Pages:
Author

Topic: Anonymity tips (Read 4464 times)

hero member
Activity: 826
Merit: 504
October 29, 2014, 09:47:37 AM
#79
Satoshi remains anonymous even after his email got compromissed

Just mimic his behavior


Also it is said he used to use Tor

His email wasn't compromised, some kid used a spoofer to make it look like he had access to the email address
sr. member
Activity: 476
Merit: 501
October 29, 2014, 09:29:35 AM
#78
Satoshi remains anonymous even after his email got compromissed

Just mimic his behavior


Also it is said he used to use Tor
hero member
Activity: 826
Merit: 504
October 29, 2014, 09:23:57 AM
#77
I just talked to an anonymous user on Silk Road via TOR, and he explained how to carry out such an attack. It seems that it is network based, which means the best way to remain anonymous on the internet is to simply not get in anyone's way. There are numerous users who can maintain their anonymity because they don't screw with the wrong people. DPR was busted because he operated Silk Road.

hero member
Activity: 802
Merit: 1003
GCVMMWH
October 29, 2014, 07:47:19 AM
#76
What's an MITM sir? Kindly elaborate it please.
MITM is Man In The Middle (attack) it intercepts your traffics with the website and have the potential to collect the information you sent to the server.

What kind of information? Like passwords??

Like anything that you are sending to C.
A being you
B being MITM
C being your intended destination.

In your example it could also be anything that C would return to you (information) as when you login to a website when being subjected to a MITM attack, the MITM could send the same information you send to C and then forward you the information that it gets back from C until C send them (under the impression that the MTIM is you) the information they are looking for

Right, I should have clarified that as sending and receiving to/from C
newbie
Activity: 42
Merit: 0
October 29, 2014, 12:54:17 AM
#75
The only way to be anonymous on the internet is to not be on the internet Wink

Lol  Grin... But it's true...

So if you are going to use that in bitcoin, you need to have an offline wallet?
legendary
Activity: 3038
Merit: 4418
Crypto Swap Exchange
October 28, 2014, 07:12:14 PM
#74
In your example it could also be anything that C would return to you (information) as when you login to a website when being subjected to a MITM attack, the MITM could send the same information you send to C and then forward you the information that it gets back from C until C send them (under the impression that the MTIM is you) the information they are looking for

Afaik, MITM attacks is non-trivial when communicating with end-to-end encryption. Clear text is entirely another matter, and is very risky.

For example, some activists have used TOR and thought they were safe, but still rogue exit nodes were able to read e-mails sent in the clear.
Many others thought the same was the case (myself included) however POODLE proved them wrong, as there is a vulnerability in certain protocols that is able to trick you into thinking that you are actually looking at a certain HTTPS site when you are in fact not

I'm no expert, but is the POODLE still an issue? I would also think lots of intel agencies have groups working exactly with MITM attacks and other nefarious stuff.
I don't think so. Even bitcointalk have fixed SSL3 vulnerability. New updates in browser would have them fixed. Tor have released a update fixing it long ago. But still, there may still be vulnerabilities that have yet been uncovered.
full member
Activity: 196
Merit: 103
October 28, 2014, 05:15:21 PM
#73
In your example it could also be anything that C would return to you (information) as when you login to a website when being subjected to a MITM attack, the MITM could send the same information you send to C and then forward you the information that it gets back from C until C send them (under the impression that the MTIM is you) the information they are looking for

Afaik, MITM attacks is non-trivial when communicating with end-to-end encryption. Clear text is entirely another matter, and is very risky.

For example, some activists have used TOR and thought they were safe, but still rogue exit nodes were able to read e-mails sent in the clear.
Many others thought the same was the case (myself included) however POODLE proved them wrong, as there is a vulnerability in certain protocols that is able to trick you into thinking that you are actually looking at a certain HTTPS site when you are in fact not

I'm no expert, but is the POODLE still an issue? I would also think lots of intel agencies have groups working exactly with MITM attacks and other nefarious stuff.
sr. member
Activity: 420
Merit: 250
Ever wanted to run your own casino? PM me for info
October 28, 2014, 05:02:50 PM
#72
In your example it could also be anything that C would return to you (information) as when you login to a website when being subjected to a MITM attack, the MITM could send the same information you send to C and then forward you the information that it gets back from C until C send them (under the impression that the MTIM is you) the information they are looking for

Afaik, MITM attacks is non-trivial when communicating with end-to-end encryption. Clear text is entirely another matter, and is very risky.

