Silk Road forums

Discussion => Security => Topic started by: MetaD13 on June 21, 2013, 12:39 am

Title: Using the Onion Browser iPad app to access Silk Road
Post by: MetaD13 on June 21, 2013, 12:39 am
Is it safe or is it stupid? I don't plan on making any orders on it, just browsing.
Title: Re: Using the Onion Browser iPad app to access Silk Road
Post by: Amadeus on June 21, 2013, 12:44 am
I don't know if it's safe to do it in such a closed source operating system. I'd rather use Linux to access .onion websites.
Title: Re: Using the Onion Browser iPad app to access Silk Road
Post by: Wadozo on June 21, 2013, 02:17 am
Is it safe or is it stupid? I don't plan on making any orders on it, just browsing.

Stupid. The Onion Browser App is not a safe option at all. Two reasons that come to mind are -

1. - Javascript CANNOT be disabled, leaving open the potential to exploit this vulnerability.

2. - HTML5 Geolocation API cannot be disabled making your iPad a glorified tracking device.   
Title: Re: Using the Onion Browser iPad app to access Silk Road
Post by: blackfedora on June 21, 2013, 03:41 am
Its absolutely safe if u know what your doing and are a bit savy, don't even need for browser app
Title: Re: Using the Onion Browser iPad app to access Silk Road
Post by: SRtester on June 21, 2013, 04:32 am
It doesn't sound like a very good idea to me. Using mobile devices to access TOR just seems sketchy to me. Better safe than sorry.
Title: Re: Using the Onion Browser iPad app to access Silk Road
Post by: Young Morpheus on June 21, 2013, 05:44 am
Is it safe or is it stupid? I don't plan on making any orders on it, just browsing.

Stupid. The Onion Browser App is not a safe option at all. Two reasons that come to mind are -

1. - Javascript CANNOT be disabled, leaving open the potential to exploit this vulnerability.

2. - HTML5 Geolocation API cannot be disabled making your iPad a glorified tracking device.

Android, maybe. Ipad absolutely not.
Title: Re: Using the Onion Browser iPad app to access Silk Road
Post by: Rastaman Vibration on June 21, 2013, 06:30 am
NOT safe. Mobile devices are highly traceable.

Don't believe me? Do a search for this... its true

Stay safe
Title: Re: Using the Onion Browser iPad app to access Silk Road
Post by: ecstasydude on June 21, 2013, 07:19 am
NOT safe. Mobile devices are highly traceable.

Don't believe me? Do a search for this... its true

Stay safe

I think its very easy, and safe.

1. Get on Ipad, via Mcdonalds WI-FI.

2. If you use a New User Name, and password.

3. PGP your address, using the vendors PGP key.

4. Put the encrypted address in to the order.

Unless the TOR app has some key logger, or screen shot...
there is no way to trace back to you.

I used fake name and password to access SR, via Ipad, and it was super fast, and easy.

I don't want to make purchases on IPad TOR, because I am also very scketchy about the App.
Title: Re: Using the Onion Browser iPad app to access Silk Road
Post by: Rastaman Vibration on June 21, 2013, 07:48 am
Except that your iPad's GPS knows exactly where you are. And all iOS devices know exactly who you are.

But if you want to use it, its your choice.
Title: Re: Using the Onion Browser iPad app to access Silk Road
Post by: NorthernStar on June 21, 2013, 09:41 am
Is it safe or is it stupid? I don't plan on making any orders on it, just browsing.


I'd go with the latter.
Title: Re: Using the Onion Browser iPad app to access Silk Road
Post by: Wadozo on June 21, 2013, 12:24 pm
NOT safe. Mobile devices are highly traceable.

Don't believe me? Do a search for this... its true

Stay safe

I think its very easy, and safe.

1. Get on Ipad, via Mcdonalds WI-FI.

2. If you use a New User Name, and password.

3. PGP your address, using the vendors PGP key.

4. Put the encrypted address in to the order.

Unless the TOR app has some key logger, or screen shot...
there is no way to trace back to you.

I used fake name and password to access SR, via Ipad, and it was super fast, and easy.

I don't want to make purchases on IPad TOR, because I am also very scketchy about the App.

Quote
  Unless the TOR app has some key logger, or screen shot...
there is no way to trace back to you.   

