Silk Road forums

First, I'd like to thank everyone in this thread who supported me. I'm glad to see all the help I gave people wasn't destroyed by accusations from some troll.

SSBD, you're right, nanpa spent months on the forum shilling for the Atlantis admins. He's a terrible judge of character.

nanpa, fuck off, douchebag.

Also this is a blatant lie:

    i REALLY TRIED TO GET SOMEONE TO LISTEN .....  IMO  Astor's replies to me were susspect, the ONLY Admin I trusted was Inigo

I was never an admin and never messaged that guy.

As for "ingratiating" myself with DPR, I exchanged all of maybe 5 PMs with him ever.

Finally, and much more importantly than all this bullshit, Tor is dead.

The gaping hole in the criminal complaint is how they identified the servers. We will never find out how they did it, but I don't trust Tor anymore. It is unsafe to run a hidden service that piques the interest of three letter agencies. If you do that, you are going to lose.

I see everyone is going to BMR. I believe that is a mistake. BMR will be next. We need a system better than Tor.

Signing off for the last time.

-astor

Running Tails in a VM defeats the two main advantages of using Tails.

1. Leaving no trace on your computer. If you're running it in a VM, then the system image is on your hard drive. The reason most people want to use Tails is so they can put it on a thumb drive that is easily destroyed, swallowed, flushed down the toilet, etc., leaving no trace of Tor activity on their computer. If the shit hits the fan, you won't have time to properly wipe your drive or that file.

2. It's based on Linux, so the attack surface for malware is much smaller. Assuming Windows is your host operating system, your Tails VM is potentially vulnerable to the malware that infects Windows.

If you're going to run something in a VM, you might as well run Whonix, which isolates Tor in a separate VM and gives you a little better security, although you need to store the images in an encrypted container, or install a custom Workstation with full disk encryption, because unlike Tails, data is stored unencrypted in the default Whonix Workstation.

Unfortunately, Whonix hasn't been updated in 6 months and the Gateway VM still uses Tor 0.2.3, and upgrading it to Tor 0.2.4 seems to break the Gateway for a lot of people. I haven't explored it enough to figure out what the safe upgrade path is (ie, which changes should be accepted and which shouldn't during the upgrade), although I did get Tor 0.2.4 working in the Gateway before. Expect Whonix to be slow with Tor 0.2.3 because of the botnet.

OTOH, the latest version of Tails upgraded to Tor 0.2.4, so kudos to them. The main problem with Tails is the lack of persistent entry guards. That should be TODO item number one. I don't know why it isn't. You should manually set bridges to get persistent entry guards.


BTW, Tails isn't the best way to browse SR. Take a look at this thread:

http://dkn255hz262ypmii.onion/index.php?topic=201622.msg1448383#msg1448383

In the two months since that thread was started, a paper came out about external passive surveillance of the Tor network,

http://dkn255hz262ypmii.onion/index.php?topic=209514.msg1512060#msg1512060

and we've learned a lot about massive surveillance by intel agencies. These revelations have changed the game, imo.

I honestly don't know what to tell you now. Tor may not be sufficient to protect you against near-global surveillance by cooperating intel agencies. It seems that all low latency anonymity systems are fucked. The Tor Project web site admits as much, right on the main page:

"For most uses, Tor provides the best available protection against a well-resourced observer. It's an open question how much protection Tor (or any other existing anonymous communications tool) provides against the NSA's large-scale Internet surveillance."

The people I talk to who know a lot about anonymity systems seem to think that high latency mix networks are the only way to get anonymity in the face of this surveillance.

The only thing I can tell you in the mean time is to tunnel out of and/or avoid the countries with the most aggressive surveillance.

I guess we are using the term CA differently. A certificate authority to me is one of the 650 countries or companies that get their root certificates installed in various products like browsers. So if the NSA can get any one of those root certificates, they can sign a client certificate to MITM you (unless the certificate is pinned). With OpenVPN you are given one root certificate by your provider. It's a lot harder to MITM because the client certificate has to be signed by that one root certificate, not any one of 650. Unless there are other weaknesses in the protocol, OpenVPN is a lot safer than HTTPS, which can be broken by stealing, hacking, or brute forcing any of the root certs in your browser.

The CA system is shit precisely because it relies on the security of 650 independent entities, and is only as secure as the most insecure one, and we know some of them have been hacked. We can also be 99.9% certain many of them have turned their root certs over to the NSA.


Meanwhile, a random person or organization that signs their own cert is not a certificate "authority" by my definition. I can sign cert for my web server and your browser will act like your computer is going to explode when you encounter it. Although if you accept my certificate, you can't be MITMed there after.

Yeah, that will work.

The whole point is so anyone watching the mixer doesn't see:

1.327 BTC -> mixer -> (2 or 3 transactions to same address) -> 1.327 * (0.97 to 0.99)

That would be relatively easy traffic analysis.

The transaction fees may turn out to be less with more transactions, because a single transaction can be charged up to 3%, but with several transactions, the average across them tends to be about 2%.

If you don't have extra coins to split out, send them to different addresses in 2 or 3 transactions, several hours or days apart. For extra safety, you could withdraw part of them directly to your SR address and the other part to your Electrum address, then change your SR address and send the Electrum coins to SR.

That would make it a lot harder to link the coins coming out from the coins going in, which would only require looking for coins going to address linked to the mixer worth 1-3% more than the coins coming out.

BTW, you should edit out that bitcoin amount, because it's very specific and should be easy to identify in the block chain. We would be better off if we all used round numbers like 1.0 or increments of 0.1. That's how Zercoin will work.

None unless you absolutely need to use them. You should be using Bitcoin-QT or Electrum over Tor, although Electrum is only safe when using hidden service Electrum servers. There's a bug that bypasses Tor when connecting to clearnet servers. You don't need JavaScript at all to use desktop apps. But if you must use blockchain.info, Tor with JavaScript is better than clearnet.

The site is working fine for me.

Is Blockchain alright to use on the Clearweb? Because I'm trying to create an account on it, and since I have Java and some others disabled with Tor, I can't see the Captcha or even press "Create".

I saw the admin claim in a bitcointalk.org thread that their server has a small SSD drive and can only store 8 hours of logs at time, but I wouldn't take his word for it. If you want to remain anonymous, using Tor with JavaScript enabled is much better than connecting over clearnet. Just whitelist the domain blockchain.info.

Not sure how to use VPN with Tails, but with Whonix you could start the VPN software on the host OS so it would tunnel all the Whonix traffic through the VPN. You should use a clean host OS for that, so there is no unwanted information getting transmitted through the VPN.

Tails doesn't support VPNs out of the box and the developers are against it. Easiest way to use a VPN with Tails is to buy a router that supports OpenVPN and set it up there.