI
Post by: TeegDougland on August 05, 2013, 09:52 pm
nahh I'll just get arrested instead. too much work.
Title: Re: Security Measures to take on ToR - How not to be ass-fucked by FBI
Post by: omegaflarex on August 05, 2013, 09:58 pm
I am using truecrypt - 10-20 randomly generated password. It took me a while to memorized it but it was WORTH IT! :D. Now my SSD is heavily encrypted with AES256 ;). There's a flaw in SSD design for encryption but LE won't be able to crack it, maybe NSA can but I highly likely doubt it because gyroscope cannot be done on SSD, only mechanical HDDs.
Title: Re: Security Measures to take on ToR - How not to be ass-fucked by FBI
Post by: TeegDougland on August 05, 2013, 10:00 pm
and as a quick aside, CH being outside US agencies' jurisdiction doesn't really mean shit when you look at the general callousness about surveillance if it's foreign. Americans only tend to give a shit if one of us is being surveilled illegally.
Title: Re: Security Measures to take on ToR - How not to be ass-fucked by FBI
Post by: Intrepid21 on August 05, 2013, 10:08 pm
Been lazy but moving to TailsOS tonight. Thanks for the info
Title: Re: Security Measures to take on ToR - How not to be ass-fucked by FBI
Post by: belva on August 05, 2013, 10:11 pm
I am not computer "literate" so to speak.  I do not have tormail, I have tor browser only.  Am I safe?
Title: Re: Security Measures to take on ToR - How not to be ass-fucked by FBI
Post by: heavysky on August 05, 2013, 10:20 pm
Thank you, sir for your quite thorough and enlightening post.

I'd like to probe further on item 7 --

1 what are the particular risks of using your home network - if you use an obsfproxy bridge - doesnt that address the main concern?
2 assuming i continue to use home network - how should I set up the DNS and MAC settings for max security - I already use encryption and don't broadcast my ssid

thanks for your wisdom and time
Title: Re: Security Measures to take on ToR - How not to be ass-fucked by FBI
Post by: toke 100 on August 05, 2013, 10:25 pm
I am not computer "literate" so to speak.  I do not have tormail, I have tor browser only.  Am I safe?
Quote


im in the same boat as belva are we safe ? i done a complete clean on computer a few days back and reloaded tor browser  am i safe  :o   fuck me i only want the odd bag of weed :'( lol
Title: Re: Security Measures to take on ToR - How not to be ass-fucked by FBI
Post by: PathSeeker on August 05, 2013, 10:46 pm
Thanks for the info.  I'm a total noob using a USB-installed Tails.
Item#2:
Does this mean that I should somehow be using a proxy prior to my tor connection.  Is there any guide on how to do that?  I've learned so much from these forums ab pgp/TOR ect...  Can't be too hard to figure out can it?  Also wouldn't using VPN prior to TOR leave your data vulnerable on the way to the vpn server or whatever prior to becoming torified?
#7:
Can you explain the last sentence?

Omega:
I have a tough time believing that Stephen Harper (Canada's doucheass fuckwad of a Prime Minister) wouldn't jump at the chance to polish some good ol American LE knob.  He gives not a single fuck about any Canadian that is not among the 1%.  Of course, you are talking about encrypted data so my point is moot, but I feel it worth mentioning that at higher levels, Canada is one of the most corrupt countries in the world (an ex CRA (our IRS) official stated that "Canada is the most corrupt" country he has ever worked in).
I just think people need to be really careful about their ideas of what Canada is and where her priorities lie.
Title: Re: Security Measures to take on ToR - How not to be ass-fucked by FBI
Post by: MrBlack999 on August 06, 2013, 01:04 am
VPN....the end
ahaha but in all seriousness.....Great read especially for the newbie ToR users! Read carefully and understand everything so that you may safely use ToR. Sending messages through GPG should be a mandatory necessity for all communication between everyone especially the n00bs...tread lightly and keep your ear to the ground my friends....


