Author Topic: The Ten Commandments Revised  (Read 2413 times)

Hux

  • SR Dev
  • Jr. Member
  • ***
  • Posts: 71
  • Karma: +64/-9
    • View Profile
    • Personal Message (Offline)
The Ten Commandments Revised
« on: January 10, 2014, 12:32:15 am »
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

Too many people here seem unable to grasp the basics, so here are some commandments for traveling the road. Deviate to your own demise and have a nice stay in prison if you want to ignore the advice of the knowledgeable folk around here.

Rule 1: STFU

Shut the fuck up. Is it sunny where you live? How nice. Oh you're in the southern hemisphere I guess as it is summer there now, or are you in a hot country? Oh it is summer - that is interesting, your English is very good so I would think you speak English natively am I right? Your package was intercepted - really what was it? Only 10 pills of MDMA, what vendor were you working with as I've ordered pills before?

If you get to that point and you can't help but talk, congratulations you probably now have the FBI feeding intel to the Australian authorities and there will only be a handful of packages seized recently with exactly 10 pills in it and hell if you have given away what vendor you use then they also have the country of origin. Most people guilty of something like that will also use their home address so now LE probably know who you are and if you are anyone worth chasing you will wind up in a cell sooner or later.


Rule 2: The blockchain is irreversible (so don't fuck up even once)

Ok, you're ordering only a few grams of coke - who gives a shit? But you then buy from Bitstamp and send right to your SR address. Congratulations, now pray SR doesn't keep many logs because if there is even a hint of your bitcoin address tied to the account you ordered to they will have some pretty incriminating evidence against you and they will never prosecute you on that if you do scale up later on. Know the authorities are cunning, they gather evidence over time and your mistake was letting them find you in the first place. Most people let slip the little things and when they become bigger in the game, that comes to bite them in the ass.


Rule 3: Common advice isn't good advice

Why the fuck are you using a public wi-fi connection to browse Tor? If you've paid attention to recent events, you'll know the NSA are harvesting vast quantities of information from public wi-fi and tracking movements even when you have your Wi-Fi disabled (software disabling or not connecting does not prevent them knowing you are in range). Ross was slammed onto a table and they took his laptop to bypass all encryption and have him red handed. If you are going to do anything illegal, do it in your own home where they can't suddenly drag you away and if you don't want Tor on your internet connection, 3G or setting up a private bridge is the way to go. That isn't perfect, but unless you are a very high value target they aren't going to check every single 3G connection in the area or extensive measures like that - it is more likely they will just check your internet history via your ISP for tor connection times and try to correlate your activity. Tor isn't illegal and if you keep your mouth shut then they will have a very hard time to show serious wrongdoing.


Rule 4: Burn your identity - often

Oh you have 2,000 posts and don't want to lose your reputation? Great, we'll end the conversation there because quite frankly I can't stand being in the same conversation as such a self-righteous bastard. This is an anonymous environment, nobody genuinely cares who you are or who you pretend you are and generally a lot of smart guys don't make many posts here as they understand this is all going to be short lived in the bigger picture, whereas prison is not a short time if you are involved with Silk Road. I made a post recently about the life of a PGP key and one addition I may add is if you're changing your PGP key, it may then be a good time to also burn your identity and don't ever cross contaminate - never go near it again not even on the same virtual machine since every visit will leave some kind of trace. If you have bitcoins, lose them or spend them - never ever transfer them and if it is a lot of money such as the proceeds from your activity, use several mixers, methods and spaces of time to create as much separation as you humanly can.


Rule 5: Don't trust mixing services

If you trust a single mixer, you will go to prison one day if you keep walking that line. If bitcoinfog is compromised they may have kept logs all along and that combined with SR logs is going to put most of you in prison. If you want to be safe, buy bitcoins with cash of course, then split the bitcoins up into several wallets and perhaps move them through blockchain.info a few times over several accounts, load your bitcoinfog account wallets through blockchain.info's shared send feature to compound your anonymity and after bitcoinfog, maybe even duck it through another mixer or even through SR itself before reaching your disposable purchase account. If you can't afford to take those precautions because of the fees, perhaps reconsider buying at all.


Rule 6: Don't keep envelopes, it isn't fucking memorabilia

When you get your product, if you are ignorant enough to keep stuff in your house all the time at least make sure the envelope is gone way before you start taking any drugs. Do not throw it in the garbage as law enforcement don't need any authority to go searching your bins, the least you can do is shred it to pieces and burn it to a crisp and then mix it in with other general waste such as food or bury it deep, heck even put it down the toilet if it won't clog it. There is evidence coming through LE are now turning to chemical marking of packages to ensure the packages they find at the scene are the ones they sent the suspect and this is irrefutable evidence in court they are the same package even if you rip off the address and return address, and this isn't some shit you can wash off with a few wipes.