For example, some activists have used TOR and thought they were safe, but still rogue exit nodes were able to read e-mails sent in the clear.
Many others thought the same was the case (myself included) however POODLE proved them wrong, as there is a vulnerability in certain protocols that is able to trick you into thinking that you are actually looking at a certain HTTPS site when you are in fact not
full member
Activity: 196
Merit: 103
October 28, 2014, 04:58:54 PM
#71
In your example it could also be anything that C would return to you (information) as when you login to a website when being subjected to a MITM attack, the MITM could send the same information you send to C and then forward you the information that it gets back from C until C send them (under the impression that the MTIM is you) the information they are looking for

Afaik, MITM attacks is non-trivial when communicating with end-to-end encryption. Clear text is entirely another matter, and is very risky.

For example, some activists have used TOR and thought they were safe, but still rogue exit nodes were able to read e-mails sent in the clear.
sr. member
Activity: 420
Merit: 250
Ever wanted to run your own casino? PM me for info
October 28, 2014, 03:56:39 PM
#70
What's an MITM sir? Kindly elaborate it please.
MITM is Man In The Middle (attack) it intercepts your traffics with the website and have the potential to collect the information you sent to the server.

What kind of information? Like passwords??

Like anything that you are sending to C.
A being you
B being MITM
C being your intended destination.

In your example it could also be anything that C would return to you (information) as when you login to a website when being subjected to a MITM attack, the MITM could send the same information you send to C and then forward you the information that it gets back from C until C send them (under the impression that the MTIM is you) the information they are looking for
hero member
Activity: 802
Merit: 1003
GCVMMWH
October 28, 2014, 10:36:08 AM
#69
What's an MITM sir? Kindly elaborate it please.
MITM is Man In The Middle (attack) it intercepts your traffics with the website and have the potential to collect the information you sent to the server.

What kind of information? Like passwords??

Like anything that you are sending to C.
A being you
B being MITM
C being your intended destination.
full member
Activity: 140
Merit: 100
October 28, 2014, 08:52:46 AM
#68
Sure, it's safe if you have a good habit.
If you don't, anything safe will eventually become unsafe.
hero member
Activity: 826
Merit: 504
October 28, 2014, 06:43:15 AM
#67
What's an MITM sir? Kindly elaborate it please.
MITM is Man In The Middle (attack) it intercepts your traffics with the website and have the potential to collect the information you sent to the server.

What kind of information? Like passwords??
full member
Activity: 196
Merit: 103
October 28, 2014, 06:15:24 AM
#66
What's an MITM sir? Kindly elaborate it please.
MITM is Man In The Middle (attack) it intercepts your traffics with the website and have the potential to collect the information you sent to the server. If someone do an attack on you, when you surf an unencrypted webpage and key in information, the attacker can see the information. With https, it is encrypted and thus harder or even impossible to see the information. However, vulnerabilies can allow the attacker to see the information.

Isn't most SSL vulnerabilities patched as they're found most of the time? Running up to date software, is it a risk on a daily basis now, of course there could be unknown attacks, but you should be reasonably safe?
legendary
Activity: 3038
Merit: 4418
Crypto Swap Exchange
October 28, 2014, 06:06:09 AM
#65
What's an MITM sir? Kindly elaborate it please.
MITM is Man In The Middle (attack) it intercepts your traffics with the website and have the potential to collect the information you sent to the server. If someone do an attack on you, when you surf an unencrypted webpage and key in information, the attacker can see the information. With https, it is encrypted and thus harder or even impossible to see the information. However, vulnerabilies can allow the attacker to see the information.
member
Activity: 75
Merit: 10
October 28, 2014, 05:54:09 AM
#64
What's an MITM sir? Kindly elaborate it please.
hero member
Activity: 826
Merit: 504
October 28, 2014, 04:24:01 AM
#63
What's a MITM attack?

