Silk Road forums

To positively prevent data from recovery, disks can be removed from disk drives and broken up, or even ground to microscopic pieces. (Actually, simple disk bending is highly effective, particularly in emergency situations.)

This is a bad method to try unless you really know what you are doing, breaking a platter up only destroys data where the fracture lines are, it can still be put back together and read with spin stand microscopy. I don't know if it will work for bent platters but it certainly will for shattered platters (that is one of the things it is primarily used for, reading data off shattered drive platters). I wouldn't trust bending much either as it doesn't actually destroy any data and only is a physical limitation attempting to prevent forensic tools from reading the data that is still there. Grinding to microscopic bits will leave data behind as well, but it would probably be infeasible although not impossible to perform spin stand microscopy on a platter broken into hundreds of thousands of bits, since it needs to be pieced back together.

Off-track overwrites could be effective in some drives, but there is no such drive external command for a software utility to move heads offtrack.

But there are drive internal programs (firmware) that can do this, namely Secure Erase.

Recently, 2.5-inch hard disk drives for laptop computers have been introduced which encrypt user data before recording -- internal full data encryption. Such drives provide protection of data should the laptop or drive be lost or stolen, and even provide high protection from forensic data recovery. These drives also offer a new, instantaneous way to sanitize data on a hard disk drive -- by securely discarding the encryption key.

Some of the newest generation SSD's have automatic passwordless encryption that seems to exist for the sole purpose of allowing you to Secure Erase by wiping a random key stored in a protected erasable area.

Other "experts" claim that limited information can be recovered from unerased track edges. But this has been shown to be false by tests at CMRR. Such recovery also presumes detailed technical knowledge of the drive's magnetic recording design. Charles Sobey at ChannelScience.com wrote an illuminating article on drive-independent data recovery, showing how difficult these hurdles are.

Obviously the people who made Secure Erase thought the track edges could have data recovered from them, since it uses an off center wipe as well. I did read research showing that they were incapable of pulling data off track edges though.

As for the comment that spin stand microscopy no longer works, well that is news to me. Personally I will tend toward the side of caution and not try to destroy data by smashing my drive platter (as historically this has not worked), nor by bending my platter (as this doesn't actually destroy data just makes it hard to access), and rather will stick with what I currently do, which is Secure Erase followed by a single pass of random data with something like DBAN.

Whenever I get fake ID first I photoshop my picture so the distances between my eyes, nose and mouth are skewed slightly. You can change the way you look in a small ID photo pretty substantially before someone glancing at it can tell it has been modified. Nobody looking at your ID is going to notice that your eyes are actually a few milimeters closer together IRL than they are in the picture, or that your mouth is not quite so high, etc. To the best of my knowledge facial recognition is pretty sensitive to even minor changes, so photoshopping your picture in such a way should stand a good chance of preventing this sort of attack.

At the moment I'm normally putting in 1 order a month, sometimes even more. I normally get LSD blotter or MD powder. I always go domestic with as trusted, highly rated vendors as i can find. Thing is though that statistically a package must get seized or lost at some point right. I can't just keep on ordering like I am and expect no consequences can I?

What are your guys thoughts?

You could get caught at any point. That said I know people who have ordered literally hundreds of packages over half a dozen years without a single interception.

I think if you are importing it is more worrying than if you order domestically. In my experience, usually it is safe to say that if you import packages, you will probably get caught at some point. It probably wont be the first time, it probably wont be the twentieth time, but usually it seems people who continue to import packages eventually have one of them intercepted, and it happens a lot quicker than people who stick to domestic packages.   

If you want some statistics fresh out of my ass, I would say maybe the odds of interception for a well packaged not massively sized international package are maybe 1:100, and for domestic maybe 1:1,000. This is a gross over simplification and I don't claim it to be actually true, but I think that is a way to look at the risk difference and a very rough estimate of how likely you are to have a package seized in either scenario.

I think another thing also that people forget is not to download torrents!

