Silk Road forums
Discussion => Silk Road discussion => Topic started by: The Godfather on October 04, 2013, 06:58 am
-
A team of loyal patrons from Silk Road are teaming up to build Silk Road 2.0! Stay tuned for more details and progress!
LONG LIVE SILK ROAD!!!!!!!!!
-
Ladies and gents,
Know this when I say "This is not the end, this is just the beginning". We will come out with a newer, sleeker, more secure version of Silk Road that will be 100% untraceable.
Why will this Silk Road be better?
From the get-go, we have only made communications with each other through TOR so we all remain completely anonymous, even to each other!
LONG LIVE SILK ROAD!!!!!!!!!
-
When you said 100% untracable, I lost all respect for the project. Count me out sorry guys. You are overly confident in your abilities and that is on level with DPR's ignorance and we all know how that has turned out.
-
If the code is written correctly (not with VPN addresses hard written into the code visible to all), you run through proxies and the TOR network, it's literally untraceable. It all comes down to knowledge, young one :)
LONG LIVE SILK ROAD
-
To add to that as well: DPR ran this mission VERY successfully over the course of two and a half years, his downfall was due to communicating with someone in the real world, then doing a bank wire to their account, obviously showing his REAL name. After obtaining his real name (which also came from his personal account on SR, whilst communicating with the UC) and tracing the VPN address found in the code, this is what got him busted.
If you do everything correct, from the beginning to the end, you WILL NOT GET CAUGHT!
-
One of the new features we're thinking about for Silk Road 2.0 is to have a completely different server for Bitcoin wallets and transactions, the website itself will also backup to this server after anything changes on the website, so there will always be a full backup of the entire website, including esrow, transactions, feedback and products. In the event of the Road being shutdown, again, all users BTC will be safe and we will have a new server setup with the backup in no time.
-
Josh was not the only person capable of such an endeavor, he was just the first to prove that it was possible. His arrest shows his many mistakes, and those can be avoided in the future. Until quantum computing is made available for the cyber police, it is absolutely possible to make a 100% untracable system that is even backed up as godfather promises.
Clearly Ulbricht was not the most intelligent individual, given his linkedIn information and poor use of VPN. There are plenty of geniuses out there who could easily take his place, it's just a matter of time.
I wish you the best with Silk Road 2.0. I hope all goes well. Perhaps you should choose a different brand name, but then again, it could be a good idea to attract the entire community.
-
The whole set up needs to be thought out like a game of chess. What will your opponents next move be? What will be his move 20 moves down the road....
What will be your counter move should he do something unexpected?
I think the most important thing about any new site is taking the BTC out of reach of LEO. Shit, how much did we all just fund their operations against us? There needs to be serious fail safes in place that make that btc untouchable and untraceable.
Also would be good if the guys running it dont base the operation out of san fran :rolleyes:
-
Good Luck with that
-
Ah, interesting. I was hoping this was going to happen. Sheep has a nice design but it lacks a lot of stuff and some of the clunky code (at least what I looked at via source, trying to help point out some bugs for them) has me wondering how secure it really is. Also, fractioning SR's awesome community would be a big loss.
If this is going to be written in PHP, it would be cool if there were an option to encrypt all messages sent on the site with PGP automatically with the recipient's stored public key because clearly a lot of people realized the hard way this week that it's not such a waste of time after all. Then the recipient decrypts on their machine with their private key as the usual process. I would assume other languages have PGP encryption libs as well.
I'm a web developer myself specializing in PHP, jQuery, and MySQL. Not sure what you guys are developing with, but I could donate some time to helping with some minor functionality tasks - I wouldn't be able to help as much with the networking and bitcoin stuff; not my area of expertise (though I'd like to learn - I work for a popular file sharing site and any experience on this stuff is a plus). Would not be offended if you guys have everything covered :)
Dr1337@safe-mail.net
My PGP Key
-----BEGIN PGP PUBLIC KEY BLOCK-----
Version: GnuPG v1.4.10 (GNU/Linux)
mQENBFJH6J0BCADFWUNFluh2NQ1JXnzipqmpX4YWsjFfwEm5zC0NuQ/8o4X8hMBK
BmVZJ0UDh07wthrY31KRMyPLod/VqGE6gLcq/kFBESdiYfKOe+F5008+DuxWlOjr
G00MUESuNG2ytNhLPcyPWU0FTMDdkCpC1UdNrXsZpw7Ih/3dIYUmqNm7OUMGUKLw
tVCcKJ42GYpfHaLqwjPKvef8koNyI9tw7uBdVO6vNcCv2ZCtkwaTnO6gFWJf5Q0I
PnmSNTSszI6nOgDzxmxQbmwUivZk1INlbEtjMry5LJU2PLPQ6nBAYrWYy9+iIMJm
8jXfWNtQq4KMot+JK+Mb9o/RbmKfFffyKnsRABEBAAG0GkRSMTMzNyA8RFIxMzM3
QERSMTMzNy5UT1I+iQE3BBMBCgAhBQJSR+idAhsDBQsJCAcDBRUKCQgLBRYCAwEA
Ah4BAheAAAoJEOj3A+piv896q+oIALPs756s3nv6XPo+88cF+NhLUOVz0f2HyrRe
TKfbdrcONAhkNr72VdMmYW2fUCpMw1fWWzUHoOk0PajRgC/i2ifHCMyzQPd0XbZS
wBcNSpuj8KG6IdBS+8msRv6Ala+WABPHRNg/e6ta1RPO9CsYai8faYmS2hQ/GeGf
pJLIgWgpLmZ3UY/pe6I7Ha4pUG9rL5mmG95Dy8VoARnVYCUJc3L/z5FzpgrRoMOT
bjo/+TTgxf/hZWzQFIkFq17aaAW5ButZ02VZC4Kq/cTZnM6QeGJHCbPVotFo1dmg
FIwbnqKJjy5nbarEMLA3Tt5OGOFzCeBmh5KrgqWBKr0g9xJUE4S5AQ0EUkfonQEI
AMxNeC4URjcexuKCryWTMmsOPlVFgTxD57AkMQJwQ0nSyk7UhcAaV94INXkkZ3vb
NdRN5ybUcWyej+OmHUoVYspDjOLnKOa4dDcJ9CrZUW5yc2s9eepihLiXPYpfyDAD
oN5Kj1c0WcI19u+GTPAu7RbUwWJfxGQAFEjZE5xFJjJeRx0Lmkl2036VZ7idTd1v
de0nitDB6dJkk0qssyl5MSZaIhZGljzN0t9R7T2gbKo/z3B3l5aURO/avCEJJ/4a
tNIslpKqqHScGpkXplCb/YSsyzsRrtCTIwlWIEi7b9PFdaXeTXUqfaOCQhFACbfq
hX0pA6kg6PgrHZeWNIBVTnMAEQEAAYkBHwQYAQoACQUCUkfonQIbDAAKCRDo9wPq
Yr/PevQuB/sGUQ89VeBOln7ZN6KRuJRfyVb/2o+HFPVdKcNQgFQMJ13/LoZp3hoX
Jw1r6C3Cn4CS6JYNXgTc67iKVP+zev8HoV/5aRIGZkZe7pIOPPD0EUOfTq36RpO5
fouj7OZZ9GN7ZnBW4JaPUHbi92u0s9ZvZ2CsyrNCeM0tgiWj7JymTK8vhg5djH5l
k7qfIOdtQhhkclp/1Kp1S0F97CJCfFLw2caMEMrgUXkmrQ5ZRFSzVd0URp60Lg5e
JERMqUSRyMjnKs150jYdkAoqWv9ocAE3it+8jb3M15qP+L2/RL7fm7dSJsjzfpyc
x0J7vnr7FvgaizZQ7feURlCF0S5aofjI
=FuEy
-----END PGP PUBLIC KEY BLOCK-----
-
When you said 100% untracable, I lost all respect for the project. Count me out sorry guys. You are overly confident in your abilities and that is on level with DPR's ignorance and we all know how that has turned out.
