Home » Articles » Tutorial: How to Anonymously Check Your Tracking
Click Here To Hide Tor

Tutorial: How to Anonymously Check Your Tracking

This is a tutorial for how to anonymously check your tracking on domestic or international drug packages using Russian-only Tor exit nodes and the parcel tracking website www.trackitonline.ru (hosted in Russia).

To give a primer why hiding your true IP address is important when querying a drug package tracking number, take this story as an example.

The drug importer in this article was arrested in 2015, with a key piece of evidence that helped the USPS investigators against him was because the drug importer had queried a drug package tracking number using his home IP address. There were a lot of other network security OpSec problems with this incident (like him sending package updates to his personal email address), but this individual could have protected by using the package tracking method outlined in this tutorial and also by using a burner (preferably Dark Net) email in this particular scenario.

The method works like this:

The Russian website www.trackitonline.ru (sorry, no https version) is hosted in Russia and can accept any domestic or international tracking number, and will query the respective parcel carriers (American USPS, etc) for their tracking information on this package. Therefore the parcel tracking requests that www.trackitonline.ru makes to the USPS or other parcel carriers will appear that they came from the www.trackitonline.ru servers.

russ1

 

russ2

By modifying your Tor torrc file, you can force all of your Tor network traffic through Russian-only Tor exit nodes. Since www.trackitonline.ru is hosted in Russia at the time of writing this, your own request for a parcel tracking number would therefore come from a Russian IP address (the Russian Tor exit node) to another Russian IP address (the www.trackitonline.ru website), which would therefore make it very difficult for the NSA or other Western spying agencies to detect this with their traditional cable-tapping mass surveillance tactics.

In addition, the American USPS or other carrier would just see this as another parcel tracking request from www.trackitonline.ru, and according to the online metrics website, URL Metrics, trackitonline.ru receives 136,000 monthly visits at the time of writing this tutorial.

russ3

Therefore it seems it would be very uneconomical for the American USPS or other parcel carriers to profile only packages that were queried by www.trackitonline.ru. If only 10% of those 136,000 monthly visitors queried an American USPS package, this would be approximately 453 packages checked per day by trackitonline.ru in a 30 month day, or roughly 1 package queried every 3 minutes.

A straightforward guide how to modify your torrc file can be found here. (no https again, sorry).

This basically involves modifying your torrc file to include the following two lines:

russ4

A restart of the Tor process itself on Tails will be required, or a complete exit and starting of your Tor Browser on other Linux distros or Windows will be required for these changes to take effect.

On Tails, modify your torrc file with the command:

Then add the two “StrictNodes 1” and “ExitNodes {ru}” lines from above.

On Tails, the Tor process must then be completely restarted with the command:

On other Linux distros, where your Tor Browser was downloaded anywhere to your home folder, you can find your torrc file with the command:

Then edit the torrc file with either:

or

After restarting the Tor process on Tails or the Tor Browser on other Linux distros or on Windows, you can check that your Tor Browser is using a Russian-only exit node by visiting the following webpage in your Tor Browser, which will show the country of your IP address: https://www.astrill.com/what-is-my-ip-address.php This Astrill link works nice since it is one of the few pages that shows both your IP address and country, without bringing up a CloudFlare captcha when visited in Tor.

russ5

Unless you speak Russian, you will need to copy/paste the relevant parts of the tracking details into Google translate or another translator website that will convert Russian to English/your-language-of-choice. Google translate works without JavaScript and it is recommended to use Tor when doing this.

russ6

This tutorial was written to help keep Dark Net Market users secure while tracking their packages, whether for personal use or to resell.

8 comments

  1. Hi, I’m deepwebdrugs, the author of this tutorial.

    In case anybody has any questions about this method, I will check back here at least once a day for the next week.

    Here is my PGP public key if ever needed
    -----BEGIN PGP PUBLIC KEY BLOCK-----

