The Great Silk Road Crash of 20** ...?

[flower1024]

can anyone explain how an entire site can exist inside TOR?  I mean I read that it's like a fake TLD that's correctly translated but wouldn't the creators of the TOR software have to manually code the software to accept and properly route fake TLDs?  So pull the plug on that idiotic feature!  I'm still not convinced they designed it that way in the first place but I can't imagine how else someone could set up a website that exists only in TOR and have it actually work.

Btw with all the 3rd party code and direct to browser scripts and FTP operations and stuff, any web server sitting only in the TOR network would get identified and found out in like a day.  So if those idiots think they're safe, they're not.

try it
i bet you wont get their public ip...

[1715145145]

1715145145

[1715145145]

1715145145

[1715145145]

1715145145

[1715145145]

1715145145

[DanielVG]

..as if illegal MP3 downloads disappeared when Napster went down...

The more you try to fight the internet the faster it will evolve.
same for war on drugs.

[paulie_w]

read this:

https://www.torproject.org/docs/hidden-services.html.en

[Desolator]

Yeeeeah, security certificate error and an extension ending in .en.  I don't think I'm gonna let that page load.

Btw you upload one PDF with scripts and get the server to run it, you'll get their internal and external IP and the name of the server, lol.  Same but even easier with an adobe flash file.  It's a direct route that bypasses the entire network by simply not using it.

[unicron]

Yeeeeah, security certificate error and an extension ending in .en.  I don't think I'm gonna let that page load.

Load it in a VM that you can revert after, Mr. Security Expert.  You seem to talk a lot for someone who is unwilling to read.

[tpantlik]

Yeeeeah, security certificate error and an extension ending in .en.  I don't think I'm gonna let that page load.

Btw you upload one PDF with scripts and get the server to run it, you'll get their internal and external IP and the name of the server, lol.  Same but even easier with an adobe flash file.  It's a direct route that bypasses the entire network by simply not using it.

ROFL, this is joke, right?

[Desolator]

Okay, now I'm really not clicking it, you dumbass.

Yeeeeah, security certificate error and an extension ending in .en.  I don't think I'm gonna let that page load.

Btw you upload one PDF with scripts and get the server to run it, you'll get their internal and external IP and the name of the server, lol.  Same but even easier with an adobe flash file.  It's a direct route that bypasses the entire network by simply not using it.

ROFL, this is joke, right?

Your knowledge of how Tor works is a joke.  If you wrap a browser or a service like IIS or something in a Tor "wrapper" basically, all communication goes through Tor.  All other programs on the computer do not use Tor and all browsers plugins are completely separate programs.  All web servers have the capability to view their own pages and do under certain circumstances.  Most also have Java, flash, adobe reader, etc installed.  So 1 little scripted file opens in a plugin and it bypasses Tor completely and goes straight to the target.

Don't believe me.  Believe exactly what I just said which is posted on their own Tor safety warning page:
https://www.torproject.org/download/download-easy.html#warning

Not all warnings apply to entire server installations but the principal of alternate apps directly accessing the internet by themselves without using Tor is exactly the same.

Hey look, a quote:
The Tor Browser will warn you before automatically opening documents that are handled by external applications. DO NOT IGNORE THIS WARNING. You should be very careful when downloading documents via Tor (especially DOC and PDF files) as these documents can contain Internet resources that will be downloaded outside of Tor by the application that opens them.

[kangasbros]

Silk Road won't be the market leader in any case for long. It is trivial business to enter to. Maybe some mafioso can throw some money in clever guerilla marketing. Maybe the future marketplaces employ better techniques for quality control etc.

And there already exists an open source software which allows anyone to set up their own marketplace (I don't know how good it is). The software is pretty trivial to implement.

[tpantlik]

Okay, now I'm really not clicking it, you dumbass.

Yeeeeah, security certificate error and an extension ending in .en.  I don't think I'm gonna let that page load.

Btw you upload one PDF with scripts and get the server to run it, you'll get their internal and external IP and the name of the server, lol.  Same but even easier with an adobe flash file.  It's a direct route that bypasses the entire network by simply not using it.

ROFL, this is joke, right?

Your knowledge of how Tor works is a joke.  If you wrap a browser or a service like IIS or something in a Tor "wrapper" basically, all communication goes through Tor.  All other programs on the computer do not use Tor and all browsers plugins are completely separate programs.  All web servers have the capability to view their own pages and do under certain circumstances.  Most also have Java, flash, adobe reader, etc installed.  So 1 little scripted file opens in a plugin and it bypasses Tor completely and goes straight to the target.

