Silk Road forums
Discussion => Security => Topic started by: Mossman on August 11, 2013, 03:12 pm
-
Okay, a vendor PMs me the link to a custom listing and I follow that link and complete transaction. This transaction was an exchange and no personal info was submitted. Done.
Moments later, I noticed that the url of the link I used was odd "https://silkroadvb5piz3r.tor2web.org/silkroad/item/xxxxxxxxxx".
Now... I don't know everything about the internet, but I do know that ".tor2web" is a bad idea and security risk, and it shouldn't be a part of any url on SR. So for this to have happened, my assumption is that the vendor must be using .tor2web to access SR?
Can anyone please tell me if I'm correct in that assumption, and if not, what just happened?
Is there anything I need be further concerned with, any precautions I should take after this?
Thanks in advance. Search results were not relevant.
-
What the fuck is up with the vendors, every fucking day I read about them idiots not using encryption, saving customer personal infos and doing all kinds of risky unsecure shit.
Now one of them fuckers is using tor2web..
Jesus fucking christ. Expose him RIGHT NOW!
This vendor is a huge security risk and should be banned.
SR staff seriously need to make new and harder rules and also a security knowledge TEST everyone have to pass before becoming a vendor.
-
My thoughts exactly and I intend to address the problem with the vendor later.
I ask again: do I have anything to fear, or should I take any immediate precaution?
I submitted no personal info with this purchase from the link above. I adhere to all OS/security and safety practice guidelines. Because I run a tight ship on my end, I believe that there's little for me to be concerned about in this paticular scenario. HOWEVER, I'm not familiar with .tor2web or any potential threasts/ consequences of having followed that link.
I'd appreciate anyone that can address this for me. THANKS!
-
What it means is he is logged into the main SR site (His vendor account!!! wtf) using tor2web.org because if you use it, it will automatically convert any .onion addresses it finds to .tor2web.org which is why it showed up when he pasted the link to you.
You should only be logging into Silkroad main store site using the real .onion address obviously. This vendor is an idiot and if the tor2web guy's are evil, or their service has been compromised, they now have the password of that vendor and can log into his account at anytime.
-
I would be afraid that LE was running a site like that and logging everyone who uses it.