I like you
-
i dunno about this forum...i just feeel like its a place for LE to blend in with us. As long as this is up they basically have a blueprint of our next moves, you guys should keep the developing between the developers and keep communicating with tor and use pgp. like someone stated b4 pgp seems to be the only thing that didnt fail...next site should REQUIRE PGP ENCRYPTION!!!
-
The idea for automatic PGP encryption is a grand idea! Perhaps users, when setting up their profile, would paste their public PGP key into a block and save, then when another user sends a message, it's automatically encrypted. Very good idea.
I can tell you one thing for sure, LE is watching, and they do not know half of the plans for Silk Road 2.0, they'll just have to wait and see ;)
Lets take this time now to also find out from you guys what you didn't like about the original SR so we can improve it now? Or perhaps SR didn't have a feature that you think would have been useful?
Cheers guys, and remember: LONG LIVE SILK ROAD!!!!!!!
-
The idea for automatic PGP encryption is a grand idea! Perhaps users, when setting up their profile, would paste their public PGP key into a block and save, then when another user sends a message, it's automatically encrypted. Very good idea.
I can tell you one thing for sure, LE is watching, and they do not know half of the plans for Silk Road 2.0, they'll just have to wait and see ;)
Lets take this time now to also find out from you guys what you didn't like about the original SR so we can improve it now? Or perhaps SR didn't have a feature that you think would have been useful?
Cheers guys, and remember: LONG LIVE SILK ROAD!!!!!!!
DO NOT OFFER AUTO ENCRYPTION!
DO NOT ALLOW USERS TO AUTO TRUST THE SERVER ! THEN MANY LEO HONEYPOTS WILL SPRING UP!
ONLY UPON REGISTERING MAKE A GPG RIDDLE OR GAME SO THEY HAVE TO PROVE THEY ARE CAPABLE OF USING IT !
NOTHING ELSE!
-
When you said 100% untracable, I lost all respect for the project. Count me out sorry guys. You are overly confident in your abilities and that is on level with DPR's ignorance and we all know how that has turned out.
While we are happy to see new endeavors it does no seem like this was though out very well. As StExo said, saying 100% untraceable does not evoke confidence.
SR did have multiple servers from front facing login, to web, to bitcoin wallets and tumblers and others. There were multiple servers in the setup and they pulled data from other servers over tor. DPR was not an idiot when it came to a lot of this.
The fail came with the lack of a real backup plan, not having the information out there for others to pick up, re load a new server with an SR image and keep the shop open. That way the revolution can continue and making it hard to prove he was the leader when its back running 8 hours later. And then there are the stupid mistakes with wiring money (not BTC) for 1kg of cocaine, agreeing to receive it not using the mail and receiving it right to a residence causing a bust leading to rat. The issues with being trolled on the hits and the fake ID's and using a hot spot across the street from your house and living in the USA.
The problem here is not 100% untraceable, especially since that cannot be guaranteed over and long period of time, but 100% redundant and survivable. We were shocked to understand that the thought of LE seizing the SR servers was a remote thought.
You should EXPECT LE to eventually be able to seize a server. Start from THAT perspective and build from there. How do you protect the information, how do you actually have a REAL backup plan, how can you implement it even if everybody is being watched. Go down this thought map 1st.
And then more important, this is not joke. This is not set up torrent tracker that has possible to be shut down. This is facing the real possibility of LIFE in PRISON if not done correctly.
Have you thought how you handle trust among many admins when millions of dollars are in play? Who is the leader?
Have you searched within yourself and committed to spending the rest of your life in prison if your plan fails or if someone makes a mistake?
.
-
The idea for automatic PGP encryption is a grand idea! Perhaps users, when setting up their profile, would paste their public PGP key into a block and save, then when another user sends a message, it's automatically encrypted. Very good idea.
I can tell you one thing for sure, LE is watching, and they do not know half of the plans for Silk Road 2.0, they'll just have to wait and see ;)
Lets take this time now to also find out from you guys what you didn't like about the original SR so we can improve it now? Or perhaps SR didn't have a feature that you think would have been useful?
Cheers guys, and remember: LONG LIVE SILK ROAD!!!!!!!
A big mystery to me was how long a scammer was able to linger around and do there dirty work. Even though DPR was always saying how much he cared about the community alot of ppl were speculating he was letting the scammers stay around because he was still collecting commission regardless. Now dont get me wrong if ur silly enough to get scammed u probably shouldnt be here n e way but we need to make it basically impossible for them to do so they wont even exert the energy to try...lets put a crew of moderators to just strictly monitor for scamming. haha kinda far fetched but u get the point lol shit ill be part of the crew
-
It wasn't any vulnerability in the SR infrastructure that led to its closure though. It was the amateur and complacent behaviour of the man who oversaw the operation and his arrest which handed access to LE. That's probably the single most encouraging detail. SR remained secure and near impenetrable, physical capture of anyone with access will always welcome the end. Even now, despite a master key handed to them, only those who failed to practice basic security with PGP are vulnerable. And, of course, if poor security measures were practiced by those who are/will be arrested (vendors with buyer lists) then the dominos start to drop.
-
It wasn't any vulnerability in the SR infrastructure that led to its closure though. It was the amateur and complacent behaviour of the man who oversaw the operation and his arrest which handed access to LE. That's probably the single most encouraging detail. SR remained secure and near impenetrable, physical capture of anyone with access will always welcome the end. Even now, despite a master key handed to them, only those who failed to practice basic security with PGP are vulnerable. And, of course, if poor security measures were practiced by those who are/will be arrested (vendors with buyer lists) then the dominos start to drop.