Don't believe me.  Believe exactly what I just said which is posted on their own Tor safety warning page:
https://www.torproject.org/download/download-easy.html#warning

Not all warnings apply to entire server installations but the principal of alternate apps directly accessing the internet by themselves without using Tor is exactly the same.

Hey look, a quote:
The Tor Browser will warn you before automatically opening documents that are handled by external applications. DO NOT IGNORE THIS WARNING. You should be very careful when downloading documents via Tor (especially DOC and PDF files) as these documents can contain Internet resources that will be downloaded outside of Tor by the application that opens them.

Of course there is side channels trough your server could leak IP address. But if you run site like SR you will not install it on your home desktop with Windows. You pick up server, install minimal linux or BSD on it and http server and of course use firewall and http server connect trough proxy on the other server wich allows connection only trough firewall to tor network.

BTW do you bother about updates on your Windows desktop? (certificate)

EDIT: WTF will you be opening DOC or PDF documents on the server that serves the hidden service?

[kokojie]

can anyone explain how an entire site can exist inside TOR?  I mean I read that it's like a fake TLD that's correctly translated but wouldn't the creators of the TOR software have to manually code the software to accept and properly route fake TLDs?  So pull the plug on that idiotic feature!  I'm still not convinced they designed it that way in the first place but I can't imagine how else someone could set up a website that exists only in TOR and have it actually work.

Btw with all the 3rd party code and direct to browser scripts and FTP operations and stuff, any web server sitting only in the TOR network would get identified and found out in like a day.  So if those idiots think they're safe, they're not.

Unless someone proves they obtained verified sillkroad IP, that's like just your opinion dude. If it was that easy, silkroad would have been pwned hundreds of times by now.

[capsqrl]

any web server sitting only in the TOR network would get identified and found out in like a day.  So if those idiots think they're safe, they're not.

Are you aware that Silk Road has been in operation for almost two years? It has gotten tons of press coverage, and an American senator demanded that authorities take it down. How can you seriously claim that Silk Road would be taken down in a day, and is run by idiots?

You might as well claim that this "aeroplane" thingy will never fly because it's many tons heavy and it's made of metal.

[thebaron]

any web server sitting only in the TOR network would get identified and found out in like a day.  So if those idiots think they're safe, they're not.

Are you aware that Silk Road has been in operation for almost two years? It has gotten tons of press coverage, and an American senator demanded that authorities take it down. How can you seriously claim that Silk Road would be taken down in a day, and is run by idiots?

I think they make enough money to do things like rent a server, encrypt it, and just use it for a VPN connection to TOR for their main server. And then get a new one each month.

[WITRcenter]

By the use of bitcoin, can we encourage more half-volunteered-half-donated Tor traffic relay server?

[unicron]

can anyone explain how an entire site can exist inside TOR? [...] I'm still not convinced they designed it that way in the first place but I can't imagine how else someone could set up a website that exists only in TOR and have it actually work.

[...] if those idiots think they're safe, they're not.

Okay, now I'm really not clicking it, you dumbass.

[...]

Your knowledge of how Tor works is a joke. [...]

You claim you want to know, then you decide to be spiteful instead.  The most charitable reading is that you are spreading FUD.

As for other programs on the same computer not using tor, if you torify your shell then every process forked from it will use tor.  This is a trivial enough workaround to make your point uninteresting to anyone who hasn't just learned about tor.

[Desolator]

Ugh, you know servers are just computers, right?  There are tons of conditions under which a server or the software running on it simply opens a PDF file that someone loads.  A CMS's php-based thumbnail generator script alone could do it (especially if made by adobe, lol).  I'm just saying, server aren't magic, they're just regular computers and regular computers can leak data outside of Tor very easily.  You know how many linux applications and services are capable of using the internet connection on their own?  A LOT!!!

btw there's nooooo way in hell it's a hosted machine at a 3rd party host.  Almost all web hosts have backdoors to view content on their own servers regardless of security not to mention examining inbound and outbound data to the server.  The FBI probably has every host in the US and as many as they could get in the rest of the world examining their data for servers containing files relevant to silkroad or data indicating massive inbound TOR traffic.

The most charitable reading is that you are spreading FUD.

All I'm saying is if you think Tor is a magical cloak of invulnerability that will never ever be vulnerable, you're wrong.  Here, let's get you all certified to talk about Tor.  It's 3 really simple steps.

1. go to google
2. type in "tor weaknesses"
3. shut the hell up

[capsqrl]

Please explain how Silk Road has been in operation since February, 2011.

