Silk Road forums

This one is popular now: http://torimagesbp2vt3u.onion

Also http://3suaolltfj2xjksb.onion/hiddenwiki/index.php/Main_Page#Image_Hosting

Some of those work, but OIU is listed, so obviously some of them don't.

So what i want to know is how they will act bout BTC, and do somebody know which amounts will be suspicious to spend?

I know that the bank-services have to react and contact FCEN if bigger cash amounts went through their system. but how much? and do somebody know a better way to buy BTC anonymously and secure?

You can read the report here: http://www.fincen.gov/statutes_regs/guidance/pdf/FIN-2013-G001.pdf

Open the PDF in a VM if you don't trust it.

Also, read through the discussion on the Bitcoin forum: https://bitcointalk.org/index.php?topic=154672.msg1639556

Basically, anyone trading more than $1000 worth of BTC a day will be regulated as a money transmitter or money services business (MT/MSB). For suspicious transactions, I think the same rules governing other financial transactions apply here as well. They look for more than just transactions over $10,000. All of those must be reported by law. However, they also look for patterns, but I don't know the details. They probably don't reveal the details on purpose, just as your bank uses secret algorithms to detect fraud and protect your account.

Honestly, this topic has been discussed to death. Do a forum search for words like: VPN, bridge, proxy, encrypt, PGP, GPG, Linux, Tails, Liberte, secure, erase/erasure/wipe, hard drive, thumb drive, "best security", "most secure", etc.

Start by limiting the search to topic subjects and sort by largest topic.

Look for comments by me, kmfkewm, SelfSovereignty, pine, LouisCyphre and NightCrawler.

There's been a lot of debate about the best security setups, and volumes have been written about it.

Is there a way to set the config file to ensure that when decrypting messages it tries a particular private key first?

Setting a default key should force gpg to try it first. Add this to gpg.conf:

default-key <key ID>

In any case, testing all the keys should take less than a second. Here's what the decryption process looks like, along with the processing time:


$ time gpg -d anon_message.pgp
gpg: anonymous recipient; trying secret key [REDACTED] ...
gpg: anonymous recipient; trying secret key [REDACTED] ...
gpg: anonymous recipient; trying secret key [REDACTED] ...
gpg: anonymous recipient; trying secret key [REDACTED] ...
gpg: anonymous recipient; trying secret key [REDACTED] ...
gpg: okay, we are the anonymous recipient.
gpg: encrypted with RSA key, ID 00000000
gpg: encrypted with RSA key, ID 00000000
gpg: encrypted with RSA key, ID 00000000

It worked!

real   0m0.513s
user 0m0.508s
sys   0m0.004s


So, half a second in this case. It will take less time if the message has been decrypted with fewer keys, or you have fewer private keys to test, or it hits a match sooner.

Is there a way to get 2 without 1? I'm not keen on the ability to decrypt messages I encrypt to others.

If you don't encrypt the message with your key, then your key ID won't be in it. 2 is automatic without 1.

This may be a silly question astor but what's the difference between the version, greeting & comments.
All I can see that would fit the bill is

Quote

Version: GnuPG v2.0.17 (MingW32)

but that's just one line, the version. What is the comments & greeting line?

Comments are just that, you can make a comment about the message, yourself, whatever, but they are usually used to advertise for the PGP program, like this:

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.11
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org


The greeting is a splash screen with copyright info that looks like this:

gpg (GnuPG) 1.4.11
Copyright (C) 2010 Free Software Foundation, Inc.
License GPLv3+: GNU GPL version 3 or later <http://gnu.org/licenses/gpl.html>
This is free software: you are free to change and redistribute it.
There is NO WARRANTY, to the extent permitted by law.


Now why would you want to see that every time you run the program?

1.   Can a MIM attach happen anywhere, or does LE have to prepare from a single network----oh yea, all these questions are for TOR---not clearnet.  I can care less if LE is watching porn with me:}  hahah

They have to be on the wire between you and the destination server, like at your ISP, a router upstream of the server you are connecting to, a gateway between two autonomous zones, an internet exchange point, etc. The packets have to physically pass through an internet host that the adversary controls. The Chinese government can't MITM a connection between NYC and Boston, unless the routing is really fucked (or they hacked a server in between).