Not total correct. Server did manage to get imaged July 23 by LE, and SR infrastructure had no survivability built in, it is down.
-
ONLY UPON REGISTERING MAKE A PGP RIDDLE OR GAME SO THEY HAVE TO PROVE THEY ARE CAPABLE OF USING IT !
I do think it should be done automatically. To not do so when you have the technology and opportunity is like handing someone a loaded gun with the safety off just to prove the point that if they don't know gun safety they ought to just kill themselves. Sometimes even the most veteran of users will make a mistake. I don't think it should be done transparently either - there should be a "message review" page that shows the message and the encrypted version that will be sent. Always keeping PGP/security at the forefront of the user's concern is really important and is something I felt SR1 really lacked in (instead, it was just a "suggested" step for users that actually checked out the forum).
That minor disagreement aside, I love your idea here. I definitely think there should be "verification steps" every new user has to undertake in order to be allowed to participate, and explaining PGP with a little quiz or game would be an extremely useful step. There will definitely be some groaning from people who just want to get on the thing and buy something, but maybe it would be a good thing to weed these guys out if that's how little of a concern their own safety is. Going along with the idea of storing every user's public PGP key, requiring the user to input their PGP key would be a critical step. THEN do a little PGP quiz to make sure they know what they're doing - like have them save a dummy key then paste an encrypted a specific message with it onto the quiz, then have them read an encrypted message and copy the randomized result (PGP Captcha). Anyways, this would be pretty fun to build. Great idea!
Lets take this time now to also find out from you guys what you didn't like about the original SR so we can improve it now? Or perhaps SR didn't have a feature that you think would have been useful?
I think the rating system could've been much cleaner with clearer rating guidelines. Having to find the vendors in the forum to see more about their rep was a bit of a drag and the limited feedback system on the site itself was a bit of a free-for-all, lacking any standard boilerplate for review criteria. "Top vendors" would be a nice list to have based on reviews, especially for new users who don't know who people are yet. I saw a number of (clearly veteran) users use a bit of an unofficial boilerplate criteria that worked really well, so that would be great to make as the official review criteria. Outside of filters that list top vendor ratings, most experienced vendors, etc, it would be nice to use reviews to flag the sub-par vendors so a quality control team can take the appropriate action to ensure the best quality for the customers.
I don't remember seeing much as far as flagging products and vendors, but that would go along with quality control team members having a panel to view such things and take the appropriate action. Flagging for scam, spam (multiple listings), sub-quality listings, etc would all be great if they weren't there.
-
When you said 100% untracable, I lost all respect for the project. Count me out sorry guys. You are overly confident in your abilities and that is on level with DPR's ignorance and we all know how that has turned out.
While we are happy to see new endeavors it does no seem like this was though out very well. As StExo said, saying 100% untraceable does not evoke confidence.
SR did have multiple servers from front facing login, to web, to bitcoin wallets and tumblers and others. There were multiple servers in the setup and they pulled data from other servers over tor. DPR was not an idiot when it came to a lot of this.
What do you think happened to the other servers? LEO only took over one of them. Where did all the BTC go? How much of the site did they actually manage to seize?
-
It wasn't any vulnerability in the SR infrastructure that led to its closure though. It was the amateur and complacent behaviour of the man who oversaw the operation and his arrest which handed access to LE. That's probably the single most encouraging detail. SR remained secure and near impenetrable, physical capture of anyone with access will always welcome the end. Even now, despite a master key handed to them, only those who failed to practice basic security with PGP are vulnerable. And, of course, if poor security measures were practiced by those who are/will be arrested (vendors with buyer lists) then the dominos start to drop.
Not total correct. Server did manage to get imaged July 23 by LE, and SR infrastructure had no survivability built in, it is down.
That's true, but it's also not enough to compromise individuals unless sensitive information wasn't encrypted with PGP. Of primary importance is the realization that only user error has led, and will lead, to incrimination. This is great news for our future.
-
When you said 100% untracable, I lost all respect for the project. Count me out sorry guys. You are overly confident in your abilities and that is on level with DPR's ignorance and we all know how that has turned out.
While we are happy to see new endeavors it does no seem like this was though out very well. As StExo said, saying 100% untraceable does not evoke confidence.
SR did have multiple servers from front facing login, to web, to bitcoin wallets and tumblers and others. There were multiple servers in the setup and they pulled data from other servers over tor. DPR was not an idiot when it came to a lot of this.
What do you think happened to the other servers? LEO only took over one of them. Where did all the BTC go? How much of the site did they actually manage to seize?
One of the other servers is still reachable, running and can be SSH'd into identifying itself with it's SSH host key. Think was the Latvian one, person looking at that is at lunch now ask when they get back. The BTC are still on the server and there is a civil forfeiture order pending to seize the rest of them that they have discovered. Everything behind the login front facing servers is mostly still sitting there waiting for court action.
-
ONLY UPON REGISTERING MAKE A PGP RIDDLE OR GAME SO THEY HAVE TO PROVE THEY ARE CAPABLE OF USING IT !
I do think it should be done automatically. To not do so when you have the technology and opportunity is like handing someone a loaded gun with the safety off just to prove the point that if they don't know gun safety they ought to just kill themselves. Sometimes even the most veteran of users will make a mistake. I don't think it should be done transparently either - there should be a "message review" page that shows the message and the encrypted version that will be sent. Always keeping PGP/security at the forefront of the user's concern is really important and is something I felt SR1 really lacked in (instead, it was just a "suggested" step for users that actually checked out the forum).
That minor disagreement aside, I love your idea here. I definitely think there should be "verification steps" every new user has to undertake in order to be allowed to participate, and explaining PGP with a little quiz or game would be an extremely useful step. There will definitely be some groaning from people who just want to get on the thing and buy something, but maybe it would be a good thing to weed these guys out if that's how little of a concern their own safety is. Going along with the idea of storing every user's public PGP key, requiring the user to input their PGP key would be a critical step. THEN do a little PGP quiz to make sure they know what they're doing - like have them save a dummy key then paste an encrypted a specific message with it onto the quiz, then have them read an encrypted message and copy the randomized result (PGP Captcha). Anyways, this would be pretty fun to build. Great idea!
Thanks for liking the idea...we think it will allow to weed out anyone who is not ready to use the system.
Not only for regards to their own security but also for vendors as well...
If y customer gets raided as a result of a random search will he tell the cops he ordered from the darknet and from which vendor?
if he knows GPG he knows basic security and probably also knows telling cops anything wont help.
if he give shit about using gpg he probaby also gives shit about vendors and any security at all and only craps his pants before running for momy's help.
