Silk Road forums

Discussion => Security => Topic started by: brontosaurus on July 30, 2011, 10:41 pm

Title: e-mail confirmation from Mt. Gox not Tor enabled
Post by: brontosaurus on July 30, 2011, 10:41 pm
New to this. I want to be sure I am being as discreet as possible. However, I believe I may have made a mistake sending Bitcoins from Mt. Gox to my Silk Road account whilst NOT using Tor. Yes, Silk road was being used under Tor, but when I received my e-mail confirmation, I was using Google Chrome. The e-mail verified my true IP address and everything! Is this something to be concerned over? Shall I do it over ALL under TOR? Please help. Kind regards, Bronto
Title: Re: e-mail confirmation from Mt. Gox not Tor enabled
Post by: digitas on July 30, 2011, 11:16 pm
Let me get this straight: you sent coins from Mt Gox directly to a SR bitcoin wallet and Mt Gox sent a confirmation email that you looked at while using your normal IP/email client?

If so then yes, you made a mistake, but it is in the past and you can't really do too much about it now -- just learn what happened, how it wrong and how to fix it in the future.  If you are a small time buyer then your risk is lower relative to other sellers/buyers on Silk Road and you shouldn't worry too much.  Just don't do it again.

First, you sent coins from Mt. Gox directly to a Silk Road account.  I'm assuming you transferred money into Mt Gox from a bank (probably via Dwolla or similar service) and that means that the coins you got from Mt Gox are tied to the identity that opened the bank account.  If anyone ever compromises Silk Road and learns the bitcoin addresses it uses for its accounts, it would be a fairly trivial thing for that person to tie the transaction back to your bank account (now, they would have to do a fair amount of "backtracking" through the bitcoin record and have to get records from Mt. Gox but Mt Gox has already said it will cooperate with law enforcement so we can just assume that Mt Gox isn't safe in this regard and that it is more or less not much of an issue for this transaction to be linked back to you).

Next, you checked an email address not over Tor, using your normal IP address (which is tied to your real identity).  This simply provides another piece of evidence in the case against you as anyone (with the proper records) could look at the email and see that your IP accessed it at one point in time, suggesting that you did in fact at one point have ownership of the email account being used to purchase off Slik Road.

If I am understanding your situation correctly, then you made a few mistakes... But, the good news is that you are probably a small timer relative to all of the Silk Road traffic and to make any link, law enforcement (or whoever is looking) would have to spend the energy/resources to get all of the records I mentioned and put it all together.  Most people on here assume that for small volume buyers, the risk is reduced because you aren't worth the extra effort on law enforcement's part.  So don't get too concerned about it.  Just know that you made a mistake.

In the future:

Run EVERYTHING through Tor (Tor for Web browsing, use a web-based email so that you can check it over Tor, and run your Bitcoin client over the Tor network -- configure BTC to use the Tor proxy)

Use a coin tumbler or similar method to remove the link between coins bought with money from you bank account and the identity associated with that bank account

TIP: next time, clearly line up each transaction you want to make and run it by someone on these boards... if you do your research you can make your next transaction much more anonymous than the one you described
Title: Re: e-mail confirmation from Mt. Gox not Tor enabled
Post by: hujaboo on July 31, 2011, 12:48 am
Hmm I've also been using Mt Gox outside of Tor and didn't think there was anything wrong with this.

Is there a guide on exactly how you should go about transferring bitcoins from Mt Gox and using a coin tumbler?

Cheers.
Title: Re: e-mail confirmation from Mt. Gox not Tor enabled
Post by: chronicpain on July 31, 2011, 02:10 am
Most of my transactions are going the opposite direction. I always go from SR-torenabled wallet-to mtgox thru tor enabled wallet. It would very difficult to show that btc came from sr. Granted, you can always use that btc tumber, but as long as your not running big numbers in any given day or month, you should be ok.

Now, going directly from SR to MT Gox isnt a good idea (going both ways) Even though sending btc from SR to a tor enabled wallet really isnt tumbling, i call it a poor mans way of tumbling. Also, It may be a good idea to access MT. gox from a library or a public place. Also, make a couple of Mt. Gox accounts and transfer it from one to another or go to/from liberty reserve. If I use my computer to access mt gox from home, they will have my ip address. but, they would have to prove that the btc came or went to/from silk road. (which would be tough to prove if you are using a tor wallet)

I also do a couple of other things that I wont share publicly, its a good idea to keep some things a secret...

Adding layers of protection is always a good idea.
Title: Re: e-mail confirmation from Mt. Gox not Tor enabled
Post by: hujaboo on July 31, 2011, 04:37 am
So would a method like this be good for buying?

Bank > E-currency Provider > Liberty Reserve > Mt.Gox > Seperate Tor made Mt.Gox Account > SR

Appreciate the help.
Title: Re: e-mail confirmation from Mt. Gox not Tor enabled
Post by: anarcho47 on July 31, 2011, 06:18 am
If you can actually log into mtgox with Tor you are lucky.  They constantly update the Tor IP's because that is how they have been hacked in the past - they disable login through known Tor addresses, so unless you get a pretty new one you can't get on Mtgox at all.

Use a tumbler.  It's 0.5%, and well worth it.  This mixes your coins in with a bunch of other transactions so it is virtually impossible to trace the BTC chain.

It should go:  Bank (ayee!  use an anon credit card or something here if you can) --> E-currency --> MtGox ---> wallet --> tumbler --> SR, then reversed on the way out (if you are selling).  Tumbling is key.  There are new exchanges out that will let you use Tor to connect to them (Tradehill, cavertex (for canadians)), so you can be anon the whole way through if you fund with a pre-paid credit gift card.