    mQINBFczRy4BEAD286EO9xJavFZF8XMCHO10c8hNKiHuC5/S4ZEPakHb012hec7/
    iZEs2QRvEx+Kj5xmsaGwn58WX4LW6PEK6F9QX/bN/TIY66Iv68INW3auMsYB5CK5
    I7J3HKn/kjycBg996+BndpCYXUHC43AeBcjbTtoIwoqQMaKGqXZC/goPKf9phWcP
    psOX47mPYI/MO4IOZbcRpVDcKm+QLuZstOy4lKCTtn+XC1GAmXGUYOhQ9DD3DoBq
    S2RhA4xrH47DytQ2Z0Ne2jRlJ4gT1vb+bi7+MUA4euhNugp0ASErXYJhd1+tZOue
    Um342dc/0MFL8QXhSqwk87zVDf+FaHbcFXgjk6R/3RQjbrJVbTmk/XuciuUEsS97
    2jF8Ry2QHi9iMN7IA1KvnbahaBaXsHeRIlKJnX5QPrnd0AbHG6g6Wcu0K51vTwic
    TdnVy9RkjNh6vawEKCXLqz9leB/1SLiI3PaNBk/SfENH2+G6cSyc6v7FJ95A16+O
    EyG9Pvx/g29A/4CrfK6hHD0XDhBc++qXwBqaC7csdy3Ab6SUdk9alH+356svs+q2
    q56yYSsKJ8bQHTCSH02IjcxrILvtq+cq9jHIzaKuCd5/K3RKfTqOsV5V8GeYGMGz
    p3JxL3Qy511+qAoqfc7mpNa2HK1DMd1cAxb/rk+o+fbBdxB6xFv0uJjF0wARAQAB
    tCdkZWVwd2ViZHJ1Z3MgPGRlZXB3ZWJkcnVnc0BzaWdhaW50Lm9yZz6JAj4EEwEC
    ACgFAlczRy4CGwMFCQlmAYAGCwkIBwMCBhUIAgkKCwQWAgMBAh4BAheAAAoJENrd
    6G6wkq9zmGUQALQc3qaEwsiglDFGw0hRBjARycPAYAIs9I1g0bBQXn8g8eQPnOQJ
    rveAdfXtV4lbJZV51LbWomzqIzscmNevVmd+l4dbXmni6IF1W6swvU8E4h5p69d3
    EeJT6Vh8Nue2hGIBB3gNB4kSKTbDIY4ewfHohBcN88gnAJeTTD+cpPj/2qZGj6lL
    mfyS+S0XV/mIeneiTyK0GjW2NbnF+GQ5Qy2tFzIFglv7YfmDMT1iCUsJ1KJ3SYDY
    Az6WTNGrOsG9y9Aj1nA2wDOIYADuywmLD0Adlb6bGt2jZ9TophHjJmS3gR1pJo7s
    cd0bXdclJ2AeOYSLoQMLuMMClVQDH03KY5jemK/s8kHDD/kqSRqO/1uBVvFgbLWm
    g98D3dBBJMOwEU2xcqqxYu/iFEmgIotUg1sc+1o+hgLto6148y56IS9bYLtbNlWX
    zbq0SpML6yI/WGkSWljbfxhli2g+QlMc0QlY/Dr2Lc/09PNJ3df1Dv8l/RYqDrQF
    SICB/gzkVLr0pj8cqrR0mIInxE4vEbm88IHJXNYyKZPGmKM0cgldVMZdWpDuAM5J
    JStsM8TLTcmBMP1VN3HxtRyBEVpLKqnBE6mwNj0XKrksRvVgkMswsXr5wQwSCClI
    r6r0jFgHddqnFy2l7W1YyLw3QVEZiD9pxVCQoDhe/GIYae2O4U4xkBR1uQINBFcz
    Ry4BEACwyegca0oHtMdfLxmWuUUFInmhIiDGsLgVCEcK/ctA7rW4ZoD6zNp5iQw5
    OOTOKp1I6P0Gzc+T/zMSef05qWgWQmOmxlkAqu3LIbJW1eQU7E6Od/dk9uU2USK0
    N5b9Gg5fYG660q+1nQmRhxgW5ZU6D9QEnbn0lzYwKGomE/v/v8YjGqhmYv0iMdxd
    pa8v3xYjfIbTRl8Qir09O4xbsSc2/vyS3UfwKTXkXXK0xsyuAhU6fRRc8cCR7usj
    ng9zH//n/E8JnA1x9loAi2cSIAjbrXKL1OoT1FZ/h+0S7/wuIn4El8QD4eAFoclk
    obWOTyFDpi71WFKR7vuhtIq96FuTfAiHA7MzaBDHOUGjS+40n+qx8mJ31OmZ0ruc
    pdPAIRZbH8B8yWZ8hmnuqxBf3yAUPKrBIxpMQdGTiUoTiluUnkAukx1TDsh4edFB
    1WXoiBE2FmJOvgeVYQXCDzsqQdchGt+bfOdjoY9E+hVSgmzVKcWavgoQz8oM/qOL
    4iEJoVoHXaGdWbLvCxd/qkPnqCCCnQOxGkdl7bSp28wni9Ih+NkURpc2QWejaszE
    bZk2fyO0rUi+B8D/RBC0vdDRfiR3LpQDDmUUUQ8u/gPg0n/fd5NpjdQ62Uw9A1ou
    mWSdAMnQHLoj7/IjdEnC1GzGDsTL24LdmwylgKOeWXK4nlNE6wARAQABiQIlBBgB
    AgAPBQJXM0cuAhsMBQkJZgGAAAoJENrd6G6wkq9zBBUP+wbgSl92pwYRdVvNPrqs
    ELkVSjJ1AiGryXpM1b1H4NSUuMkRnVzYE4nU3Xady0Dh1sMAOZEn+jZydRpTj1b0
    dBt/PoHp70W+uPR1Oz7eyeEZ1P+1O+NJYObosRUqHnji7GyfZNV9+BZUDlxE1J+4
    OC5Vki0E7/d0MMTxFH8C1O9SiSJyDyoQb0R8ftTz0+t6aopuQsWGKDrVV+Lshplt
    go0QYkmbG6c1YDRZ8xjnWJ7bZ9o9yDd6W3CI2FrYlq7Tg4s4tqsvkoT/WJ+M1wWC
    oygsr/njv4Vvd0G7Qx8IU1e4Z/r86icSr7JsC4Y7ob9RiMmm6gBbVYrTXDLBCUmE
    XPhuX/FLXD0Zj64mVKmDFQeY9FmQ5rjc3/QO9oCUDV3EmKDURqBq1VbXvVeqy+nP
    a4LvMb+xkJueSo3Nj1zhmXOdltqhk1tyY5w1AMd4cXm7opZDhAPm1mupaw79k99n
    gKDFMbY2YJUB2b31Vq87ztmxR9GMhUMHA2Cyszvp/gEYjMuk4sT/QN9BrUNdWqOp
    PL2lgFpwuyRc75hNFT33XpQXBngsU4ERbi0DgSdxUAkJ0LOOXvSKV5s9xLnH43Tx
    nJwwPy+K6jadbV18xaWt/IAvTbZhchF+xc6vMfskgfQrX0kWfYrejaP8PjWINnMb
    YPkLtv0lkwyyrKAShePAebNC
    =gWSw
    -----END PGP PUBLIC KEY BLOCK-----