You can secure the shit out of your system but if you have a pirated copy of Adobe Photoshop CS6 on your system or just downloaded the full seasons of Breaking Bad well good job you just opened a new port to your computer and who knows what code is in the software or you downloaded. I read a post on whether or not viruses and malware can be embded in video files and the consensus was they can but it is unlikely. A common trick would be to change the exploit code to have a .avi or .mp4 format so for example it could

 .avi                                    evilcode.exe

I also think sometimes people forget the basic things about computer security which is the foundation really but then again I assume that most SR users are at an above average skill level when it comes to computing.

I think pretty close to anything can have attack code embedded into it.

1. Simplicity
2. Trustworthiness
3. Minimal execution of untrusted code
4. Isolation
5. Encryption

I would just like to say that there are generally three broad sorts of security mechanisms when it comes to protecting from hackers. These are isolation, correctness and randomization. I wish I still had the picture from Polyfront showing the various things to protect from, but generally:

Forensic analysts -> They primarily attempt to analyze your computer system, primarily hard drive, in order to find damning evidence or intelligence for future investigations. Forensics is a broad terminology and can mean various things when it comes to computers, but this is the traditional role of computer forensics. This sort of forensics is also called dead forensics because they are dealing with already seized computer equipment. Live forensics is what the FBI attack against users accessing FH sites is called, better known as hacking.

Traffic Analysts / Signals Intelligence -> They primarily gather and analyze communication carrying signals in an attempt to determine who is talking with who, or to trace the origin of a signal. These are the people who would launch a direct attack on Tor, for example carrying out the attack that traces hidden services to their entry guards. They are not generally very concerned with the content of a signal but rather with its meta-characteristics. 

Network Analysts -> They are primarily interested in mapping out groups of people and the relationships between them. They could use traffic analysis to do this, or various other techniques.

Communications Intelligence -> Is primarily concerned with finding out what people say to each other. Whereas signals intelligence is interested primarily in the meta-characteristics of communication carrying signals, communications intelligence is primarily interested in the content of communication carrying signals. A communications intelligence attack may be running a server like Tor mail and gathering drug shipment addresses from everybody who doesn't encrypt them. In some cases meta-characteristics of communication signals can be used to determine the communications, in these cases communications intelligence would be interested in the meta-characteristics.

Hackers / Live Forensics -> Is primarily concerned with gaining unauthorized access to remote computers. This is very dangerous because it can be used as a hard to protect from vector through which all other sorts of intelligence can be gathered (by passing Tor removes the need for traffic analysis and leads to easy communications gathering, network analysis, remote forensics, etc).

Open Source Intelligence -> I believe an example of Open Source intelligence would be running a Tor exit node in an attempt to identify interesting servers on the clear net.

________

Traditional forensic analysts (dead forensics) are confounded almost entirely by FDE with strong passphrases. In some cases the feds may attempt to circumvent FDE by carrying out cold boot attacks, using keyloggers or hidden cameras, etc. The first level of security comes from using FDE in the first place. The second level of security comes from protecting from the various ways in which FDE keys can be obtained covertly. To protect from Cold Boot attacks you may use a system like Tresor which stores encryption keys in CPU registers rather than in RAM. You can use a motherboard with chassis intrusion detection support and set it to wipe encryption keys immediately if the case is breached. You can configure a system similar to tails, where you have a USB stick that once removed immediately results in the computer shutting down into a memory wipe (tails does this but you can configure similar things for any OS). You could tether this USB stick to a wrist strap and wear it while you work on your computer, so even if the feds rush in and tackle you they will result in the USB stick being pulled out of the PC. You can have hot key combinations on your keyboard, or even a single key, that immediately shuts down into a memory wipe in case of emergency.

You also need to follow good operational security procedures. Don't leave your system booted up when you are not near it. Use multiple layers of encryption. FDE is the catch all, but you should also have any stored information individually encrypted with some symmetric algorithm via GPG. If you have stored content keep it encrypted with GPG in a Truecrypt container on a drive that is FDE encrypted, and compartmentalize your stuff, there is no need for your entire FDE drive to have its entire content available in plaintext when it is booted. Various OS allow the home folder to be encrypted separately and mounted with the root password during login, and will automatically dismount it and take you to a login screen after some period of time. Using various layers of encryption like this makes it less likely that all of them will be compromised.