Mr.Black
Title: Re: Security Measures to take on ToR - How not to be ass-fucked by FBI
Post by: psychomanbr on August 06, 2013, 04:05 am
OK, let me try to answer everyone so far in a single post.

I am not computer "literate" so to speak.  I do not have tormail, I have tor browser only.  Am I safe?

Unfortunately you're not. Marques was using the ToR browser bundle. The flaw isn't in ToR so to speak, but in the firefox version that the browser bundle uses. The same flaw that got him busted can get you also.

Thank you, sir for your quite thorough and enlightening post.

I'd like to probe further on item 7 --

1 what are the particular risks of using your home network - if you use an obsfproxy bridge - doesnt that address the main concern?
2 assuming i continue to use home network - how should I set up the DNS and MAC settings for max security - I already use encryption and don't broadcast my ssid

thanks for your wisdom and time

The risks of using your home network are that if somehow the WAN IP you're using gets unmasked, federal agencies can trackback to your provider and that will lead to your exact location. If you're using someone else connection, it will pinpoint their home location. Sooner or later they'll confiscate every computer in the neighborhood to track you, that only saves you a few hours maybe so you can smash your encrypted HD to oblivion.
Assuming you're using your own network, what I do (when the neighbours change their passwords or go from an easy WEP key to WPA2 or such, or their ISP is down and you have to crack some other access point), DNS and MAC won't make a hell of a difference cause either way when your computer gets connected your router already knows your new MAC, spoofed or not. If it was any different you wouldn't get connectivity cause your router wouldn't know where to send the packets. Configuring your router with WPA2-TKIP+AES (given you've got a strong password, more than 16 chars I would say) only protects you from immediate connections to your local LAN, but for the Internet you're exposed the same way you would if you have no password at all in it. Remember that your browser is the last mile between you and everything else when on the Internet.

Thanks for the info.  I'm a total noob using a USB-installed Tails.
Item#2:
Does this mean that I should somehow be using a proxy prior to my tor connection.  Is there any guide on how to do that?  I've learned so much from these forums ab pgp/TOR ect...  Can't be too hard to figure out can it?  Also wouldn't using VPN prior to TOR leave your data vulnerable on the way to the vpn server or whatever prior to becoming torified?
#7:
Can you explain the last sentence?

Omega:
I have a tough time believing that Stephen Harper (Canada's doucheass fuckwad of a Prime Minister) wouldn't jump at the chance to polish some good ol American LE knob.  He gives not a single fuck about any Canadian that is not among the 1%.  Of course, you are talking about encrypted data so my point is moot, but I feel it worth mentioning that at higher levels, Canada is one of the most corrupt countries in the world (an ex CRA (our IRS) official stated that "Canada is the most corrupt" country he has ever worked in).
I just think people need to be really careful about their ideas of what Canada is and where her priorities lie.

As for item 2, if you're on Linux you can install the VPN provider package, but if available, ALWAYS go for the OpenVPN method. You can install a package called "network-manager-openvpn" and then setup your VPN connection as you normally would when setting up your Wi-Fi, no secrets to that.
Towards using a VPN prior to ToR'ying your connection, no it won't be vulnerable given that VPN's are encrypted, usually with Blowfish or AES encryption. When connectiong to ToR later on, you'd only be adding a second encryption channel to the one that the VPN offers. Since we're talking TCP most of the time here, you get a tunnel within a tunnel before going out to any given website. Adding a primary VPN before ToR helps mostly on tricking your ISP that you're not on ToR at all. There's an analysis method called "Stateful Packet Inspection" that works togheter with the more famous one "Traffic Shaping". This is when your ISP is ACTIVELY looking for specific traffic either to block it or to monitor it (and they can reduce bandwidth or deny it completely for certain types of protocols/networks in the process). Guess I don't have to explain what can happen when your ISP knows what you're doing...
As for item 7 last sentence, if and every time your connecting to a router that is not your own router, its always wise to see who else is there sharing your connection. You can do it manually by pinging every IP address on the subnet, or doing a SYN scan or UDP scan with NMap or other similar tool. If you're alone, chances are that the router owner is asleep or not using the connection at that time, and you don't have to worry about someone noticing their traffic getting cramped up without any reasonable explanation (that would be you using his AP). I have at least 3 wi-fi routers passwords from my neighbours, and I've investigated what they do for a living, discovering that none of them has any IT knowledge that would pose a menace to what I'm doing through their connection. Even if they do, it's all encrypted because of the first pas (VPN), so they won't be able to mess around with my packets :)
Some agencies, like FBI, NSA and such have the skills and hardware power to monitor an entire city if they want to, and we don't want to make their jobs any easier.


