Silk Road forums
Discussion => Newbie discussion => Topic started by: bitni on August 04, 2013, 08:07 pm
-
If they were running other sites for 2 weeks, how do we know they are not running SR right now?
-
DAMN. GOOD THING I DIDINT DO NO UPDAT FOR JAVA
-
If they were running other sites for 2 weeks, how do we know they are not running SR right now?
Because they just sent me drugs
-
lol
-
I find it pretty amusing that every time I get drugs delivered to my front door, it's the United States government, ie , the Post Office, delivering them...... :)
-
You don't. That's why you always use PGP to communicate with vendors / customers. And ensure javascript is disabled.
-
Oh, one other thing, if you had the same username / password on tormail as silk road, change it right now. 'Cos that is compromised too (even assuming tormail hashed their passwords well, most hashes can be cracked in a few hours by knowledgable people with fastish computers). Though again, you shouldn't have been doing this in the first place.
-
Oh, one other thing, if you had the same username / password on tormail as silk road, change it right now. 'Cos that is compromised too (even assuming tormail hashed their passwords well, most hashes can be cracked in a few hours by knowledgable people with fastish computers). Though again, you shouldn't have been doing this in the first place.
:o yikes.. i think my password is different, but all I ever did with tormail is buy bitcoins from BST... should I be worried?
-
:o yikes.. i think my password is different, but all I ever did with tormail is buy bitcoins from BST... should I be worried?
If you *think* your password is different, change it on SR now, to be safe. You shouldn't be too worried - if you have the same username, note that they now have a little bit of (weak) evidence that someone with your username bought bitcoins. Which by itself is not a problem. If they can trace how you bought them (e.g. subpoena the payment provider), and your 'real' identity is there somewhere (e.g. bank account / visa card), then they can correlate the username and bitcoins to your identity. But they still can't prove that that username has anything to do with SR. So don't be too worried (particularly not if you're a big time dealer / similar), but for better safety, use totally unrelated username / passwords for each site, and where possible not associating one identity with another (so where possible don't tell one site your username on another, e.g. email address).
This is me being paranoid, but it's good practise to think "what could they figure out if they were smart and motivated", in particular, if one anonymous identity was revealed, would it mean game over, or just that you toss that username/password away.
-
Should I be pgp'ing my address when I make an order?
-
Yes.
-
Should I be pgp'ing my address when I make an order?
Absolutely. Preferably I'd like to PGP every message I send on SR, but some vendors apparently don't like you doing that and only want you using PGP for identifiable information.
-
Sorry for the bewb question (and I apologize for being off-topic): But what exactly is "PGP"?
-
Sorry for the bewb question (and I apologize for being off-topic): But what exactly is "PGP"?
It's a program for encrypting and decrypting messages. You should be using it when you post up identifiable information, such as your address, when you place orders on SR. There is a stickied topic for it at the very top of the newbie section. Make sure you read it.
-
If you can't do the research needed to find these things out for yourself you really should think twice before ordering anything from SR.
-
If you can't do the research needed to find these things out for yourself you really should think twice before ordering anything from SR.
While I agree with you it's hard to take you serious with not even 10 posts. LOL.
Ryno
-
Sorry for the bewb question (and I apologize for being off-topic): But what exactly is "PGP"?
It's a program for encrypting and decrypting messages. You should be using it when you post up identifiable information, such as your address, when you place orders on SR. There is a stickied topic for it at the very top of the newbie section. Make sure you read it.
Awesome. Thank you. I am making sure to read everything I can before placing orders (or doing anything really). I'll be reading forums for a while. It's a lot to read but I will tackle it :)
-
@1PlayfulBiter
There are some useful buying guides that take you step by step. All information in one place, just search for it
-
I used to pgp everything but I have yet to get a responce back that was encrypted from a vendor. Its frustrating when u encrypt an address only to have the vendor then you the tracking info not encrypted. So most communication is not encrypted like it needs tobe and iI blame the vendors for getting to comfotable here.
-
You should always presume that this site has been compromised and take the proper precautions.
-
While I'm giving username / password advice, it's worth saying that you should *definitely* use a different password on this forum to the actual silk road site. Forum software generally has a pretty bad security record, and you should make sure that even if someone manages to get at your forum password (through SQL injection, or similar; much easier than finding the server and raiding it), your silk road account is still safe.
-
Agreed
-
All passwords and usernames are different and pswds are 20+ characters using symbols caps numbers alt keys if allowed.
-
I JUST NOW DISABLED JAVASCRIPT ON TOR....
NO MORE SMILEYS, SMILEYS=JAVASCRIPT
-
Should I be pgp'ing my address when I make an order?