BUT you really cannot make GPG encryption mandatory. because it has to work serverside ( can you trust admins? / or did lei infiltrate it and gives a false sense of security? )....
BUT A BIG RED MESSAGE BELOW EVERY MESSAGE WINDOWS THAT GPG ENCRYPTION WITH MINIMUM 4096 KEYS WILL STOP LEO FROM READING MESSAGES EASILY SHOULD BE THERE.
also auto encryption is a pain in the ass when you as a vendor get 100 messages a day about " how are you" .." drusg are bad mmkaayyy" " can you lend my 00.1 btc" etc etc etc
really .. NO AUTO ENcRYPTION BUT A BIG WARNING BELOW EVERY MESSAGE ...or scan every message for GPG strings and display a warning before the user can finally send it .. " THE SERVER COULD NOT FIND GPG STRINGS.. ARE YOU SURE THERE ARE NO IDENTIFIABLE DETAILS IN THE MESSAGE THAT COULD LEAD TO YOUR ARREST" DO YOU WANT TO PROCEED? "
Lets take this time now to also find out from you guys what you didn't like about the original SR so we can improve it now? Or perhaps SR didn't have a feature that you think would have been useful?
I think the rating system could've been much cleaner with clearer rating guidelines. Having to find the vendors in the forum to see more about their rep was a bit of a drag and the limited feedback system on the site itself was a bit of a free-for-all, lacking any standard boilerplate for review criteria. "Top vendors" would be a nice list to have based on reviews, especially for new users who don't know who people are yet. I saw a number of (clearly veteran) users use a bit of an unofficial boilerplate criteria that worked really well, so that would be great to make as the official review criteria. Outside of filters that list top vendor ratings, most experienced vendors, etc, it would be nice to use reviews to flag the sub-par vendors so a quality control team can take the appropriate action to ensure the best quality for the customers.
I don't remember seeing much as far as flagging products and vendors, but that would go along with quality control team members having a panel to view such things and take the appropriate action. Flagging for scam, spam (multiple listings), sub-quality listings, etc would all be great if they weren't there.
[/quote]
flag for scam yes.
give 1-5 stars for different criterias and sum them up..nothing easier than this..
Speed
Customer Service
Packaging
Processing Time
Problem Solving
Quality
Also ->
have mandatory BTC emergency backup addresses ( ADD LITECOIN AS WELL )
have mandatory BTC auto WD ( but let vendors specify a minimum amount which is retained on the account for refunds out of escrow etc)
any many more ideas here :)
-
also auto encryption is a pain in the ass when you as a vendor get 100 messages a day about " how are you" .." drusg are bad mmkaayyy" " can you lend my 00.1 btc" etc etc etc
Excellent point. Not being a vendor, I didn't have that knowledge. Perhaps a worthwhile feature is the ability to flag annoying customers :P
really .. NO AUTO ENcRYPTION BUT A BIG WARNING BELOW EVERY MESSAGE ...or scan every message for GPG strings and display a warning before the user can finally send it .. " THE SERVER COULD NOT FIND GPG STRINGS.. ARE YOU SURE THERE ARE NO IDENTIFIABLE DETAILS IN THE MESSAGE THAT COULD LEAD TO YOUR ARREST" DO YOU WANT TO PROCEED? "
Definitely pretty simple with jQuery and REGEX.
So, no "mandatory" encryption, but I think an option to encrypt the message server-side is hugely worthwhile.
-
We're looking for someone that could assist with BTC integration. Please PM me if you have the knowledge to do this. Note: Users with very few posts will not be considered.
-
Subbed
-
Another idea that could be good for the new site is to have a flagging system where if a user has been scammed, they will click the link, after that vendor receives 5 of these flags in one week, their selling abilities will be de-activated and funds frozen until the staff can look in to it. If more flags keep coming up, then we know they're a scammer and action can be taken and funds can be returned.
The budget vendor would still have access to their account to communicate to their customers if it is a genuine problem and they're not trying to scam anyone.
-
also auto encryption is a pain in the ass when you as a vendor get 100 messages a day about " how are you" .." drusg are bad mmkaayyy" " can you lend my 00.1 btc" etc etc etc
Excellent point. Not being a vendor, I didn't have that knowledge. Perhaps a worthwhile feature is the ability to flag annoying customers :P
really .. NO AUTO ENcRYPTION BUT A BIG WARNING BELOW EVERY MESSAGE ...or scan every message for GPG strings and display a warning before the user can finally send it .. " THE SERVER COULD NOT FIND GPG STRINGS.. ARE YOU SURE THERE ARE NO IDENTIFIABLE DETAILS IN THE MESSAGE THAT COULD LEAD TO YOUR ARREST" DO YOU WANT TO PROCEED? "
Definitely pretty simple with jQuery and REGEX.
So, no "mandatory" encryption, but I think an option to encrypt the message server-side is hugely worthwhile.
Never use JavaScript on the Darkweb! Auto-Encryption is also out of the question because we always have to assume that LEO is in control of the marketplace. You should handle all your communications like speaking to LEO directly.
Some security guides and warnings should be implemented but everything else is the user's own responsibility.
-
also auto encryption is a pain in the ass when you as a vendor get 100 messages a day about " how are you" .." drusg are bad mmkaayyy" " can you lend my 00.1 btc" etc etc etc
Excellent point. Not being a vendor, I didn't have that knowledge. Perhaps a worthwhile feature is the ability to flag annoying customers :P
no flagging as well...
most of the time you talk with customers about questions and basic stuff
also we sent out a confirmation message every time someone ordered with all vital infos
the user himself must decide which stuff is incriminating and needs to be encrypted. NOBODY ELSE CAN DO THAT!
but make sure every user has to learn PGP to even login into the site and add the "WARNING " below every message window and it will be fine...
really .. NO AUTO ENcRYPTION BUT A BIG WARNING BELOW EVERY MESSAGE ...or scan every message for GPG strings and display a warning before the user can finally send it .. " THE SERVER COULD NOT FIND GPG STRINGS.. ARE YOU SURE THERE ARE NO IDENTIFIABLE DETAILS IN THE MESSAGE THAT COULD LEAD TO YOUR ARREST" DO YOU WANT TO PROCEED? "
Definitely pretty simple with jQuery and REGEX.
So, no "mandatory" encryption, but I think an option to encrypt the message server-side is hugely worthwhile.
[/quote]
server-side is always a bad idea..really...it makes peopel lazy and fives a false sense of security..and you never know at what point in time the server could have been compromised...
-
Another idea that could be good for the new site is to have a flagging system where if a user has been scammed, they will click the link, after that vendor receives 5 of these flags in one week, their selling abilities will be de-activated and funds frozen until the staff can look in to it. If more flags keep coming up, then we know they're a scammer and action can be taken and funds can be returned.
The budget vendor would still have access to their account to communicate to their customers if it is a genuine problem and they're not trying to scam anyone.
but make sure only buyers with a minimum of 25 trades can send these "red flags" ( and they have the possibility to remove them as well themselves)
and put in a higher limit tan 5 per week..
otherwise you will fast end in situations where groups of customers could blackmail a vendor...you have no idea what a few days of a frozen account or lost business can do when the timing is bad lol
really think hard about this...it could end very badly..
-
Auto-Encryption: Whether end-to-end or just server-side, this will diminish the community's trust in the system. Users need to rest safe in the knowledge that the only system that has 'read' their message, is their own PGP software.
Mandatory Encryption Abilities: Great idea. Ensuring everybody at least knows HOW to do it, will separate the boys from the men so to speak. From then, it's the individuals' own issue if they decide not to encrypt - warnings before posting messages is a good idea as mentioned.
Red Flags: Good idea, but could be subject to blackmail or sabotage from rival vendors
Remember, Silk Road had its flaws but it was the best thing going. Large fundamental changes have already been tried by sites like Atlantis - we don't want another Atlantis. We want a closer-to-perfect Silk Road :-)
-
Red Flags: Good idea, but could be subject to blackmail or sabotage from rival vendors
Yes I agree in this case, but for a user to "red flag" a vendor, they would have had to bought something from them within a set duration, have a good rating themselves and have made a good few transactions as well.
-
To settle this of why never to use auto-PGP is because there is a false sense of security about it. Now let us totally assume you are good guys and you write it so that the PGP is made and that the plaintext is never stored on the servers. It has already been demonstrated how easy it would be for LE to change the code if they had server access to then record addresses and it would be nearly impossible to spot, so it offers almost no security over the SilkRoad protocol of leaving it down to the buyer, in addition if you didn't want to trust the server you would have to run the script client side - a big NO.
Really guys, some of the plans sound exactly like how Atlantis operated and you know astor and kmf lambasted that place for delivering a false sense of security with its features whilst actually weakening how much buyers are protected. I am not a programmer no, but I have been here since the beginning and I've heard every security concept and idea put forward in that time and what you are proposing is not living in the real world, you are attempting to effectively displace the responsibility of buyers to protect themselves to additional features centralised on the server which people will have to trust. Sure they can add their own PGP too, but then what is the point in the original encryption?
Look gents. Go back to the drawing board, build from the ground up. If you're looking to protect users, adding features like auto-PGP is NOT the way forward, and neither is making the marketplace a democracy as democracy is always the worst form of governing since little decisive action is taken and to pass the details of the server from person to person so freely in a democracy is a massive security risk. If this marketplace was set up, you will find me and many others of the security type criticising the marketplace just like we did about Atlantis.
Sorry, but I don't want to see another SilkRoad and you are seriously overestimating your own abilities and knowledge to a dangerous level because whilst it technically works, fundamentally the server is always compromised and thus you can never rely on it to protect users.
-
To settle this of why never to use auto-PGP is because there is a false sense of security about it. Now let us totally assume you are good guys and you write it so that the PGP is made and that the plaintext is never stored on the servers. It has already been demonstrated how easy it would be for LE to change the code if they had server access to then record addresses and it would be nearly impossible to spot, so it offers almost no security over the SilkRoad protocol of leaving it down to the buyer, in addition if you didn't want to trust the server you would have to run the script client side - a big NO.
Really guys, some of the plans sound exactly like how Atlantis operated and you know astor and kmf lambasted that place for delivering a false sense of security with its features whilst actually weakening how much buyers are protected. I am not a programmer no, but I have been here since the beginning and I've heard every security concept and idea put forward in that time and what you are proposing is not living in the real world, you are attempting to effectively displace the responsibility of buyers to protect themselves to additional features centralised on the server which people will have to trust. Sure they can add their own PGP too, but then what is the point in the original encryption?
Look gents. Go back to the drawing board, build from the ground up. If you're looking to protect users, adding features like auto-PGP is NOT the way forward, and neither is making the marketplace a democracy as democracy is always the worst form of governing since little decisive action is taken and to pass the details of the server from person to person so freely in a democracy is a massive security risk. If this marketplace was set up, you will find me and many others of the security type criticising the marketplace just like we did about Atlantis.
Sorry, but I don't want to see another SilkRoad and you are seriously overestimating your own abilities and knowledge to a dangerous level because whilst it technically works, fundamentally the server is always compromised and thus you can never rely on it to protect users.
Good points!
-
subbed
-
I agree with some of the points made here about safety.
Will see how things pan out. Already joined over at BMR (was a member there before I joined Silk) and now Sheep. Joined the new forum too, but haven't landed anywhere. Consider me subbed to this thread too.
Cheers.
-
I say something crazy
if you truly born silk road 2
there is a distant possibility to recover the money lost? or at least the statistics of buyers and sellers?
-
Some of my thoughts:
ENFORCING ENCRYPTION:
We want users' messages to be encrypted, but we want the users, not the system, to perform the encryption. I propose that either at the moment the user sends their message, or while they are writing it, the system parses the message, checking if it is a PGP message (this must be straightforward to do). If it is a PGP message, great! If it's not, then the system will alert the user, maybe with a 'Are you sure?' prompt, maybe with a warning icon, maybe the message "We cannot guarantee the privacy and/or security of unencrypted messages." - the user won't be prevented from sending an unencrypted message, but the user should be made to reconsider encryption.
FEEDBACK SYSTEM:
One of my pet peeves with the feedback system is that, at least over the last few months, a significant proportion of the feedback being left was next-to-useless - I had to rely on the Rumor Mill, which again was starting to get a bit cluttered with not-particularly-useful information. I'm not saying to copy Amazon's system, but there should be some way for vendors and/or users to rate feedback posts for usefulness, intelligibility etc (I leave the implementation details up to you).
A twist on the above, each buyer has some sort of 'feedback rating', rationale being the usefulness of a feedback comment is effectively dependent on the type of person leaving it - their maturity, drug knowledge, background, etc. So, if someone consistently leaves good feedback, they should be marked as such (and vice versa for users leaving poor feedback). My intention here is to incentivise leaving good feedback.
-
Subbed
-
I agree on treading carefully but if it does ever come to fruition think about allowing the buyer putting a % of the amount in escrow at the very start of the transaction, that way a vendor could ask for 50% FE, 50% escrow, or whatever risk profile they wish to take or negotiate with the buyer
-
I agree on treading carefully but if it does ever come to fruition think about allowing the buyer putting a % of the amount in escrow at the very start of the transaction, that way a vendor could ask for 50% FE, 50% escrow, or whatever risk profile they wish to take or negotiate with the buyer
excellent idea!
-
I'm far from even slightly technologically intelligent but I do believe I have the common sense of about 10 people.