And finally, even when using all of those security measures together, there's still a way of them getting me. No system can be considered secure, that's rule #1 of information security. What we can do is make the most of what we have to give them a hardest time as possible. What we have is actually a level of uncertainty towards security, and the lower it gets, the better for us and the harder for them. I can have all of that running in my computer and they could overtake a package repo somewhere which would have me to get an spoofed notepad that tracks my every move, and I'd be fucked either way (and don't think I was the first to have that idea...). Remember, the first line of defense is your BRAIN. If everything else fails believe me, don't be afraid to (even encrypted), get THOR's hammer and beat the fuck out of your hard drives. There, no proof at all, Viking way :)
Title: Re: Security Measures to take on ToR - How not to be ass-fucked by FBI
Post by: truestorytrust on August 06, 2013, 04:24 am
Not a computer expert by any means so some of the stuff your saying don't understand.  So with that said how so we get to SR if we don't use the tor package bundle is there something else to download to get to it.
Title: Re: Security Measures to take on ToR - How not to be ass-fucked by FBI
Post by: xxdionysusxx on August 06, 2013, 09:04 am
I am not computer "literate" so to speak.  I do not have tormail, I have tor browser only.  Am I safe?

I'm fairly sure you are.
Title: Re: Security Measures to take on ToR - How not to be ass-fucked by FBI
Post by: PathSeeker on August 06, 2013, 10:03 pm
Thanks for the info.  +1
Title: Re: Security Measures to take on ToR - How not to be ass-fucked by FBI
Post by: tg00 on August 06, 2013, 10:28 pm
Nothing wrong with using the Browser Bundle, You just need to disable java script and forbid all plugins flash java etc..

You are better off using the browser bundle than your personal web browser, Never use a personal web browser with tor, Have 2 different browsers, 1 for tor and 1 for personal shit.

The browser and executable so it's much easier to update it.

The browser bundle is perfectly safe as long as you configure it properly.
Title: Re: Security Measures to take on ToR - How not to be ass-fucked by FBI
Post by: Highalyzer on August 06, 2013, 11:01 pm
Thanks for the info, Psychomanbr. Informative post. But there's something I'd like to ask, since it's apparent you're much more knowledgeable on the subject than I am: I've heard a lot about Tails lately, but I've been running Liberté (as was recommended on another part of this forum) from a USB, since it's a very lightweight OS and can run from the 1GB flash drive I happened to have lying around. Do you happen to know anything about this OS, and how it compares to Tails in terms of security?
Title: Re: Security Measures to take on ToR - How not to be ass-fucked by FBI
Post by: JohnTheBaptist on August 06, 2013, 11:10 pm
nahh I'll just get arrested instead. too much work.
Me too, where's the cuffs
Title: Re: Security Measures to take on ToR - How not to be ass-fucked by FBI
Post by: Psyche on August 06, 2013, 11:13 pm
You do realize that the way the exploit worked would completely bypass your VPN idea, it actually utilizes WiFi in order to send code to your router to grab the GPS location and other data. If you had WiFi off the exploit would not work on you but who the fuck doesn't use WiFi?