That's not true. Tor only encrypts your traffic inside the Tor network. It is possible for an observer who can view both you and either the destination website, Silk Road, BMG, Atlantis, etc, or your Tor exit node to correlate timings of your traffic as it enters the Tor network and also as it exits. Tor does not defend against these types of potential attacks, especially when using a public Wi-Fi like that at McDonalds. Basically, until you join the Tor network, your traffic can be monitored. This would only be an issue if you come under the watchful eye of LE but still worth noting.
Title: Re: Using the Onion Browser iPad app to access Silk Road
Post by: blackfedora on June 22, 2013, 12:12 am
No no no all of your are wrong. Think outside the box of rather noy share my method anymore but there is a way doesn't involve vpn,pr tor app and make sure u know how to pgp  encrypt from mobile device
Title: Re: Using the Onion Browser iPad app to access Silk Road
Post by: ecstasydude on June 22, 2013, 12:39 am
Except that your iPad's GPS knows exactly where you are. And all iOS devices know exactly who you are.

But if you want to use it, its your choice.

Ok, I got a solution to your issue.
First is this:

______________________________________________________
 1.First, go to the iPad's settings by touching the setting icon. It looks like gears in motion.
2.Next, choose Location Services from the left-side menu.
3.In the main window, turn the top switch to off to restrict all apps from using GPS or Wi-Fi hotspots to determine the iPad's location. If you just want to turn it off in a single app, scroll down the list until you see the app's name and turn the switch to off.
_______________________________________________


Now the GPS is turned off. Keep the WIFI on. and Get This:

>>WARNING CLEARNET>>>>    http://www.techspot.com/news/52956-onion-pi-transforms-raspberry-pi-into-anonymous-wi-fi-hotspot.html   

This should do it right?

And IOS knows my name? How?

Its brand new, out of the box, nothing connected to it, with fake information.

I dont think LE is watching the Onion Browser, but who knows... I wont take the risk.






Title: Re: Using the Onion Browser iPad app to access Silk Road
Post by: blackfedora on June 22, 2013, 12:47 am
Can u pgp on ur eye pad? Doubt they are capable of that
Title: Re: Using the Onion Browser iPad app to access Silk Road
Post by: Hungry ghost on June 22, 2013, 01:28 am
Yes, you can either use openGp a PGP GUI, or if your I device is jail broken, you can use command line GPG which is included as a cydia utility. I posted on how to use the command line, you will need ifile and mobile terminal emulator. Can't be bothered trawling back through my posts to find it.
       The JavaScript vulnerability is true, but as above you can lock off your GPS with a pass code.
       I would like someone with genuine knowledge to describe the specific risks, I am not denying that a I device is less secure than liberte or tails, but I would like more information.
      Whenever the subject of using iOS or android  is broached there is a lot of FUD about LE following you back through Tor and switching your GPS and camera and mic on.
      I'd like someone with the required knowledge to describe the actual risks to lay this subject to rest so we can decide for ourselves.
      How much of a concern is the inability to disable JavaScript? (On orbot theandroid Tor client, you CAN do this, it is generally much more sophisticated than onion browser) If one was only using it to visit SR through the correct URL?
Title: Re: Using the Onion Browser iPad app to access Silk Road
Post by: Hungry ghost on June 22, 2013, 01:32 am
NOT safe. Mobile devices are highly traceable.

Don't believe me? Do a search for this... its true

Stay safe

I think its very easy, and safe.

1. Get on Ipad, via Mcdonalds WI-FI.

2. If you use a New User Name, and password.

3. PGP your address, using the vendors PGP key.

4. Put the encrypted address in to the order.

Unless the TOR app has some key logger, or screen shot...
there is no way to trace back to you.

I used fake name and password to access SR, via Ipad, and it was super fast, and easy.

I don't want to make purchases on IPad TOR, because I am also very scketchy about the App.

Quote
  Unless the TOR app has some key logger, or screen shot...
there is no way to trace back to you.   

That's not true. Tor only encrypts your traffic inside the Tor network. It is possible for an observer who can view both you and either the destination website, Silk Road, BMG, Atlantis, etc, or your Tor exit node to correlate timings of your traffic as it enters the Tor network and also as it exits. Tor does not defend against these types of potential attacks, especially when using a public Wi-Fi like that at McDonalds. Basically, until you join the Tor network, your traffic can be monitored. This would only be an issue if you come under the watchful eye of LE but still worth noting.

