CLEARNET VS HIDDEN SERVICES - WHY YOU SHOULD BE CAREFUL

pumpingiron22

Member
AnabolicLab.com Supporter
CLEARNET VS HIDDEN SERVICES - WHY YOU SHOULD BE CAREFUL

Some of you may have seen links to different websites on these forums. In fact my thread is full of them.

As you probably know by now, a hidden service is a website that uses a .onion address and a clearnet site uses the regular internet. You must be on TOR to access the onion network, whereas clearnet sites can be accessed from any browser. So why should you be careful when visiting clearnet sites?

When you see an article, link or video posted on the Silk Road forums, please note, that you should only be viewing those videos over TOR or possibly but as a last resort use a VPN and here is why. Let us use YouTube for example. YouTube is owned by Google, Google tracks everything. YouTube keeps track of which IP addresses search for what videos, and tons of meta data about it's users.

When a link to a YouTube video is posted on the SR forums, we likely have to use our regular browsers to watch it because Tor browser is not good for watching flash videos. But the problem is, if a post on SR was written on January 10, 2014 recommending a video, and this video only has 500 views, perhaps this video has been up for a few months and did not end up being very popular. And then within the few days that this article was posted, 50 people viewing the Silk Road forum watch this video. The number of views just went up in a short period of time.

It is pretty easy to correlate that it is possible, that the people who watched that YouTube video, especially since it is not a popular video came from Silk Road, and if you made the mistake of using your real IP address, you have now been added to a list of people of interest. And if you do this multiple times with different YouTube videos, then they start to see a pattern and before you know it, they are confident that you are coming to watch these videos from Silk Road because every time a video is posted on Silk Road forums, your IP address comes up to watch this video.

But if you use a VPN, this makes things a little harder in that they are not as easily going to be able to link the video to you yet. But once they see a VPN address constantly popping up on those videos being linked from the forums, they might submit a court order to monitor the activities of the users of the VPN. HideMyAss was one of the most well known examples of VPNs being ordered to hand over information on their users.

The same thing goes with all clearnet sites. You never know who is monitoring their activity, and if it is an old article, more than a couple of years, then you can almost bet that the number of people viewing that article are down. So when somebody posts a clearnet link on the forums and people visit that link using an unprotected IP address, then the LE can start to correlate patterns against you. Of course, these articles and links are not as likely to be visited without TOR from the SR forums because you need TOR to view the forums, but especially things like YouTube videos since TOR does not work well with YouTube can be problematic.

So what can you do to protect yourself? Ask yourself first, do I really need to watch that YouTube video? Is it something important that I need to see? If it is, you might consider an option that I spoke about earlier called Tortilla, but it is only available to Windows users. I talk it about it at the following article.

http://silkroad5v7dywlc.onion/index.php?topic=14555.msg304569#msg304569

You will run a Virtual Machine such as Debian, but do not connect to TOR using the Virtual Machine. The VM uses a bridged apapter and routes all traffic through Tortilla which routes all traffic through TOR on your Windows host OS without having to use the TOR browser on your VM. MAC users and Linux users may just want to view the YouTube video in a one time use proxy that does not keep any logs or maybe a public wifi network that has lots of users on it daily.

There is an infamous case of a murderer who called the sister of his victim from his victim's cell phone. He would call from her Time Square in New York and taunt her and talk about how she was torturing her sister and the police put a trace on the phone. Unfortunately because Time Square is such a crowded place, even with all the cameras, they were unable to pinpoint exactly which person was making the call on that phone and they never ended up catching the guy. He ended up ditching the phone after he finally killed his victim. They knew he was a guy walking around Time Square on a cell phone but if you have ever been to Time Square, you know that there are millions of people doing the exact same thing, he just blended right in.

So you may want to use a public wifi in a crowded area that has many users all day long to watch a video and keep your IP address safe. If you cannot watch videos safely without identifying yourself, then do not watch them. It is as simple as this. Yes I know it is annoying that Tor does not work well with flash videos, but it is better than being thrown in jail where you will never be able to watch any YouTube videos.