I use TOR obfs3 bridges for the sake of using TOR putting you on a list of people who use tor. I'm not that concerned with my ISP knowing that i'm using tor but better safe than sorry. Also using a VPN before you use tor would mean that they are simply taking the role of your ISP in the sense that they know you are using tor and can see the entry nodes you are using, if you trust your VPN provider the same amount or more than your ISP this is an option but personally I believe that obfs3 bridge relays accomplish your goals better(by making your traffic look like skype video calls, unrelated data, ect to your ISP). Hell even if you were taking a trip to china you could still use tor.
Title: Re: Security Measures to take on ToR - How not to be ass-fucked by FBI
Post by: tanamon on August 06, 2013, 11:18 pm
3- DO NOT USER TOR BROWSER BUNDLE: Surprised? Don't be. The browser bundle was made for folks that do not know their way around the networking behind ToR, AND its standard for everyone that uses it, meaning that if you find one flaw in it, everyone using it can consider themselves fucked the same wat the first dude was. I'm using the standard Iceweasel install in Debian and I have disabled everything, JavaScript, Java, Flash, Moonlight, and etc. I only turn on javascript if I know the website to be reliable, and even so with extreme care on what I'm clicking. By making yourself different from others you also won't fall in the same traps. It can make you stand out a little bit more for the servers eyes, but still, a little tweaking to your user agent makes you invisible again.

Most of your tips are good, but this is a terrible recommendation. Tor Browser is a version of Firefox that is specifically patched to protect your anonymity. Regular browsers like Firefox/Iceweasel leak all kinds of uniquely identifying info that Tor Browser doesn't.
Title: Re: Security Measures to take on ToR - How not to be ass-fucked by FBI
Post by: tanamon on August 06, 2013, 11:24 pm
Unfortunately you're not. Marques was using the ToR browser bundle. The flaw isn't in ToR so to speak, but in the firefox version that the browser bundle uses. The same flaw that got him busted can get you also.

Do you have a citation for this claim? I have heard nothing about how Marques was identified except that the FBI investigated him for over a year.

LE targeted the Tor Browser in this one case, but users who updated like they were supposed to were safe. There are a many ways of fingerprinting users of regular browsers that Tor Browser protects against. The Tor Project recommends their Tor Browser as the only way to surf the web over Tor.
Title: Re: Security Measures to take on ToR - How not to be ass-fucked by FBI
Post by: Psyche on August 06, 2013, 11:27 pm
Unfortunately you're not. Marques was using the ToR browser bundle. The flaw isn't in ToR so to speak, but in the firefox version that the browser bundle uses. The same flaw that got him busted can get you also.

Do you have a citation for this claim? I have heard nothing about how Marques was identified except that the FBI investigated him for over a year.

LE targeted the Tor Browser in this one case, but users who updated like they were supposed to were safe. There are a many ways of fingerprinting users of regular browsers that Tor Browser protects against. The Tor Project recommends their Tor Browser as the only way to surf the web over Tor.

He's talking out of his shitter the FBI isn't give us a fucking manifesto of how the caught him.
Title: Re: Security Measures to take on ToR - How not to be ass-fucked by FBI
Post by: tanamon on August 06, 2013, 11:39 pm
That being said, I have seen a lot about how people with the latest version of Tor Browser, 17.0.7, were safe because it had the security update that was needed to stay unaffected by this breech.  I am just confused because although I had this updated version, my settings said that my Javascript was NOT disabled.  Am I still safe?

That's right, anyone running the latest version of the browser bundle was safe, and it was released on June 26. If you didn't update to the latest version after a month, you were seriously lacking in your security practices to begin with. How do people miss the giant flashing icon in the toolbar, which activates whenever there's an update?
Title: Re: Security Measures to take on ToR - How not to be ass-fucked by FBI
Post by: Mr Candy on August 06, 2013, 11:46 pm
Thanks for the info, I will definitely be taking some of these measures, although as I'm not located in the US, I assume that I'm far less at risk by these revelations?  Also, I read somewhere, that if you used the most update version of TBB, the exploit that the FBI used had been fixed in these versions?  The only version of TBB I've used is the most recent version.  Also I find it bizarre that TBB allows scripts by default and enabled Java when these are the biggest breaches to anonymity.  I had no idea about this until these things came to light.  Fortunately, SR is the only website I've used, although I tried to use tormail on several occasions and it didn't load, but that was before all this.  I assume that exploitation was only while the website was actually down and that message came up that it was down for maintenance?
Title: Re: Security Measures to take on ToR - How not to be ass-fucked by FBI
Post by: tanamon on August 06, 2013, 11:56 pm
Thanks for the info, I will definitely be taking some of these measures, although as I'm not located in the US, I assume that I'm far less at risk by these revelations?