If something new was gonna work, the best way to go about it would be to set it the whole lot and have EVERYTHING in place to operate before a single person besides the creators know about it.
If this was the case and then word of mouth to spread it and not to mention a single word about it on forums. One guy finds out about it and privately tells someone he's familiar with through PGP and so on...
Of course in time it would be found out by those who want to take it down but surely it's a better option than posting info in these PURE DODGE forums, which are run by god knows who right now and giving the pigs a heads up on what's gonna go down?
Just a thought.
Peace out.
Evoc
-
There are more important matters than PGP for addresses. If a customer is too stupid to PGP encrypt their address then that's on them. SR didn't go down because addresses weren't PGP encrypted. DPR didn't get busted because addresses weren't PGP encrypted. No vendor got busted for their reason either unless that vendor was stupid enough to also be a buyer that didn't use PGP.
That said, it doesn't hurt to help users do the right thing. Perhaps make an even easier to use PGP program and have a link to download it right from the marketplace. Perhaps have code that detects if the message/address even looks like it is PGP encrypted. Lots of things could be done.
-
The idea is to build a page, that is impossible to take down. Anyone should be able to access it, even LE, because they will find out quick enough.
Building a platform, that has secure severs well hidden, and rather in a country with a bit of corruption, where you still can get a solid connections to the ruling elite. USA is the last resort I would run a site like SR from. I would go for some east asian country.. maybe north korea? :D
But a good team of computer brainiacs, should be able to get something going. I think the most important thing is to find a good server location, and build a secure, next to impossible to hack or takedown platform for the site itself.
The PGP/GPG is for the users to use, to feel safe. All important communication should be encrypted by the user, thats just common sense....
What i myself fear, is that they will try to make BTC illegal. With enough media jibberish, and some political pressure, im sure they can manage in time. Then it gets tricky for real....
-
You guys really serious? The largest drug dealer in the world just got busted and taken down and people are basically publicly announcing they are going to put up another site that's even better. You also don't know who to trust at all on here. We can %100 guarantee LE is on here, sifting through every post we make. And before the new site even starts they know about it. To me, that's already a bad start just waiting to fail. I wish everyone the best of luck, but the worst thing you guys can do is bark about a new Silkroad coming soon. Just be careful and smart.
-
To add to that as well: DPR ran this mission VERY successfully over the course of two and a half years, his downfall was due to communicating with someone in the real world, then doing a bank wire to their account, obviously showing his REAL name. After obtaining his real name (which also came from his personal account on SR, whilst communicating with the UC) and tracing the VPN address found in the code, this is what got him busted.
If you do everything correct, from the beginning to the end, you WILL NOT GET CAUGHT!
From reading this forum I get the picture that this is a venture between you, RR and Bungee54. You rightly say that DPR was taken out because of real world and clearnet mistakes. Would you not consider it a mistake that on the day SR 2 is announced by you, RR admits on this forum to have spoken on the phone with PlutoPete who of course is known to the Feds and UK police. Will this not lead to your downfall or is is different? I don't think it is so you might as well quit now whilst your ahead.
-
To add to that as well: DPR ran this mission VERY successfully over the course of two and a half years, his downfall was due to communicating with someone in the real world, then doing a bank wire to their account, obviously showing his REAL name. After obtaining his real name (which also came from his personal account on SR, whilst communicating with the UC) and tracing the VPN address found in the code, this is what got him busted.
If you do everything correct, from the beginning to the end, you WILL NOT GET CAUGHT!
From reading this forum I get the picture that this is a venture between you, RR and Bungee54. You rightly say that DPR was taken out because of real world and clearnet mistakes. Would you not consider it a mistake that on the day SR 2 is announced by you, RR admits on this forum to have spoken on the phone with PlutoPete who of course is known to the Feds and UK police. Will this not lead to your downfall or is is different? I don't think it is so you might as well quit now whilst your ahead.
Well said MK!!!~
You've a keen eye for detail, well spotted about that mention of the convo with PP he had.
As I always wanna be as cautious as possible in any situation and always consider the what ifs, I won't be taking too much heed to any of these claims for new sites as it's just not realistic at the minute and god knows about sheep and bmr as to the security of using them.
A whole bag of balls at the minute is what everything is. :(
-
also auto encryption is a pain in the ass when you as a vendor get 100 messages a day about " how are you" .." drusg are bad mmkaayyy" " can you lend my 00.1 btc" etc etc etc
that made me laugh, I know it shouldn't as I know what a pita it is but it's nice to see that it's an internet thing. :)
I'd suggest that no message can be sent unless it's encrypted and the encryption is to be done offsite by them. If they're smart enough to be able to use tor then they should be smart enough to be able to download an ecryptor.
One thing I would like to see as a community service is the ability for the site to recognise when javascript is turned on and produce a warning. Each tor update resets the settings and sometimes it's easy to forget they've been switched back on again.
-
Trying to hire random people on a forum that is not only blatantly crawling with LE (and surely has for a long time) but is hosted on some server that it's very possible LE has control of (and therefore has access to PMs)...Surely this isn't the best way to do it?
-
One of the new features we're thinking about for Silk Road 2.0 is to have a completely different server for Bitcoin wallets and transactions, the website itself will also backup to this server after anything changes on the website, so there will always be a full backup of the entire website, including esrow, transactions, feedback and products. In the event of the Road being shutdown, again, all users BTC will be safe and we will have a new server setup with the backup in no time.
Are you directly involved in this Project or are you just describing what you've seen written?
-
The fail came with the lack of a real backup plan, not having the information out there for others to pick up, re load a new server with an SR image and keep the shop open. That way the revolution can continue and making it hard to prove he was the leader when its back running 8 hours later.
Not read our post? DPR solve to good working % most of the problems. The part he not solve is what new operation would need to focus on. Mostly that is survivability, backup, single person able to deny, and re-launch. And you no be able to do have democracy in criminal gang of black market.
When you said 100% untracable, I lost all respect for the project. Count me out sorry guys. You are overly confident in your abilities and that is on level with DPR's ignorance and we all know how that has turned out.
While we are happy to see new endeavors it does no seem like this was though out very well. As StExo said, saying 100% untraceable does not evoke confidence.
SR did have multiple servers from front facing login, to web, to bitcoin wallets and tumblers and others. There were multiple servers in the setup and they pulled data from other servers over tor. DPR was not an idiot when it came to a lot of this.
The fail came with the lack of a real backup plan, not having the information out there for others to pick up, re load a new server with an SR image and keep the shop open. That way the revolution can continue and making it hard to prove he was the leader when its back running 8 hours later. And then there are the stupid mistakes with wiring money (not BTC) for 1kg of cocaine, agreeing to receive it not using the mail and receiving it right to a residence causing a bust leading to rat. The issues with being trolled on the hits and the fake ID's and using a hot spot across the street from your house and living in the USA.