  2. Why would you disclose an often used non 5 eye compliant site to the general public?

    Do you not think the post will gather scrutiny?

    Disappointing

    • deepwebdrugs

      @bad end’n, with the volume of packages http://www.trackitonline.ru checks per day (most likely over 100,000, evidence is presented in the article), for any of the 5 eyes countries USPS-equivalent to give these packages queried by http://www.trackitonline.ru extra scrutiny is just completely uneconomical.

      Plus not everybody will use http://www.trackitonline.ru for nefarious purposes so there should be many other packages queries coming from http://www.trackitonline.ru to the American USPS and other 5 eyes postal carriers.

      @Yolo Good question. This is because if you just use Tor your Tor exit node traffic can come from any random country, which basically means if it’s a western country its network traffic to Russia will monitored by the NSA. This could theoretically arouse suspicion for a package and this network request is at the very least logged for a period of time. Why give the NSA the opportunity to know you were even interested in that package to begin with?

      @Yolo the only two lines you need to add to your torrc file are the lines:

      StrictNodes 1
      ExitNodes {ru}

      All of the rest of the info displayed in the torrc file is not necessary, and I was just using Tails as a demo since many readers are probably familiar with it already. You should not add any lines other than these two above to make this technique work for you.

  3. Why is it important to also modify the tor file, and not just simply use tor?

    my torrc file doesnt even have a fraction of the information listed in the tutorial, i guess i gotta do some more reading to do it right

  4. Is it a stupid question to ask why not use just use a VPN or two?

    Pay with BT and use a virtual machine..

    Is this method not secure enough?

    • idontno

      keep the vpn in the same country as yours,and not using tor to check, as far as i know that works. this seems a bit like a lot more work for a possible gain. the gain is great if its the difference in outcome. there were a few, at the time of writing, whicgh is not comfo9rting,

    • deepwebdrugs

      @BongMan A VPN would totally work. My old method was using a Russian VPN exit node from inside of a VM (doing it in a VM so that my host OS VPN could remain connected and I didn’t have to drop everything else I was doing to check a package).

      But I thought that this Russian Tor exit node method was easier and so I wanted to share it.

      @idontno Using a VPN from your own country would work to check the code of course, but if you’re within a Western country, the NSA or other mass surveillance agency would see that web request to http://www.trackitonline.ru.

      By using this Russian Tor exit node method you can hide from the eyes of the NSA that your VPN or Tor node queried that package at all. All that the NSA would see is a possible web request (and only if the USPS is not using HTTPS for their tracking API) from http://www.trackitonline.ru for that package number to the American USPS. And there’s so many other thousands of other packages that get queried this way per month so it would be very difficult for the USPS to just add extra scrunity to any of these packages just because some Russian website made a tracking request for it.

  5. Thanks for the write-up!

    Pardon my ignorance, but does adding the Tor exit node to the .tor file hinder the browsers programmed ability to create stable yet disguised connections throughout the network? Will all my nodes be geo-located in Russia? Have you found any other sites like this one that would work similarly?

Leave a Reply

Your email address will not be published. Required fields are marked *

*

Captcha: *