Silk Road forums

So in other words, COLD boot attacks work against DDR3.

I've been thinking a lot lately about the ultimate security setup for doing a variety of dodgy shit on the internet. The problem is that I do a variety of illegal business ventures that require me to access sites outside of Tor, or require me to run Tor and a clearnet browser side-by-side.

Physical isolation of these two states is the most secure. In other words, don't do clearnet and Tor shit on the same computer.

Internet Connection: I use an anonymous prepaid visa card to purchase a wireless internet dongle using fake details and have it delivered to a friends private mailbox (you can't have them sent to drop-addresses as they always require signature in Australia). I can now use the internet without the connection itself having any links to my real identity.

Are you using random wifi hotspots? Otherwise this is irrelevant. MAC addresses are not broadcast over the internet. Only devices physically linked to your dongle know its MAC address. If you're paying for internet service, they still know your identity. If you are connecting directly from home, they know your identity.

Computer & OS: I buy a new laptop and manually break the webcam, then use DBAN to wipe the hard-drive and OS, and then install Ubuntu with full-disk encryption.

Excellent choice! Finally people are getting the importance of FDE.

Don't forget to disable the microphone, too.

Silk Road Access: I run Whonix through VMs that are stored on an encrypted USB stick and access Silk Road this way.

Good choice, although lately I've come to the conclusion that an anonymizing middle box is the safest setup. It's a physical device, like a computer in an HTPC form factor, with 2 network interface cards, that sits between your main computer and your home router (let the router be the gateway to the public internet, not the anon middle box). It runs a stripped down Linux or BSD variant with Tor, and transparently proxies all connections over Tor. It's basically Whonix with the Gateway on a separate physical device. Don't get me wrong, your setup is orders of magnitude safer than most, but a gateway on a separate device is safer still.

Clearnet Browsing: I use a VPN that you can pay for with BTC to access any sites that block Tor or that I need faster speeds to access.

VPNs are good for certain use cases, but I've never understood the need to pay with bitcoin. If you connect to the VPN server directly, they know your IP address. LE can deanonymize you if the VPN provider cooperates. I suppose if you live with a bunch of other people, you have some plausible deniability.

Identity protection: Under no circumstances do I ever access anything that links to my real identity like banking, social media or personal email accounts. Any purchases I make online are done with an anonymous debit card loaded only with BTC and sent to drop-addresses not linked to me.

Superficially that seems safe, but don't you think you stand out as being "a weird (presumably young) guy who does nothing of value on the internet?" I think it's safer to maintain two identities. Have one computer with Windows, unencrypted, nothing sensitive. Act normal, have a Facebook/Twitter account, buy shit online, look just like everyone else. On the side (on separate physical devices), you do your dirty work.

I don't know, though. I'm not too familiar with research on social profiling of criminal activity.

General programs: I use OTR for all online chat, GnuPGP for encrypting all emails and Truecrypt for secondary encryption (beyond the full-disk encryption) of any sensitive files.

Sounds good. Just don't use TorChat. That makes you a hidden service which opens you up to new attacks. Run Pidgin over Tor and connect to a separate XMPP server.

Programs that require windows: For any programs that specifically require Windows I use a VM that is contained on an encrypted USB stick. Unfortunately I've been unable to find a label printer that I can run off Ubuntu so this seems to be the only workaround for this to remain secure.

Not sure why you're having problems. Printer support on Linux is pretty good these days. Check out http://www.linuxfoundation.org/collaborate/workgroups/openprinting/database/databaseintro

I just used the graphic you posted, did some retouching, recolored it and output a decent size. A vector graphic size would be nice for printing, but for most apparel type applications this png will work fine.

Oh, I misinterpreted your comment before. That's pretty cool that you made that.

Oh yeah that looks like it. Now what to put it on without drawing attention......

Bumper sticker, of course.

OK. That seems right, but it doesn't make sense. With the rate changing so fast lately, the SR rate could be very different than the actual rate. I'm surprised that this isn't given more attention.  I wish this was more transparent.

Don't you want it to be smoothed out over a larger time frame? Sure, it sucks when BTC is rising, but when it's dropping, lots of people buy the bare minimum BTC for their order and end up a fraction of a BTC short (check out the Official Spare Coins Thread). Averaging over a larger time frame protects against that.

From SR's perspective, those are lost or delayed purchases, and therefore commission.

Think of it this way. Aspirin is a drug, but it doesn't empower any cartels. None of the over the counter drugs do, because they are legal and freely available.

So drugs per se don't create organized crime, the drug laws do. Prohibitionists are to blame for organized crime and its associated violence.

If you're that worried about it, you should stop driving, because oil money funds terrorism.

Update: what you are experiencing may be unrelated to what I mentioned earlier. Keep an eye on this bug report:

"is this ticket the explanation for all those other TBB users who are reporting "The proxy server is refusing connections" issues too?"

https://trac.torproject.org/projects/tor/ticket/8336