Rule 7: If you don't need a phone, don't have it near you

The leaks by Edward Snowden have shown phones can be used (particularly iPhone's) to watch suspects by turning on the camera and microphone and therefore depending on where you put it they could hear the sound of your typing, maybe see your screen, catch you mumbling words as you are thinking what to reply to a message or even intercept the wireless RF signals if you use Wi-fi or worse, a wireless keyboard and act as a keylogger which is definitely not outside the realms of possibility.


Rule 8: No matter what "gurus" claim, you cannot defend yourself from the NSA

Some LE agencies have ways to plant their packages onto your hard drives, BIOS and other low level systems of your computer so nothing you do with software will protect you. If you use a laptop, remove the hard drive from it before using TAILS and if you need a PGP key, never let it go near an internet enabled device. Data transfer must be one way so do not use the same USB stick to transfer anything from an internet-enabled device to an offline one. There is no need to expose your offline system to attacks from the online one. USB sticks these days for only a few hundred MB are cents and you could even use CD's which are only a few dollars for 100 of them so don't be cheap. One thing to add to that point is once you have transferred the data, dispose of it. Burn the CD to pieces (make sure it is melted, use a gas stove such as the camping cookers is a good idea) or melt the flash memory of the usb stick and then flush the pieces down the toilet once you've broken it down.


Rule 9: Don't use batteries

If you do use a laptop, remove the battery and keep the charger in. If LE break down your door then just pull the plug and the power is completely gone. If you've used a write-only device such as a CD/DVD-R then no data will be on that bit of media and almost everything in the RAM will be gone. So far the only real threats of recovering information from the RAM has been performed under lab conditions which in the field where they will probably take a while longer, have more exposure and not have everything immediately to hand. It is unlikely they will gain much from the residual data if they could recover it (let alone enough to bring to court as evidence).


Rule 10: Man the fuck up

Assuming you are caught, don't be an utter cunt. Keep your mouth shut, let a lawyer do the talking but refuse plea bargains. If you've managed to get yourself in this position, you have let your security slip and it is your own fault, don't bring anyone else down with you (yes Ross, can you hear me?). Say nothing, let them try to put you through a trial and you have a chance you can walk free and if you do get found guilty then it will give you enough time to learn from your mistakes hopefully and not repeat them. Unless you are big game you won't be in jail for the rest of your life so it isn't the end of the world. You chose to walk this tightrope yourself, and you used that rope to hang yourself like a ripe fruit ready for law enforcement to pick. Don't blabber like a little girl and perhaps one day you might be grateful when somebody doesn't drag you down either.

-----BEGIN PGP SIGNATURE-----

iQIcBAEBCgAGBQJSzz5+AAoJEKa1ThTkGTzrIssP/ig1hPLJSn+wo9GBD61wD4FN
sKcqcEwoin+05/2aEj/d3Kvkv7EF8oicYHb4lAKoswChCnK0DBw2kq8LRhFufAnP
vYqY8Ll6PZCPEyk267cVQW92XYgh13633Hcta3sJJrbEFVQKmM7urcBK1tDr8t1r
j2uxVv+R0MEOnXNYiaM6QspNV7lLNP56r6yh5GZDkyk6nEQjDWKxxCuqKAUKqy71
iOlrvwaIKgTw1o6PeeOY32nj/dft49N6yNpXJ8K9uasTYFDb+QHbukxPZj0N4vrs
2rwh+MYgwJ49sKBMNU1J1J4OksmPPeoKGETry1/CgP5DSxgOQl1KSpXzJhXHY5ux
e4GpMX7x+53229ygdvSzgTk0PDW8VuNgtthdcCWoZFJWACS//zzlxtFaWSksyWTW
Jnt9eqD/eQIuaRs4UkBdbPfOZVwdY4hqBnruUoZpksXLCEpmAS+I+37E749DIGUW
v4g0Ytrpg/4Kx45RYu44ay9+mqJAzheBSsXUqCBN8DnFV94DrlpeU6OoPNVaw1cC
vMbDZEm5pKj8ovaXoAZXL9DdQo1eM9nfTWk5Y/tLrQ9tPV81SnQUls73iAfrUoV0
i/XQmX4mFDgrmHfE8wuSe2Wg3jbZ1fr/cqlp6ieGrqyvBNLlbVV1hXBFKMuBG1lR
k9wxwgx7tsyiKow6h7lD
=hy/0
-----END PGP SIGNATURE-----


Code: (Plaintext with BB codes for signature verification) [Select]
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

Too many people here seem unable to grasp the basics, so here are some commandments for traveling the road. Deviate to your own demise and have a nice stay in prison if you want to ignore the advice of the knowledgeable folk around here.