The hardest thing to protect yourself from is a covertly placed keylogger or pinhole camera. These can be used to gather all of your encryption passphrases without you even noticing. There are only a few ways to protect from this. The first method is to use a laptop that you literally never let of your sight, and that you sleep next to even. The second method is to use a laptop that you keep in a strong safe when you are not using. The third method is to use battery powered hidden cameras that monitor all entrance points to your PC, and to check for previous surreptitious entry every time before you type your password in.

Even if you follow all of these steps you are not totally protected. TEMPEST attacks and remote keylogging attacks (such as laser microphone on a nearby window to gather the sound of you typing, for analysis that can lead to the keystrokes you have made) are still possible. In some cases what you type can even leak into the power grid for semi-remote gathering, if you have your system plugged into a power outlet while you type on it. Taking care of every possible attack like this is next to impossible without having something near a SCIF , secure compartmentalized information facility. This is not realistic for us to do. However, it is rare that the police will go to such lengths, and every additional layer of security you add makes it less likely they will be able to obtain a complete plaintext copy of your drive.

Traffic analysts and signals intelligence is very difficult to protect from, especially if the NSA is your adversary. Using Tor offers some level of protection, it is probably breakable by the NSA in many cases but there is not much better right now. To get the most out of Tor you need to make sure you are using it correctly. In my opinion this entails not using tails, because it causes too much entry guard rotation and makes it so Tor does not offer you as much protection as it can. Hopefully using regular Tor is enough for now, if it is not there isn't much you can do other than look at Freenet perhaps. I2P is not really something I would even consider, and it is horrible for our threat model. Hopefully a new generation of anonymity technology is around the corner.

Communications intelligence can be protected from by always making sure to use GPG , OTR, or similar. There is still a risk of MITM attacks so it is a good idea to check public keys over multiple independently operated channels (not key servers though), and to create and utilize OTR shared secrets for authentication. OTR without authentication is actually very weak to MITM attacks.

Live Forensics is what I would be most worried about because it is the hardest to protect from and stands to gain the most. The techniques for protecting from this generally fall into three broad categories, isolation, correctness and randomization. I think that there are more methods than this though. Isolation would entail running Firefox in a virtual machine that isn't aware of an external IP address and which also don't have the ability to access the Tor process. There are other isolation tools as well, primarily mandatory access controls, these are hard to configure but can provide a great deal of security as well. Correctness means that the programs you are running are implemented properly and without bugs. Almost all programs have security bugs in them, they just might not have any currently known at a specific point in time. Keeping everything fully patched and updated is a requirement for security, the more you lag behind a patch the more likely you are to get pwnt. Additionally, different operating systems and programs have different levels of correctness due to the skill level of the people who implemented them as well as the sort of analysis they have been subjected to. Generally you want to use the most correct OS possible with the most correct applications included. This means you would opt for Debian stable over Ubuntu, Debian stable has a slow release cycle and prior to a release of the OS it and its included applications have been analyzed significantly. Ubuntu on the other hand puts more focus on features than it does on stability. At the extreme end of the spectrum you have operating systems like OpenBSD which have been subjected to continuous security audits for many years and are thought to be largely correct. I personally would actually probably opt for qubes though due to the sophisticated way it has implemented isolation. Randomization refers to features such as ASLR, which can make vulnerabilities that are present much harder to exploit.

So once you find the right balance of isolation, correctness and randomization in the OS and software you use, you still are not done. You need to configure the system in a secure way still. This could entail firewall rules, individual hardening of applications (particularly the browser, which at the very least should have javascript disabled), and general hardening of the OS. There are other security programs that can be added as well, such as intrusion detection systems, etc.

To some extent, we've been focusing on the wrong things. I've predominantly been concerned with network layer attacks, or "attacks on the Tor network", but it seems clear to me now that application layer attacks are far more likely to identify us. The applications that we run over Tor are a much bigger attack surface than Tor itself. We can minimize our chances of being identified by securing the applications that we run over Tor. This observation informs the first four features that we desire.