[tpantlik]

Ugh, you know servers are just computers, right?  There are tons of conditions under which a server or the software running on it simply opens a PDF file that someone loads.  A CMS's php-based thumbnail generator script alone could do it (especially if made by adobe, lol).  I'm just saying, server aren't magic, they're just regular computers and regular computers can leak data outside of Tor very easily.  You know how many linux applications and services are capable of using the internet connection on their own?  A LOT!!!

btw there's nooooo way in hell it's a hosted machine at a 3rd party host.  Almost all web hosts have backdoors to view content on their own servers regardless of security not to mention examining inbound and outbound data to the server.  The FBI probably has every host in the US and as many as they could get in the rest of the world examining their data for servers containing files relevant to silkroad or data indicating massive inbound TOR traffic.

The most charitable reading is that you are spreading FUD.

All I'm saying is if you think Tor is a magical cloak of invulnerability that will never ever be vulnerable, you're wrong.  Here, let's get you all certified to talk about Tor.  It's 3 really simple steps.

1. go to google
2. type in "tor weaknesses"
3. shut the hell up

Congratulations, you are going to my ignore list (how can http server reveals its public IP when it's not connected to Internet?). And as a reward I am sending you 666 satoshis. This reward is for your only valid point that is - you cannot have 100% secured site even if it is tor hidden service.

[unicron]

btw there's nooooo way in hell it's a hosted machine at a 3rd party host.  Almost all web hosts have backdoors to view content on their own servers regardless of security not to mention examining inbound and outbound data to the server.  The FBI probably has every host in the US and as many as they could get in the rest of the world examining their data for servers containing files relevant to silkroad or data indicating massive inbound TOR traffic.

The existence of shady hosts notwithstanding, it really could be anywhere.  It could be on a hacked box in Russia.  It could be secreted in a closet at a NOC.  It could be somewhere completely different and using an ssh tunnel through a rogue access point in any organization.  The traffic would look like normal SSL traffic, and because of the way hidden services work, if the server or its tunnel endpoint ever went down, a backup could be placed elsewhere and nobody would have to update their links to it.  That's because the hidden service hostname is actually a hash of its private key.

1. go to google
2. type in "tor weaknesses"
3. shut the hell up

I appreciate your concern, but I'm not the one being willfully ignorant here.

[Desolator]

(how can http server reveals its public IP when it's not connected to Internet?).

Seriously?  I don't even know where to start with that one, lol.  Ummm...it is connected to the internet or nothing else could reach it.  Everything on the internet has an IP address or nothing else could reach it.  The IP address is accessible about a hundred different ways once you're talking about an application with a script inside it (flash or PDF) that's running on the server locally.  You could read it out the system summary info on most linux OSes, among tons of other way

And they haven't been caught because the FBI is stupid, isn't allowed to do stuff like that anyway, probably doesn't know how TOR works, failed to go to Google and search "tor weaknesses" , and they don't have sufficient coordination to do an enter-exit attack nor would they be allowed to DDOS other people's TOR nodes and mount their own rigged ones to get to a sufficient control level for other attack methods.  That's like 1/10th of the reasons lol.

Oh and a server that receives 99.99999% SSL traffic and no normal traffic, that could happen in certain somewhat common normal circumstances but it would be at least suspicious enough that that would be the server a hosting company would look at to see if it contains things like text saying "silkroad."

plus, what if 1 single offsite image is posted as a link like as a product or something.  I've never seen a silkroad page obviously but if it's like other CMS or forum software, images could be embedded and read by the server, not the browser, especially if it's a PHP page or uses certain types of frames.  It takes some tricking and SQL-injection style HTML coding but once the block of HTML or PHP is uploaded and the server is tricked into serving it up as is, tada.  Then the server holding the image would get a direct server to server link up, revealing its IP address.  If it was a standalone, trap image for tracking purposes (something I've used many, many, many times on other people's websites), I'd check the log on my server hosting the image for what what IP address attempted to read the file.

There's like 100 ways to catch these assholes, just most are seriously illegal so nobody's done it yet.

[MysteryMiner]

can anyone explain how an entire site can exist inside TOR?  I mean I read that it's like a fake TLD that's correctly translated but wouldn't the creators of the TOR software have to manually code the software to accept and properly route fake TLDs?  So pull the plug on that idiotic feature!  I'm still not convinced they designed it that way in the first place but I can't imagine how else someone could set up a website that exists only in TOR and have it actually work.

Btw with all the 3rd party code and direct to browser scripts and FTP operations and stuff, any web server sitting only in the TOR network would get identified and found out in like a day.  So if those idiots think they're safe, they're not.

I see You are a survivor from prime days of lobotomy! You mention many technical aspects but understand none of them in this and subsequent posts. All you mention such as offsite loading, embedding, plugins etc are taken care of. You did not even seen Silk Road page? LOL! Security "expert" who is afraid from .en extension in Tor Project homepage and is talking about Tor vulnerabilities in same time. You are retard, tell your handler The Suit that You failed!