[u][b]Rule 1: STFU[/b][/u]

[b]Shut the fuck up.[/b] Is it sunny where you live? How nice. Oh you're in the southern hemisphere I guess as it is summer there now, or are you in a hot country? Oh it is summer - that is interesting, your English is very good so I would think you speak English natively am I right? Your package was intercepted - really what was it? Only 10 pills of MDMA, what vendor were you working with as I've ordered pills before?

If you get to that point and you can't help but talk, congratulations you probably now have the FBI feeding intel to the Australian authorities and there will only be a handful of packages seized recently with exactly 10 pills in it and hell if you have given away what vendor you use then they also have the country of origin. Most people guilty of something like that will also use their home address so now LE probably know who you are and if you are anyone worth chasing you will wind up in a cell sooner or later.


[u][b]Rule 2: The blockchain is irreversible (so don't fuck up even once)[/b][/u]

Ok, you're ordering only a few grams of coke - who gives a shit? But you then buy from Bitstamp and send right to your SR address. Congratulations, now pray SR doesn't keep many logs because if there is even a hint of your bitcoin address tied to the account you ordered to they will have some pretty incriminating evidence against you and they will never prosecute you on that if you do scale up later on. Know the authorities are cunning, they gather evidence over time and your mistake was letting them find you in the first place. Most people let slip the little things and when they become bigger in the game, that comes to bite them in the ass.


[u][b]Rule 3: Common advice isn't good advice[/b][/u]

Why the fuck are you using a public wi-fi connection to browse Tor? If you've paid attention to recent events, you'll know the NSA are harvesting vast quantities of information from public wi-fi and tracking movements even when you have your Wi-Fi disabled (software disabling or not connecting does not prevent them knowing you are in range). Ross was slammed onto a table and they took his laptop to bypass all encryption and have him red handed. If you are going to do anything illegal, do it in your own home where they can't suddenly drag you away and if you don't want Tor on your internet connection, 3G or setting up a private bridge is the way to go. That isn't perfect, but unless you are a very high value target they aren't going to check every single 3G connection in the area or extensive measures like that - it is more likely they will just check your internet history via your ISP for tor connection times and try to correlate your activity. Tor isn't illegal and if you keep your mouth shut then they will have a very hard time to show serious wrongdoing.


[u][b]Rule 4: Burn your identity - often[/b][/u]

Oh you have 2,000 posts and don't want to lose your reputation? Great, we'll end the conversation there because quite frankly I can't stand being in the same conversation as such a self-righteous bastard. This is an anonymous environment, nobody genuinely cares who you are or who you pretend you are and generally a lot of smart guys don't make many posts here as they understand this is all going to be short lived in the bigger picture, whereas prison is not a short time if you are involved with Silk Road. I made a post recently about the life of a PGP key and one addition I may add is if you're changing your PGP key, it may then be a good time to also burn your identity and don't ever cross contaminate - never go near it again not even on the same virtual machine since every visit will leave some kind of trace. If you have bitcoins, lose them or spend them - never ever transfer them and if it is a lot of money such as the proceeds from your activity, use several mixers, methods and spaces of time to create as much separation as you humanly can.


[u][b]Rule 5: Don't trust mixing services[/b][/u]

If you trust a single mixer, you will go to prison one day if you keep walking that line. If bitcoinfog is compromised they may have kept logs all along and that combined with SR logs is going to put most of you in prison. If you want to be safe, buy bitcoins with cash of course, then split the bitcoins up into several wallets and perhaps move them through blockchain.info a few times over several accounts, load your bitcoinfog account wallets through blockchain.info's shared send feature to compound your anonymity and after bitcoinfog, maybe even duck it through another mixer or even through SR itself before reaching your disposable purchase account. If you can't afford to take those precautions because of the fees, perhaps reconsider buying at all.


[u][b]Rule 6: Don't keep envelopes, it isn't fucking memorabilia[/b][/u]

When you get your product, if you are ignorant enough to keep stuff in your house all the time at least make sure the envelope is gone way before you start taking any drugs. Do not throw it in the garbage as law enforcement don't need any authority to go searching your bins, the least you can do is shred it to pieces and burn it to a crisp and then mix it in with other general waste such as food or bury it deep, heck even put it down the toilet if it won't clog it. There is evidence coming through LE are now turning to chemical marking of packages to ensure the packages they find at the scene are the ones they sent the suspect and this is irrefutable evidence in court they are the same package even if you rip off the address and return address, and this isn't some shit you can wash off with a few wipes.


[u][b]Rule 7: If you don't need a phone, don't have it near you[/b][/u]

The leaks by Edward Snowden have shown phones can be used (particularly iPhone's) to watch suspects by turning on the camera and microphone and therefore depending on where you put it they could hear the sound of your typing, maybe see your screen, catch you mumbling words as you are thinking what to reply to a message or even intercept the wireless RF signals if you use Wi-fi or worse, a wireless keyboard and act as a keylogger which is definitely not outside the realms of possibility.


[u][b]Rule 8: No matter what "gurus" claim, you cannot defend yourself from the NSA[/b][/u]

Some LE agencies have ways to plant their packages onto your hard drives, BIOS and other low level systems of your computer so nothing you do with software will protect you. If you use a laptop, remove the hard drive from it before using TAILS and if you need a PGP key, never let it go near an internet enabled device. Data transfer must be one way so do not use the same USB stick to transfer anything from an internet-enabled device to an offline one. There is no need to expose your offline system to attacks from the online one. USB sticks these days for only a few hundred MB are cents and you could even use CD's which are only a few dollars for 100 of them so don't be cheap. One thing to add to that point is once you have transferred the data, dispose of it. Burn the CD to pieces (make sure it is melted, use a gas stove such as the camping cookers is a good idea) or melt the flash memory of the usb stick and then flush the pieces down the toilet once you've broken it down.


[u][b]Rule 9: Don't use batteries[/b][/u]

If you do use a laptop, remove the battery and keep the charger in. If LE break down your door then just pull the plug and the power is completely gone. If you've used a write-only device such as a CD/DVD-R then no data will be on that bit of media and almost everything in the RAM will be gone. So far the only real threats of recovering information from the RAM has been performed under lab conditions which in the field where they will probably take a while longer, have more exposure and not have everything immediately to hand. It is unlikely they will gain much from the residual data if they could recover it (let alone enough to bring to court as evidence).


[u][b]Rule 10: Man the fuck up[/b][/u]

Assuming you are caught, don't be an utter cunt. Keep your mouth shut, let a lawyer do the talking but refuse plea bargains. If you've managed to get yourself in this position, you have let your security slip and it is your own fault, don't bring anyone else down with you (yes Ross, can you hear me?). Say nothing, let them try to put you through a trial and you have a chance you can walk free and if you do get found guilty then it will give you enough time to learn from your mistakes hopefully and not repeat them. Unless you are big game you won't be in jail for the rest of your life so it isn't the end of the world. You chose to walk this tightrope yourself, and you used that rope to hang yourself like a ripe fruit ready for law enforcement to pick. Don't blabber like a little girl and perhaps one day you might be grateful when somebody doesn't drag you down either.

-----BEGIN PGP SIGNATURE-----

iQIcBAEBCgAGBQJSzz5+AAoJEKa1ThTkGTzrIssP/ig1hPLJSn+wo9GBD61wD4FN
sKcqcEwoin+05/2aEj/d3Kvkv7EF8oicYHb4lAKoswChCnK0DBw2kq8LRhFufAnP
vYqY8Ll6PZCPEyk267cVQW92XYgh13633Hcta3sJJrbEFVQKmM7urcBK1tDr8t1r
j2uxVv+R0MEOnXNYiaM6QspNV7lLNP56r6yh5GZDkyk6nEQjDWKxxCuqKAUKqy71
iOlrvwaIKgTw1o6PeeOY32nj/dft49N6yNpXJ8K9uasTYFDb+QHbukxPZj0N4vrs
2rwh+MYgwJ49sKBMNU1J1J4OksmPPeoKGETry1/CgP5DSxgOQl1KSpXzJhXHY5ux
e4GpMX7x+53229ygdvSzgTk0PDW8VuNgtthdcCWoZFJWACS//zzlxtFaWSksyWTW
Jnt9eqD/eQIuaRs4UkBdbPfOZVwdY4hqBnruUoZpksXLCEpmAS+I+37E749DIGUW
v4g0Ytrpg/4Kx45RYu44ay9+mqJAzheBSsXUqCBN8DnFV94DrlpeU6OoPNVaw1cC
vMbDZEm5pKj8ovaXoAZXL9DdQo1eM9nfTWk5Y/tLrQ9tPV81SnQUls73iAfrUoV0
i/XQmX4mFDgrmHfE8wuSe2Wg3jbZ1fr/cqlp6ieGrqyvBNLlbVV1hXBFKMuBG1lR
k9wxwgx7tsyiKow6h7lD
=hy/0
-----END PGP SIGNATURE-----
« Last Edit: January 10, 2014, 12:41:35 am by Hux »
No encryption is future-proof. Everything we considered secure 20 years ago is now weak even to home computing. If you want to stay safe, don't trust encryption - trust good data retention policies.

moroder

  • Jr. Member
  • **
  • Posts: 89
  • Karma: +8/-5
    • View Profile
    • Personal Message (Offline)
Re: The Ten Commandments Revised
« Reply #1 on: January 11, 2014, 12:40:04 pm »
Jesus!

How long did you spend writing this?

Good on ya man!
Fuck it - let's buy some drugs.

Agent

  • Sr. Member
  • ****
  • Posts: 332
  • Karma: +34/-8
    • View Profile
    • Personal Message (Offline)
Re: The Ten Commandments Revised
« Reply #2 on: January 11, 2014, 02:43:27 pm »
Albeit very crude the points this post makes are quite valid but any user that cares for their own safety should not rely solely on what is represented in this post but to also conduct their own research and spend their time researching how to operate their own OpSec.

66FC 55D6 A333 CD46 C8B0 5507 749B EEA5 E6A9 9183
Knowledge is power and as a community that knowledge can be used as a tool to aid the community, as I am only human if anything I submit on these forums is incorrect please contact me directly or quote the noted error and I can learn from my mistakes and minimize any form of misinformation.

x_syndicate

  • Full Member
  • ***
  • Posts: 123
  • Karma: +13/-2
  • god is in the details
    • View Profile
    • Personal Message (Offline)
Re: The Ten Commandments Revised
« Reply #3 on: January 11, 2014, 07:15:48 pm »
Very solid outline on how to properly handle yourself and keep safe while doing these activities.  +1

snowwhite421

  • Sr. Member
  • ****
  • Posts: 312
  • Karma: +56/-22
    • View Profile
    • Personal Message (Offline)
Re: The Ten Commandments Revised
« Reply #4 on: January 14, 2014, 08:42:59 am »
bump, and thank you hux. common knowlege for some, but very valuable, and possibly a reality check for those that know these things to take it more seriously. for those, data retention is a motherfucker. hope people have been smart in the past..

kittenfluff

  • Full Member
  • ***
  • Posts: 167
  • Karma: +19/-12
  • Turn on, tune in, drop out...
    • View Profile
    • Personal Message (Offline)
Re: The Ten Commandments Revised
« Reply #5 on: January 14, 2014, 09:56:32 am »
I would add:

11. Hope for the best, plan for the worst. What are you gonna do if LE turn up? Sure, TOR is legal and deniable, owning BTC is not illegal, but if they turn up you gotta have a good story else that don't mean shit and you'll look like a complete tool. Have a plan in place to make it as hard as possible if you find yourself in their radar. Despite all the NSA stories, you are still much more likely to be caught via traditional methods - a package is accidentally torn en route, someone snitches, police are chasing a criminal accross your land (happend to a couple of hippy weed-growers who'd been at it for 20 years and donated most of their profits to an African village). There was a news story recently where LE caught on to someone due to something trivial (taxes or insurence or antisocial behaviour or some such), then they looked and found they had been using TOR, and at that point if a) you don't have you activities sufficiently hidden (they didn't, they had a meth lab or similar) and b) don't have a good reason for using TOR, guarenteed they'll be all over you. They may anyway, but why make their job easier? Most of the time LE will be suspicious, but try to let you talk yourself into trouble, so have a story ready, have sensible answers to questions; 'sure officer, I use TOR. I'm a bit of an enthusiast, heard about it years ago, not much use for me as such, but I keep using it; it helps create cover for people in other countries fighting for access to information and freedom, plus I don't feel comfortable with google knowing EVERYTHING about me, you know?' or think of your own. Much better than 'um, I dunno, um, just kinda use it. It's not illegal to use it, right? So why hassle me?'
I often take breaks from smoking weed - some days I don't even spark up until I get home from work.

Give to Eris and receive great BJs from the universe - 1N78Ma9DgiwtyhPFDjWgchFXW9uhD3Aqhf

HonoluluExpress

  • Hero Member
  • *****
  • Posts: 2097
  • Karma: +277/-144
    • View Profile
    • Personal Message (Offline)
Re: The Ten Commandments Revised
« Reply #6 on: January 24, 2014, 05:22:18 am »
Bumping this. Thanks for this informational post.
« Last Edit: January 24, 2014, 05:24:10 am by HonoluluExpress »
Free Bitcoins: https://qoinpro.com/56dac0555612b52edb776964aa5f8fd2

Nightcrawler

  • Guest
Re: The Ten Commandments Revised
« Reply #7 on: January 24, 2014, 06:49:46 am »
I would add:

11. Hope for the best, plan for the worst. What are you gonna do if LE turn up? Sure, TOR is legal and deniable, owning BTC is not illegal, but if they turn up you gotta have a good story else that don't mean shit and you'll look like a complete tool. Have a plan in place to make it as hard as possible if you find yourself in their radar. Despite all the NSA stories, you are still much more likely to be caught via traditional methods - a package is accidentally torn en route, someone snitches, police are chasing a criminal accross your land (happend to a couple of hippy weed-growers who'd been at it for 20 years and donated most of their profits to an African village). There was a news story recently where LE caught on to someone due to something trivial (taxes or insurence or antisocial behaviour or some such), then they looked and found they had been using TOR, and at that point if a) you don't have you activities sufficiently hidden (they didn't, they had a meth lab or similar) and b) don't have a good reason for using TOR, guarenteed they'll be all over you. They may anyway, but why make their job easier? Most of the time LE will be suspicious, but try to let you talk yourself into trouble, so have a story ready, have sensible answers to questions; 'sure officer, I use TOR. I'm a bit of an enthusiast, heard about it years ago, not much use for me as such, but I keep using it; it helps create cover for people in other countries fighting for access to information and freedom, plus I don't feel comfortable with google knowing EVERYTHING about me, you know?' or think of your own. Much better than 'um, I dunno, um, just kinda use it. It's not illegal to use it, right? So why hassle me?'

In my view, the Snowden revelations of the last summer, proving the existence of massive dragnet surveillance, provide the best excuse for  using Tor.

Nightcrawler
4096R/BBF7433B 2012-09-22 Nightcrawler <Nightcrawler@SR>
PGP Key Fingerprint = D870 C6AC CC6E 46B0 E0C7  3955 B8F1 D88E BBF7 433B

Security is a bit like religion... some things have to be taken on faith.
Where security differs from religion is that security is NOT retroactive.
Unlike Christianity, where you can come to Jesus, be 'saved' and have all
your sins washed away, with security you can adopt Tails or PGP, and be
secure from that point forward, but rest assured that your previous sins
(security failings) WILL come back to haunt you and bite you in the ass.
The original DPR is the poster child for that, right now.

Folly, thou conquerest, and I must yield!
Against stupidity the very gods Themselves
contend in vain.      --Friedrich Schiller

Akon

  • Sr. Member
  • ****
  • Posts: 300
  • Karma: +37/-80
    • View Profile
    • Personal Message (Offline)
Re: The Ten Commandments Revised
« Reply #8 on: January 24, 2014, 10:07:51 am »
bump, and thank you hux. common knowlege for some, but very valuable, and possibly a reality check for those that know these things to take it more seriously. for those, data retention is a motherfucker. hope people have been smart in the past..

Stop riding dick E-Whore!

Thank you Hux. Common knowledge for some, but very valuable, and possibly a reality check for thos that know how to protect them selfes. Many will probably take it also more seriously. For those who dont understand data retention is pain in the ass. I hope most of you have not committed mistake in the past that will haunt you in the future.

jokerman2002

  • Sr. Member
  • ****
  • Posts: 292
  • Karma: +83/-53
    • View Profile
    • Personal Message (Offline)
Re: The Ten Commandments Revised
« Reply #9 on: January 24, 2014, 10:12:35 am »
Thanks for the advice it had me questioning some of the things ive done.
Look some people don't usually +1 but check this if you +1 me you will form a spirtiual bond that ties us in our timeline. That might be the only way we would ever form some sort of subconscience spritual connection. Creating a stronger positive life for both each of us.

AliceInWonderland

  • Full Member
  • ***
  • Posts: 216
  • Karma: +54/-12
    • View Profile
    • Personal Message (Offline)
Re: The Ten Commandments Revised
« Reply #10 on: January 27, 2014, 05:19:10 pm »
Very informative thread.

