Silk Road forums

Also you need significant training to even know what to do with professional grade equipment once you have it. Bug detection is an entire profession and it requires months to years of training and tens of thousands of dollars worth of equipment. If your attacker gets their bugging equipment from we-sell-spy-gear.info then you are probably good to go with bug detecting equipment from we-sell-bug-detecting-equipment.info , but if they are using professional grade equipment it will require professional grade equipment to detect it.

A network that consists of a mixed, decentralized, and distributed core, mixed PIR outer layers, variable latency via proof of work, multi data-type support, built-in multi host network support (clearnet, i2p, tor, etc cross communication) and the ability to completely hide who on the network is the recipient.

I think that mixing is very important for strong anonymity. PIR is also very useful but great care needs to be taken in how it is implemented. Cross network communication is a possibility, although it might be better to base it on top of Tor. In the case of routing nodes, it is better if they all share a common anonymity network.

CORE
The core network is a mesh topology in which all members exchange all data. Similar to Freenet.

In Freenet all members usually act as routing nodes and data stores, but all members don't share all data. All members sharing all data sounds more like BitMessage, and I don't like this because I think it will scale poorly. I also think that if all users are routing nodes that the anonymity of the network will be hard to ensure, when clients act as routing nodes it tends to open up the risk of intersection attacks. Freenet has managed to do this in a pretty secure way, but I2P is very vulnerable to intersection attacks due to essentially all clients also being routers. BitMessage is also very weak to intersection attacks due to all clients being routing nodes. Tor has substantially protected its users from several sorts of intersection attack by not having all clients act as routing nodes. Another issue with all nodes being routing nodes is that it will dilute the ability to mix messages. Mix networks are actually more secure if they have less routing nodes, because then more messages mix together at each hop. With a network like Tor the anonymity depends on the size of the network, because the goal is to prevent an attacker from observing both ends of a connection, and the more nodes there are, and the more geographically distributed they are, the less likely it is that an arbitrary attacker can view traffic as it enters and exits the network. With a mix network though, generally we would assume that the attacker is already capable of watching all links between all nodes, regardless of how many nodes there are. The anonymity of a mix network depends on the amount of traffic on the network, and particularly the amount of traffic passing through the utilized mixes, and if there are only a few mixes then there is much more traffic passing through all of them and therefor the anonymity provided significantly increases. 

Data is exchanged between machines using a mixed PIR retrieval system. Machines would accumulate data until the threshold is met. They would then mix and advertise their new data to the connections they have. The connections have the option to retrieve all, none, or some (Using PIR) of the advertised data.

That is an interesting idea. A pull rather than push mix network. Normally in a mix network, one of the mixes receives so many messages and then they reorder them and send them on to the next mix on the messages path. Your proposal seems to be that mixes obtain so many messages, and then they reorder them and advertise that they have them, at which point other nodes on the network can pull them with PIR. There are two important points to consider. The first point to consider is, how do the pulling nodes determine which messages they pull? In a traditional mix network, the client selects the path of mixes that the message travels through. The client needs to have public keys for the mixes on the network first, which they obtain via bootstrapping with a set of directory servers. So the client doesn't need to tell each mix individually that it will use it on its path, it merely needs to construct a message that will be routed through each of the mixes on its intended path. If the client communicates with mixes telling them which messages to pull, the anonymity of the system is reduced to the anonymity the client has when constructing their path when they communicate with each of the mixes telling them the message to pull. If the message is tagged with the next mix on the path, then the PIR will be useless since the mixes will already know which messages are being pulled by which mix.

One possibility is for the messages to be tagged with an ECDH shared secret generated with the mixes long term public key and an ephemeral keypair generated by the client, with the ephemeral public key also attached to the message. If all mixes pull all attached ephemeral keys, they can derive shared secrets with them and then pull messages tagged with shared secrets that match shared secrets they generate with the attached ephemeral keys. This would require all mixes to obtain all ephemeral public keys though, and to derive ECDH shared secrets with all ephemeral public keys. That probably wouldn't scale very well.

The second thing to take into consideration is that generally PIR that isn't everybody gets everything assumes that a message is present on several non-cooperative servers. This opens up the strong possibility of intersection attacks if there is a large distributed PIR network. Because if my outgoing message is on 5 servers only, and the next layer of mixes on its route pulls the message with PIR from these servers, then the message is identified as being one of the messages that is on each of the 5 servers being pulled from. Unless all of the people routing messages use the same exact path as me, this will severely degrade any provided anonymity.   

Data that is transmitted across the network consists of two parts. The first part is a small identifier for the second, larger, part. The identifier would include the proof-of-work done on the message as well as an encrypted header for the second part. Once the accumulation threshold is reached then the first part is what is announced/sent to connections for advertising new data. If a connection already has one/some of the data being advertised, they will leave it out of their request list to the announcer. This also allows PIR operation to happen unannounced. Additionally this group can/may be padded.

