News Feed
  • DrugHub has agreed to fully refund all users who lost money in the SuperMarket exit scam.  
  • Retro Market has gone offline. Circumstances of the closure unknown.  
  • SuperMarket has closed following an exit scam by one of the admins.  
  • The admin of Incognito Market, Pharoah, has been arrested by the FBI several months after exit scamming.  
  • Silk RoadTorhoo mini logo
  • darknet markets list
  • Popular P2P exchange LocalMonero has announced it is closing.  

Am I (or the person) safe from FEDS? : OpSec | Torhoo darknet markets

So I want to consider the person threat level as vendor or market admin high level above street thug.

He does nothing physical, he will never get packages shipped or anything physical ever sent to him inperson nothing will ever be sent or connected irl.

Everything he does will be online but still as a high level crime.

His setup is just whonix + qubues OS.

For TOR, should he Hide usage from ISP, using vpn, bridges or anything?

Can traffic anylsis correlation attacks give him away?

How can he stay completley anonymous and is his setup fine?
/u/mriss
3 points
1 month ago*
The lyrics of the song sounded like fingernails on a chalkboard.
/u/justxsmart 📢
1 points
1 month ago
what does this mean? Technology is the only risk, I believe I have pretty good opsec im not stupid enough to like leak stuff about me or none.
/u/CTI
1 points
1 month ago
How you talk, the words you use, the times you are online. Pretty simple stuff but leads directly to your region. Maybe you are reusing a username that you used on Roblox and the FEDS could link to you. Looking at your profile and the times you post you're probably 99% American. That's just a simple example. Technology is not the only risk. Lots of things to think about.
/u/Nomad2
2 points
1 month ago
yeah if you in the US, the feds put someone away for 20 years or so just because they showed the court his work burner was at the same location as his normal phone 3 times. 3 fuckings times is all they needed no pictures of dude nothing.. that was before AI as well so who the fuck knows what tools they got and how little they need for the grand jury to indict. as mentioned above never forget the human element. Oh and it always helps if you post your crimes on social media like most do these days hahaha
/u/Yugong P I can move mountains ⛰️
2 points
1 month ago
You can't truly hide Tor usage see /post/5f1ba84246ac7d2f386f

Tor bridge selection see /post/8714394170635447819a/#c-5c9547de6c55a598c6

Detecting (not) Tor usage within VPN tunnels /post/c4e09387b3e36cc882bf/#c-1ecc6a655acc203cc9

Traffic analysis can be done on AS level bypassing threat model of Tor /post/12b9f500f87bba5c3a0d

All connection paths can be detected given enough time. Rotating elements including physical aspects within the paths and altering the paths themselves on a non-predictable schedule can be a good way to protect yourself in court. As proving all of it would require LE to reveal a lot of its spying capability and low chance to burn the methods for all only to put in prison a single high level target.
/u/rmrf P
1 points
1 month ago
I do agree with a lot you say, especially that hiding tor usage through bridges or even obfsproxy will only protect you to some degree. There are probably dozens of intelligence agencies tracking this activity and can figure out you are using Tor if you are doing it on a regular routine. I would be interested in more about how you feel about VPN to Tor being detected especially with protocols employed by ProtonVPN or Mullvad that pad traffic or make it more difficult to detect even VPN traffic.
/u/Yugong P I can move mountains ⛰️
3 points
1 month ago

1
Awards Received
Bronze
1
I don't think local adversaries can detect Tor within VPN tunnels at all. I have ongoing debate with /u/DaVenom on this one but there hasn't been any research or suggestion Tor traffic can be observed within VPN tunnels. To do that the VPN encapsulation must be broken beforehand or the adversary to be global. VPN before Tor I wouldn't say is good option against global adversaries.

Tor itself has some basic padding too (ConnectionPadding option) not enabled by default. Bridges with IAT mode 2 makes it easier to bypass network filters but not hide the actual VPN connection. None of it hides Tor usage but bypass network filters. Core example is China how private OBFS4 bridges with IAT mode 2 can work but eventually after weeks they fail due to the active probing and whitelist first configuration of GFW.

The problem with the VPN companies you mentioned are their IPs would be known to global adversaries. The only thing done is shift data visibility from one local ISP to another. LE at any point does monitor outgoing connections of such VPN companies without the need of their approval as they can easily splice up so to speak the cable connection as it leaves the data center. Nothing can prevent it and not to mention their plethora of cooperating core Tier 1 ASN whom power the backbone of Internet.

That one person who downvoted my initial comment shame on you at least bring your counter arguments as everything linked is logical and based on facts.
/u/rmrf P
1 points
1 month ago
Upvoted to fix it because you obviously aren't a fucking idiot.

I think your last point is one I really don't know how to even discuss without acknowledging that it is completely impossible to stop. Even if your VPN provider is no logs, runs in memory, and owners their server, they are still paying for the privilege of the network provider. They may not choose to log information, but what stops their ISP who is likely coerced to paid to provide such information.