I did read up on it, but it wasn't descriptive enough  Huh
hero member
Activity: 924
Merit: 1000
October 28, 2014, 12:03:42 AM
#62
As Bitcoin users it is a common interest on maintain anonymity on the web.

I do have a few questions.

Is TOR enough to conceal one's identity on the web? Not the Deepweb, but on Bitcointalk
If there is an IP leak, do the administrators at Bitcointalk cooperate with efforts to distribute personal information of Bitcointalk users to ISPs?

i suggest you do NOT use TOR, or anything like that unless you absolutely know what you are doing and how to protect yourself.
in my experience i saw a lot of people lose their bitcoins in this way. do a quick search on the web about losing bitcoins and using TOR.
here is an example i came across a couple of days before:
https://www.reddit.com/r/Bitcoin/comments/2k38ta/my_wallet_was_just_emptied_stolen_but_i_dont_know

also it is good to take a look at this article:
http://arxiv.org/abs/1410.6079
The reddit post that you quote was actually (assuming the claim is true) a MITM attack that gave a fake blockchain.info webpage to the OP of the reddit thread. The OP of the reddit thread did not ever have his identity compromised from this attack. Although using TOR to use a blockchain.info wallet (and other financial transactions) may not be very secure, you are not risking your identity being exposed

Anyway, if blockchain.info serves everything over https, then it should be safe? If they do not - oh dear..
Apparently it is possible to execute a MITM attack even with the site is using HTTPS with the POODLE attack.

I think the only real way to protect yourself against this would be to verify a signed message from the site's PGP key (that is previously known) - or you could connect to a site's hidden service address as I don't think POODLE works with hidden services
full member
Activity: 136
Merit: 100
Get your filthy fiat off me you damn dirty state.
October 27, 2014, 02:12:12 PM
#61
Regarding anonymity tips...I posted a link earlier to a talk by The Grugq. There's also a writeup at privacy-pc:

http://privacy-pc.com/articles/hackers-guide-to-stay-out-of-jail-opsec-for-freedom-fighters.html

I'm not much of a "hacker" but it's interesting reading. I like the distinction he draws been anonymity and privacy.

"Privacy protects your data. Anonymity protects you."

A friend also pointed me to this:

http://www.deepdotweb.com/2014/02/13/introducing-jolly-rogers-security-guide-for-beginners/

It's very long, but also interesting reading. There's a few stories of local bitcoin deals that go wrong.
full member
Activity: 196
Merit: 103
October 27, 2014, 04:24:39 AM
#60
As Bitcoin users it is a common interest on maintain anonymity on the web.

I do have a few questions.

Is TOR enough to conceal one's identity on the web? Not the Deepweb, but on Bitcointalk
If there is an IP leak, do the administrators at Bitcointalk cooperate with efforts to distribute personal information of Bitcointalk users to ISPs?

i suggest you do NOT use TOR, or anything like that unless you absolutely know what you are doing and how to protect yourself.
in my experience i saw a lot of people lose their bitcoins in this way. do a quick search on the web about losing bitcoins and using TOR.
here is an example i came across a couple of days before:
https://www.reddit.com/r/Bitcoin/comments/2k38ta/my_wallet_was_just_emptied_stolen_but_i_dont_know

also it is good to take a look at this article:
http://arxiv.org/abs/1410.6079
The reddit post that you quote was actually (assuming the claim is true) a MITM attack that gave a fake blockchain.info webpage to the OP of the reddit thread. The OP of the reddit thread did not ever have his identity compromised from this attack. Although using TOR to use a blockchain.info wallet (and other financial transactions) may not be very secure, you are not risking your identity being exposed

Anyway, if blockchain.info serves everything over https, then it should be safe? If they do not - oh dear..
Pages:
Jump to: