Silk Road forums
Discussion => Security => Topic started by: The Drugstore Cowboy on January 24, 2013, 06:16 pm
-
So! After a lot of searching I've come across approx /zero/ threads on this which I thought was odd. Chances are they're out there but... you know... nestled under a goddamn rock.
I'm currently using Tails>Tor>PGP and am after a full blown "THIS IS THE BEST SECURITY SETUP FOR WHAT WE DO ON THE SILK ROAD" kinda thing.
Is there a setup the more seasoned users all agree on and it's buried in old posts or is there so much variation that it's kind of hard to truly decide?
Any input would be much appreciated and apologies if this has been covered.
-
this is a very good Question
-
This guide is one of the most comprehensive I've come across and covers everything you need and more to be confident in your security set-up.
http://clsvtzwzdgzkjda7.onion/viewtopic.php?f=20&t=3564
Here is a list of search results for Tails on the SR forum- http://dkn255hz262ypmii.onion/index.php?action=search2
Here is a list of search results for Truecrypt on the SR forum - http://dkn255hz262ypmii.onion/index.php?action=search2 - Or search Truecrypt on the clearnet and go to their web site for their own instructions and even a Beginners Guide to setting up Truecrypt. :) :)
-
Is there a setup the more seasoned users all agree on and it's buried in old posts or is there so much variation that it's kind of hard to truly decide?
There is no single best setup because people have different needs. Ideally you would use full disk encryption with or without a hidden volume (I'm not sold on the effectiveness of hidden volumes at stifling LE investigation, but it probably wouldn't hurt to use one either). However, some people can't use FDE for whatever reason. They may share a computer with others or only get internet access at a library or cafe, so they use a bootable distro like Tails, or they keep their sensitive files on an encrypted thumb drive.
Likewise, Linux is safer than Windows, and OpenBSD is safer still, but most people are wedded to Windows/OS X for one reason or another.
Security in practice is weighed against the trade offs of convenience and practicality, and the optimal trade off point will be different for everyone.
-
They teq guys like Astor and Wadozo<sorry if i spelt the name wrong.. Have helped me and iv gone with tue crypt. It was a little tricky to learn at first but i got it.
I PGP ALL MY INFO ON SR..At one time i did 3 or 4 whre i did not, now that im a older user i know how important it is, SO is storing all sensitive info on a aUSB stick format then encrypt...
Im gonna look into tails more but for now im sticking with what i got. Iv even downloaded one of those bad ass shredder prgrams that once u delete ITS GONE! supposedly/ Like wise member said if its a free prgram there is useually a issue with it..but i read deep into it and it said its good even for the dept of defense
-
Is there a setup the more seasoned users all agree on and it's buried in old posts or is there so much variation that it's kind of hard to truly decide?
There is no single best setup because people have different needs.
I do realize this but figured that most people would be either A. Buyers on a desktop B. Buyers on a laptop C. Sellers on a desktop and D. Sellers on a laptop. Whether or not the desktop or laptop makes a difference I do not know but couldn't there be at least 4 or 5 main setups agreed upon? When coming into this it was very grueling process for someone like me who isn't a wizard with this kind of stuff. Now maybe its just not doable but I feel like there would be pretty clean cut percentages of people (ex. 30% of people want to sell from a desktop ect.) who would all want to know the safest possible setup there is for what they're doing.
Maybe this would bring in a security risk however because if a standard came about, say half the sellers are using the same setup then it may make it easier for LE.
All I know is its very gruelling discovering what software goes with what and how they cover different areas of security. I bet you a lot of sellers are just using Tor and PGP because coming at security from a noobs perspective with all these different possible setups/software and techniques floating around is a bit of a shit storm (ideally they would really try to cover all angles and take their time doing so but a lot just wana start swinging gear as soon as possible which is very understandable) and I think is a security risk in itself. I stil think I'm only half way done with security to start selling (I'm at Live Tails for OS Tor for Internet and PGP for messaging) so I shall continue to read and figure out what I need for what.
This post is basically a huge bitch haha c:
-
This guide is one of the most comprehensive I've come across and covers everything you need and more to be confident in your security set-up.
http://clsvtzwzdgzkjda7.onion/viewtopic.php?f=20&t=3564
Here is a list of search results for Tails on the SR forum- http://dkn255hz262ypmii.onion/index.php?action=search2
Here is a list of search results for Truecrypt on the SR forum - http://dkn255hz262ypmii.onion/index.php?action=search2 - Or search Truecrypt on the clearnet and go to their web site for their own instructions and even a Beginners Guide to setting up Truecrypt. :) :)
Thank you Wadozo! This guide is great, everything I have seen so far pales in comparison. Thats a lot of software so I assume its going to be pretty damn secure. I just wish there was a best of the best. But I'll stop whining and get going with this and in a few months when I'm more knowledgeable about this type of security I can smooth out any rough patches.