This is true of using a laptop too though, right?
Title: Re: Using the Onion Browser iPad app to access Silk Road
Post by: Rastaman Vibration on June 22, 2013, 07:22 am
Except that your iPad's GPS knows exactly where you are. And all iOS devices know exactly who you are.

But if you want to use it, its your choice.

Ok, I got a solution to your issue.
First is this:

______________________________________________________
 1.First, go to the iPad's settings by touching the setting icon. It looks like gears in motion.
2.Next, choose Location Services from the left-side menu.
3.In the main window, turn the top switch to off to restrict all apps from using GPS or Wi-Fi hotspots to determine the iPad's location. If you just want to turn it off in a single app, scroll down the list until you see the app's name and turn the switch to off.
_______________________________________________


Now the GPS is turned off. Keep the WIFI on. and Get This:

>>WARNING CLEARNET>>>>    http://www.techspot.com/news/52956-onion-pi-transforms-raspberry-pi-into-anonymous-wi-fi-hotspot.html   

This should do it right?

And IOS knows my name? How?

Its brand new, out of the box, nothing connected to it, with fake information.

I dont think LE is watching the Onion Browser, but who knows... I wont take the risk.

Gotta say, that's pretty good.

But I'm still sticking with Tails...  :)
Title: Re: Using the Onion Browser iPad app to access Silk Road
Post by: Hungry ghost on June 22, 2013, 07:28 am
Also for jail broken iOS there is an app that restricts access and will alert you if any app or process tries to access your contacts or GPS or anything else.  This might be useful ill try and find it
Title: Re: Using the Onion Browser iPad app to access Silk Road
Post by: jackofspades on June 22, 2013, 08:05 am
all iOS devices know exactly who you are.


Anyone reading this should heed it! thanks rasta +1
Title: Re: Using the Onion Browser iPad app to access Silk Road
Post by: Hungry ghost on June 22, 2013, 11:19 am
Yeah I would probably agree that iOS is probably totally insecure; I'm interested to see if android can be user securely. Its basically a Linux operating system, and recently a dev called Tassander has made a grub like boot loader for android that allows you to boot into different ROMs and even Linux distros on an android tablet. You can also boot from USB, and I'm wondering if liberte can be made to run on it? All that needs to be done is to zip the ROM into a template that the dev provides but its a bit beyond me.
        It would be great if someone could get this running

Links:

https://github.com/Tasssadar/multirom/wiki

http://forum.xda-developers.com/showthread.php?t=2093797

Title: Re: Using the Onion Browser iPad app to access Silk Road
Post by: Wadozo on June 27, 2013, 03:17 am
This has been discussed many, many time before. If you do some digging, I seem to recall many of the tech minded members agreeing with the fact that using a mobile device (phone, tablet, etc) is NOT safe at this point in time. There was even a response from SR Support stating that you should avoid using any mobile device to access SR (this can be found in a previous thread in response to another member's query to SR Support Staff). Of course, this is all  based on the assumption that you're under the watchful eye of LE, but I personally would avoid using any mobile device when the software development is still in it's infancy. The mobile phone is the one thing which brings down most drug suspects when being watched. Until there is further development and proven methods on counteracting current and future attacks, I won't be using one, if at all.   :)
Title: Re: Using the Onion Browser iPad app to access Silk Road
Post by: Rastaman Vibration on June 28, 2013, 01:40 am
This has been discussed many, many time before. If you do some digging, I seem to recall many of the tech minded members agreeing with the fact that using a mobile device (phone, tablet, etc) is NOT safe at this point in time. There was even a response from SR Support stating that you should avoid using any mobile device to access SR (this can be found in a previous thread in response to another member's query to SR Support Staff). Of course, this is all  based on the assumption that you're under the watchful eye of LE, but I personally would avoid using any mobile device when the software development is still in it's infancy. The mobile phone is the one thing which brings down most drug suspects when being watched. Until there is further development and proven methods on counteracting current and future attacks, I won't be using one, if at all.   :)

Thanks, Wadozo. Couldn't have said it better myself. +1!