Sounds a lot like BitMessage, and it will likely be weak to some of the same attacks that BitMessage is. For example, if Alice has a message before Bob does, then Bob could not be the sender of the message.

Tor Status has false negatives and positives on occasion. If your exit node has just been added then you will possibly not be detected as using Tor, because the list of known Tor exit IP addresses at Tor Status is not kept 100% up to date in real time.

The question to ask is why would you even take a risk trusting that shit. Truecrypt is free and open source. Use Truecrypt. A more precise answer is that you really cannot trust proprietary encryption software, and there is no reason for you to. I mean, maybe it is not backdoored, maybe they implemented it correctly, but who knows? Not me, not you, only a few people at Symantec know if it is backdoored or not and not even they know for certain if they implemented it properly, because even with open source software that has no known defects nobody knows if it is implemented properly 99.99% of the time, but because it is open source arbitrary people can try to ascertain if it is correctly implemented.

It doesn't make sense that the NSA reports on crime and yet there are high profile targets that use the internet and avoid arrest for years or indefinitely. I personally doubt Snowden if he truly claims that the NSA reports on all illegal activity that they intercept. It sounds like bullshit to me, for a variety of reasons. Without documented proof that they are compelled to report on criminal activity, I am completely unconvinced.

From The Guardian :

Even if upon examination a communication is found to be domestic – entirely within the US – the NSA can appeal to its director to keep what it has found if it contains "significant foreign intelligence information", "evidence of a crime", "technical data base information" (such as encrypted communications), or "information pertaining to a threat of serious harm to life or property".

Note that it says the NSA analysts may *appeal* to the NSA director to keep intercepted US internal communications that are *inadvertently* intercepted. It doesn't say that the NSA is compelled to report criminal activity to the police. It doesn't say that NSA analysts are compelled to report criminal activity to the NSA director. It says that they *can appeal* to keep the communications. I also note that they mention evidence of a crime and also information pertaining to a threat of serious harm to life or property. In general, anything they intercept that pertains to a threat of serious harm to life or property is evidence of a crime, and I imagine in the likely extremely rare cases that they exercise their ability to utilize US internal intercepts, that it will be in cases of domestic terrorism and similar things. I think people are taking this way out of proportion in assuming that the NSA is systematically sucking up US internal communications and then piping them off to the FBI for criminal investigations. That is not what the NSA does.

Furthermore, traffic metadata intercept of US internal communications has *always* been legal without a warrant. Even the FBI and the local police do not need warrants to intercept traffic metadata. The courts have never considered traffic metadata to be protected by the constitution, only payload data. The only difference between what the NSA is doing and what the FBI and local police are probably doing, is that the NSA is gathering *all* of the traffic metadata whereas the police only gather metadata when they think it will assist them in their current investigation.

libertarians do not work for the american military.

Lots of libertarians work for the US military. The US military is not a police force.

I never said the NSA will shut down SR. What they will do is tell some other government monkeys how to find SR.

Extremely unlikely.

Again, terrorism does not exist, except for US terrorism (which is massive, but oddly it's not the terrorism you seem to have in mind)

US commits terrorism but terrorism is also committed against the US and its allies, on a fairly regular basis. One of the reasons terrorism is not committed as frequently on US soil is due largely to the efforts of intelligence agencies.

Do you think these alleged terrorists discuss their  plans on facebook and gmail? Or even Tor? Don't be silly.

Osama Bin Laden had a courier who used I believe USB devices to take communications from Osama to cyber cafes, after which he sent them via the internet to various terrorist contacts, got messages back and took them to Osama where he was hiding. I don't know if the messages were hidden with steganography or encryption or what the technical details are, but during Osama Bin Ladens time in hiding after 9/11, he frequently made indirect use of the internet to engage in communications with his terror network, and apparently many of his contacts also made either direct or indirect use of the internet to transfer their communications. I don't believe Osama was caught due to signals intelligence locating his courier, but rather was caught because somebody who knew who his courier was was tortured and revealed the information, after which his courier was located and followed back to the location Osama was staying at. It seems like the CIA was probably mostly responsible for this operation, but theoretically the NSA could have located his courier with signals intelligence.
   

Maybe one of the purposes of the NSA is to spy on 'foreign' governments, but their main purpose is to spy on ordinary sheep. both american sheep and foreign sheep.

The NSA doesn't give a fuck about ordinary sheep. They also extensively spy on foreign governments. Another one of their big responsibilities is securing the USA from cyber attack.

Pretty noob mistake to always send from the same location. Smart vendors try to recycle drop off points as little as possible.

This yet again demonstrates the advantages of using a fake ID box, customers who had worked with the busted vendors could at this point drop their boxes and get new ones. Customers who had shit ordered to their real addresses are at the mercy of the security of the busted vendor.