Silk Road forums
Discussion => Security => Topic started by: peeweed on December 22, 2012, 03:36 pm
-
Hope to be a new "casual/personal" customer, reading, doing research and setting up a "plan"... Probably will only order once every 3 months. Am I planning right, being too paranoid?
I am not risk adverse per se, plan to keep under the felony possession limit of my state, just want to be smart without overkill I guess. Due to mail involvement is there a federal risk?
1. Setup a TrueCrypt Volume
2. Created a VM workstation, harddrive in above encrypted volume. (is this too much????)
3. Setup VM with Tor browser and PGP
4. Setup a Tor mail account
5. Purchase BTC via bitinstant or similar vendor to either tormail or walletservice (thinking of just using instawallet or blockchain)
6. Transfer to SC (heard about mixers but is that too paranoid for infrequent and small orders)?
7. Buy stuff (guess by my handle)
Not sure about receiving... tons of stuff out there, seems like similar/name is preferred but what is the risk to ship to my home? Seems like PO box or something would just be more people touching it and pick up seems like more of a risk then direct to home?????
If alternate addy is recommended anything ideas for in the states?
Thanks Folks... now where did my bike go? Better ask Large Marge.
-
People have differing opinions as to what constitutes being safe versus paranoid.
I'm fairly new as well, but I've made several successful purchases. Like you, my chief interest is small amounts of weed. 3.5 grams at a time.
Yes, getting weed through the mail is a federal crime. Still, I think you're being a little paranoid.
Understand that to a large degree, your risk of being caught is a function of what the vendor does, rather than you. So buy from a vendor known for their excellent stealth packaging (in addition to quality weed, of course!). Read the vendor's page and comments in their product reviews to get a handle on this.
Good luck.
-
Somewhere between here:
5. Purchase BTC via bitinstant or similar vendor to either tormail or walletservice (thinking of just using instawallet or blockchain)
And here:
6. Transfer to SC
There needs to be a BTC mix.
(heard about mixers but is that too paranoid for infrequent and small orders)?
No it's necessary. The rest of your setup looks nice and paranoid but a publicly traceable transfer to DPR? People selling legal things on SR is just a figleaf last resort to be used at your federal trafficking trial.
-
There needs to be a BTC mix.
(heard about mixers but is that too paranoid for infrequent and small orders)?
No it's necessary. The rest of your setup looks nice and paranoid but a publicly traceable transfer to DPR? People selling legal things on SR is just a figleaf last resort to be used at your federal trafficking trial.
Well the idea I had was to have a separate identity along the whole chain and also be small fish with only personal use quantities and infrequent activity. With use of cash bill pay services to buy bitcoins etc
Though a mixer seems a bit overboard, not a huge stretch (1-3%)... Would a mixer allow more of an official presence in bitcoins? E.G. normal accounts for say gtgox, blockchain for legitimate uses (like farming/buying easier) then mix into SR (no plans to take out)?
Would blockchain be an ok mixer or use some of the other more dedicated mixers I have read about?
I think I am going to scratch the VM/TrueCrypt, I already seem to have corrupted my volume (probably by unmounting while VM software was running). Switching to a TrueCrypt USB drive with TOR/PGP encrypted, they seem to be file based only with probably limited footprint on OS????
-
I only recommend full disk encryption. An encrypted volume on an unencrypted hard drive can leak info. For example, if you browse through your encrypted volume with a file manager, it can create thumbnails of photos, which may stored in a cache in the unencrypted part of the drive. Or if you open a document or some other file, many programs will add the path to that file in their "Recent Documents" or "Recently Opened" list. Someone who analyzes your hard drive can find these pointers to the contents of your encrypted volume. If you have a virtual hard disk for a VM inside the encrypted volume, presumably you'll be running it with VirtualBox or another virtualization program installed on the main OS. That means VirtualBox will be pointing to a virtual hard disk inside the encrypted volume, so anyone who looks at that will know you have a virtual hard disk in there.
So, you might as well forget about the encrypted volume. A better solution is to use FDE on the virtual hard disk itself, which can be stored on an unencrypted drive. With Debian or Ubuntu, you can turn on full disk encryption during install time. That way there will be complete separation between data in the VM and the host OS.
-
you can also use a live boot CD with tor/pgp/bitcoin software installed and pop the harddrive out from your computer to be safe as well. I agree a mixing service would be a good idea. As far as a POB vs regular address, that is a debate that will rage on for a long time. I prefer a POB because it avoid the cops from getting the addy I am living at, and my post office is open 24-7, so it isn't likely they will have a cop sitting there, and if they do, chances are I'll see it before pulling in the driveway. I would suggest you search around on the forum in regards to receiving packages and sleep on it before you make your decision.
-
I actually came here to post about me using a very similar setup. TrueCrypt encrypted HIDDEN operating system on an encrypted volume. This was if someone were to discover that you were using the encypted volume/os you can give them the password to the "decoy" volume and your other one remains intact.
The only downside I forsee to this is what someone posted about data leaking from the virtual machine to your "real" one. But if you have full disk encryption like that poster says, you run the risk of having to give up that password to the full encrypted disk (gun to your head, etc) and then all your data is available to that person.
I personally think my setup is more reliable/safer than the full disk encryption but I would welcome comments on this important topic.
Being over paranoid is better than taking risks. Think about everything you do and do it wisely.
-
Leakage due to VM is extremely small except for possible network interface info via NAT or bridge drivers from host to VM. OR if you used any copy/paste/DragNdrop VM tech. He was talking about my thought of just running tor etc from a encrypted volume on my personal computer or flash drive directly... If you were to navigate outside of those apps on the volume, or even the volume itself, there would be paths recorded with file names but contents would still be encrypted (if you dismount lol).
The argument that encrypting the volume that contains the virtual disk file(s) vs the virtual OS volume is 6 for one, half dozen of the other... Both setups have a VM client running on the host machine unencrypted pointing to either a encrypted volume file or virtual disk which data is encrypted. Both have the same "foot print" open for the world to see (aka the VM client). Actually encryption of the volume is probably more secure (slightly) because virtual disk information/files are not easily accessible without breaking the encryption, where as encrypting the whole virtual OS gives access to the virtual files (number, size/types etc).
Honestly the safest way to do a VM if you are looking for "no evidence a VM exists" is to run a USB live OS, where you turn off your computer, boot to OS on the USB stick. Though hidden volume works too.
I am not worried about a gun to my head, well at least anymore then I am currently. If that were to happen they can have it and the whole $200-300 its worth.