Show Posts

This section allows you to view all posts made by this member. Note that you can only see posts made in areas you currently have access to.


Messages - astor

Pages: 1 ... 65 66 [67] 68 69 ... 208
991
Security / Re: alternative cryptocurreny predictions?
« on: June 18, 2013, 06:26 pm »
It's possible but unlikely. If it did happen, I hope it would be something more advanced, since these other cryptocurrencies are basically Bitcoin clones with a few parameters changed. What difference does it make whether you use Bitcoin or Litecoin, other than the possibility that you might win the lottery as an early adopter? (Let's face it, that's the only reason people care about the other cryptocurrencies.) I want something with Zerocoin style anonymity built in from the beginning.

The reason I think it's unlikely is the same reason that alternative social networks have a hard time competing against Facebook, and other markets have a hard time competing against Silk Road. The value of some systems is in the network of people that use it. Everyone goes to Facebook because that's where everyone is, so they can create an account and instantly find a large number of their friends. Everyone uses Silk Road because this is where everyone is, and you can find 150 page review threads for any product or vendor. That's by far its biggest asset.

If Bitcoin is already widely adopted, there will be a lot of traction against switching to yet another cryptocurrency, even if it is technically superior.

Atlantis started with Litecoin and added Bitcoin because it was the number one requested feature. So even though it's easy to support multiple cryptocurrencies, if everyone is using Bitcoin, why bother?

992
Security / Re: TOR meant to hide your IP something I dont get?
« on: June 18, 2013, 05:41 pm »
Tor is the most popular anonymity network and widely used by spammers and other abusers. The exit node IPs are added to block lists that thousands of web sites use. Of course the web site can see the exit node IP, which it matches to an IP on its block list. That doesn't mean it can see your IP. There are attacks that could reveal your IP, but there's nothing in the default way Tor works that reveals your IP.

993
Security / Re: Vendor doesn't use encryption. Problem?
« on: June 18, 2013, 05:23 pm »
I was going to place an order with a reputable vendor (subsrgood) but he doesn't have PGP set up.  How do I get my shipping info to him?  Type it in to the box in plain text?  Send it privnote?

Ask him to create a PGP key. If he says no, fuck em. There are enough competing vendors for most products that you don't have to reward someone who doesn't take your security seriously.

Quote
If everyone if typing it into the box and feels like that is secure, why are we using PGP in the 1st place?

Most people don't use PGP. I've heard different numbers from different vendors, but it seems like in general about 80% of people don't encrypt their addresses. Not everyone that buys on the market is on this forum. Probably the people on this forum are more engaged and willing to learn, and the people who post in this Security section are the most security conscious, so you're getting a biased view of the security of the average SR user. Some don't even use Tor. They point a regular browser at onion.to and access the site that way. Some of them "Like" the fake Silk Road Facebook page. Some of them talk about their drug purchases on reddit, while openly admitting they are accessing it over clearnet. It's pretty clear that a certain percentage of SR users are complete idiots. As one vendor told me, "I'm amazed they managed to find a hidden service."

Quote
Should I use a vendor that doesn't have PGP set up?  This guy has spectacular product and customer service reviews and I am very tempted.

You're free to do what you want, but I have backed out of orders because there was no PGP key.


994
Security / Re: SR Risk Analysis for Buyers
« on: June 18, 2013, 05:00 pm »
The weekest point is BY FAR - the fact the you have no control or Information about what is happening with your package from the minute it being shipped till the minute it gets delivered (even with best stealth)

Yep. In 100% of cases that I've heard of where someone got busted because they ordered from SR, it was because the package was intercepted.

I agree that people put too much emphasis on the technological aspects, which are theoretical so far. Anonymously purchasing bitcoins, encrypting your address, leaving no forensic traces of Tor on your computer, etc. No one has been identified, investigated, arrested or prosecuted based on that evidence alone. To my knowledge, it has never been the starting point of an investigation. Of course, there's a first time for everything, and LE will get savvy to it eventually, if it is worth their time.

The best thing you can do to protect yourself from getting arrested is to order amounts that are small enough not to get you CD'ed.


995
It's not slow. It uses the 24 hour average to smooth out big price fluctuations. As you said, BTC went up today, so the average over the last 24 hours will be lower.

SR will use $107 if and when BTC prices are high enough to make the 24 hour average $107.

996
Security / Re: Got a new laptop need to make it secure
« on: June 18, 2013, 02:58 pm »
I don't know too much about Whonix but the major turn off that I read that is if you don't remove logs yourself before shutdown/power removal they are still there on the computer.

You could store the virtual hard disks in an encrypted volume, even a TrueCrypt file. Normally I would recommend against TrueCrypt files, since metadata like filenames can leak onto the unencrypted parts of the hard drive, but the names of files in a virtual hard disk shouldn't leak, since only the OS running in VirtualBox sees them. Likewise, the content of log files shouldn't leak.

Alternatively, you don't have to use the Workstation that Whonix provides. You can install your own operating system with FDE. I wrote a guide on how to do that. It's really easy, the whole thing boils down to manually configuring the IP address, gateway and DNS. The hardest part is figuring out how to do that on some operating systems.

http://dkn255hz262ypmii.onion/index.php?topic=161335.msg1148298#msg1148298


Quote
I personally lean more towards Qubes than anything, it has functionality really similar to Whonix but it takes it several steps further such that everything is isolated into its own user defined security domain. This means you can protect your private encryption keys, your external IP address, Tor, etc. It also has advanced features such as hardware isolation, and a variety of different security tools based on its isolation techniques.

It's more secure than the other options, but probably too advanced for most people in this community.

I would love to see a Qubes Live image. Get the features of Qubes in a burn-and-boot solution. The default configuration would launch the TorVM and run the other VMs through it, create disposable VMs in RAM for opening certain filetypes, and maybe offer a persistent volume.