Of course! Everything you send in PM or related to any deal should be encrypted.
-
I used to pgp everything but I have yet to get a responce back that was encrypted from a vendor. Its frustrating when u encrypt an address only to have the vendor then you the tracking info not encrypted. So most communication is not encrypted like it needs tobe and iI blame the vendors for getting to comfotable here.
What the fuck, expose those unsecure vendor idiots!
It's not acceptable in any way to have such information sent unencrypted.
-
Interesting stuff, if the FBI is already cracking down on TOR how long do you think this site will be safe? FBI doesn't like to lose... I love SR I'm not trying to create doubt. In fact, what about that new competitor to SR, anyone think that might be fishy?
-
I really really shouldn't have to tell you to do this but for all the noobs out there.
In your tor browser click on edit > preferences then untick the box that says "enable javascript"
Next look for the noscript icon next to the onion icon, make sure to "forbid scripts globally"
No legitimate person running a tor hidden service will use scripts on their site, Only law enforcement will try and get you to use scripts.
It only takes 1 malicious script to load in your browser and next thing you know you are sucking bubbas big black cock in a federal prison.
-
I find it pretty amusing that every time I get drugs delivered to my front door, it's the United States government, ie , the Post Office, delivering them...... :)
Damn, I never thought about that. FUCK! You just blew my mind.
-
anybody know how to disable java on tor????
i really need to get better with computers!
i'm grateful DPR has been such an awesome adm.
thank god i never used tormail.
-
Im glad that the F8I has nothing better to do than take down freedom hosting.
With our country in such good shape, that's where their efforts are going.. whatever..
supply and demand.. this goes down .. it will pop up somewhere else.
-
If it ever happens I doubt we'd know until it was too late. Encrypt everything!!!!
-
huh?
-
I used to pgp everything but I have yet to get a responce back that was encrypted from a vendor. Its frustrating when u encrypt an address only to have the vendor then you the tracking info not encrypted. So most communication is not encrypted like it needs tobe and iI blame the vendors for getting to comfotable here.
Were you sending your PGP public key in your first message everytime? I, as an example vendor, will happily use encryption to communicate with any buyer that provides their public key. It is extremely rare that buyers do this however, and that has nothing to do with the vendor - that's entirely on the buyer.
-
If they were running other sites for 2 weeks, how do we know they are not running SR right now?
Because they just sent me drugs
Man. My sides. :))
-
I have a few security questions...
Question 1) I am running tails Live now, though I haven't yet created a persistent feature (or know what that is yet). When I try to access SR or clearnet, i get a warning saying that my information can easily be read by a 3rd party. Is this normal? If not what can I do to create a secure connection? It also says failed to synchrnize clock which it mentioned was very important when using TOR..
Question 2) Lets say that I was using windows, and like an idiot typed in SR address before tor.check even loaded during the security breach. This might have even happened a few times.
Am I still at huge risk even though I never used/visited tormail or anything besides SR?
What exactly happens(ed)(ing) to my computer besides my MAC address/IP address being sent to Virginia. Where they logging my keystrokes?
Is my identity compromised (IP?)
Should I destroy my computer?
Should I automatically clear house?
-
I don't think it's that serious. If anything you have plausible deniability. :o
-
whats about the rest of them on sr ??? the buying and selling of data aka addressess >:( >:(
-
IMO it's all a kerfluffle meant to spook the users here. Someone hatched a FF exploit which grabbed the MACs of dark web users. But it was limited in scope. They were just testing it out in the wild, a distraction while taking down FH.
You know the USPS does not bring a federal case unless there are very large amounts involved.
Likewise the FBI doesn't care about chasing down a few users. Why would they care about a mere newbie with no record on SR. They are going after the big fish. They are like predators who prowl the dark web alleys and will leap on a big dumb unprotected target that is an easy catch. Don't make yourself easy to catch. Don't be too big or too dumb to get popped. Always use protection, they count on you to be lazy.
Unless you are very blatant or careless with your orders or mixed up with cp your risk is limited to the BTC in your SR account. :-X
-
If they were running other sites for 2 weeks, how do we know they are not running SR right now?
We don't :o
-
If you can't do the research needed to find these things out for yourself you really should think twice before ordering anything from SR.
While I agree with you it's hard to take you serious with not even 10 posts. LOL.
Ryno
I know of some users on SR that use a different account for every single order they make. I wouldn't assume anything based on postcount. ;)
-
If they were running other sites for 2 weeks, how do we know they are not running SR right now?
We don't :o
so ........ :-[
-
Mother, should I trust the government?