Silk Road forums

Well, if you consider that cryptography might be totally broken (either by the way it's implemented or the underlying math) then the VPN isn't useful anymore...

That may be the case if they are targeting you, but it's unlikely they are breaking every VPN connection in the world on the fly.

Buy an external DVD drive and boot from that. Such drives are not expensive these days; if it doesn't work (and I don't see any reason why it shouldn't)  then your're only out on the order of $50 or so.

And you can return the drive for a full refund within a certain amount of time. I believe Walmart's policy is 15 days.

If you search the forum, you'll find several threads about getting a Mac to boot a USB thumb drive. People have had varying success with it. However, if that fails, running Whonix in a Truecrypt container is a good alternative.

kmf, you were one of the community's biggest assets. By far the most technically knowledgeable person on the forum, and my personal guru.

I'll miss ya man.

Also, please, please give me that code. The project is almost complete. It can't die now!

Oh i see, kmfkewm and ECCROT13 are the same person. The writing style is the same, the use of commas, the grammar, the large parenthetical blocks, the post volume, the same general knowledge and commentary. Dont worry about that pm, posting.

I don't believe they are the same person. A distinguishing feature of kmf's writing is that he rarely uses contractions while ECC_ROT13 uses a lot of contractions. Apparently kmf was unaware of this until I pointed it out to him, but I never got the impression they were the same person.

Another great tutorial, Bazille.

I've been pondering where the most risk is the many activities required for a trade on SR to go down.  I'm curious as to what the fine people of the forums think.

Where is the greatest risk:

-- In TOR?  Are hidden services and Tor in general completely fucked in terms of preserving anonymity?

Tor is relatively safer for users, much less safe for hidden services. An attacker can easily link users to the sites they are visiting, but he will only identify a small random sample of users. To get most users or a specific user costs a lot of money and may take a long time (on the order of months). It's not worth doing for most Tor users.

It's notable that LE served an application layer exploit to FH visitors, which means they weren't performing network layer attacks to identify them.

-- With Bitcoin?  Does the cashing out of bitcoin represent an extremely precarious part of the transaction?

You'd think it would be, although I haven't heard of anyone getting arrested after cashing out bitcoins. I guess there will be a first time for that eventually. Best way to do it is have trusted associates that want to cash in and trade with them, that way the coins never touch an exchange. The second best way would be to sell coins for cash on an OTC market, but that's not feasible for large amounts.

-- With the mail?  Are you most at risk when dropping your packages off?

Dropping off packages isn't as risky as picking them up. This is by far the biggest risk for buyers. Vendors should change drop locations and packaging methods often to avoid getting profiled, and never bring a mobile phone when mailing packages (so your travel patterns are not recorded. Even without GPS your location can be triangulated from phone towers fairly accurately. This becomes a risk if a seized package can be identified as coming from a specific drop location).

-- With SR interactions?  Is the risk of SR being compromised high, which would reveal too much identifying information in messages and other communications?

Certainly there's a risk of revealing too much info in messages, but that's what PGP is for.

Of course there are many things that should be done at each of these places, but I wondered what you thought to be the largest risk/the most likely place where a fuck-up could cost you your freedom?

For buyers it's receiving packages in the mail. For vendor it's unclear. To my knowledge, no SR vendor has been busted through an attack on Tor or an investigation of SR. The vendors I've heard about were busted either because they were receiving drugs in the mail themselves, or through IRL dealing.

If it were LE related, the whole site would be shut down and abandoned they wouldn't still be handing out refunds and allowing logins. That seems questionable.

Most likely it wasn't profitable so they shut down.

I interpreted the "security issues outside of our control" to mean they read the research papers and realized the Tor network, and hidden services in particular, are weak to many attacks, so they decided to quit while they were ahead.

But yeah that's unlikely to be the reason. The more likely reason is the site wasn't profitable enough for them to keep running it.

There's also this GPG4USB Tutorial: http://dkn255hz262ypmii.onion/index.php?topic=206998.msg1487769#msg1487769