Show Posts

This section allows you to view all posts made by this member. Note that you can only see posts made in areas you currently have access to.


Messages - astor

Pages: 1 ... 196 197 [198] 199 200 ... 208
2956
Silk Road discussion / Re: Mail to Real address OR Fake one????
« on: December 16, 2012, 05:20 pm »
Why wouldn't it be better if I set up a p.o. box in a fake name that has a street address for it? Wouldn't it be just the same since it has a street address rather than a P.O. Box address?

How would you do that, at a mom and pop mailbox company? USPS PO boxes don't have normal street addresses and you can't "set that up" for them. A small, independently owned mailbox company (not a chain like Mailboxes Etc or UPS) is a good option because a lot of times they don't ask for ID and your address is the address of the business.

However, I think that simply getting a PO box can be suspicious. It depends on who you are. If you are 40 years old, you may need a PO box for a legitimate business. But how many 20 year olds need PO boxes? Add the fact that this person only gets packages once every few weeks, and never gets regular mail, and it should look suspicious to anyone who bothers to notice. I'm pretty sure that USPS and LE are aware that PO boxes are a popular choice for young people to receive drugs. You might expect this mail to be under higher scrutiny, while mail sent to a private residence is mixed with all the other regular mail.

I don't know if any of that is true, but it's something to think about. One thing is certain, PO boxes don't provide additional security, except in cases where you can determine that the package has been compromised before you pick it up, which is rare. Otherwise, renting a PO box can actually make things worse, because you have to take a positive action to pick up the package, whereas you are more of a passive recipient (with higher plausible deniability) of mail that gets stuffed in your home mail box.

2957
Off topic / Tor developer talks about FBI, Farmers Market
« on: December 16, 2012, 04:28 pm »
Just posted on their blog

https://blog.torproject.org/blog/trip-report-october-fbi-conference

In October I attended an FBI conference, as part of my work to try to keep Tor on good relations with law enforcement. My first goal is to remind them of all the good uses of Tor, so if they ever find themselves lobbying to outlaw anonymity online, they'll understand what they're giving up. The second goal is to make sure they understand what Tor is and how it works, so if they encounter it in their investigations they'll hassle our exit relay operators less. (Here's a great way that one FBI person explained it to me: "I've got 10 leads, and 48 hours before this case doesn't matter anymore. If you can help me understand which leads *not* to follow, I can do my job better.") My third goal is to help them be able to use Tor correctly for their own jobs — remember that diversity of users is part of what makes Tor safe for everybody to use.

Overall, we've been doing a pretty good job at teaching US-based law enforcement about Tor. At the end of the conference, one of the FBI agents took me aside and asked "surely you have *some* sort of way of tracking your users?" When I pointed at various of his FBI colleagues in the room who had told me they use Tor every day for their work, and asked if he'd be comfortable if we had a way of tracing *them*, I think he got it.

I met a nice man from the DEA who worked on the "Farmer's Market" bust. This was in the news a lot back in April, where apparently some people were selling drugs online, and using a Tor hidden service for their website. At the time I thought the news stories could be summarized simply as "idiot drug sellers accept paypal payments, get busted." It turns out they were pretty smart about how to accept paypal payments — they just had random Americans receive the paypal payments, take a cut, and then turn them into a Panama-based digital currency, and the Panama company didn't want to help trace where the money went. The better summary for the news stories should actually have been "idiot drug sellers use hushmail, get busted." Way before they switched to a Tor hidden service, the two main people used Hushmail to communicate. After a subpoena (and apparently a lot of patience since Canada still isn't quite the same as the US), Hushmail rolled over and gave up copies of all the emails. Many more details here:
http://www.scribd.com/doc/89690597/Willemsindictment-Filed-045

I should still note that Tor doesn't introduce any magic new silver bullet that causes criminals to be uncatchable when before they weren't. The Farmer's Market people ran their webserver in some other foreign country before they switched to a Tor hidden service, and just the fact that the country didn't want to cooperate in busting them was enough to make that a dead end. Jurisdictional arbitrage is alive and well in the world.