The main reason I wrote this post was to remind you that correlating two users together on the internet is easier than you think. Once you start developing patterns and leaving your footprints behind, the LE have an unlimited storage space available to them to keep track of everything you do. Remember how Sabu got caught? He just logged onto IRC with his real IP address, one time. One time is all it takes for them to take you down. Always think before opening a link, what will this website identify about me
 
Isn't tor overkill?
Doesn't tor attract even more attention from law enforcement?
Roids ain't THAT prosecuted. At least not in the USA. So wouldn't a prepaid smart phone be enough? (as long as you remove the its battery, not just turn it off when not in use as they can still reveal your location when turned "off").
 
Isn't tor overkill?
Doesn't tor attract even more attention from law enforcement?
Roids ain't THAT prosecuted. At least not in the USA. So wouldn't a prepaid smart phone be enough? (as long as you remove the its battery, not just turn it off when not in use as they can still reveal your location when turned "off").
Even better use a "burner" where it's registered to a fake name and reloads paid with cash. So even if they got the IP it won't be attached to you as the device will be registered with a fake name if LE were to be out looking for that device.

Also turn off location tracking. It should be in the settings.
 
Even better use a "burner" where it's registered to a fake name and reloads paid with cash. So even if they got the IP it won't be attached to you as the device will be registered with a fake name if LE were to be out looking for that device.

Also turn off location tracking. It should be in the settings.
Exactly. That's what I meant

I didn't know they've coined a name for them
BURNERS
nice
 
Anyone who uses mobile phones for illegal activity is a fool. Mobile phones are one of the most heavily surveilled technologies currently in the field. There is no doubt that they are convenient, but you pay a very high price for convenience.
 
Isn't tor overkill?
Doesn't tor attract even more attention from law enforcement?

Maybe. So what? Tools like Tor and PGP have stopped investigations dead in their tracks.

Tor is used by people like Edward Snowden, who also uses PGP, by the way.

Roids ain't THAT prosecuted. At least not in the USA.

Ok. So you deem the risk of potentially acquiring a criminal record as a price that you're willing to pay for convenience. That's not a choice I would make -- it's a free country -- if you're willing to gamble, that's your choice. Ya pays yer money, and ya takes yer chances. Who knows? You might get lucky.

So wouldn't a prepaid smart phone be enough? (as long as you remove the its battery, not just turn it off when not in use as they can still reveal your location when turned "off").

Not in my opinion, and not in the opinion of people like Jacob Appelbaum, who knows one helluva lot more than I do.
 
WhatsApp uses end to end encryption now. That's all I'm gonna say

End-to-End encryption is a GOOD thing -- you won't hear me knocking it, anytime soon.

My skepticism is more oriented towards the platform itself (i.e mobile devices) than it is to any particular application, or suite of applications.

One thing that has to be remembered is that WhatsApp, Signal, and other programs of that ilk, regardless of their other good features, provide privacy. You are NOT anonymous, when you use a mobile phone.

In my view, you need BOTH privacy and anonymity.
 
The best bet is never to get on the bastards' radar in the first place... They won't find any dirt if they're not looking... But if they look hard enough (if they really want to fuck you) they'll usually find something!
 
Encrypted or not

large steroid sources only access their public website or sales email
from a computer located in a shitty lawless country (i.e. moldova) and separately forward the info to the domestic remailers.
For further anonimity they use a different device, internet connection (IP) and a different encrypted email account. They just don't forward the Email to a different address which could easily be traced.
Likely they save the email info in a usb or something, and transfer it to the second device with said different ip internet connection, and encrypted email.

A source accessing their public website or sales email directly from an american ip will quickly get busted

Of course this info is just provided for information/entertainment purposes only.
I'm not advocating to break any law in any country.
 
