Silk Road forums

Discussion => Security => Topic started by: dankology on April 17, 2012, 04:54 pm

Title: Using clearnet while on TOR?
Post by: dankology on April 17, 2012, 04:54 pm
Is this safe?  As in, using TOR then opening up a clearnet browser to look at google or facebook or whatever.  Will this show two IPs coming from my computer?  How risky is it?  Should I use a certain browser?  (TOR seems to be run through firefox, should i use Internet Explorer for clearnet stuff if im running them both at once?)
Title: Re: Using clearnet while on TOR?
Post by: Delta11 on April 17, 2012, 05:02 pm
I just wouldn't do it to be honest, I catch myself wanting to google something I see on these forums but I fight the urge because you never know how your security might be compromised. If you really want to check something than I would close TOR and then check or just buy a laptop and use that for clearnet  ;)
Title: Re: Using clearnet while on TOR?
Post by: dankology on April 17, 2012, 05:28 pm
Im using a laptop right now...I have a couple PCs and other laptops but I think I'd rather just get a real cheap netbook and make it my SR computer.

If I run SR from a bootable OS on a USB stick/SD Card could I take this anywhere and use SR on any computer without leaving a trace?
Title: Re: Using clearnet while on TOR?
Post by: Delta11 on April 17, 2012, 07:09 pm
Im using a laptop right now...I have a couple PCs and other laptops but I think I'd rather just get a real cheap netbook and make it my SR computer.

If I run SR from a bootable OS on a USB stick/SD Card could I take this anywhere and use SR on any computer without leaving a trace?
Yeah pretty much, look into Liberte, I run it off my netbook and when I have to do a big transfer I drive around neighborhoods until I find an unsecured network and connect to it on my netbook using Liberte and then do all the illegal activity I can without a trace.
Title: blablah i deleted the subject
Post by: dankology on April 17, 2012, 10:08 pm
Im using a laptop right now...I have a couple PCs and other laptops but I think I'd rather just get a real cheap netbook and make it my SR computer.

If I run SR from a bootable OS on a USB stick/SD Card could I take this anywhere and use SR on any computer without leaving a trace?
Yeah pretty much, look into Liberte, I run it off my netbook and when I have to do a big transfer I drive around neighborhoods until I find an unsecured network and connect to it on my netbook using Liberte and then do all the illegal activity I can without a trace.

I think mrgrey can offer something that will make that process easier, check em out.  You can basically steal wifi anywhere in a ~3 mile radius(the high end one can at least)

http://silkroadvb5piz3r.onion/silkroad/user/16aa08e0ed
Title: Re: Using clearnet while on TOR?
Post by: philter3 on April 17, 2012, 11:29 pm
I would  just like to say you people are insane. I love it.. but y'all are INSANE.

Pirating wifi to push encrypted information over the  airwaves to sell dope.  It brings tears to my eyes... Bless you all!
Title: Re: blablah i deleted the subject
Post by: Delta11 on April 18, 2012, 01:08 am
Im using a laptop right now...I have a couple PCs and other laptops but I think I'd rather just get a real cheap netbook and make it my SR computer.

If I run SR from a bootable OS on a USB stick/SD Card could I take this anywhere and use SR on any computer without leaving a trace?
Yeah pretty much, look into Liberte, I run it off my netbook and when I have to do a big transfer I drive around neighborhoods until I find an unsecured network and connect to it on my netbook using Liberte and then do all the illegal activity I can without a trace.

I think mrgrey can offer something that will make that process easier, check em out.  You can basically steal wifi anywhere in a ~3 mile radius(the high end one can at least)

http://silkroadvb5piz3r.onion/silkroad/user/16aa08e0ed

Yeah I've been meaning to buy it but I don't know how to crack WEP, I haven't really had time to learn  :(
Title: Re: Using clearnet while on TOR?
Post by: kmfkewm on April 18, 2012, 02:13 am
Nothing wrong with using Tor to access the clearnet, that's what it was designed for after all. There are some things to take into consideration

1. Never use Tor to do things that can be tied to your real identity, for example checking your facebook with Tor or logging into your bank with Tor
2. Understand that the exit node can see everything you send through it in plaintext, and take proper precautions when needed, like only sending encrypted messages or making sure to use SSL when it is available and preferably check fingerprints
3. Exit node can modify the content that you download, so never launch programs downloaded through Tor unless you verify them by comparing their hash value against a public hash value, or downloading things through multiple exit nodes and comparing hash of all of them to make sure it matches up (still can fail but less likely to), or verifying the things you download are signed with the appropriate key of the publisher.
4. Circuits to clearnet sites are not necessarily isolated, you could and very likely will end up loading multiple sites simultaneously through the same circuit, and the exit node can link all of those streams to the same initiator
5. exit node operators can gather lists of sites that people access through Tor, even if SSL is used, and filter out things they already know to not be interesting, this is a good way to gather lists of interesting sites that people feel the need to access through Tor (ie: a good way to get the url of a bunch of clearnet CP / drug / etc websites that think they are private and underground because they are invite only....oops!) (ironically enough, Tor is used extensively as a tool to locate underground servers that are not hidden services)

If you keep these things in mind, surfing the clearnet with Tor can be very safe. Tor was designed for surfing the clearnet in the first place, hidden services are just a tacked on addition.

If you don't use Tor to check links you find on SR you are putting yourself at serious risk. What is to stop me from making a fake website and linking to it on SR only, and then harvesting all of the IP addresses that connect to it and filtering off the ones that are Tor? I could even keep track of who is viewing my thread with the link in it an try to do various intersection attacks to link a SR username to its probable real IP address.