Team Cymru pays ISP's for netflow data, does this bypass all the expectations of even the best VPN providers? I think this is a bigger problem that we are looking at sometimes only at a level of a goldfish looking at whatever is going on outside our fishtank.

To lessen the paranoia it would take a very strong attack by a very dedicated nation state to uncover some people deemed a threat compared to a casual user. I do still have the strong opinion that using a VPN before Tor is the wise choice because a VPN we may have to trust but all ISP's have proven they will cooperate because they have to (look at AT&T). I wonder at what amount of network hops it would truly take to make it impossible to stop you, for instance:

You are Malaysian, you connect to Hong Kong, then to Russia, then to the US, and your final exit. Ignoring latency these countries will not share information with eachother. The problem is that each of these countries will have their own surveillance programs which probably put you at as much risk.

I don't know if I am rambling but I really respect you insight into this topic.
/u/DaVenom Made of Ⱡ₳₴ɆⱤ₴
1 points
1 month ago
Sorry being late into this discussion. As /u/Yugong mentions we been discussing this topic.

First, the attack I describe below is AFAIK not used commonly by LE, this is used against specific groups or organizations that are prioritized by certain alphabet organizations.

What I try to achieve is a reasonable evidence that a global adversary can under certain conditions detect type of traffic and potentially correlate end-to-end communication, regardless of Tor and VPN connections.

What potentially can be possible is to analyze network package patterns by examining sequences, sizes, timestamps, TTL and more to get a "site specific interaction schema" (aka fingerprint), this especially during handshaking, DDoS protection and login. This in combination with a BGP attack, amplitude attack and censorship (blocking) can then reveal what services a specific user connects to. Combining this with a timing attack could then also reveal the users identity in the remote service.

However, this type of attack is AFAIK limited to individuals or groups connecting from fixed locations. Moreover, to fully detect what traffic is in the VPN tunnel, the adversary must also be in control of the server side network for confirmation of the correlation.

If the adversary can guess or detect one TCP connection or UDP communication they can filter out these packages from the VPN tunnel and thereby conclude if the tunnel contains additional network traffic which they can analyze further.

This does not mean that VPN is broken, but if someone is limited to always connect from a fixed location, and also become prioritized by LE, the above attack is plausible.

I have failed to collect reliable evidences of a such attack, I'm still working on this.
/u/Yugong P I can move mountains ⛰️
1 points
1 month ago
To be completely fair the argument (at least what we discussed in private) was more on the local adversary level whether Tor connection within VPN can be detected.

On a global scale as I briefly mentioned my opinion here and previously it's a pointless exercise as the global adversary can see in most cases the connections path end to end regardless if encrypted. One or several additional hops within countries or ASNs LE controls directly or indirectly wouldn't make a whole lot of difference than add time to discovery deadline. That very reasoning the whole VPN before or after Tor questions forms the answer and it's specific to the threat level the user faces.
/u/DaVenom Made of Ⱡ₳₴ɆⱤ₴
1 points
1 month ago
Right, as I tried to describe the first part of the attack is about scanning for the fingerprint of the handshake, DDoS and login sequences, which could give the adversary an indication on what sites the user is visiting. After this it goes blurry for me. The question is if the adversary is able to keep track on single communications after they successfully detected the initiation, at least it seems like they might been successful block partial traffic in a VPN tunnel.

What I see is sudden delays of the network traffic which could mean that the adversary sampling network packages for pattern recognition and then block certain flows and thereby achieve the partial blocking in the VPN tunnel. When delaying the network traffic, the communication is usually reset by the user or automatically, this could mean that the adversary needed a confirmation that they nailed the network flow, or that the adversary do this blocking to re-synchronize distinct communications by analyzing the reset handskaking.

It's a lot of guess work here. And it's not given that the adversary want's to play either, sometimes it can take days before odd things starts to occur.
/u/Yugong P I can move mountains ⛰️
1 points
1 month ago
I know exactly what you mean now. That's rather automated firewall rules and throttling what is being experienced a very much active learning reacting system. Certain countries looks to me to have it cross implemented. I'll add some extra details in PM to you.
/u/NemoFish
1 points
1 month ago
Many people use Tor, if the country doesn't ban it, he can use it.
/u/asfaleia ⚔️ασφάλεια⚔️
1 points
1 month ago
You are not safe. There is no OpSec on your side. Just some random things, tools and procedures you decided to use.
/u/monerikie
-1 points
1 month ago*
get yugong pilled motherfucker

feds watching you right now

the darknet is dead and so is liberty

tyranny has won the final battle

go flip burgers or kill yourself

(you are not alone in this)
  • Sponsors
VigorSwap Instant Crypto Exchange
FraudGPT

  • Explore Torhoo!

© Torhoo! 2025

All links are for educational and research purposes only. Torhoo! does not vouch for any site.

Advertise on Torhoo