I think both are serious threats, I would be more worried about application layer attacks as well but I would not ignore the possibility of direct attacks on Tor by any means.

===Trustworthiness===

We should favor technologies that are built by professionals or people with many years of experience rather than newbs. A glaring example of this is CryptoCat, which was developed by a well-intentioned hobbyist programmer, and has suffered severe criticism because of the many vulnerabilities that have been discovered.

BitMessage is another good example of this.

Isolation is the separation of technological components with barriers. It minimizes the damage incurred by exploits, so if one component is exploited, other components are still protected. It may be your last line of defense against application layer exploits.

The two types of isolation are physical (or hardware based) and virtual (or software based). Physical isolation is more secure than virtual isolation, because software based barriers can themselves be exploited by malicious code. We should prefer physical isolation over virtual isolation over no isolation.

Indeed, and it all comes back to complexity. Routing your traffic through an old computer that you turned into a Tor router that runs on OpenBSD is much more secure than running an OS in virtualbox that routes through Tor on the host. If your primary computer is rooted in the first case, the attacker will very likely need to exploit Tor to deanonymize you on the application layer. If the guest OS is rooted in the second case, the attacker could exploit virtualbox to break out of the isolation OR they could exploit Tor to break out of the isolation. Using virtualbox for isolation adds an entire large chunk of code that you need to trust not to be exploitable, versus the hardware solution where you are primarily only trusting the Tor code to not be exploitable. On the other hand, if you use no isolation at all, then you are not getting any additional protection, and as soon as your network facing application is pwnt you are deanonymized (as we saw in the freedom hosting attack).

It is also worth noting that firewall rules could have prevented the freedom hosting attack from working, as could have mandatory access controls. A combination of mandatory access controls + virtual or hardware isolation + firewall rules would have added three different layers of security via isolation that an attacker would have needed to overcome before they could get their payload to phone home.

When evaluating virtual isolation tools, ask yourself the same questions about simplicity and trustworthiness. Does this virtualization technology perform unnecessary functions (like providing a shared clipboard)? How long has it been in development, and how thoroughly has it been reviewed? How many exploits have been found?

Also ask yourself "Does this virtualization based isolation tool support ASLR? does it support NX-bit?". Xen is probably the most secure virtualization system in that it will be hardest for the attacker to break out of. This is why Qubes uses Xen. On the other hand, Xen doesn't support ASLR. This means that if you run Firefox in a Xen VM, it is probably more likely that an attacker can exploit its vulnerabilities than it is that the same attacker could exploit its vulnerabilities if it was in a virtualbox VM. On the other hand, it is more likely that the attacker will be able to break out of the virtualbox isolation than it is that they will be able to break out of the xen isolation. I am not sure where the correct balance is, but the answer is probably to use hardware isolation because it is the strongest isolation possible and it also supports ASLR and everything else. Or maybe the solution is to use Hardware isolation + virtual isolation, but then we are back to square one, should we use virtual isolation that is harder to penetrate or virtual isolation that allows us to use other important security mechanisms as well. 

I should begin by pointing out that the features outlined above are not equally important. Physical isolation is probably the most useful and can protect you even when you run complex and untrusted code.

Physical isolation with Tor on an OpenBSD box = 2 orders of magnitude more secure than running vanilla TBB. Physical isolation with GPG keys on an air gapped machine = 2 more orders of magnitude more secure. Physical isolation of the network facing applications from Tor, and air gapped GPG keys is probably close to the best you can hope for when it comes to protection from hackers.

A router with a VPN + an anonymizing middle box running Tor + a computer running Qubes OS.

I agree, but don't forget to air gap your GPG keys and plaintext messages .

Advantages: physical isolation of Tor from applications, full disk encryption, well tested code base if it's a major distro like Ubuntu or Debian

Disadvantages: no virtual isolation of applications from each other

You could always use Xen or something else yourself. Most people only really want to isolate a few applications, maybe Pidgin and Tor Browser and GPG. You don't really need Qubes for this, it just tries to make it easier and prettier. And Xen is very well tested and widely used.

Whonix on Linux host.

This is a good bet as well, and the biggest advantage is ease of use versus Qubes I would say.

Disadvantages: no physical isolation, no virtual isolation of applications from each other, not well tested

A big plus for qubes is virtual airgapped GPG, but this can be configured manually with Xen or VB as well.

Tails

Advantages: encryption and leaves no trace behind, system level exploits are erased after reboot, relatively well tested

Disadvantages: no physical isolation, no virtual isolation, no membership concealment, no persistent entry guards! (but can manually set bridges)

No persistent entry guards is a massive disadvantage, if you don't set persistent bridges don't use Tails. If they add persistent entry guards I would consider it a fine solution and although not on the level of Whonix or Qubes it would be a solid third place. They shoot themselves in the foot by not having persistent entry guards though, so make sure you use bridges if you use Tails. It is worth noting that had the FH attackers targeted Linux, their payload would have failed to phone home because of their firewall rules (but it didn't target Linux in the first place).

Whonix on Windows host.

Advantages: virtual isolation, encryption (possible), membership concealment (possible)

Disadvantages: no physical isolation, no virtual isolation of applications from each other, not well tested, VMs are exposed to Windows malware!

Definitely on the insecure side of the spectrum, although it would have protected from the FH attack. 

Linux OS

Advantages: full disk encryption (possible), membership concealment (possible)

Disadvantages: no physical isolation, no virtual isolation

Definitely on the insecure side of the spectrum as well, it only protected from FH attack because of security via obscurity which is never what you want to rely on. Isolation is important. Tails is a bit of an exception because even if Linux had been targeted Tails would have prevented the exploit from phoning home. Technically you could configure similar firewall rules on any Linux OS, but you didn't specify that in the description, and virtualization based isolation is much better anyway.

#10

Windows OS

Advantages: full disk encryption (possible), membership concealment (possible)

Disadvantages: no physical isolation, no virtual isolation, the biggest target of malware and exploits!

This is about as insecure as you can get.

from kmfkmw:  """"""So we should ban holocaust pictures too right? """""""

Holocaust pictures are used in a educational goal, for learning about mistakes done in the past that should never happened again.

CP is for your pleasure only. A kid ( hard to educate but so easy to break ), a kid has been raped and broken for your sexual pleasure.

( Moreover, if someone use holocaust pictures for sexual purpose, yes , it should be ban )

So sexual pleasure is magical and makes things that are otherwise not bad bad?

you're just an asshole. youre trying to give some credit to CP, sayin' some of them could do CP with consentement...

I never said that CP can be made with consent, short of the teenagers making their own shit.

You just forget than in "Child Pornography" , there is "Child"...

Did you forget that in "Holocaust" there are millions of gassed Jews?

I just let down,

and hope you will be raped by someone with a dick as big as my harm, you will know something about consentement :-)

Ah yes the old standard argument of "Rape is bad and I hope people who look at pictures of rape get raped"

i have a wish:

kmfkewm could be a fish, and ananas xpress may use him for his new sexual orientation ?

and after, the video could be download via this new program he just created...

PS: the fish is under 16...

Oh but I know how to consent so I will just say no. Because I am over 13 and know how to tell people to fuck off.

I chose to make such an abstract point there because the same logic does apply in other scenarios and I don't want to limit myself to singling out child pornography.
I would have the same stance to the subset of people who can only get off via scenes of rape if someone was to upload images or video depicting this so to say I carry double standard is not true.

So we should ban holocaust pictures too right?

People have egos, I have an ego. I send Facebook pictures of girls I fuck to my friends and seek their approval. It's not ideal nor it's not admirable but in a community of like-minded people who I chose to associate with I get something from it and so do they, hell if I had nudes of the same girl and it was a one time thing I'd probably do the same. Am I more likely to try and persuade her to take such pictures because of that? Honestly I can probably say yes. To say this logic is somehow non existent in CP circles is denial if you ask me.

So you only have sex with girls to show your friends on facebook, and if it was not for them you would not have sex? Because your argument is that people looking at child pornography leads to people having sex with kids. So you go out and have sex just to show your friends on facebook? I don't think that is typical behavior.