-
No worries at all The Drugstore Cowboy. :) Glad to point you in the right direction. 8) +1 for you.
-
Laptops certainly have more security potential than desktops, but getting that potential is pretty inconvenient. For one you can keep your laptop on you at all times, with a desktop the best you can do is keep your boot loader on a USB or CD that you keep with you at all times. In the case of Desktops, this will only protect you from evil maid attacks that replace your boot loader with a bugged version in order to steal encryption keys. With a laptop it will protect you from hardware keyloggers, which can be a real threat against desktops. You can try to protect a desktop from such attacks if you have a surveillance system , such as cameras and door alarms, that can alert you if your home is intruded on while you are away, and also if you desktop has been modified. You can use TPM modules to protect from hardware tampering some as well. But nothing is as safe as always taking your computer with you and keeping it near by at all times.
Another advantage laptops have is the ability to access random wireless access points. If you do this correctly it can extremely change your anonymity dynamics, and also it can give you excellent membership concealment. In such a case a new anonymity risk is introduced, an attacker can try to follow you by your wireless adapter and connection patterns. One potential risk is the fact that in a persistent setup you will have a fingerprint that identifies your sessions as belonging to one entity in the form of the three Tor entry guards you use. Tails used without persistence can counter this as every session will give you three new entry guards, however by not having persistence you have weakened the anonymity Tor can provide substantially. Additionally you can be geospatially tracked by your MAC address unless you spoof it, and even by the forensic artifacts that the vibrating elements in your WiFi adapter introduces to your wireless data flow. Now being geospatially trackable may not be totally bad if the attacker can not link your illegal activity to that wireless adapter in the first place (ie: Tor still offers you anonymity), but it does bring up the issue of being trackable in the same way that (but to a lesser than) someone can be tracked while carrying a cellphone. However it gives the huge benefit that even after you are traced through Tor, you still have some degree of anonymity, particularly since now your attacker will need to use pretty sophisticated measures to completely narrow in on you at this point, provided that you select random WiFi access points. Selecting WiFi access points in a pattern from a small set of possible locations is a technique that has been defeated by the feds on numerous occasions.
On the other hand, a Desktop can not use WiFi from random and rapidly changing locations. The best a Desktop user can do is use a neighbors WiFi, and even if they use powerful antennas to get connections from further distance, once they are traced through Tor their attacker merely needs to do a wireless trace back to their fixed location. This is still an improvement to anonymity, it can provide you with perfect unlinkability so long as you quit using hotspots from that location prior to the feds breaking your Tor circuit and getting near your geospatial location with directional antennas. This is nice, as normally if you use Tor and your own internet connection, you would still need to worry about being traced even after you quit using that location to engage in communications indicative of involvement in illegal activity. However, it is not a defense that provides any protection at all until you stop using WiFi from that location for illegal activities, where as with a laptop it can be made to provide strong defense as you are constantly changing location.
-
Thanks for clearing that up kmfkewm. From this I have deducted that I am glad I use a laptop haha!
I've only been on the forums for a few weeks but like you're strong, hardy approach to being anti-government, I myself am the same. I ultimately think that the internet will set us free but really feel there isn't enough hardy government haters out there. But, another thread another time.
-
I was thinking about getting a used laptop with tails and a prepaid 3g dongle, which is ofcourse not registered and has been paid in cash.
Any ideas on this from the wizards/ would be highly appreciated!! :)
-
I use Liberte Linux (booted from usb) on a laptop that has been DBAN'd.
Do you guys think that is enough? Assuming I take usb everywhere I go with me..
How can I further anonymise the link between my ISP and TOR?
I know a VPN is one route but I don't know if it's possible to go VPN>TOR in Liberte. I know it is possible for TOR>VPN though.
-
i use TOR for everything, GPa for sensitive info. i have downloaded Libertry but am still trying to learn it. i actually dont understand the point of it but i guess just another security shield to hide you through TOR? This is all new to me as well.
-
If you are a vendor, I would strongly urge you to use full-disk encryption with Debian or Ubuntu, or possibly FreeBSD if you're that sort of nerd.
If you are a vendor, I would strongly urge you to use Tails for day to day interaction here, within a virtual machine on top of Debian or Ubuntu.
I would back up your keys onto a thumbdrive, encrypted, of course, and I would use randomly-generated passwords for your accounts using Keepass2.
I can not stress how important backing up your GPG keys and using Keepass2 is.