997
Security / Re: Tor problems
« on: June 18, 2013, 02:33 pm »
Go to onion icon (if it exists?) -> Network Map.

See the panel that says Connection and Status? Do you see a bunch of relays listed there? This tells you about the circuits that Tor has built, or is building. There should be some lines with three relays listed in each one, and they should say Open.

When you try to access a web site in TorBrowser, what happens to the circuits in that list? Do a bunch of them say Connecting? Do the say Closed? What words do you see there?

998
Security / Re: SR Risk Analysis for Buyers
« on: June 18, 2013, 01:22 pm »
I am not so sure about the "hiding of Tor usage."  How would they know you're hiding it?  If you are connected to a VPN, which is not related directly to your ISP, I doubt they'd know. Your VPN may know, but I strongly doubt them reporting you for it unless you are somehow implicated in a heinous crime.  Even then, connecting to TOR is not a crime.

I believe that vendors should hide their Tor use. It isn't a crime, but it could be used to identify them.

LE orders a package and gets the vendor's city. I calculated the average density of Tor users in the United States, based on my estimate that there are 250,000 monthly Tor users in the US (the global numbers vary too much by country to be useful). That's about 80 in a city of 100,000, and 800 in a city of 1 million. Actually, the number of daily connecting users is 80,000, and some of them are different people on subsequent days, so the number of people who connect every day like a typical vendor is probably more like 60,000. That's 20 people in a city of 100K, and 200 people in a city of 1M.

LE works with the local ISP to identify these users by watching for connections to entry guards, a list of about 1200 IP addresses. From there they correlate the people connected to entry guards with the vendor's online activity. They could send messages to the vendor and look at the response times, and if the vendor posts on this forum, look at the post times. Anyone not connected to the Tor network at the time of a vendor activity is not the vendor (or so they assume). They could exclude most of those Tor users in a short period of time, probably a couple of weeks. They wouldn't be able to exclude everyone, because some people are always connected, but if they have a list of 5 to 10 people, and the vendor is pushing a lot of weight, it could be worth investigating all of them through traditional means to find the vendor.

999
Security / Re: Liberte Vs Tails Vs Ubuntu?
« on: June 18, 2013, 05:17 am »
yep, totally.  I've gotten used to it though, actually.  It's not bad at all after you install a third-party start menu.

Traitor. :)

Actually it's true, when I bothered to spend 15 minutes figuring out how it worked, rather than clicking at random shit like a monkey, it wasn't that bad.


1000
Security / Re: Liberte Vs Tails Vs Ubuntu?
« on: June 18, 2013, 05:14 am »
Actually, this seems to be the hold up: https://tails.boum.org/todo/persistence_preset_-_tor/

1001
Security / Re: Liberte Vs Tails Vs Ubuntu?
« on: June 18, 2013, 05:02 am »
This can be fixed several ways of course, but they are not as trivial as symlinking files and folders that don't exist until you log in, which may be the hold up.

1002
Security / Re: Liberte Vs Tails Vs Ubuntu?
« on: June 18, 2013, 04:58 am »
When you enable the persistent volume, a bunch of dot files and folders in /home/amnesia get symlinked to the persistent volume.

My guess is -- and this is purely a guess -- that you can't have persistent entry guards because the torrc is in /etc/tor, not /home/amnesia. The latter gets mounted in RAM and can be changed, the former can't be changed to a symlink.



1003
Who are any of us to push our morals on others? Morals are entirely subjective, meaning that 'right and wrong' is entirely subjective. If I were to disagree with heroin being sold, for instance, because I've seen the effects of its misuse/abuse does that mean that nobody else should have access to it? The "I disagree with something so it shouldn't be allowed" mentality has absolutely no place in a libertarian community. You have the right to espouse such views, of course, but they conflict with the very same freedoms that you yourself enjoy here - the right to personal choice without interference from the moral views of others being the main one.

Except there are rules here prohibiting the harming of others. In the pro-life view, fetuses are others worthy of that moral consideration.

As I said, I think the premise is wrong, but the logic of stopping other people is straightforward.

1004
@OP:  If you don't wish to sell (or take) misoprostol/methotrexate or mifepristone/misoprostol, don't sell them, don't take them, and take care to not impregnate anyone.

I didn't want to get dragged into an abortion debate, but people who say stuff like this fundamentally misunderstand the pro-life position. If fetuses are morally equal to adult humans, you can't just stand by and let other people make their own choices to kill a human.

It would be like saying, hey, you believe murder is wrong, but this group of people over here disagrees. So, just don't buy guns and shoot them at people, but let this group make their own choices (they are fond of shooting people).

The logic of getting into other people's business and trying to stop abortion is sound, as long as you accept the premise that fetuses are morally equal to adult humans. Of course, the premise is wrong.

1005
hehe, I wrote that guide btw. I think it's helped a few thousand people at this point. :)

Privnote is much less safe that a desktop PGP client. It exposes you to many vulnerabilities and attacks. The site could be run by LE. The code could transmit the decryption key back to the server (presumably the url is the decryption key). Even if the JavaScript is safe now, it could be modified at any time by the Privnote admins without you knowing. The exit node could replace the Privnote site with its own, including malicious code.

The thing about the code changing isn't theoretical. It actually happened with Hushmail, which would PGP encrypt your messages with a Java app in the browser. They stored your private key on their servers, but it was symmetrically encrypted with a password. So, when they got an LE request for an account's emails, they sent a different Java applet to that person, which sent the password back to their servers. They got the private key and decrypted the emails.

The moral of the story is, never use a third party, and especially a web site or browser code, for your security.

Pages: 1 ... 65 66 [67] 68 69 ... 208