Silk Road forums

Unless the SR server is compromised before the vendor marks the order In Transit, you have nothing to worry about. The chances of that happening are extremely small.

The way I look at encrypting my address, it's like wearing a seat belt. The chances of being in a car accident in the next week or month or even year are pretty slim, but wearing a seat belt costs me nothing, and it could be extremely important in the unlikely event that I am in a car accident. So I wear a seat belt every time.

Same with PGP. It costs you almost nothing -- ok, about 30 seconds of your time -- but in the unlikely event that the SR server is compromised, they will probably go after the low hanging fruit, the people with plaintext addresses on the server. Might as well encrypt.


There are actually more dangerous aspects of this. Some vendors will send you a tracking code by SR message. That code has your address, of course, which completely nullifies encrypting it at the time of making the purchase. Further, the address is deleted from the SR server after the order is marked In Transit, so it is kept for only a day or two, but messages are stored for months after they are deleted. That's a big liability, especially for big orders that LE would be interested in. If a vendor sends tracking codes, you should instruct them not to do that, or to encrypt the codes with your public key.

Not to mention that if you kill all of the people finding attacks on Tor, nobody will work on Tor anymore, because all of the Tor developers also research how to attack Tor. Look at Roger Dingledine, he has his name on a lot of papers that demonstrate attacks against Tor. He is also the lead Tor developer. The person saying we should kill the anonymity researchers has got to be the stupidest fucking person in the world, he should get a prize or something.

Then we can live in the ignorant bliss that our network is secure. That's what I tell the I2P folks when they mention that there are few known attacks on it. That only proves that few people are looking at it.

I have an old account that I hadn't logged into in 6 or 7 months. I was recently able to log into it, because it still had like .0001 BTC in it, because the interface used to only show two decimal places, so I couldn't withdraw everything. One interesting thing is that there was no BTC address associated with it. It looked like a new account that says "click here to make a deposit" instead of showing an address.

So I think all data associated with the account really is deleted after the time periods listed.

As for being "archived", I wonder what that means, since the account gets archived after all data is deleted. It may just be to preserve the name so someone else doesn't create an account to impersonate an old account.

One random write over the entire hard drive should be enough to make any useful data unrecoverable. It seems to be enough in controlled studies, when the researchers know what they are looking for and where it is on the hard drive:

http://dkn255hz262ypmii.onion/index.php?topic=99520.msg699299#msg699299

It would be even harder for someone who doesn't know what is on the drive.

DBAN does three writes, two of random data and the last one is a zero write to make it look like the hard drive was not secure erased.

That's the recommend tool for this job.

http://dban.org

Quote from: astor on June 11, 2013, 06:00 am

26 is too you

For sure. 26 is WAY "too you". and anything too you is sexy. So sexiest is 26.

It's funny because I am 26.

Consider how carefully vendors like that treat your address / personal info when they copy it off the SR server.

There's a highly sensitive period between when they get it off the server and put it on the package. Comments like that tell you exactly how carefully they regard your info.

You bring up a good point, Jack. Their few minutes of time and convenience are worth more to them than your freedom.

Fuck 'em.

Boycott vendors like that.