Servers?

[generalm3sS]

I know you can't say where they are, But are they out of the USA? UK? Frnace?

This is a issue for a lot of people, including myself

[Vy7wf]

More important, are you out of the USA? UK? Frnace? 

[Dread Pirate Roberts]

The location of the servers is not something I will ever be confirming or denying. I have taken steps the previous Dread Pirate Roberts wouldn't have even thought of so you may rest assured, you are in the hands of a technically competent expert.

[Jones909]

I would have been out of here had you answered a question like that.

[lightonion]

here's some advice.

Make sure you read the entirety of the criminal complaint.
http://www1.icsi.berkeley.edu/~nweaver/UlbrichtCriminalComplaint.pdf

it details when they found some/all of the servers (early-mid 2013, where they found servers (in the US and multiple foreign countries), and that they monitored the activity on such servers for months to use as evidence. Be that as it may, I'd recommend that these servers be mobile and changing, potentially destroying all servers once per year (or more) and setting them up in a new location, new IP, etc. etc. etc.

Also, they use the fact that DPR's postings of server activity/updates/etc as evidence that he was the sole user in control of these servers. Perhaps you should employ a list of employees 10+ long, even if they are all you, to make it appear that many people are in control, so that if anything does ever happen to you, you have some plausible deniability. The fact that they are able to prove that DPR was in control of the infrastructure behind Silk Road seems to be a huge evidence point in the case. The same can be said for his control of the code behind the SR website. You should make it appear that there is someone else responsible for the programming. The slightest slip up can be enough to prove that you are in control, so make sure you are consistent.

[flwrchlds9]

As mentioned previous. Most important idea will be BACKUP and survivability of a take down.

Keep 6 independent networks of severs ready to re-deploy.

[V]

I know you can't say where they are, But are they out of the USA? UK? Frnace?

This is a issue for a lot of people, including myself

Your best bet right now if you want to remove the label of 'LE' countless spectators will have slapped mentally to your username, is to pretend you were testing how smart DPR is... then again, folk probably won't believe you ;-)

Hard luck.

V

[yellowstar14]

Never ever use virtual machines (VPS) , this is whey they could monitor the servers without  DPR ever detecting it coping all data and all hot wallet keys.
Make a trap on the server , make it multiple micro boards in 1 server 1u for example ,
each doing a separate task , so you can still make separate compartments like routing and web server and DB to harden hacking.
further my advise is use GPS in one of the compartments , against (moving) tampering , also network tampering , and opening tampering , in all cases the system will shut down lock wallets and need to be re activated , IF DPR had done that nothing would have happened..
Its not easy to set up but if you want to be save this is what it takes.

 

[MarcelKetman]

I would have been out of here had you answered a question like that.

Damn right

[Maestro]

It doesn't matter where the servers are hosted. There isn't a country, rack space provider, or bandwidth provider anywhere in the world that would willingly service a marketplace similar to SR. You could host it within the USA nearly just as safely as many other countries. Hosting it offshore only buys you a short amount of time that you wont even be aware of when the time comes after the servers location is found out by authorities. The key is making sure its location is not found to begin with and making sure data is secure in the event it is found.

[Dread Pirate Roberts]

It doesn't matter where the servers are hosted. There isn't a country, rack space provider, or bandwidth provider anywhere in the world that would willingly service a marketplace similar to SR. You could host it within the USA nearly just as safely as many other countries. Hosting it offshore only buys you a short amount of time that you wont even be aware of when the time comes after the servers location is found out by authorities. The key is making sure its location is not found to begin with and making sure data is secure in the event it is found.

This sums up my stance on the matter. There are 2 considerations which we are always keeping when choosing a place to host the forums and marketplace since they will always be separate for security reasons. The top issue is that of net side exploitation - can the server or any component of it be hacked in any way to expose user information or that information of the server. Failing that, the second step is to ensure that in the event the first step is breached, that data does not fall into the wrong hands so even if law enforcement or a hacker was to access our systems, all they would be able to collect is useless garbage of encrypted information. Rest assured we will not make the same mistakes the first Dread Pirate Roberts did, both for your interest and ours.

[Meerkovo]

Are you keen on saying what fuck ups were made by previous DPR, on more technical explanation not some noobish talk that I have read and over again.



M

[Vy7wf]

Sometimes saying less is more.