---------

I find it interesting that the Farmer's Market folks were not found by using PayPal. The operation was more sophisticated than I gave it credit. Still, Hushmail fucked them. This is why you want privacy by design ("we can't identify you") rather than privacy by policy ("we promise not to give your info to the authorities"), and we're better off with hidden services and bitcoin rather than offshore bullet proof hosting and Liberty Reserve.

2958
Security / Re: Making 1st purchase - PGP address block question
« on: December 16, 2012, 10:51 am »
Yes, you copy the PGP encrypted text block, including the first and last lines, which are

-----BEGIN PGP MESSAGE-----

-----END PGP MESSAGE-----

Paste that into the address box.

2959
Technical support / Re: Order going to auto-finalize soon...
« on: December 16, 2012, 09:50 am »
Is there any way an admin or someone in SR Support can extend this for me by 6-10 days?

Probably, but you won't get that help here. You need to make a request on the main site.

2960
Off topic / Re: Free?
« on: December 16, 2012, 09:33 am »
I have to say I'm surprised that SR is even letting this fly.

That's because no one is guarding the asylum. There are 3 admins and they only pop in once in a while to placate another conspiracy thread.

2961
Off topic / Re: Fake Cocaine with meth
« on: December 16, 2012, 09:14 am »
As a long time cocaine user, nothing pisses me off more than getting coke that's cut with cheap stims. Nothing pisses me off more than laying down to sleep only to find that I can't sleep and my heart is racing for the next 8 hours.

I would rather get heavily cut down coke with inert substances than coke cut with that shit.

2962
Security / Re: Options for properly managing multiple secret PGP keys?
« on: December 16, 2012, 08:56 am »
With the command line gpg agent, you can set the default key in the configuration file.

If you want to change the key to use, add the --default-key argument to your command.

2963
Some vendors don't understand how free markets work.

2964
There's always a comment line about the version & program used to generate the key.  This is actually more than just advertising: if a version is found to have a problem with one of it's algorithms, that has to be known so a later version can say "this key was generated with a known flawed version and may be unsafe," or something.

The comment can be removed with --no-emit-version or manually. It's not a necessary part of the PGP spec. However, if you use an obscure PGP program, putting that in the comment can greatly reduce your anonymity set.

2965
Drug safety / Re: Children accidentally take LSD
« on: December 16, 2012, 02:36 am »
Who drinks out of a bottle that they find on the ground? Kids are not the smartest people.

2966
Technical support / Re: I can't access my account!
« on: December 16, 2012, 02:30 am »
This is an unofficial support forum. You should contact SR staff by creating a new account and using the system on the site.

2967
Silk Road discussion / Re: Vendor Asylum busted
« on: December 16, 2012, 01:47 am »
That's why it's important to publish your PGP key as widely as possible; if you publish it only on your vendor page, then an attacker could replace the PGP there with one of his own.

I agree. All vendors should use an out of band mechanism to publish their PGP keys. It could be as simple as Pastebin or qPaste.

If the SR site was compromised, they could replace vendor keys with their own. When vendors viewed their own profiles, they would see their real keys. Everyone else would see the attacker's keys. Then when you PGP encrypt your address, you're really encrypting it to the attacker. They decrypt and get your address. Then they reencrypt it with the vendor's real key, so nobody would suspect a thing.

2968
Silk Road discussion / Re: Vendor Asylum busted
« on: December 16, 2012, 01:43 am »
Just two days ago there was a small discussion about some SR phishing sites.
I wonder if something like that came into play here.

I wouldn't be surprised. There used to be dozens of then listed on Hidden Wiki.

2969
Off topic / Re: Mass shooting in
« on: December 14, 2012, 09:45 pm »
It makes me sick to my stomach just thinking about a grown man walking into a room full of kindergarteners and firing indiscriminately.

There are some evil fucking people in this world.

2970
Been using speed every 2 days at clubs, MDMA, bit of coke and modafinil to keep me going.

Sounds to me like you just need to lay off the stims. It wasn't so much the 2C-B as the rest from all that other shit.

Pages: 1 ... 196 197 [198] 199 200 ... 208