Silk Road forums
Discussion => Security => Topic started by: Drone75blackbird on December 12, 2011, 09:45 am
-
I know this is a common issue but it seems that everyone has their own way of doing things. I was hoping someone could just comment on my current method of purchasing (which I am a little worried about) and tell me how I can increase my security.
Basically I put money directly from my bank account into Dwolla, then move it to Mt.Gox and send the bit coins to SR. I figured that was enough because I had more faith in bitcoins. Now I am reading that in fact they are traceable? Perhaps someone could just give me some tips with a step or two to make it more anonymous.
Additionally the Dwolla and Mt. Gox accounts are both in my name. Hopefully I am not fucked (only made one transfer of about $150 so far so hopefully I don't draw too much attention). Any help is greatly appreciated, especially if you can be very specific.
-
What I do is this:
1. Buy Bitcoins from bank account through Intersango account registered with untraceable email address and only accessed through TOR
2. Set up 4 Instawallets set up through TOR
3. Send a % of the BTC to Instawallet 1
4. Send the remainder to Instawallet 2
5. Leave for a few hours
6. Send a % from Instawallet 1 to Instawallet 3
7. Send a % from Instawallet 2 to Instawallet 3
8. Send the remainder from Instawallet 1 to Instawallet 4
9. Send the remainder from Instawallet 2 to Instawallet 4
10. Leave for a few hours
11. Send all BTC from Instawallet 3 to Instawallet 4
12. Send all BTC from Instawallet 4 to SilkRoad.
Its probably over the top but I want to make sure it is anonymous as possible. When I have the time I buy the Bitcoins for cash in stage 1, but I cant be bothered to go to the bank to do it every time.
-
Just keep in mind that the major bitcoin exchanges act as tumblers, and SR acts as its own internal tumbler several times over, so it would already be almost impossible to trace-to-origin all of the bitcoins you bring on here (or even a small percentage of them). The amount of resources it would take to track down even 10btc would have to be pretty staggering, and then you need timestamps and such to verify everything.
Basically, someone could see that bitcoins made it to SR, but not what they were used for. Or that they were leaving SR, but not what they were used for.
If you have your Bitcoin client set up to run over Tor, that is usually enough. I do not recommend sending your coins straight from exchanger to SR, though - routing through one or two different addresses is always a good idea. Same goes for outgoing withdrawals of BTC.
You aren't fucked for several reasons. one being that you can trace the payment path/block chain on bitcoins, but every paper I have read just gets you an address in the end, a point of origin. They still can't crack the encryption to actually identify someone on the other side, only acknowledge that "the entity with this address did sent these coins here". Your purchase on SR itself would be virtually impossible to trace, and I would think that LE is spending way more time tracking outgoing BTC from SR to nab sellers than incoming for small time buyers (maybe if they saw a few grand coming in they would look twice on the assumption it's a bulk buy for a f2f seller).
I recommend setting up another mtgox account often, just use a throwaway email address and use it for a week or 3, then open a new one. Or with any other exchanger. No matter what your Dwolla is going to have your real personal information becuase it is linked to your bank account, but that's fine. They are doing $1million + a day in volume right now, and a lot of that is small-time amounts right in your general region, so it's pretty easy to get lost in the fray. Especially since they are growing pretty fast and have some big shit planned for the next couple of months (I wish I could invest in their company because they have some solid ideas and are basically creating a secondary payment network that completely circumvents the existing one. It's pretty revolutionary).
You have to worry a lot more about buying from good sellers, because I'm sure there are more than a couple LE's accumulating buyer addresses on here (if you lurk the forums you will see some funny things have happened over the past few months), and of course using PGP for sensitive information. If you take just those steps, it would be impossible to prove that you intentionally attempted to receive drugs in the event of LE bringing the state's violent hammer down. The rest is just circumstantial evidence, and for all anyone knows you decided now would be a great time to invest in this new phenomenon called bitcoins and threw them into a secure wallet so they can go up in value.....
-
Thank you to the both of you for responding. I have spent a lot of time lurking in the Off Topic forums just having fun (and learning) posting about drugs and what not. This is probably some of the most useful information I have received yet. I do realize people have similar questions often but I was just curious what you thought of my process so thanks for not chewing me up for asking :)
anarcho-
First- Thank you for allaying my fears. I was actually somewhat nervous when I realized that both Dwolla and Mt. Gox were linked directly to me when someone else posted that Mt. Gox was co-operating with federal agencies and someone else said bitcoins were traceable. The fact that they are still encrypted has put me at significant ease.
