Silk Road forums

There's a lot of FUD in this thread. First of all, JavaScript runs inside the browser and can't bypass proxy settings, so it can't "reveal your IP" in the same way as a plugin (Java, Flash). There are ways that JavaScript can deanonymize you, especially when Torbutton states are toggled, but you shouldn't be toggling Torbutton off in the browser bundle these days, and Torbutton blocks this malicious activity anyway. Here's what the Tor Project has to say about it:

Javascript can do things like wait until you have disabled Tor before trying to contact its source site, thus revealing your IP address. As such, Torbutton must disable Javascript, Meta-Refresh tags, and certain CSS behavior when Tor state changes from the state that was used to load a given page. These features are re-enabled when Torbutton goes back into the state that was used to load the page, but in some cases (particularly with Javascript and CSS) it is sometimes not possible to fully recover from the resulting errors, and the page is broken. Unfortunately, the only thing you can do (and still remain safe from having your IP address leak) is to reload the page when you toggle Tor, or just ensure you do all your work in a page before switching tor state.

https://www.torproject.org/torbutton/torbutton-faq.html.en

Also, the web sockets bug was fixed a long time ago.

https://blog.torproject.org/blog/firefox-security-bug-proxy-bypass-current-tbbs
https://trac.torproject.org/projects/tor/ticket/5741

The main threat to deanonymization is plugins, especially Flash and Java. Don't use them.

That's when they secretly coordinate with LE in some third world country that doesn't have those laws.

I know for a fact, that the majority of your major drug busts, happen on a routine traffic stop where there is no other suspicion, but for the violation that the individual was stopped for. Then, a mistake is made by the citizen and boom goes the dynamite.

A majority of drug busts of large distribution organizations involve confidential informants. Ask any drug agent and they will tell you that CIs essential to their job. SR operates in a different way. We are all anonymous to each other. As long as nobody in DPR's real life knows that he runs this site, that major threat is eliminated.

Pretty easy to cash out 10+ million dollars?

You realize there is only one legit bitcoin business in the world that pulls in money like SR, and that's Mt. Gox.

Unless DPR is running Mt. Gox (who knows?) there's just no way to cash out that much BTC.

The market cap of bitcoin is too small. There's nowhere to hide.

Starting a bitcoin exchange would be an excellent way to launder the coins out, but you're right, SR is too successful for its own good. Cashing out over $1 million in bitcoins a year is pretty difficult without getting noticed. That is why DPR is most likely NOT retired on a private island yet.

Someone asked a similar question a week or two ago. The threat isn't just that SR would change the key. A vendor's account could be compromised through a phishing attack. In fact, this has actually happened.

The solution to this problem is to distribute your public key as widely as possible and through many independent channels. Make sure all your customers have your key. Some of them will be able to verify your identity.

The vendor who got phished had to prove his identity by posting a signed message to the forum and waiting for a former customer to verify it.

Account (at top of page) -> View Feedback (on right side of page)

You can edit the feedback from there.

No, but you could ask them for their public key.