Here's a good rule of thumb:

For maximum security, I ALWAYS use TAILS operating system: Tails - Privacy for anyone anywhere
when accessing hidden services. Remember to turn scripts OFF in the browser and ONLY visit .onion addresses.

Any clearnetting should be done on another OS.

And ALWAYS use PgP end-to-end encryption (Its built into TAILS ffs, no excuses!)

EDIT: I have lots of knowledge on PGP setup and Security using clearnet and TOR and would be glad to help any members here. Privacy is one of my most passionate subjects to teach, learn, and help others with!
 
Last edited:
Here's a good rule of thumb:

For maximum security, I ALWAYS use TAILS operating system: Tails - Privacy for anyone anywhere
when accessing hidden services. Remember to turn scripts OFF in the browser and ONLY visit .onion addresses.

Any clearnetting should be done on another OS.

And ALWAYS use PgP end-to-end encryption (Its built into TAILS ffs, no excuses!)

EDIT: I have lots of knowledge on PGP setup and Security using clearnet and TOR and would be glad to help any members here. Privacy is one of my most passionate subjects to teach, learn, and help others with!
This may sound paranoid but
How do you know TAILS or any other little known progam or add-on
isn't actually spyware?
 
This may sound paranoid but
How do you know TAILS or any other little known progam or add-on
isn't actually spyware?

It's not a program or add-on it's a stripped down OS, Linux to be exact, it doesn't cache memory or save any data, once you remove the usb it's over. It's a proven tool and much safer than running a virtual machine or VPN which is a guaranteed way to leak data. It also forces all internet traffic through TOR
 
Since it's tor specific
How can they know it ain't a copware version?
Why not just a boot from CD linux?
So even if it saves malware it will be long gone in the next reboot

Better yet
why botter with tor and all other security bs
why not just access it from a prepaid phone in a shitty lawless country unlikely to cooperate in a steroid investigation?
Big sources do that
This is just for information/entertainment. I'm not advocating to break any law in any country
 
Since it's tor specific
How can they know it ain't a copware version?
Why not just a boot from CD linux?
So even if it saves malware it will be long gone in the next reboot

Better yet
why botter with tor and all other security bs
why not just access it from a prepaid phone in a shitty lawless country unlikely to cooperate in a steroid investigation?
Big sources do that
This is just for information/entertainment. I'm not advocating to break any law in any country

You do run it from boot. You can use a cd or usb drive like any other Linux os. All os are like a ship with holes in it leaking water, tails just happens to be the less leaky. You should still use other security features like bridging with tor and if you can find a Vpn you can trust too.

I think a bigger concern than the owners starting to create fake versions for the NSA would be DNS poisoning, but that's not a problem specific to one website. There's been no issues so far and the os has been used by many whistleblowers and the like. Always take extra measures: run your internet off a hotspot from a prepaid, use a good vpn and tor bridge, and if everyone was to use pgp end-to-end you're relatively safe, I mean the dark net has had illegal markets for years now, and it's not the cops that take them out its scammers and internal issues.
 
You do run it from boot. You can use a cd or usb drive like any other Linux os. All os are like a ship with holes in it leaking water, tails just happens to be the less leaky. You should still use other security features like bridging with tor and if you can find a Vpn you can trust too.

I think a bigger concern than the owners starting to create fake versions for the NSA would be DNS poisoning, but that's not a problem specific to one website. There's been no issues so far and the os has been used by many whistleblowers and the like. Always take extra measures: run your internet off a hotspot from a prepaid, use a good vpn and tor bridge, and if everyone was to use pgp end-to-end you're relatively safe, I mean the dark net has had illegal markets for years now, and it's not the cops that take them out its scammers and internal issues.

Just for entertainment/information purposes only
What security measures would be good for a source checking their orders email in moldova?

While these ratty countries are unlikely to cooperate in steroid investigations, by being abroad the NSA/LE wil not need to comply with any laws or get any wiretap warrants or comply with any laws to spy on them.
 
Back
Top