The problem here is not 100% untraceable, especially since that cannot be guaranteed over and long period of time, but 100% redundant and survivable. We were shocked to understand that the thought of LE seizing the SR servers was a remote thought.
You should EXPECT LE to eventually be able to seize a server. Start from THAT perspective and build from there. How do you protect the information, how do you actually have a REAL backup plan, how can you implement it even if everybody is being watched. Go down this thought map 1st.
And then more important, this is not joke. This is not set up torrent tracker that has possible to be shut down. This is facing the real possibility of LIFE in PRISON if not done correctly.
Have you thought how you handle trust among many admins when millions of dollars are in play? Who is the leader?
Have you searched within yourself and committed to spending the rest of your life in prison if your plan fails or if someone makes a mistake?
.
-
I really appreciate what you guys are doing and i'm completely for it. I'm no where near as smart as you guys, but i really want to give you guys just some ideas, whether they're good or not, maybe they'll help with the process of developing even better ones. So here my two cents.
There are many many valuable, threads in the security, legal, shipping, and drug safety. I think a whole lot of them should be compiled and organized and used to teach new buyers/vendors. When i first came i didn't know squat about using pgp, until i read a thread, which i cannot locate, that taught me perfectly how to do so. Using the knowledge within them could be a great asset to new member, such as teaching them how to be as anonymous as possible, and what precautions to take.
I also agree on making someone learn to use pgp before registering fo the site, by introducing them to an instructional before hand, and then testing their knowledge, I don't know if i's possible but maybe like a captcha which one would have put it encrypted. Doing so would decrease the amount of idiots and kids on the site, as well as keep the users as safe as possible, and you want the users to be safe. The less trouble, less attention, which im sure you guys know already.
And soon as someones obtains a vender account they should be introduced to these threads on shipping and legal things, so they can read and make sure they got everything straight.
As for the flag thing on vendors, i think labels would be a better idea, such as trusted, scammer, sloppy. To let people know whether the guys is known for being a awesome vender with consistant products, stealing btc, sloppy packaging, or lying about the substance they advertised, lord knows how many times i got fake acid.
New vendors should not be able to accept Early finalization and should only be allowed to charge a certain amount of btc, should stop scamming by a whole lot.
and maybe new users should only be able to buy from trusted vendors, so not only are the vendors able to require FE, these vendores that know their way around the block already know how to take care of them from leo, supposedly the fbi has made over 100 transactions, with hardly anyone arrested, if this is true then it is possible for the smart and trust vendors to avoid leo.
It seemed to me like silk road had very little cracks. The fall of SR seemed to be due to DPR sillyness, LEO's trickery, and maybe the ddos attack.
To avoid DPR's mistakes, who ever runs the site should really keep their SR2.0 business very seperate from their real life things, such as Facebook and what not. Unique usernames/passwords/emails very far off from your personal ones. I would go as far as a unique computer for SR purposes only.
To avoid leo's trickery, plan in advance before the the new SR is put up, if you need fake id's get them now guys not later. And well someone on reddit said that if DPR would've just ran the site instead of getting involved in other affairs this wouldn't have happened. I Agree, just run the site as best as you can and if your going to be running this project it is your job and responsibility to offer as much security as you can to your buyers and vendors, not compromise them. Leave the laundering and trafficking to the users. Money maybe not be as fast DPR liked it, but money was never what the revolution was about, it's about freedom from the government. If you guys are in it for the money, please quit now, as you'll just end up hurting the cause and more people.
Last thing guys is, start small. Little vendors little buyers. Give the final product a test run, allow some time for possible exploits to be covered, the more people the more chances their are for them to find these exploits. Give it a test run. I'd say no advertising either. Millions knew about silk road, many will come looking for this new site as well, as they all know the exists. Leave it to word of mouth. No god damn interviews, who gives a fuck about the media? they're lying pieces of shit, never trust them in anyway, avoid 100% percent. leave it to word of mouth. Slow and steady wins the war on drugs lol.
Again I really love what you guys are doing, im looking foward for Sr to be brought safer, stronger, and more secure. keep up the good fight and the good work. And please stay safe guys, stay anonymous, stay meticulous. I know im a nobody, but i've been on for a while, and i really love all my SR brother and sisters. I love you guys, I have honestly never In real life met such like minded and intelligent individuals, you guys humble me. I wish i could do more but this, and spreading the word is the most i can do. Keep fighting, i love you, stay safe. Peace and love guys.
-
Tssss...
_Never_ believe yourself to be bulletproof! Such thinking leads to complacency. DPR accepted that he might someday have to face the harshest consequences of his endeavour. I would advise anyone involved in this project who is not willing to accept the same to bow out before the gravest potential charges stack up against them. For a start, serious flaws have been discovered in TOR in the past and there's no telling when they will be again. Just about everything in life involves calculated risks, balancing those possible risks against possible rewards, and to assume that one has eliminated risk completely strikes me as highly dangerous. Even if you're 99.99% certain, always be on your guard against that 0.01% and be at peace with the fact that, someday, someone might have a momentary nap on the watch.
Clearly Ulbricht was not the most intelligent individual …
Hindsight is always 20/20, as one great director once said.
My impression is that Ulbricht is very intelligent. What his arrest makes clear to me is that he's also human.
The problem here is not 100% untraceable, especially since that cannot be guaranteed over and long period of time, but 100% redundant and survivable. We were shocked to understand that the thought of LE seizing the SR servers was a remote thought.
You should EXPECT LE to eventually be able to seize a server. Start from THAT perspective and build from there. How do you protect the information, how do you actually have a REAL backup plan, how can you implement it even if everybody is being watched. Go down this thought map 1st.
And then more important, this is not joke. This is not set up torrent tracker that has possible to be shut down. This is facing the real possibility of LIFE in PRISON if not done correctly.
Have you thought how you handle trust among many admins when millions of dollars are in play? Who is the leader?
Have you searched within yourself and committed to spending the rest of your life in prison if your plan fails or if someone makes a mistake?
I would +1 but it seems I last did so too soon ago :)
What do you think happened to the other servers? LEO only took over one of them. Where did all the BTC go? How much of the site did they actually manage to seize?
There is no indication that LE "took over" any server. They did locate many servers and accessed the data on some or all of them. The information on the flow of coin in and out of escrow, for instance, was taken from a server separate from the main one.
If something new was gonna work, the best way to go about it would be to set it the whole lot and have EVERYTHING in place to operate before a single person besides the creators know about it.
Good point.
I also question the wisdom of openly recruiting people from a place like this. It's as if LEO are being invited to inveigle themselves into the project from its earliest stages.