[The President]

It doesn't matter where the servers are hosted. There isn't a country, rack space provider, or bandwidth provider anywhere in the world that would willingly service a marketplace similar to SR. You could host it within the USA nearly just as safely as many other countries. Hosting it offshore only buys you a short amount of time that you wont even be aware of when the time comes after the servers location is found out by authorities. The key is making sure its location is not found to begin with and making sure data is secure in the event it is found.

This sums up my stance on the matter. There are 2 considerations which we are always keeping when choosing a place to host the forums and marketplace since they will always be separate for security reasons. The top issue is that of net side exploitation - can the server or any component of it be hacked in any way to expose user information or that information of the server. Failing that, the second step is to ensure that in the event the first step is breached, that data does not fall into the wrong hands so even if law enforcement or a hacker was to access our systems, all they would be able to collect is useless garbage of encrypted information. Rest assured we will not make the same mistakes the first Dread Pirate Roberts did, both for your interest and ours.

If you ever do get bagged I will make sure to pardon you sir. But lets just try to stay out of trouble shall we?

[flwrchlds9]

It doesn't matter where the servers are hosted. There isn't a country, rack space provider, or bandwidth provider anywhere in the world that would willingly service a marketplace similar to SR. You could host it within the USA nearly just as safely as many other countries. Hosting it offshore only buys you a short amount of time that you wont even be aware of when the time comes after the servers location is found out by authorities. The key is making sure its location is not found to begin with and making sure data is secure in the event it is found.

This sums up my stance on the matter. There are 2 considerations which we are always keeping when choosing a place to host the forums and marketplace since they will always be separate for security reasons. The top issue is that of net side exploitation - can the server or any component of it be hacked in any way to expose user information or that information of the server. Failing that, the second step is to ensure that in the event the first step is breached, that data does not fall into the wrong hands so even if law enforcement or a hacker was to access our systems, all they would be able to collect is useless garbage of encrypted information. Rest assured we will not make the same mistakes the first Dread Pirate Roberts did, both for your interest and ours.

Please tell us then, you DO expect that the servers may one day be seized by LE and will plan accordingly but for real this time?

[Lief]

I know you can't say where they are, But are they out of the USA? UK? Frnace?

This is a issue for a lot of people, including myself

Nice try, Leo.

[kittenfluff]

I would have been out of here had you answered a question like that.

True that. Any way an admin can mark the OP (and the user who agreed in post #2) as 'slightly suspect' for even asking?

[Ketatmine]

I know you can't say where they are, But are they out of the USA? UK? Frnace?

This is a issue for a lot of people, including myself

Nice try, Leo.

Generalm3sS was a SR vendor whom I'm glad to see here, but he does need to sign in with his PGP pronto.

[generalm3sS]

I know you can't say where they are, But are they out of the USA? UK? Frnace?

This is a issue for a lot of people, including myself

Your best bet right now if you want to remove the label of 'LE' countless spectators will have slapped mentally to your username, is to pretend you were testing how smart DPR is... then again, folk probably won't believe you ;-)

Hard luck.

V

Are you accusing me of something here? We were vendors on SR for 2 years 1 day when it went down. We were not active on forums button the IRC chat (although its been a year) with perfect ratings. Before being so quick to judge i'd think.

We were asking the question because its a major issue for us personally for our reasons.

@DPR, Thanks for your reply and it actually does settle a few things for us. Here's to hoping this is all true and we will all be back up and showing the world how a true free market and society works!

Want proof? Here's my public key and im sure SOMEONE on here has brought some 18-20mg HCL Caps off us or some of 'THE BEST QUALITY AVAILABLE' 2c-b and other things in the past that can verify that this is in fact our key.

-----BEGIN PGP PUBLIC KEY BLOCK-----
Version: GnuPG v1.4.12 (GNU/Linux)

mQELBE6HlkoBCAC4YmLVczexSfnoQs0Q31PdEujkpTDFicfjbHywWmIS/w/f0aLW
zmhbkgCDMJnoDleVZ9pqCqPsGxQSmwVFlZ58jDWaRgzSKaDLjFY4UJiq1Kh889T+
IC5G+on7een34nxgA398eTSyk2ZOVN8He+8g1NvR5ciMEVvck2wvKDmhLnnIypLp
of3zJve4EsVewugMC/+L7mJ8BWX6zBeXHBMhZWnymNs+uzo6Ome4LeH/wL0cBD5H
LF5dFBsWw4EeR0jr7sDQR4OgpVV16P/CAMVg9Vek4wo/fVYpV68jaXAw7kzqryFB
u5E28stIXR5bKH1yZY7xPUnkoIMIZclLpLK5AAYptB9nZW5lcmFsbTNzUyA8Ymxh
YmxhYmxhQGJsYS5jb20+iQE8BBMBAgAmBQJOiFtpAhsjBQkJZgGABgsJCAcDAgQV
AggDBBYCAwECHgECF4AACgkQOlTd1cqG9HPpQAf/Y6stLUKqj7oIQlvcWCAstPvn
eXVfBSbh2yPKipPu/RlMJs4W1SqAeH6p+Mub08jcnXez1IV1DjE5rPXePnYSRGLe
U79jXYpgU8mOiSr5BmfC4YsYvtyNk2rmPkrgqobs/ImeatGAygzZyTllhH6wwB3r
WPzCriGpFKYYCjFELZmxro7Xm9mBVNDSDxj/x+o1pg4S2pVOeFGuxPvtyFeosG9Y
Wcu/6Dt7djGg/Us6lVsR33GV0nlXtyCQamPLSadLXgNHAoKeUrIp2fZRPVSRbY8D
Xg5ACvbNzvYG9xVQoZP+Lc6gNDqjEd3/Y/h94CE2Xa3Dg0jjeWsZgjrfgaWrwLkB
CwROh5ZPAQgAnNRFfsFYUxwdvN6NWRmWNFyAN+eD5Dsqpc89E0weRq6O2kg+EMy5
rGFrldvCiUBfh45d0XNfuUWXgKARkLHHbEnUomIWpGp3BRaB7IGQ2CgamD/0CrOE
DbhYzzwUJFoxPKad8ijPkj03tnfAJY0wDv0dn0bHEgSi9E0Lv7KfQv7Wic0E+TZ8
uKZ0OffPW2yiMyQOxVtt1heHTS5Fmsdtuk8cxMJCIp2Ukp2uzhxQRVPXpuISA7AI
M3kw0tuf3dd0EwmnFVOwhxP/vgevriNiIxQaMfsygcy+JnthrXR9LOmLQcqwwlpZ
oDqZQGxCAtkLRIKkoSYIpQnGFkhfLFPr0QAGKYkBJQQYAQIADwUCToeWTwIbDAUJ
CWYBgAAKCRA6VN3Vyob0c7iqB/9/hmXwMWjTVNv66VclVPuXkpmNMbwiBqp54Kbr
o++7aeS7RRJaFgeXkBU90iiicJWje57PKmGSbmsPfPIv/CYZLvMkHI72Xe6Axozt
PTRJozvuEZUh2Gxv0zcwxUWybsFuoTVVdsCSJmEOJfbgiJ/NOXwL33AlK/9rWA/M
uZFkZ11PXMTvzR4O40BJHrjbhGXbEul2KXbng11rchs9VjnvOsZHfVCGGmwVhUKR
tC/Wy+Cku9ds06FGPpxIyYvfWjVDHAiHzIR2KHRh9RLOj8si/smb7i4soiV1z+e/
McOI5dyE8SrQMWn5PgHN9D49yOjPXd6VAyJJOsljTeoMc5fm
=v1DI
-----END PGP PUBLIC KEY BLOCK-----

Test us

I understand speculation in the light of things but please, Don't be so quick to judge when someone is asking about something important!

Peace

GM

[generalm3sS]

lief and kittenfluff too!

wow

YOu are paranoid arn't you!

[generalm3sS]

I know you can't say where they are, But are they out of the USA? UK? Frnace?

This is a issue for a lot of people, including myself

Nice try, Leo.

Generalm3sS was a SR vendor whom I'm glad to see here, but he does need to sign in with his PGP pronto.

Thanks for that. You will get an extra special parcel when were back operational

Peace

EDIT: We messaged DPR privately and have heard nothing back about the PGP thing.

[V]

I know you can't say where they are, But are they out of the USA? UK? Frnace?

This is a issue for a lot of people, including myself

Your best bet right now if you want to remove the label of 'LE' countless spectators will have slapped mentally to your username, is to pretend you were testing how smart DPR is... then again, folk probably won't believe you ;-)

Hard luck.

V

Are you accusing me of something here?

I'm accusing you of nothing. I was trying to highlight why some readers of this thread may have got their backs up, albeit in a light-hearted and friendly manner.

Apologies for any offense.

V

[Yoda]

EDIT: We messaged DPR privately and have heard nothing back about the PGP thing.

I hate to promote this since I keep seeing so many unknown random people doing this for insignificant posts, but you could have just signed your entire post. 

PGP Signing your post would prove that the message came from that public key, it proves you are whom you say you are.   You can even include your public key within the signed message so anyone can easily check it.

[generalm3sS]

@ V - No worries

@ YODA - How? I know that's 'novice' question for a 2 year vet but its something that's never come up/been an issue! But i completely understand given the circumstances

[Yoda]

@ YODA - How? I know that's 'novice' question for a 2 year vet but its something that's never come up/been an issue! But i completely understand given the circumstances

What program are you using?  Are you using gpg4usb?  (it's the easiest to use)

If so:

-Open up gpg4usb
-Write your message in the left hand box
-In the right hand box, check the box next to your key... then right click on your key, select "Append Selected Keys To Text"
-Now on the top menu, click "Sign"... it's in between  "Decrypt" and "Verify"
-Simultaneously hit  "Ctrl" and "A",  then likewise for "Ctrl" and "C"... then paste this as your forum post.  "Ctrl" and "V"
(alternatively you could just right click on the text in the left hand box, select "Select All", then right click again and select "Copy"... then paste accordingly as a post in the forum)

[Clarity]

The location of the servers is not something I will ever be confirming or denying. I have taken steps the previous Dread Pirate Roberts wouldn't have even thought of so you may rest assured, you are in the hands of a technically competent expert.

This just give me a smile on my face

[EyeRideHigh]

'Rest assured we will not make the same mistakes the first Dread Pirate Roberts did, both for your interest and ours."


Please dont stomp on this guy while he's in the slammer. For all we know LE has hit a rode block when it comes to certain things other than the previous Sr wallet. Basically calling him stupid while he is in jail isnt the smartest plan. Lets just let sleeping dogs be just that at the moment. Its common for us regular people to do so but being your the new DPR, please take a higher rode and show this guy some respect.

[dieAntwoord]

It doesn't matter where the servers are hosted. There isn't a country, rack space provider, or bandwidth provider anywhere in the world that would willingly service a marketplace similar to SR. You could host it within the USA nearly just as safely as many other countries. Hosting it offshore only buys you a short amount of time that you wont even be aware of when the time comes after the servers location is found out by authorities. The key is making sure its location is not found to begin with and making sure data is secure in the event it is found.

This sums up my stance on the matter. There are 2 considerations which we are always keeping when choosing a place to host the forums and marketplace since they will always be separate for security reasons. The top issue is that of net side exploitation - can the server or any component of it be hacked in any way to expose user information or that information of the server. Failing that, the second step is to ensure that in the event the first step is breached, that data does not fall into the wrong hands so even if law enforcement or a hacker was to access our systems, all they would be able to collect is useless garbage of encrypted information. Rest assured we will not make the same mistakes the first Dread Pirate Roberts did, both for your interest and ours.

Separate db from whatever web app you build http://tobtu.com/encryptbcrypt.php
If you're not hosting in Russia or Belarus/Ukraine this is a waste of time. They can file an MLAT in a few hours. If you're in a non friendly country at least it will take longer, long enough for you to rotate servers out of there on your monthly schedule and by the time they bribe the Russian ISP you're gone.

[Keyboard DPK]

Sir DPR,
the software your using to "Hide" the Servers is Vulnerable just to let you know this sort of thing would be a devastating blow to the Servers If targeted One thing you should know There is No code that is Un-hackable Just takes Time and a pissed off Person

Your Friend DPK,

[Vizzini]

Sir DPR,
-redacted-
Your Friend DPK,

I find this impossibly hard to believe. If you were serious, this would have been put into a private message, encrypted with DPR's GPG, and been sent privately.

The fact you posted this on the forum not only makes it seem unlikely, but in the case it is true, you'd be the one fucking it up instead of helping out.

[dieAntwoord]

I'd like to chime in here. Based on my discussions with the current DPR, I am confident that while nothing in this world is infallible.. the servers and security of both the marketplace (to come) and the (current) forums are probably as solid as can be. Much more so then the last go, and absolutely unparalleled to competitors. People learn from the mistakes of their predecessors.. and I can vouche that this DPR while extremely close to the previous DPR, is more competent with security. (No offense to previous DPR.. there is nothing but love for him/her. I will not refer to that DPR as Mr. Ulbricht until and if he is convicted).

Take my word on it folks, I was very close to our former captain and the current DPR is well aware of that. I wouldn't be here for a minute longer then necessary if I felt it was an effort lacking rock solid security measures.

That being said, never, ever, EVER forget to use PGP when discussing anything transactional, identifiable, or order related. Ever.

So, last SR was full of CIs and feds.
You were close to him, and the new DPR so FBI have all your indicators to analyze.

New DPR told you his entire setup apparently.

This is a gigantic violation of opsec, specifically compartmentalization. We shouldn't even know who the new 2 DPRs are yet they are tied to old nyms on the previous forum.

I also read about scalability, and he admitted he didn't care about where it was hosted so long as it was hidden which makes me think this will be a Heroku/Google App Engine/AWS or similar cloud hybrid with the Gateway a tor socks proxy to connect to back end and network facing app that will be US or UK hosted. Don't reply, but if I'm correct don't even think about doing this.

[Vizzini]

I'd like to chime in here. Based on my discussions with the current DPR, I am confident that while nothing in this world is infallible.. the servers and security of both the marketplace (to come) and the (current) forums are probably as solid as can be. Much more so then the last go, and absolutely unparalleled to competitors. People learn from the mistakes of their predecessors.. and I can vouche that this DPR while extremely close to the previous DPR, is more competent with security. (No offense to previous DPR.. there is nothing but love for him/her. I will not refer to that DPR as Mr. Ulbricht until and if he is convicted).

Take my word on it folks, I was very close to our former captain and the current DPR is well aware of that. I wouldn't be here for a minute longer then necessary if I felt it was an effort lacking rock solid security measures.

That being said, never, ever, EVER forget to use PGP when discussing anything transactional, identifiable, or order related. Ever.

This is a gigantic violation of opsec, specifically compartmentalization. We shouldn't even know who the new 2 DPRs are yet they are tied to old nyms on the previous forum.

Who's DPR again? I would love to hear how we "know who the new 2 DPRs are", and how you know there is 2 DPRs?

To be completely honest I have a guess at who the original DPR was, while the new DPR... he did mess up once, but I didn't catch the mess-up to find out who he was on the previous forums.

[Vy7wf]

I also read about scalability, and he admitted he didn't care about where it was hosted so long as it was hidden which makes me think this will be a Heroku/Google App Engine/AWS or similar cloud hybrid with the Gateway a tor socks proxy to connect to back end and network facing app that will be US or UK hosted. Don't reply, but if I'm correct don't even think about doing this.

What is a safer setup?

[flwrchlds9]

Well GAE or AWS is a NSA front end, basically. So not that.

[Tessellated]

'Rest assured we will not make the same mistakes the first Dread Pirate Roberts did, both for your interest and ours."


Please dont stomp on this guy while he's in the slammer. For all we know LE has hit a rode block when it comes to certain things other than the previous Sr wallet. Basically calling him stupid while he is in jail isnt the smartest plan. Lets just let sleeping dogs be just that at the moment. Its common for us regular people to do so but being your the new DPR, please take a higher rode and show this guy some respect.

Nobody called him stupid. It was said that he made mistakes, he did make mistakes. Pointing out his mistakes and taking effort to avoid them is not an attack on him. He would appreciate it.

[lithonius]

Sir DPR,
the software your using to "Hide" the Servers is Vulnerable just to let you know this sort of thing would be a devastating blow to the Servers If targeted One thing you should know There is No code that is Un-hackable Just takes Time and a pissed off Person

Your Friend DPK,

hello mDPR.

[Dr. Chem]

I know you can't say where they are, But are they out of the USA? UK? Frnace?

This is a issue for a lot of people, including myself

VPN/Tor/Tails ...Issue solved?

[Blaze]

I know you can't say where they are, But are they out of the USA? UK? Frnace?

This is a issue for a lot of people, including myself

Are you retarded? You must be if you expected an answer. GTFO the dark web.