2.  How much resource would LE have to use to actually use to do a constant MIM attach through out different networks?

Targeting a specific person or host is probably easy, as long as they are in a jurisdiction that LE controls. They could get a warrant, or ask your ISP nicely, and in some cases the ISP will cooperate without legal pressure. Targeting someone outside of LE's jurisdiction is harder.

That being said, decrypting a Tor circuit is considerably harder than an HTTPS connection. HTTPS relies on certificate authorities, which can be compelled to sign certificates for governments or LE to use in MITM attacks (some CAs have even been hacked, allowing the Iranian government to MITM its people, for example).

Tor's SSL uses private keys stored on the relays. You download the public keys in the relay descriptors from the directory authorities. Descriptors are signed by the directory authorities. The directory authority keys are hardcoded into the Tor client. That means, as long as you have an uncompromised Tor client (check the signature when you download it!), nobody can serve you fake descriptors, with fake relay keys, and thus establish fake connections with your Tor client.


BTW, what kind of "odd" things did you notice?

Here's a good article about the issues with VOIP over Tor, and how Mumble is the "state of the art" right now.



Mumble and the Bandwidth – Anonymous CB radio with Mumble and Tor

https://guardianproject.info/2013/01/31/anonymous-cb-radio-with-mumble-and-tor/

The journey towards anonymous and secure voice communication is a long one. There’s lots of roadblocks to get your voice from point A to point B over the Internet if you need to prevent eavesdropping or censorship. There is the limited bandwidth of mobile data connections. There is the high latency of the TCP protocol. To achieve anonymity via Tor, there’s even more latency added to each packet.

Mumble is a non-standard protocol that was originally designed for realtime voice chat for video games. If you’ve ever played Halo or World of Warcraft, this should sound familiar. If not, think of it as a conference call you don’t have to ring. You simply connect to a Mumble server over the Internet and your voice will transmit to everyone else.

Mumble clients are available for Android and iOS, as well as a cross-platform desktop client. The server software is also cross-platform. Guardian Project is focusing on the Android client named Plumble and the official server backported to Debian stable.

A cool feature of Mumble is a Push To Talk (PTT) method to speak to the channel. Your voice is only transmitted when you press the PTT button in the user interface. Another lower level feature that’s important for our anonymity goal is TCP support. For any application to run over Tor, it must use the TCP protocol. This rules out most VoIP clients, since they use UDP. Here is a case where Mumble’s non-standard protocol works to our advantage.

When Tor is running and your Mumble client is configured to use TCP, connecting to your local SOCKS5 proxy offered by Tor allows you to join a Mumble server anonymously. The big problem is as suspected, latency. The traffic passing through the Tor network must make an indeterminate number of proxy hops to be anonymized successfully. Each hop adds more and more latency. This makes a typical syncronous voice call impossible since there’s no way to determine when one person has stopped talking and when the other can respond without interrupting.

Latency in human speech transmision has deep psychological impact on a conversation. A Japanese research project called SpeechJammer exploited this part of our senses by inventing a “shut up gun.” When pointed at a person it makes them immediately stop talking. Everyone who has used a cell phone knows the frustration of “echo” where you hear your own voice, slightly delayed. The delay is caused by the network latency of the cellular carrier.

Another similar example is a VoIP call on a congested network. The side effect of the latency is that one person accidently interrupts the other person because he thinks the other person has finished talking, when in reality the other person’s voice hasn’t yet arrived at the other end. Interruption ensues, no one is happy nor do they know anything new since the transmission was not understood. High latency makes full-duplex communication ineffective.

The contemporary telephone you are acustomed to allows both sides to talk and listen simultaneously. This is called full-duplex. Early radio telephones like walkie talkies, CB radio or aviation radio are half-duplex systems, meaning that for any given transmission, only one side can talk while the other side listens. Running Mumble over Tor takes a full-duplex technology and effectively reduces it to half-duplex. Even though the protocol is full-duplex, when run through a high latency network like Tor, the transmit and receive channels are so far out of sync there is no point in allowng both sides to talk at once. Again, interruption ensues.