As for new and improved features, though, I would build as to make these easy to implement but start with something very close to SR as it was. After that, changes can be made incrementally and given time to make their impact clear. The only exception to this, perhaps, might be the rating system. While I agreed with the concept that the highest scores should be given only to the most outstanding transactions there seemed to be an obvious problem with changing the principle midstream.
-
This might seem like a big jump but what about a local or site currency that BTC goes from?
Like you get the BTC? and switch it to the currency?
-
i dunno about this forum...i just feeel like its a place for LE to blend in with us. As long as this is up they basically have a blueprint of our next moves, you guys should keep the developing between the developers and keep communicating with tor and use pgp. like someone stated b4 pgp seems to be the only thing that didnt fail...next site should REQUIRE PGP ENCRYPTION!!!
They (leo's) did not take over the site without playing out all the possible moves to keep it going or move it else where. Hence, how's the fucking backup plans working out? Pretty shitty I see... :(
-
the new silk road shouldnt be a place where you can get drugs, it should be a place that facilitates the purchase of ANY item (drugs, software, weed pipes, etc.) a truly free and anonymous market. a place where one can sign up and once they conduct biz with another user by having the almost same escrow system as sr's. how one would do this is by goin on the site, logging in, you contact the user you want to conduct biz with they put up the item for sale, they mark in transit and you release funds like on sr once what you ordered arrives. a place where it generates a new bitcoin wallet address after every transaction, a place where people can come and go and buy shit without being identified. the new site should have no drug related shit, the downfall of Sr (besides DPRs fuck ups and peoples inability to keep SR to themselves; underground) was that once you logged in, as soon as you hit the home page "BAM!" drugs in your face. the new marketplace should just be simple to use, no bullshit, no extra shit. just simple, and reliable. and there should be another site where vendors can advertise what they have by creating threads like in a forum. in the threads people can comment on the quality of said products being advertised, or ask questions etc. in that website you can message (all pgp encrypted of course) the vendor and get their BTC wallet info so you can proceed to go to the escrow website i proposed earlier in this message, and carry out the transaction. customers build up rep points and vendors have the ability to leave a rating on the customer just like the customer would have the ability to do that to the vendor, so that other vendors can take a look at customers rep points and see if they trustworthy, reliable people to do biz with. the next site does not need the reputation of a deepweb drug den like SR had, if its like that again its bound to be taken down
-
the new silk road shouldnt be a place where you can get drugs, it should be a place that facilitates the purchase of ANY item (drugs, software, weed pipes, etc.) a truly free and anonymous market. a place where one can sign up and once they conduct biz with another user by having the almost same escrow system as sr's. how one would do this is by goin on the site, logging in, you contact the user you want to conduct biz with they put up the item for sale, they mark in transit and you release funds like on sr once what you ordered arrives. a place where it generates a new bitcoin wallet address after every transaction, a place where people can come and go and buy shit without being identified. the new site should have no drug related shit, the downfall of Sr (besides DPRs fuck ups and peoples inability to keep SR to themselves; underground) was that once you logged in, as soon as you hit the home page "BAM!" drugs in your face. the new marketplace should just be simple to use, no bullshit, no extra shit. just simple, and reliable. and there should be another site where vendors can advertise what they have by creating threads like in a forum. in the threads people can comment on the quality of said products being advertised, or ask questions etc. in that website you can message (all pgp encrypted of course) the vendor and get their BTC wallet info so you can proceed to go to the escrow website i proposed earlier in this message, and carry out the transaction. customers build up rep points and vendors have the ability to leave a rating on the customer just like the customer would have the ability to do that to the vendor, so that other vendors can take a look at customers rep points and see if they trustworthy, reliable people to do biz with. the next site does not need the reputation of a deepweb drug den like SR had, if its like that again its bound to be taken down
This is what I was thinking of. Just have a secured and encrypted Escrow site. A silk road but not a silk road, if you will. Nothing is visible on the site as far as merchandise. You and a vendor each have an account. The buyer creates a "purchase order" and a unique and secure page is generated in which the buyer and seller can access. The buyer puts the money into escrow and once the item is received the funds will be released. The site will function like SRs. If there's an issue an arbitrator of the site will review the claims made by both parties and make a decision. There will also be a buyer/vendor feedback system but very cryptic. No mention of the specific merchandise. Just comments on stealth, quality (without going into detail as to what the merch is), communication, etc. In order to get in contact with a specific vendor there will be a separate site not connected with the Escrow site. There the buyer will contact the vendor and arrangements will be made via PGP and whatnot. Basically a P2P site. This idea obviously needs more thought into it but I'm just trying to think of a non-flashy way to make purchases of things.
-
exactly. an anonymous escrow site. itll be hard to take down, there would be rules (no cp you sick fucks, weapons yaddayaddayadda shit thatll bring heat. no, none of that) the downfall of sr was because it was too mainstream, everyone (no offense, to whoever might feel this is offensive) was using it. now im not talkin shit about SR, SR was fucking great but it could do without all the drug related shit. seriously. if you create an anonymous escrow site there will be no drug listings visible therefore (hopefully) catching no heat and most importantly EVERYONE can use it for WHATEVER. SR had wayyyy too much heat, SR taught me and made me realize that possibly, maybe (i might be wrong) the best way to go about things of this nature in the future (buying illicit goods like drugs and drug related shit online) is by making such site i keep speaking of, an anonymous escrow site where one can get the sense of security (it can be a false sense of security i keep this in mind since people do scam...) of their shit being in transit. cuz no one likes to release funds first unless they know for sure they gettin shit. i dunno bout yall but i dont like wasting money. so that kind of site would be perfect. the evolution of silk road should be an anonymous escrow site, modeled after sr but no listings. someone correct me if im wrong, and i hope someone if this sounds like a good idea to you use it, if you have the resources and time/energy you want to invest in givin people the freedom of buying what they want whether its porn, pipes or pot. fuck it, its the persons choice i dont see why the gov has to come in between that if you aint hurting shit but yourself...gov sickens me
-
Let's keep in mind that no matter what we do, LE will be part of our community. They will pose as buyers, they will pose as sellers, they will pose as programmers willing to help, they will be making chums with the vendors and trying to make private side deals on a constant basis. We must always assume that every other person on the forums and transaction sites is a cop. Hell, go Philip K Duck and assume that you yourself is a cop and don't even know it.
This is the way it has been from day one, it is the way it will always be. A new Silk Road needs to be designed and discussed knowing that the Feds and hackers will be along for the ride the whole way. A proper, secure system with protocols that are NEVER deviated from can withstand this.
Of course, there is still the problem of escrow versus trusted vendors that pull the big scam and then jump to an already established alter ego, but that is a problem for another day. You either have 100 percent escrow or 100 percent anonymous vendors, if you don't have both the scam will always happen because it is impossible to resist.