Same thing is true for posting links to news sites that you find on the clear to SR. Do this enough times and if I can get logs from all of those sites I could intersect them and if a unique IP address remains I can assume it is the IP address of the person who posted all those links on SR....they are at least in the crowd size, if they don't use Tor or another anonymizer with rotating exit nodes. If they are a vendor I can filter even more.
Title: Re: Using clearnet while on TOR?
Post by: kmfkewm on April 18, 2012, 02:15 am
Ah I totally misread your post, sorry. There should not be an issue with surfing with a torified browser and a non-torified browser simultaneously.
Title: Re: Using clearnet while on TOR?
Post by: mdmamail on April 18, 2012, 02:20 am
Ah I totally misread your post, sorry. There should not be an issue with surfing with a torified browser and a non-torified browser simultaneously.

They warn against this if you are using the same two browsers (Firefox, or Iceweasel which is basically firefox) and are logged into something in clearnet, it could pass to Tor and give away information. If clearnet is not logged into anything doesn't matter
Title: Re: Using clearnet while on TOR?
Post by: kmfkewm on April 18, 2012, 02:22 am
Can you show me a citation of this? Doesn't sound correct to me, and I am pretty sure I have heard them say that it is safe to do. One of the browsers will be configured for Tor and the other will not, so it shouldn't pass to Tor. Also unless you are accessing the site through Tor it will be (well, in practice) impossible for it to send data to Tor in reply to you, since it will have your IP address and not an exit nodes IP address. So the issue would need to be poor isolation between browsers, but I have not heard of this being a problem and have in fact heard the opposite (that it is not a problem). I think Tor button will isolate cookies well enough even if the browser has some issue (at least if you have it configured to isolate Tor cookies).

Anyway maybe it should be avoided, but I have not seen any examples (with technical details) of how it could lead to problems. I can imagine a problem arising if there is not isolation between the browsers, but I think Torbutton will come to the rescue in these cases. Should probably wait for a more definitive answer before doing it though because I am not 100% certain and it is always better safe than sorry.

this thread in Tor dev mailing list from 2008 indicates to me that it is probably safe to run both simultaneously, particularly since now the browser bundle does allow for it

http://archives.seul.org/or/dev/Dec-2008/msg00027.html
Quote
A long running problem with the Tor Browser bundle is that it cannot
be run at the same time as a non-Tor Firefox. There have been attempts
to fix this (e.g. [1]) while still using the FirefoxPortable launcher,
but they haven't worked too well.

So I've been experimenting with launching Firefox directly from
Vidalia. This now works (more or less), so I'd be interested in other
peoples' experiences of it. It's not ready for wide-scale use though,
as it's using an old version of Vidalia and might leave more traces
than the current Tor Browser Bundle.
Title: Re: blablah i deleted the subject
Post by: kmfkewm on April 18, 2012, 02:52 am
Im using a laptop right now...I have a couple PCs and other laptops but I think I'd rather just get a real cheap netbook and make it my SR computer.

If I run SR from a bootable OS on a USB stick/SD Card could I take this anywhere and use SR on any computer without leaving a trace?
Yeah pretty much, look into Liberte, I run it off my netbook and when I have to do a big transfer I drive around neighborhoods until I find an unsecured network and connect to it on my netbook using Liberte and then do all the illegal activity I can without a trace.



I think mrgrey can offer something that will make that process easier, check em out.  You can basically steal wifi anywhere in a ~3 mile radius(the high end one can at least)

http://silkroadvb5piz3r.onion/silkroad/user/16aa08e0ed

Why not just buy a high end directional antenna and an amplifier from the local electronics store? Just make sure to keep the antenna and amp combo in the legal limit, you don't want to get FCC agents knocking at your door. Not that you want to use WiFi from a static location in the first place (although this is still better than using your own internet connection).
Title: Re: Using clearnet while on TOR?
Post by: febbraio2468 on April 18, 2012, 05:49 am
I run Tor on Firefox and use Google Chrome for clearnet stuff at the same time, is that good or bad?


Feb
Title: Re: Using clearnet while on TOR?
Post by: supersecretsquirrel on April 18, 2012, 10:39 am
Ah I totally misread your post, sorry. There should not be an issue with surfing with a torified browser and a non-torified browser simultaneously.

They warn against this if you are using the same two browsers (Firefox, or Iceweasel which is basically firefox) and are logged into something in clearnet, it could pass to Tor and give away information. If clearnet is not logged into anything doesn't matter

This is not true. You can /safely/ use another browser for non-Tor things while browsing SR and other sites in the Tor Browser.
Title: Re: Using clearnet while on TOR?
Post by: no_pain on April 18, 2012, 11:05 am
I was doin this a long time, too. Browsing though the tor browser bundle exclusively for hidden services and using a "normal", not tor configured browser to browse the clearnet.

It just "feels" so wrong and I am not a security genius like others (i.e. here in the thread) so I got a full encrypted cheap netbook for my tor activity. And gladly I am in a county that cant force me to give out my password for the encryption.
Title: Re: Using clearnet while on TOR?
Post by: kmfkewm on April 18, 2012, 01:00 pm
There actually is a potential risk of surfing with a browser with Tor and one without Tor at the same time, if you have a circuit to the a site via Tor and also connect to it without Tor, if your internet dies both connections will break at the same time and the site can correlate it. So in summary

*Using a Tor browser and non Tor browser at the same time? Safe.
*Connecting to the same server with each of the browsers simultaneously? Potentially not safe, if your connection to the internet dies