Then it hit me. Radio telephones have been around since the turn of the 20th century, when people figured out a reasonable way to do voice chat without the technology causing accidental interruptions in the conversation. In particular, the use of procedure words, or prowords, are essential for one speaker to acknowledge the transmission of the other (Roger), to signify that one party is finished speaking (Over), or indicate when one party has left the conversation (Out).

Here in the USA, some prowords evolved into a coloquial language, complete with slang thanks to the Citizen Band radio boom of the 1960s and the truck driving culture that used it to communicate while on the road. The 1977 film Smokey and the Bandit is more than just a touching love story with world class actors, it is an amazing dramatization of an information culture that resembled pre-Internet BBS systems and current day Internet Relay Chat (IRC) networks around the globe. The truck drivers portrayed in that movie have a mobile, decentralized information sharing network that is anonymous. The users have pseudonyms and a language of their own. Many of them have never met their CB radio friends IRL. They are invisible companions on the lonely road of the US of A.

Old ideas are worth bringing back if they have strong roots. CB and general purpose radio telephones have a long history, unlike the standard the standard of tody, VoIP. Perhaps these features are thought of as obsolete or not cutting-edge enough to model into a digital system. Regardless of the reason, if you are looking for a mobile and open source PTT solution to use on the Internet with anonymity and security, Mumble over Tor is currently the state of the art. All you have to do is throw in some prowords to keep the conversation flowing.

The Guardian Project is operating a private Mumble server during a testing phase, and we have plans to open this to the public as part of the OSTN research effort. When that happens, I will post application-specific tutorials to install and configure the Plumble client. I will also publish a cookbook to build a Mumble server.

Finally, an example transmission log with some prowords:

Internet: Guardian Project. I have a ping response from your server, over.
GP: Roger Internet. Ping was sent, over.
Internet: Guardian Project. Build anonymous PTT system with open source software, over.
GP: Internet, build anonymous PTT system with open source software, wilco. Out.

Hey this makes a lot of sense. Very good, valid point.

Where do you see the price of bitcoin going from here in the short term (2 weeks) and in the long term (2 yrs)?

If I knew that, I would be rich.

I think it will continue to rise, at least above $100, but as to how high and how fast it will get there, I have no idea.

Hey Astor, I think you are right, it is harder to protect at a PO box than a home address because you have to actually go to the post office at some point. As far as I can tell, legally, the only real protection one has at their home is if they refuse to answer the door - period. Barry Cooper of Never Get Busted has really great information about this. I read about one case on a steroid forum where a guy opened his door and the officer delivering the package simply threw the box in the house, as soon as he threw that box into the house several guys came running into the house from the back and front. So in that case the guy opening the door wasn't asked to sign, he didn't even speak to the officer, the simple fact that he opened the door gave LE all the wiggle room they needed to get in. Some may think that sounds extreme, that an officer would throw a package into the house but lets think about all the tactics we've read about on these forums alone....if you read the postal intern sticky JanetReno says it best "if they want you, they are going to get you, no matter what" and I believe that. At that point it is up to us to be informed on how to handle the post-arrest, to make our case as strong and as unassailable as possible post-arrest.

Yeah, I've never given much weight to refusing to sign or putting a "return to sender" note on the package. If it is in your home, and especially if it has your real name on it, you will most likely be charged.

A fake name adds some plausible deniability. I know of one person who had a package of subscription opiates intercepted. It was not a large quantity, not enough for a controlled delivery. But LE did a knock and talk, asked him about the package. Since he used a fake name, he claimed it was a former roommate who had moved out. The cops may have known he was lying, but there's nothing they could do. Wasn't enough evidence to prove he had knowledge of it in a court of law.

I have been told about another person who had some marijuana intercepted. LE also did a knock and talk, but he admitted it was his and got charged.

You need to eliminate any evidence that you had prior knowledge of the package. Obviously either don't talk to LE (don't even be home) or vehemently deny all knowledge. A fake name is better than a real name. Passive delivery is better than taking a positive action.

If you live in a place where mail will only be delivered to names registered on the mailbox, that makes things more difficult. In that case, consider getting fake identification and a PMB.