Silk Road forums

There was absolutely NO problem with the old feedback system, except for the possible extortion and feedback leverage

I agree with this. The 4 month window to change reviews was absurd. It should have closed 2 or 3 weeks after finalizing. We've gone from one extreme to the other, and it isn't better.

The new system is good, just too specific.  Make aliases customizable sure, but set them by default to random hex strings.

Step back and ask yourself what the purpose of the alias is.

Do you want to unlink your market username from your forum username? If so, you shouldn't be using the same username in the first place, because you leak it to every vendor that you make a purchase from. Thus you link your market and forum accounts to every vendor. That's a threat to your privacy, because a vendor could intentionally or unintentionally reveal the association.

Do you want to leave a review without the vendor knowing which buyer you are? Right now the stats are too specific and it should be trivial to do. I am a vendor. Someone with 3 m 5 d made a purchase off me 5 days ago, and today someone with 3 m 10 d left a review. Derp, they're the same person. Not too many vendors will get purchases on the same day from two accounts that are the same age down to the day, but if there's any doubt, the other stats will distinguish them. (And obviously vendors can save stats to identify their reviewers.)

Under this implementation, an alias is a superficial and flawed privacy defense, and it doesn't matter if it's a hex string.

And then make buyer stats generalized!  That's all you have to do.  e.g.  $0-50; $50-200; $200-1000; etc, and 0-5 purchases; 5-10 purchases, or something like that.  Or just make it completely generalized (use a hidden or exposed rating system for buyers).

The main reason I've heard why we should see buyer stats is to ferret out shills, but shills operate at the low end of the buyer spectrum. Dividing the stats into two categories could be sufficient: less than 10 purchases vs more than 10 purchases, less than $1000 spent vs more than $1000 spent. You can ignore reviews from the low category. Maybe there could be a feature to hide them.

If you want, you can subdivide into more categories, but I honestly don't see the point. I don't see why someone with $12,000 spent is inherently more trustworthy than someone with $2000 spent. And the account age is utterly useless. People can register accounts months before they use them for anything. I have accounts that are over 6 months old and one that is over a year old with no or little spent on them. If you think account age means anything, I can create a vendor account and easily fool you.

Bottom line is, these stats are needlessly specific and threaten the privacy of buyers.

Unless I'm misunderstanding, #1 has to be true.  If servers can see the files they store, but don't have access to the key to those files, I don't see how they can exercise any content-level control over what they store or serve.   An encrypted BLOB is an encrypted BLOB.

If the content is uploaded encrypted and the operator doesn't know the key, then they don't know what they are storing, so they can't be blamed for what they're hosting anymore than Dropbox can be blamed if someone dumps a Truecrypt file on their servers and LE finds out that file contains illegal content.

Of course, if that's true, they can't censor it either. I mean, Dropbox could reject all Truecrypt files but an EKS server would be designed to store encrypted content.

The thing about dumping old content, I consider that a feature. Look at this forum. Why store every thread since the beginning, when everyone asks the same questions over and over every week? The popular threads stay on the front page for weeks or months at a time, so they are safe. It would work just as well if it was designed like 4chan to roll old threads off the server, say after 3 months of inactivity. Hell, it even warns you not to dig old threads back up and to start a new thread! It is needlessly storing gigabytes of data.

It probably falls into the usual anonymous storage/communication conundrum.    If you design a perfect system that someone else can't censor or track, you can't censor or track it either.  So when you support "good" causes for anonymity, you also support  Appelbaum's Four Horsemen (CP, drugs, terrorism, and money laundering).

Yep, that's what the Tor people keep saying.

If EKS servers can see the content that they store, then presumably

1. The servers and operators will become targets for storing massive amounts of CP or whatever illegal content

2. The servers could filter or remove certain kinds of content (obv 2 solves 1)

The Hidden Wiki has gone down for days at a time before. Nothing new about that. Although I expect it to be one of the biggest targets in onionland (probably second biggest after SR), so you should only load it under the assumption that it is serving exploits, and protect yourself accordingly.

The disposable VMs - they run entirely in RAM right? I know they check the savefile and then start but I read somewhere that when you open a specific file using a dispVM (like a PDF) any changes made are also made to the original so obviously I want to avoid this.

I don't think disposable VMs run entirely in RAM. I have seen no mention of that, and if it was a feature, I expect to have read it somewhere. It isn't mentioned in any of the documentation that I've dug up (which is unfortunately sparse):

http://qubes-os.org/trac/wiki/DisposableVms
http://qubes-os.org/trac/wiki/UserDoc/DispVMCustomization
http://theinvisiblethings.blogspot.com/2010/06/disposable-vms.html


I'm not running Qubes right now because the hard drive crashed on the old laptop that I was testing it on, but you should be able to look at the properties of the dispvm in the VM Manager and see whether / how much disk storage space it has been assigned.

A VM that runs only in RAM would be preferred, but I suppose it's not a big problem if you use full disk encryption. If someone has access to your decrypted hard drive, you are probably already screwed.

Linked to this is the wiping of RAM, looking at TAILS I see they use smem to wipe the ram upon shutdown, at some point I would like to get to that but for now I am just looking to run it at all. I am assuming it should be run in dom0 to give it full access to the RAM, is this correct?

Seems so, although you may be able to wipe the RAM of specific VMs too. IDK. I heard DDR3 memory decays very quickly anyway, so cold boot attacks are not very effective on it. All I can find about this issue re Qubes was this message from the qubes-devel mailing list:

> Also, they wipe the memory on
> shutdown to prevent data being held in RAM upon reboot. Would these
> features be of use in Qubes to further enhance security?
>

Right now (Qubes 1.0) we're not addressing any of the physical attacks
(such as Cold Boot, or Evil Maid). We really need a good trusted boot
for this, such as perhaps Intel TXT, which howover is still unsupported
on majority of laptops, and this is planned for Qubes 2.0 branch.

So, no.

And then this roadmap:

http://qubes-os.org/trac/roadmap

which says that the trusted boot / anti-evil mail stuff won't be added until Qubes version 3, meaning it could be a few years before they include a memory wipe feature.

Connected to this is the command for copying files to dom0, I cannot get this to work, it simply does nothing rather like most terminals when they are running a process, has anyone used this command successfully?

I haven't tried this, but cat with redirection is supposed to do nothing in the terminal. Did you check if the file is in the destination location?

And finally (finally!) has anyone used the tbb_torless_launcher? It seems to work (as in I can access hidden services) but whenever I try to use the tor check site I get the message that the proxy is refusing connections.

Haven't tried this either. Can you get to check.torproject.org in a regular browser (through the TorVM)? If so, then maybe the script is blocking everything but onion addresses, which seems strange. Can you paste it here?

What your describing is some unrealistic movie type CIA shit.

I have seen buyers with purchasing stats as high as $50K, $100K and $200K. If you are one of these people and you think LE doesn't care about you and won't spend any resources to find you, then I'll see you at visitation.

Please refer to my signature.

Looks like Weirder Web wrote an article about the early usenet scene and Eleusis: http://weirderweb.com/2013/02/25/the-freest-the-beginnings-of-online-drug-culture/