A lot of the info should be public knowledge by now, but I suspect that there is still a lot of people that is not yet aware of these issues, and even more people that just choose to ignore their opsec, because they consider it to be an inconvenience to them!

In any case, it never hurts to keep mentioning these precautions once in a while, so the few that are unaware can be brought up to speed.
Remember to look in the knowledgebase before asking questions:
http://silkroad5v7dywlc.onion/index.php?action=kb

The Ten Commandments - http://silkroad5v7dywlc.onion/index.php?topic=15762.0

Why you should never talk to the police:
https://www.youtube.com/watch?v=6wXkI4t7nuc

pK

  • Vendor
  • Hero Member
  • *****
  • Posts: 705
  • Karma: +115/-22
  • Australian MDA Vendor.
    • View Profile
    • Personal Message (Offline)
Re: The Ten Commandments Revised
« Reply #11 on: January 27, 2014, 05:33:31 pm »
So brilliant I decided to throw it into my signature.

Thankyou.
MultiSig -  Express Post - Seamless Communication.

Escrow available on alternative markets.

Forum Review - http://silkroad5v7dywlc.onion/index.php?topic=13368
Marketplace Profile - http://silkroad6ownowfk.onion/users/pk

Johnny Alpha

  • Vendor
  • Full Member
  • *****
  • Posts: 133
  • Karma: +25/-15
  • J.A. will pay the bills...
    • View Profile
    • Email
    • Personal Message (Offline)
Re: The Ten Commandments Revised
« Reply #12 on: January 27, 2014, 11:07:20 pm »
This is great, a lot of noobs won't even consider half the stuff on here; should be stickied?
Johnny Alpha - Quality UK Domestic Hash and Weed

Now active on Agora ( Johnny_Alpha ) Evolution ( JohnnyAlpha ) and SR2 ( Johnny Alpha )

AAA Service - Alpha As Always

Down-Time email: johnny_alpha@mailtor.net or find me @TheHub: http://thehub7dnl5nmcz5.onion/index.php?topic=2716.0

StingRay

  • Jr. Member
  • **
  • Posts: 77
  • Karma: +4/-0
    • View Profile
    • Personal Message (Offline)
Re: The Ten Commandments Revised
« Reply #13 on: January 28, 2014, 01:44:48 am »
overall, some good basic guidelines to follow, but i would have to beg to differ in regards to rules 3 and 9.

the NSA are collecting and storing vast amounts (well ALL) data and metadata, emails, ect, from the ENTIRE internet. not just public wi-fi my friend. from your home connection as well. and using random, rotating, off-camera, public wi-fi is far safer than using your home connection for many reasons. tying yourelf to one single IP (let alone your home IP), or a single ISP, is just asking to be busted in the long run (all depending of course on how much of a target you are, aka, vendor or buyer). using random rotating public wi-fi hotspots, open networks, or even cracking WEP networks, has been time tested and proven security protocol for many years. for many reasons. if you ar a vendor spending alot of time on the forums using your vendor nym, fx, assuming LE has ordered at least one package from you, they know the town/city you likely reside/ship from. and depending on the size of the city, and if you aren't using a 'truly' private bridge, f.x., ssh'ing into an amazon instance, or using obfuscated bridges/pluggable transports, or otherwise aren't hiding the fact you are using Tor from your ISP on your home connection without having control of at least one end of your tor circuit, you are far more likely to be identified/de-anonymized thru traffic correlation/timing analysis over time. especially if using the same IP/ISP each time you connect from a home connection. and i personally feel this was the most likely reason i was de-anonymized and fell victim to government spyware/malware when i was a vendor. as i became too comfortable, placing too much faith in Tor alone, and failed to follow the most basic protocol as i had otherwise always done so in the past. it's can become tempting to do so, considering the amount of work to be done as a vendor. but you don't have to do that work while 'online'.