The FBI may pass along non-US IP addresses to the local LE and they can decide what to do with that info.

Quote
Also, I read somewhere, that if you used the most update version of TBB, the exploit that the FBI used had been fixed in these versions?  The only version of TBB I've used is the most recent version.

Did you not read the post right above yours?

Quote
Also I find it bizarre that TBB allows scripts by default and enabled Java when these are the biggest breaches to anonymity.

Java is different from JavaScript. Java was blocked by NoScript, JavaScript was not. The main argument by the Tor Project for allowing JavaScript is that a lot of sites would have disabled functionality, which would drive away users. The more people that use Tor, the more anonymous you are, so they want to maximize users. In light of this major security breach, that may not have been the best security choice.
Title: Re: Security Measures to take on ToR - How not to be ass-fucked by FBI
Post by: Mr Candy on August 07, 2013, 12:04 am
Did you not read the post right above yours?

No.  But phew I am safe then, only had this version. I'd just read someone else's response to this query in another thread saying in specifically targeted FF17.  Thanks for clearing that up for me.
Title: Re: Security Measures to take on ToR - How not to be ass-fucked by FBI
Post by: psychomanbr on August 07, 2013, 03:45 am
Hi All

Some things I've got WRONG, sorry about that: ToR browser bundle is safe if you're using the latest version. And its easier than configuring the shitload of things I am

There was something tough, Psyche commented that the attack they've used on Marques was something that went through his Wi-Fi? So they've exploited his browser using man-in-the-middle or something instead of some file or link for instance?

Sorry for the wrong bits in the post, thank you all for making the corrections!
Title: Re: Security Measures to take on ToR - How not to be ass-fucked by FBI
Post by: tanamon on August 07, 2013, 04:19 am
There was something tough, Psyche commented that the attack they've used on Marques was something that went through his Wi-Fi? So they've exploited his browser using man-in-the-middle or something instead of some file or link for instance?

Nobody knows how they nabbed Marques, and if they claim they do, I'd like them to post a link to an authoritative source, like a newspaper article or court documents. The only info we have on the guy is one article in an Irish newspaper, and the only thing it says is that the FBI investigated him for a year. It doesn't mention how they identified him.
Title: Re: Security Measures to take on ToR - How not to be ass-fucked by FBI
Post by: tg00 on August 07, 2013, 04:48 pm
I also knew NOTHING about Java and Java Script before this attack, so I didn't know to disable them.  But thank God I noticed the flashing exclamation point on the little onion icon!!  It made me nervous at first, being a noob, because I thought it meant my computer was being watched or something silly, especially when it said I needed to update.  But I did it, and when the news of the attack hit, I clicked on "about Tor Browser" and saw I was running version 17.0.7.  Yay me!  That does not, however, negate the fact that they have three emails in my new Tor Mail account:  One with my new Block Chain account info, which I will never be using again.  One from Twitter welcoming me, and one to a SR vendor with no incriminating info, EXCEPT I mention my SR screen name.  Do I need to scrap this account and start a new one?  I will DEFINITELY be learning PGP.

If you are not already i recommend you use Linux, You could use TAILS or install a distro like Linux Mint, Windows is really to insecure to trust anymore.
Title: Re: Security Measures to take on ToR - How not to be ass-fucked by FBI
Post by: Itakethem2study on August 07, 2013, 05:00 pm
@psychomanbr Thank you for this information.. it's extremely valuable to people who are just learning the ins and outs of security.

I hope all newbies study up - practice & implement..
we should all be a little bit more careful - it's easy to be sloppy.