I think I will send them from Mt. Gox through 1 or 2 Instawallets at instawallet.org (using TOR browser) not using the green address feature. I assume that's what you meant by routing through one or two addresses?
What use would setting up a new Mt. Gox account do for me? It is still linked to my name. They allow you to deposit bitcoins but if you want to send them anywhere else they ask for a copy of a cable, internet, utility bill etc and the image of your license.
I am not at all worried about the sellers unless perhaps one is compromised. I am very careful before purchasing and am not willing to buy from new sellers (I know most will be legit but I need to protect myself first). Also I wouldn't worry about LE collecting addresses. It is illegal for them to put illicit drugs back on the market (in the US). I'm not saying they don't break the law but I don't think they would do this. Therefore a seller with a history of customer satisfaction doesn't worry me too much.
1as3df4gh- Am I able to buy bitcoins with straight cash at Intersango? I wouldn't mind the wait time if that were the case. Cash would be ridiculously untraceable versus having a bank statement say how much money I put into Dwolla. Have you used this method with success? Additionally is there any chance that if I leave money in a wallet at instawallet.org they will give my URL to someone else? Another question for instawallet- do you think its smart to not use the green address feature?
To the both of you- feel free to answer in one word sentences (where possible). I don't mean to hog your time. :) Thanks again very much.
-
Don't fall into the paranoia trap.
Dwolla->Mt. Gox->SR is fine. I used to move the coins around a little bit, but one or two times of having an item go out of stock from underneath you will change those habits real quick.
Look, it's the age old issue: going after consumers doesn't provide the same return on investment as going after vendors. The people who have money problems associated with Silk Road are the vendors...how to move all that money back into cash in a way they don't get noticed.
Spending a couple of thousand dollars a year on bitcoins is about all that LEO will ever be able to prove you've done. Was it gambling? Playing games? Ordering socks? Or was it buying drugs off of SR? While they may know with every ounce of their existence that it was drugs on SR, proving it in a court of law (which can barely understand domain names...forget about bitcoin, tor, etc) is a whole different story.
That's the whole point: With unlimited resources, yes, people could probably prove something. But the impact of such prosecution is nonexistent, and extremely expensive. For personal amounts, they typically don't even bother with a controlled delivery, they just confiscate it...that's how little time and money they have for this.
If people understood the scale and scope of criminal activity going on every day, that LEO knows about and wants to prosecute but can't for various reasons...they would not lose any sleep about making a small trail with their bitcoins.
-
You don't need to provide ID for MtGox unless you are moving a pretty significant amount of BTC. the "unverified" limit is 400 BTC per day and 1000 USD per day. The verified limit is way way higher than this, but who wants to send all of that crap in to a virtual exchanger?
-
You don't need to provide ID for MtGox unless you are moving a pretty significant amount of BTC. the "unverified" limit is 400 BTC per day and 1000 USD per day. The verified limit is way way higher than this, but who wants to send all of that crap in to a virtual exchanger?
+1. Mt Gox should NOT be receiving any of your personal information. All Mt Gox needs is an email address. Create a throwaway email address with Tormail, and create new ones every now and then. In your scheme, Dwolla should be the only people with correct info (since they're tied to your bank account anyway). You could have sent money from Dwolla to anyone, no need to tie yourself to the next step in the equation.
-
Hi, yes you can buy coins for cash with Intersango. Only if you are in the UK though. You get an account number and reference code when you set up an account with them and you can just walk in to any branch of Lloyds Bank and pay in cash over the counter. This gets credited to your account and then you can buy coins with it. Its almost perfectly anonymous as the only chance of being identified is if LE are onto you and get the CCTV from the bank where you paid the cash in and can identify you from it, which is a bit of a long shot.
-
Yes that would be very much a long shot. Unfortunately I'm not in the UK but thank you for the tip!
I feel very stupid for verifying my account with Mt. Gox. For some reason it seemed to me that I had to before they would let me withdraw any bitcoins but perhaps I read that wrong or maybe they marked my account for some reason. I did email support mad that I couldn't log in as it said my IP was blocked but I realized later that's because I was trying to log in through TOR.
I think I'll still send my coins to an instawallet though because hypothetically they can track the fact I used Mt. Gox if they were watching my IP (since you can't log on via TOR). Anyway thanks everyone for the tips - they are greatly appreciated!
Side note: I have created a tormail.net account and already made a new Mt. Gox. Will try again with a small amount of bitcoins just to test the process.
-
As long as you tumble a couple of times you should be fine. Bitcoins themselves are not illegal and as long as you break the link between you and SR you will be fine.