Silk Road forums

Tor is the most popular anonymity network and widely used by spammers and other abusers. The exit node IPs are added to block lists that thousands of web sites use. Of course the web site can see the exit node IP, which it matches to an IP on its block list. That doesn't mean it can see your IP. There are attacks that could reveal your IP, but there's nothing in the default way Tor works that reveals your IP.

The weekest point is BY FAR - the fact the you have no control or Information about what is happening with your package from the minute it being shipped till the minute it gets delivered (even with best stealth)

Yep. In 100% of cases that I've heard of where someone got busted because they ordered from SR, it was because the package was intercepted.

I agree that people put too much emphasis on the technological aspects, which are theoretical so far. Anonymously purchasing bitcoins, encrypting your address, leaving no forensic traces of Tor on your computer, etc. No one has been identified, investigated, arrested or prosecuted based on that evidence alone. To my knowledge, it has never been the starting point of an investigation. Of course, there's a first time for everything, and LE will get savvy to it eventually, if it is worth their time.

The best thing you can do to protect yourself from getting arrested is to order amounts that are small enough not to get you CD'ed.

I don't know too much about Whonix but the major turn off that I read that is if you don't remove logs yourself before shutdown/power removal they are still there on the computer.

You could store the virtual hard disks in an encrypted volume, even a TrueCrypt file. Normally I would recommend against TrueCrypt files, since metadata like filenames can leak onto the unencrypted parts of the hard drive, but the names of files in a virtual hard disk shouldn't leak, since only the OS running in VirtualBox sees them. Likewise, the content of log files shouldn't leak.

Alternatively, you don't have to use the Workstation that Whonix provides. You can install your own operating system with FDE. I wrote a guide on how to do that. It's really easy, the whole thing boils down to manually configuring the IP address, gateway and DNS. The hardest part is figuring out how to do that on some operating systems.

http://dkn255hz262ypmii.onion/index.php?topic=161335.msg1148298#msg1148298

I personally lean more towards Qubes than anything, it has functionality really similar to Whonix but it takes it several steps further such that everything is isolated into its own user defined security domain. This means you can protect your private encryption keys, your external IP address, Tor, etc. It also has advanced features such as hardware isolation, and a variety of different security tools based on its isolation techniques.

It's more secure than the other options, but probably too advanced for most people in this community.

I would love to see a Qubes Live image. Get the features of Qubes in a burn-and-boot solution. The default configuration would launch the TorVM and run the other VMs through it, create disposable VMs in RAM for opening certain filetypes, and maybe offer a persistent volume.

I am not so sure about the "hiding of Tor usage."  How would they know you're hiding it?  If you are connected to a VPN, which is not related directly to your ISP, I doubt they'd know. Your VPN may know, but I strongly doubt them reporting you for it unless you are somehow implicated in a heinous crime.  Even then, connecting to TOR is not a crime.

I believe that vendors should hide their Tor use. It isn't a crime, but it could be used to identify them.

LE orders a package and gets the vendor's city. I calculated the average density of Tor users in the United States, based on my estimate that there are 250,000 monthly Tor users in the US (the global numbers vary too much by country to be useful). That's about 80 in a city of 100,000, and 800 in a city of 1 million. Actually, the number of daily connecting users is 80,000, and some of them are different people on subsequent days, so the number of people who connect every day like a typical vendor is probably more like 60,000. That's 20 people in a city of 100K, and 200 people in a city of 1M.

LE works with the local ISP to identify these users by watching for connections to entry guards, a list of about 1200 IP addresses. From there they correlate the people connected to entry guards with the vendor's online activity. They could send messages to the vendor and look at the response times, and if the vendor posts on this forum, look at the post times. Anyone not connected to the Tor network at the time of a vendor activity is not the vendor (or so they assume). They could exclude most of those Tor users in a short period of time, probably a couple of weeks. They wouldn't be able to exclude everyone, because some people are always connected, but if they have a list of 5 to 10 people, and the vendor is pushing a lot of weight, it could be worth investigating all of them through traditional means to find the vendor.

Actually, this seems to be the hold up: https://tails.boum.org/todo/persistence_preset_-_tor/

When you enable the persistent volume, a bunch of dot files and folders in /home/amnesia get symlinked to the persistent volume.

My guess is -- and this is purely a guess -- that you can't have persistent entry guards because the torrc is in /etc/tor, not /home/amnesia. The latter gets mounted in RAM and can be changed, the former can't be changed to a symlink.

@OP:  If you don't wish to sell (or take) misoprostol/methotrexate or mifepristone/misoprostol, don't sell them, don't take them, and take care to not impregnate anyone.

I didn't want to get dragged into an abortion debate, but people who say stuff like this fundamentally misunderstand the pro-life position. If fetuses are morally equal to adult humans, you can't just stand by and let other people make their own choices to kill a human.

It would be like saying, hey, you believe murder is wrong, but this group of people over here disagrees. So, just don't buy guns and shoot them at people, but let this group make their own choices (they are fond of shooting people).

The logic of getting into other people's business and trying to stop abortion is sound, as long as you accept the premise that fetuses are morally equal to adult humans. Of course, the premise is wrong.