|
|
|
opossum
|
 |
October 28, 2014, 05:03:42 AM |
|
As Bitcoin users it is a common interest on maintain anonymity on the web.
I do have a few questions.
Is TOR enough to conceal one's identity on the web? Not the Deepweb, but on Bitcointalk
If there is an IP leak, do the administrators at Bitcointalk cooperate with efforts to distribute personal information of Bitcointalk users to ISPs?
i suggest you do NOT use TOR, or anything like that unless you absolutely know what you are doing and how to protect yourself. in my experience i saw a lot of people lose their bitcoins in this way. do a quick search on the web about losing bitcoins and using TOR. here is an example i came across a couple of days before: https://www.reddit.com/r/Bitcoin/comments/2k38ta/my_wallet_was_just_emptied_stolen_but_i_dont_knowalso it is good to take a look at this article: http://arxiv.org/abs/1410.6079The reddit post that you quote was actually (assuming the claim is true) a MITM attack that gave a fake blockchain.info webpage to the OP of the reddit thread. The OP of the reddit thread did not ever have his identity compromised from this attack. Although using TOR to use a blockchain.info wallet (and other financial transactions) may not be very secure, you are not risking your identity being exposed Anyway, if blockchain.info serves everything over https, then it should be safe? If they do not - oh dear.. Apparently it is possible to execute a MITM attack even with the site is using HTTPS with the POODLE attack. I think the only real way to protect yourself against this would be to verify a signed message from the site's PGP key (that is previously known) - or you could connect to a site's hidden service address as I don't think POODLE works with hidden services |
▄▄█████████▄▄
▄█████████████████▄
▄████▀ ▀████▄
█████ █████▄
██████████████▄█████████████▄
████▀▀▀▀▀▀▀█████████▀▀▀▀▀▀▀███▄
████ ███████ ████
████ ███████ ████
████ ███████ ████
████ ███████ ████
████▄ ███████ ▄████
▀████ ███████ ▄████▀
▀████▄▄▄███████▄▄▄████▀
▀▀███████████████▀▀
| TIDEX | ║
█
║ | | ║
█
║ | |
|
|
|
|
awesome31312 (OP)
|
|
October 28, 2014, 09:24:01 AM |
|
What's a MITM attack? I did read up on it, but it wasn't descriptive enough  |
Account recovered 08-12-2019
|
|
|
rockyrotcoin
Member
 Offline
Activity: 75
Merit: 10
|
|
October 28, 2014, 10:54:09 AM |
|
What's an MITM sir? Kindly elaborate it please.
|
|
|
|
|
ranochigo
Legendary
Offline
Activity: 2982
Merit: 4193
|
|
October 28, 2014, 11:06:09 AM |
|
What's an MITM sir? Kindly elaborate it please.
MITM is Man In The Middle (attack) it intercepts your traffics with the website and have the potential to collect the information you sent to the server. If someone do an attack on you, when you surf an unencrypted webpage and key in information, the attacker can see the information. With https, it is encrypted and thus harder or even impossible to see the information. However, vulnerabilies can allow the attacker to see the information. |
|
|
|
|
Cryptowatch.com
|
|
October 28, 2014, 11:15:24 AM |
|
What's an MITM sir? Kindly elaborate it please.
MITM is Man In The Middle (attack) it intercepts your traffics with the website and have the potential to collect the information you sent to the server. If someone do an attack on you, when you surf an unencrypted webpage and key in information, the attacker can see the information. With https, it is encrypted and thus harder or even impossible to see the information. However, vulnerabilies can allow the attacker to see the information. Isn't most SSL vulnerabilities patched as they're found most of the time? Running up to date software, is it a risk on a daily basis now, of course there could be unknown attacks, but you should be reasonably safe? |
|
|
|
|
|
awesome31312 (OP)
|
|
October 28, 2014, 11:43:15 AM |
|
What's an MITM sir? Kindly elaborate it please.
MITM is Man In The Middle (attack) it intercepts your traffics with the website and have the potential to collect the information you sent to the server. What kind of information? Like passwords?? |
Account recovered 08-12-2019
|
|
|
|
novacn
|
|
October 28, 2014, 01:52:46 PM |
|
Sure, it's safe if you have a good habit.
If you don't, anything safe will eventually become unsafe.
|
|
|
|
|
Joe_Bauers
|
|
October 28, 2014, 03:36:08 PM |
|
What's an MITM sir? Kindly elaborate it please.
MITM is Man In The Middle (attack) it intercepts your traffics with the website and have the potential to collect the information you sent to the server. What kind of information? Like passwords?? Like anything that you are sending to C. A being you B being MITM C being your intended destination. |
|
|
|
|
funtotry
Sr. Member
Offline
Activity: 420
Merit: 250
Ever wanted to run your own casino? PM me for info
|
|
October 28, 2014, 08:56:39 PM |
|
What's an MITM sir? Kindly elaborate it please.
