Silk Road forums

The litecoin community is so small that you can mine coins with a desktop GPU. That's the best way to get them, and they are rewarded every 2.5 minutes instead of 10. There's nothing more anon than coins with no transaction history, provided you're running your litecoin-qt over Tor.

I can get you an invite. PM me.

Anyway, I'm thinking more of the browser idea. Your keys may be saved server side but all the enc/dec happens on the browser client alone. That way you can be positive my site never reads any messages.

If the keys are stored on your server, and the crypto is done with server-supplied JavaScript, the threat always exists that you can decrypt the messages.

Even if the private keys are symmetrically encrypted with the user's password, you supply the key to their browser and it uses the password to decrypt it on the client side, you could change the code later and steal the password (that's what Hushmail did, except with Java). This is the problem with running server-supplied code that is downloaded fresh each time the user visits a site. It can change each time, so it's a security threat every time they use it.

An open source program like GPG4USB can be security audited once, saved on the user's encrypted thumb drive, and the code never changes (as long as they don't update it).

Like I said, you already need to have the portable browser bundle with you to be on Tor. You can save portable GPG4USB in the same place, so it is always available when you need it.

And it's pretty easy to use. Over a hundred people have told me that they didn't understand PGP until they read the tutorial, and there are probably many hundreds more that I don't know about. I have no doubt that even the most technologically illiterate people can learn to use a PGP program, if they're willing to trade a little inconvenience for significantly better security.

I like how they rationalized it away. Goes to show that we get paranoid over nothing sometimes. Straight people are naive. If you weren't admitted for a drug overdose, the fact that you might have taken drugs while laying in the hospital bed is the last thing on the nurse's mind.

Since you store the private keys, it all boils down to trusting you.

What's to stop you from snooping on people's messages, getting their personal info and blackmailing them?

Yes, that can be dangerous. Not only can add-ons potentially bypass proxy settings (although the TorBrowser is patched to better prevent this), but add-ons that modify web pages can be used to fingerprint you.

The Tor people recommend keeping the defaults so we all look the same. You reduce your anonymity set when you start getting creative.

I see a lot of activity when i use the browser: open, connecting, closed
But when the page has loaded everything is on "open".

When i try to connect through mIRC nothing at all happens.

Edit: This was a result of astor's instructions.

Oh, that's bad. That means Tor isn't trying to reach the server. As Hash said, there could be some problem with mIRC. I was able to get mIRC to connect when I tested it in a Windows VM, but who knows.

You could try with Pidgin. Pidgin works well with Tor. It even has a Tor mode. Use all the same configuration settings except use the onion address for server, not the IP address. Remove the mapaddress line in torrc.

In the proxy settings, use Tor/Privacy (SOCKS5) instead of the SOCKS5 option.