Silk Road

[fivebells]

Yes, it's pretty remarkable that the Silk Road doesn't do https, only http.  I wonder why that is.  The CIA/NSA must have tor exit nodes...  You could really have some fun by hijacking some high-profile accounts there...

[P4man]

HTTPS would be good I guess, but its not uncrackable and might give a false sense of security. People there use PGP encryption to encrypt all their communication (at least the non retarded ones do).

[TiagoTiago]

They don't use https? Woah 0.0

[fivebells]

Ah, PGP authentication would help a lot.

[P4man]

Browse around on the site. Seems like all the sellers list their PGP private keys.
I suppose there are good reasons why they dont use HTTPS. Like, who is going to apply for the SSL certificate?
Im also not sure how secure SSL really is, Id rather trust PGP.

[mb300sd]

Traffic to SR never goes through an exit node.

When you go to a hidden service the "exit node" is the node hosting the service. So its an unencrypted http connection to (I assume) localhost

[P4man]

Traffic to SR never goes through an exit node.

When you go to a hidden service the "exit node" is the node hosting the service.

But the node before that, you could call exit node, no? And it could be an FBI computer.

[mb300sd]

Traffic to SR never goes through an exit node.

When you go to a hidden service the "exit node" is the node hosting the service.

But the node before that, you could call exit node, no? And it could be an FBI computer.

In the node before that, its still encrypted by Tor.

[TiagoTiago]

Ah, yeah, i forgot it was a site inside TOR.

[paraipan]

heads up, TOR small vid http://www.technologyreview.com/video/?vid=315

[fivebells]

Traffic to SR never goes through an exit node.

When you go to a hidden service the "exit node" is the node hosting the service. So its an unencrypted http connection to (I assume) localhost

  Oh.  Thanks for the explanation.

[racerguy]

I'm running tor atm.  Would setting tor up as a non exit relay help the network (I don't want to be able to know what stuff i'm hosting).

[Interfacial]

The nifty thing about Silk Road is that it can only be accessed through the Tor network.  While it doesn't make tracking your IP/Location impossible, it sure makes it a hell of a lot lot harder (and more expensive) than most authorities are willing to deal with to bust someone over.

And in combination with something like peerguardian or savepeer? Trying to get some info bout them, but don't know if they're working.

[Interfacial]

So as far as computer applications go, just using Silk Road is reasonably safe?  Any hacking issues that someone needs to worry about just from installing the software?

I think the digital aspect of silk road is pretty safe (for now) but its more the postadress i'm concerned about. Allready tried or not?

[Interfacial]

heads up, TOR small vid http://www.technologyreview.com/video/?vid=315

Tnks for the link!

[fivebells]

heads up, TOR small vid http://www.technologyreview.com/video/?vid=315

Not very informative.  Wikipedia has an explanation which is much more relevant to this discussion.

http://en.wikipedia.org/wiki/Tor_(anonymity_network)#Hidden_services

[nefanon]

ITT: FBI agents  

[Albert Schweitzer]

Imo are silk road similar sites and of course every other illegal transactions atm the most important BTC circulations for stabilizing the currency...

my2cents

[gwern]

Thoughts:

- as a hidden service, SSL is redundant. SR's .onion address *is* the signature of the public key you're using to set up the connection to SR. That's the nice thing about hidden services.
- It's probably legal in a lot of jurisdictions to merely access the site. It's not displaying child porn, after all. And SR is selling legitimate stuff last I looked; in http://www.gwern.net/Silk%20Road#preparations you can see screenshots of 2 of the non-drug sections - military helmets and miscellaneous services
- racerguy: setting up as a middleman node would help the network and would also make your browsing faster, as I understand it. (IIRC, when you run as a middleman or exit node, Tor cuts an entire hop out of all your browsing because all the strangers' traffic going *into* your node now serves to camouflage your own particular traffic.)

[P4man]

Thoughts:

- as a hidden service, SSL is redundant. SR's .onion address *is* the signature of the public key you're using to set up the connection to SR. That's the nice thing about hidden services.

Thats cool! And that explains the lack of ssl.
So basically the traffic is all encrypted, and moreover, without the key, you have no way of knowing where the server is? Do I understand that correctly, that every peer forwards the traffic, but can not know if its forwarding to another peer or the actual server?

However it works, its pretty clever.