 
Title: Re: Security Measures to take on ToR - How not to be ass-fucked by FBI
Post by: BongoMagnifico on August 07, 2013, 06:19 pm
My current situation and concerns:

I installed TBB a few days ago on Windows and have made a few accounts, browsed around a bit and read a lot of this forum. I navigated to the tormail page early on and noticed it was down. Then started reading about the situation there. I feel a bit more comfort knowing that I've got 17.0.7, which is supposedly patched (and thanks for that info), but I had javascript enabled until now. I'm hoping that hasn't compromised anything.

My real question is this: Given the activity I've been conducting on my home internet connection, is it reasonable to assume that my home address has been flagged? Is using tor in itself attracting much attention?

I have not ordered anything, but I'm considering it. Would it be a bad idea to get a shipment to my home address based on my activity thus far? (I know, there is some discussion about this topic too, and perhaps this is the wrong thread to ask). If I do place any orders, I'll be running tails from usb and connecting from a public wifi spot, possibly through vpn.
Title: Re: Security Measures to take on ToR - How not to be ass-fucked by FBI
Post by: Itakethem2study on August 07, 2013, 06:32 pm
Setting up tails and operating from a public wifi spot is a good idea if available.
I have to believe that some people here live in actual rural areas where public wifi is not as available.

Yes those places do exist.  In that case one may want to use a linux program like backtrack to borrow someone's wifi occasionally..

Just a thought.
Title: Re: Security Measures to take on ToR - How not to be ass-fucked by FBI
Post by: phantomoto on August 07, 2013, 07:50 pm
Thanks foe the Info!
Title: Re: Security Measures to take on ToR - How not to be ass-fucked by FBI
Post by: apple man on August 07, 2013, 07:52 pm
admin look into this: http://silkroadvb5piz3r.onion/silkroad/user/32842c5427

on his homepage it says:

"Some orders that were marked as dispatched will be cancelled" and then "NB: Cancelling those sucked. So sorry, both to my repeat and new clients. "

we are all told vendors delete our information, how that possible when you marked the goods in transit. I am scared as fuck as i got kids and a wife staying with me.  someone please help me to stop worrying and tell me i am wrong.  his feedback is also looking fake as fuck as i am still waiting for my btc/item but no response.

on the seller guide on wiki it says:

"You and you alone will have your client's shipping address. This information must be destroyed as soon as it is used to label their package. When you click "confirm shipment," the address will be deleted forever and irretrievable. "
 
and then

"-Under no circumstance should you save a copy of your client's address."


Admin save us please, someone get back to me. 
Title: Re: Security Measures to take on ToR - How not to be ass-fucked by FBI
Post by: BongoMagnifico on August 07, 2013, 08:35 pm
Perhaps my paranoia is excessive at this point. I'll try to trust that 17.0.7 has kept me relatively save so far.

I've heard that an ISP can see when a person is using tor. Perhaps nothing of the activity, but just that it's in use. Is that true?
Title: Re: Security Measures to take on ToR - How not to be ass-fucked by FBI
Post by: Green-Android on August 07, 2013, 08:40 pm
Thanks for the heads-up, only using usb-stick that are encrypted with TrueCrypt.
Title: Re: Security Measures to take on ToR - How not to be ass-fucked by FBI
Post by: tg00 on August 07, 2013, 10:10 pm
Perhaps my paranoia is excessive at this point. I'll try to trust that 17.0.7 has kept me relatively save so far.

I've heard that an ISP can see when a person is using tor. Perhaps nothing of the activity, but just that it's in use. Is that true?

Your ISP can see you are using Tor but they cannot see what you are doing inside the Tor network.

You should disable java script,java,silver light, and flash applets as well, If you do all that and use Linux and the browser bundle you are pretty secure.

Title: Re: Security Measures to take on ToR - How not to be ass-fucked by FBI
Post by: VinnieJones on August 08, 2013, 06:36 pm
stay away from kiddie porn and the FBI won't come barreling through your door, or accidentally pick you up and drop you on your balls several dozen times.