I can live with myself in doing this as that person chose to take them sends end them to me, I cross the line if I was to do that while they slept or without their knowledge. I apply the same logic to CP, Rape,snuff etc etc and I believe there is a moral line and that is when a person does something without the subjects consent.

Sure thing it is bad to rape murder or produce CP. Looking at pictures is not any of these things. You make an argument against production and pretend it applies to people viewing images.

I'm not saying people only make CP because people look at it but I am saying just because someone doesn't pay doesn't make it OK either. There can still be a non monetary incentive.

Find me a single case where somebody saw the number of hits on a server and decided that because the number was so high they ought to go out and rape kids. Good luck. Even if you find such a person it makes no difference anyway. If somebody decides to rape kids because the word "the" is used in English, are you going to campaign that we strike the word from the dictionary? It doesn't matter why somebody else decides to rape kids. The only exception to this is in cases where you pay them to rape kids. If you pay somebody to kill people you both go to prison. If you say you think that people should be killed and it leads somebody to kill people, only they go to prison.  If you tell somebody to kill a certain person you both go to prison if they do. If you say that you wish a certain person was dead and it leads somebody to kill them, only they go to prison. This same logic applies to all criminal activity other than child pornography related offenses. If you pay somebody to molest kids you both go to prison. If you say that you think children should be molested (what you argue is happening when people view CP, and why it should be illegal), then in some cases you both go to prison. If you tell somebody to molest a certain person, you both go to prison if they do. If you say that you wish a certain person would get molested (by looking at CP featuring them, which you claim is essentially encouraging the person to be molested again), then you both go to prison.

The only way you can be logically consistent is to either bring your stance on deviant pornography in line with every single other thing you have belief on, or to claim that people should not be allowed to say they think any crime should be committed and to claim that you should not be allowed to say that illegal things should be allowed to happen to anybody. If you were logically consistent you would be locking up the neo nazis who talk about how they wish the Jews would be subjected to genocide again, you would be locking up the KKK members who think that blacks should be lynched again, you would be locking up the Anarchists who say they think the government should be violently overthrown, you would be locking up the people who say they wish that somebody they hate would die, etc. But you are not so illogical to say these things are you? But in the case of deviant pornography you hold people to a totally different standard and you want to police their thoughts and their beliefs rather than their actions.

Your drug analogy is lost on me for the same reason because I am not harming somebody for smoking a joint.  If you can tell me how I am maybe I will reconsider my morals. If you say "somebody might copy me" that's moot because they are only harming themselves if they do.

You and the others who argue against me use so many logical fallacies that it is sad. You are begging the question:

An argument that improperly assumes as true the very point the speaker is trying to argue for is said in formal logic to “beg the question.”

The war on CP viewers is like the war on drugs because in both cases the government and media are brainwashing people and the end result is to send millions of people to prison for profit. The war on CP viewing is a multi billion dollar industry in the USA alone. You smoking weed causes no more harm to others than someone looking at CP causes. If you want to say that somebody looking at CP causes demand that is then filled with supply, I could say that you smoking weed could fund violent Mexican cartels who kill innocent people. You will say but oh that is the fault of the Mexican cartels it is not my fault! And then I will say yes just like it is not the fault of somebody who views CP that somebody else rapes children. You cannot use this stretching of responsibility on CP users without doing it on yourself. Your demand for drugs leads to violence, there is no question about it, if there was not a demand for drugs a lot of people would be a lot less victimized in the world. Do you feel the responsibility for the deaths linked to the cartels is on your shoulders? Then why do you want to try to say the responsibility for child molestation is on the shoulders of people who do not molest children? Using double standard logic is one thing but in this case you are just being hypocritical.   

But anyway that's my view and I'd like to move on to say I think what you propose as regard an Encrypted Keyword Search is actually a good idea in the sense that it can take away exactly the sort of egotistical part that I believe is inherent in human nature and would be all for it.