MITM is Man In The Middle (attack) it intercepts your traffics with the website and have the potential to collect the information you sent to the server. What kind of information? Like passwords?? Like anything that you are sending to C. A being you B being MITM C being your intended destination. In your example it could also be anything that C would return to you (information) as when you login to a website when being subjected to a MITM attack, the MITM could send the same information you send to C and then forward you the information that it gets back from C until C send them (under the impression that the MTIM is you) the information they are looking for |
|
|
|
|
Cryptowatch.com
|
|
October 28, 2014, 09:58:54 PM |
|
In your example it could also be anything that C would return to you (information) as when you login to a website when being subjected to a MITM attack, the MITM could send the same information you send to C and then forward you the information that it gets back from C until C send them (under the impression that the MTIM is you) the information they are looking for
Afaik, MITM attacks is non-trivial when communicating with end-to-end encryption. Clear text is entirely another matter, and is very risky. For example, some activists have used TOR and thought they were safe, but still rogue exit nodes were able to read e-mails sent in the clear. |
|
|
|
|
funtotry
Sr. Member
Offline
Activity: 420
Merit: 250
Ever wanted to run your own casino? PM me for info
|
|
October 28, 2014, 10:02:50 PM |
|
In your example it could also be anything that C would return to you (information) as when you login to a website when being subjected to a MITM attack, the MITM could send the same information you send to C and then forward you the information that it gets back from C until C send them (under the impression that the MTIM is you) the information they are looking for
Afaik, MITM attacks is non-trivial when communicating with end-to-end encryption. Clear text is entirely another matter, and is very risky. For example, some activists have used TOR and thought they were safe, but still rogue exit nodes were able to read e-mails sent in the clear. Many others thought the same was the case (myself included) however POODLE proved them wrong, as there is a vulnerability in certain protocols that is able to trick you into thinking that you are actually looking at a certain HTTPS site when you are in fact not |
|
|
|
|
Cryptowatch.com
|
|
October 28, 2014, 10:15:21 PM |
|
In your example it could also be anything that C would return to you (information) as when you login to a website when being subjected to a MITM attack, the MITM could send the same information you send to C and then forward you the information that it gets back from C until C send them (under the impression that the MTIM is you) the information they are looking for
Afaik, MITM attacks is non-trivial when communicating with end-to-end encryption. Clear text is entirely another matter, and is very risky. For example, some activists have used TOR and thought they were safe, but still rogue exit nodes were able to read e-mails sent in the clear. Many others thought the same was the case (myself included) however POODLE proved them wrong, as there is a vulnerability in certain protocols that is able to trick you into thinking that you are actually looking at a certain HTTPS site when you are in fact not I'm no expert, but is the POODLE still an issue? I would also think lots of intel agencies have groups working exactly with MITM attacks and other nefarious stuff. |
|
|
|
|
ranochigo
Legendary
Offline
Activity: 2982
Merit: 4193
|
|
October 29, 2014, 12:12:14 AM |
|
In your example it could also be anything that C would return to you (information) as when you login to a website when being subjected to a MITM attack, the MITM could send the same information you send to C and then forward you the information that it gets back from C until C send them (under the impression that the MTIM is you) the information they are looking for
Afaik, MITM attacks is non-trivial when communicating with end-to-end encryption. Clear text is entirely another matter, and is very risky. For example, some activists have used TOR and thought they were safe, but still rogue exit nodes were able to read e-mails sent in the clear. Many others thought the same was the case (myself included) however POODLE proved them wrong, as there is a vulnerability in certain protocols that is able to trick you into thinking that you are actually looking at a certain HTTPS site when you are in fact not I'm no expert, but is the POODLE still an issue? I would also think lots of intel agencies have groups working exactly with MITM attacks and other nefarious stuff. I don't think so. Even bitcointalk have fixed SSL3 vulnerability. New updates in browser would have them fixed. Tor have released a update fixing it long ago. But still, there may still be vulnerabilities that have yet been uncovered. |
|
|
|
grumpyoldtroll
Newbie
Offline
Activity: 42
Merit: 0
|
|
October 29, 2014, 05:54:17 AM |
|
The only way to be anonymous on the internet is to not be on the internet  Lol  ... But it's true... So if you are going to use that in bitcoin, you need to have an offline wallet? |
|
|
|
|
|
Joe_Bauers
|
|
October 29, 2014, 12:47:19 PM |
|
What's an MITM sir? Kindly elaborate it please.
MITM is Man In The Middle (attack) it intercepts your traffics with the website and have the potential to collect the information you sent to the server. What kind of information? Like passwords?? Like anything that you are sending to C. A being you B being MITM C being your intended destination. In your example it could also be anything that C would return to you (information) as when you login to a website when being subjected to a MITM attack, the MITM could send the same information you send to C and then forward you the information that it gets back from C until C send them (under the impression that the MTIM is you) the information they are looking for Right, I should have clarified that as sending and receiving to/from C |
|
|
|
|
|
awesome31312 (OP)
|
|
October 29, 2014, 02:23:57 PM |
|
I just talked to an anonymous user on Silk Road via TOR, and he explained how to carry out such an attack. It seems that it is network based, which means the best way to remain anonymous on the internet is to simply not get in anyone's way. There are numerous users who can maintain their anonymity because they don't screw with the wrong people. DPR was busted because he operated Silk Road.
|
Account recovered 08-12-2019
|
|
|
|
catena5260
|
|
October 29, 2014, 02:29:35 PM |
|
Satoshi remains anonymous even after his email got compromissed
Just mimic his behavior
Also it is said he used to use Tor
|
|
|
|
|
|
awesome31312 (OP)
|
|
October 29, 2014, 02:47:37 PM |
|
Satoshi remains anonymous even after his email got compromissed
Just mimic his behavior
Also it is said he used to use Tor
His email wasn't compromised, some kid used a spoofer to make it look like he had access to the email address |
Account recovered 08-12-2019
|
|
|
|