if you are a vendor, it should only take you 5-10 minutes 'tops' to spoof your MAC addy, jump on some random hotspot (in a coffeshop, or in your car outside a coffee shop, ect), quickly download emails using Thunderbird, save pages of pm's (i wish the ability to mass-download pm's were available), save pages of current orders for reviewing later, transfer btc, ect, then jump off, remove your battery, and head to a secure location. then take all the time you like to (preferably on a seperate air-gapped machine), insert your keys from a seperate encrypted flashdrive, decrypt and reply to emails, messages, orders, ect, before (in no particular order) re-encryptting reply's to emails/pm's, packaging/dropping orders, and jumping back online to upload emails, update SR order info, pm's, ect. again, from random wi-fi hotspots so as not to create any patterns which will just make you much easier to track down and possibly infect with malware. these days they basically have an overview of the entire internet (by 'literally' re-routing/splitting the fiber-obtic backbone of the internet at various points across the globe). it's likely they use automated software could detect when a certain computer, with a certain MAC addy comes online. by spoofing your MAC addy, and always popping up random places, you make yourself much harder to a become a target for mal/spyware infection. avoid creating patterns in every possible way. from rolling GPG sub-keys over time, possibly changing identities every so often, using random drop boxes each time, changing return addresses, even fonts, using different methods of writing to seperate your vendor nyms proffesional 'proper talk' from your alternate forum nym's 'slang' talk' (if ya' getz me?), as well as rotating random wi-fi hotspots. ssh'ing into a private first-hop instance will keep your information safe on a public network similar to (but safer if done corretly) than a VPN.

but tying your home connection/IP/real-world identity to your SR vendor account or 'any' illegal activities in any way is just asking for it in the long run. and following this protocol has served myself and many others i know safely for many years. minimizing your felony commiting online footprint is essential. especially when it should only take you 5-10 minutes 'online', a few days a week, 'tops', there is no reason to risk doing so from your home connection. ever. alll it takes is one slip-up. one-time forgettting to spoof your MAC, or using a bridge, or setting script-protection in Tails, ect. and again, particularly if you spend alot of time on the forums using the same nym as your vendor nym. avoid making your self a target by creating patterns like using your home connection, tied to your real life identity. among many other reasons than those i explained as well. but enough for now...

but as far as not using battteries, using a power source/plugged in is a vulnerability that be used to exploit your computer. look into it. and shouldn't be used while commiting felonies if at all possible for a number of reasons. in your scenario, assuming you are running Tails 'live' on DVD-R, fx, powering down, or simply removing a flash drive with your persistance volume is just as simple, (and if using as microSD card, makes any evidence more quickly 'edible' as well). but also allows you to be more portable, in order to use public wi-fi in the safety of your car fx. (or debatably, for a number of reasons, possibly even using pre-paid portable wi-fi hotspots/surf stick). but this scenario is also one most of us will likely 'never' encounter. but in either scenario, a cold-boot attack on RAM would nullify any chances of protecting what may be stored in RAM at the time anyways. but this attack is rarely used unless you are high value target, and they are prepared. in which case you're likely screwed anyways, since they have likely imaged your hard drive and gathered a bunch of other evidence to use against you anyways. having a shotgun next to your computer would be a much simpler solution either way (and has been actually been proven effective according to an article i recall reading once, lol..) but all things considered, the portability a battery allows you vs the vulnerabilaties a plugged in power supply can pose to your computer, amoung other things, batteries win, imo.

there's also many other things i'd add to your list, but overall it's definately some good basic guidelines to follow, so please don't get me wrong.

but suggesting that everyone should commit felonies from their home connection is dangerous advice, imo. especially if you are not using obfucated bridges, spoofing your MAC, and taking 'quite' a few number of other precautions. EVERY SINGLE TIME! like perhaps using Whonix (yet even then, there is the issue/reality of VM security for one, which is one reason i hesitate to use it. which has nothing to do with Whonix itself, but with the Virtualization tech it relies on). and a whole other topic entirely...

but overall, good advice...! :)

peace

mirage

Could you please elaborate more on how to setup a first hop instance? Do you mean getting a hosting service, then setting up tor on that instance. Then finally using ssh to tunnel your traffic through that server? In this scenario one would not need to run tor on their local machine correct?

Oh yeah when ssh'ing to the private server would one forward ports 80 and 443? Would one still have to configure socks in their internet browser?

Would this even work for tails because it connects directly to tor from the start?

I'm just trying to learn. Hopefully you or one of the other experts can provide some insight.

soviet

  • Jr. Member
  • **
  • Posts: 77
  • Karma: +21/-0
  • West Side
    • View Profile
    • Personal Message (Offline)
Re: The Ten Commandments Revised
« Reply #14 on: January 29, 2014, 11:24:40 am »
Sound advice right here. Bump.
Find what you love and let it kill you

tootiefruitie

  • Jr. Member
  • **
  • Posts: 60
  • Karma: +6/-2
    • View Profile
    • Personal Message (Offline)
Re: The Ten Commandments Revised
« Reply #15 on: January 30, 2014, 06:18:48 am »
it's a sad day when this list is now filled with  the minority of users' habits/knowledge. 80% "low hanging fruit" makes for a dismal revolution.