Sure Encrypted Keyword Search is good. But even today the P2P network CP viewers come close to this, and they are the vast majority of those arrested for CP. They do not network with each other on forums or communicate with each other, they simply type search terms into P2P programs and obtain files from them. The only real difference is that in the case of the P2P traders it is theoretically possible for somebody to notice that a CP file was searched for and downloaded, Encrypted Keyword Search can remove even this possibility. Somebody uploads a file to a set of servers and it is essentially in a knowledge black hole, nobody knows where it is anymore or if it ever comes out again.

Quote from: kmfkewm on August 12, 2013, 03:26 pm

Nobody inflicts harm on anybody by looking at a picture.

Sorry but I just don't agree,

Lets change the context altogether to something a bit weird but lets face it CP to a person not interested in that is just not in any way understandable.

Say I decide my new thing which I gain sexual gratification from is having sex with fish.
I'm not sure if this is normal activity but like most people the internet is probably the best place to find people who share similar interests so I perhaps start a site on TOR as I'm a pretty sure my sexual orientation is illegal and at the very least frowned upon by mainstream society.
I talk about my fantasy's and upload some pictures of me ejaculating on some of my favorite fish.
Next day I see I have lots of e-mails from people saying how they have the same interest and really enjoyed my pictures but they are afraid to take the next step and actually have sex with a fish but thank me for posting an image that allows them to find an outlet for their sexual desires.

I gain reassurance from the fact others share my interest and I feel am doing something that provides others with the same feelings of gratification I get from fucking a fish without actually doing it.
Am I more or less likely to put additional fish sodomy pictures on my site??

Most people can fill in the blanks from here and I honestly believe you are naive or don't want to admit that looking at a picture does not encourage people to make more of them.
Sorry for the silly example, Only maybe Kayne West could relate but I feel I had to take this into a totally different and weird context to make my point.

So we should make it illegal to thank people who do illegal things? Or to encourage people to do illegal things? Or just for child pornography? You just have a double standard is all. You apply special logic to child pornography that is not applied to anything else. How about we have a law that says you cannot encourage people to use illegal drugs. You can not say "Good!" when somebody has robbed a store that you think exploits its workers. Any speech that gives the impression of support for criminal behavior should be outlawed. You fucked a fish because you wanted to fuck a fish, if I look at the pictures it doesn't make the fish you fucked any more or less fucked and if you go out and fuck more fish because of it you are the one who is at fault. I did not put a fucking gun to your head and tell you to go out and fuck fish, I did not help you fuck fish, I did not pay you for photographs of you fucking fish, I am not responsible for your behavior and putting the blame on me is only reducing the blame on yourself. Saying that somebody only fucks kids because people look at the pictures is minimization of the behavior of the person who fucked a kid saying that they cannot control themselves and they are under the control of people looking at pictures. It is fucking insanity, there is no sense in it, if your logic was applied to anything else in life you would scream bloody murder about how your freedom is restricted ("Oh I cannot say I think people should smoke weed? I cannot say that I smoke weed? This is fascism!"). You people who argue against me have no validity to what you say, you have only mantras and emotions, you do not have science or truth on your side only baseless lies that you have repeated so much that you believe them.

So anyway let's make a technical solution then! Really Encrypted Keyword Search seems like it is the answer to all of your complaints. You go and fuck a fish and then you tag the image with keyword "fish fucker" and upload it to Encrypted Keyword Search server, now someone who likes fish fucking pictures can go to a program and type in "fish fucking pictures" and it queries the EKS server in such a way that they can obtain your picture without the EKS server being aware of what they searched for or what picture they obtained (nor can the EKS server even determine that it had such a picture). Now the demand is hidden, you do not know if anybody downloaded your picture, the EKS server doesn't know if anybody downloaded your picture or even what your picture is. There is no demand that can be observed. Why should it be illegal for them to use a program such as to obtain files that nobody can know they obtained? It is irrelevant in any case though, because such a program would offer nearly perfect anonymity anyway so literally nobody would be able to tell that they obtained that image or what they searched for. It seems to have the added advantage of hiding this demand that you think translates directly into people running off and finding kids to fuck. So I think you have no problem with this system right?