Silk Road forums

An IRC friend of mine is a big proponent of I2P and wants everyone to use it, and it does let you do some cool things, like bittorrent and human-readable pseudo-domains, but ultimately the reason I can't bring myself to use I2P and Freenet is because I can't get over the fact that my IP address is exposed to random nodes on the network. I like the privacy that entry guards afford.

I have never been very impressed by I2P, although it does seem to have the most vocal group of proponents. I personally see it as being similar to the Apple of anonymity networks, it has a hardcore fan base of people who know it is the best, but they don't seem to quite know why it is the best. I guess I would compare Tor to Linux and Freenet to BSD.

The fact that it is so easy to enumerate the IP addresses of everybody who uses I2P is also one of the reasons why I will not even touch it. Freenet is not so weak to this because of Darknet mode, which can be used after running in Open Net mode to essentially give yourself at least the same membership concealment provided by Tor entry guards.

I also trust the relays more. There's a big, publicly accessible list of all the relays, with lots of info about them: hostname, geolocation, bandwidth, (usually real) contact info. You can see them running for months at a time, and people run scripts against them regularly to determine if they are acting maliciously. It makes me feel safer than connecting to some random, unknown IP address.

People run scripts against them to see if they are acting maliciously, but that only applies to exit nodes. Freenet has no exit nodes so there is no need (or even ability really) to run scripts against them trying to see if they are malicious or not. 

There's also the fact that I2P and Freenet are so small. On Tor, you're one of 500K daily users. That's a nice, big crowd to mix in with, compared to I2P's 20K simultaneous users. I don't know how many users Freenet has, but presumably it's even fewer.

Freenet is also estimated to have about 20K simultaneous users. There are two ways of looking at this though. Tor certainly has the most concurrent users, I think it actually serves over a million people per day now. On the other hand, Tor has the least routing nodes of the three major anonymity networks (Tor, I2P, Freenet). Tor has about 3,500 routing nodes, I2P and Freenet have about 20,000 routing nodes each. You get anonymity gains by having a bigger userbase as well as by having more routing nodes (in the case of I2P and Freenet clients and routing nodes have about a 1:1 ratio, for Tor the ratio has been about 400:1 .) If somebody can see Tor exit traffic, they know the traffic originated from one out of over a million possible Tor users (since more than a million people use Tor, just not at the same time). On the other hand, if they see content published to Freenet, or somebody accessing an Eepsite, that content/access came from one out of only about 20,000 users. Looking at it another way, assuming all nodes route the same amount of traffic (which they certainly do not, but for the sake of argument. In reality we would need to compare bandwidth added). an attacker who adds 1,750 nodes to Tor can see roughly 50% of the traffic routed through Tor, an attacker who adds 1,750 nodes to I2P can only see 8.75% of traffic routed. In the case of Freenet this isn't comparable though because Freenet works very differently from Tor and I2P.

So from the start your anonymity with Tor is greater than your anonymity with I2P or Freenet, because you have a much larger set size to blend into. But from the specific perspective of an end point timing attack (by far the most worrying attack against Tor), you will be anonymous to the set size until you are deanonymized. This is really roughly speaking though because there are so many other things to take into consideration, but for the most part I think many users of Tor (especially the non-pseudonymous ones) will continue to be anonymous to the set size of users until they are deanonymized with a timing attack. Having a bigger set size to blend into at first is beneficial, but the risk of falling victim to a totally deanonymizing timing attack is also a lot higher because the number of routing nodes is a lot smaller (and therefor it is easier for an attacker to control a larger percentage of them).

The size and diversity of the Tor crowd are big privacy-protecting features. If you run a Freenet node, there's like an 80% that you're a pedophile, but if you connect to Tor, there' s maybe a 10% chance you buy drugs, a 10% chance you're a pedo, a 5% chance you're a journalist, or whistle blower, or intelligence agent, or political dissident, or just somebody who is privacy conscious, or paranoid, or curious. There are way too many groups to conclude anything about a Tor user, if you can only watch their end.

Yes I agree entirely, Tor having so many users is a huge advantage for it. However, I2P having so many routing nodes is also an advantage for it. There is a huge chance somebody using Freenet for a prolonged period of time is involved in CP, however actually proving that is very difficult.

Overall I definitely like Tor the most. It also has the enormous benefit of allowing traffic to exit the network. I2P is weak to an assortment of attacks that Tor is well protected from (although I2P is better protected against other attacks that Tor is not well protected from, for example internal timing attacks), Freenet is difficult to use for service providers, etc.

Quote from: jackofspades on May 13, 2013, 06:20 pm

WTF! I would buy sheets for 300 any day of the week! Shouldnt us SR users have those privileged prices?!

Lol no.  That is how vendors make money.  I have never seen a drug on Silk Road cheaper than I can get it, not even close.  Silk Road is a good way to make money and a good way for people without good connections to get drugs.  It's a win win situation.  There would be no point of the private boards if everything on them wasn't so much cheaper than public places like Silk Road lol.

Plus on private forums it is mostly vendors buying from suppliers. Ordering ten packs of LSD, or even grams of crystal, is much more common. The private forums where you can get such low prices tend to consist of big suppliers, vendors, retired vendors and suppliers, and their close online friends. If you are not in the market to spend $12,000 a month or more on drugs, are not a big supplier of drugs and are not good friends with somebody who meets one of the prior two criteria, then you don't have very good chances of getting on a private forum that has $300 a sheet acid. SR is way lower on the food chain, it is mostly random end level consumers buying ten strips for personal use.

However it has been a while since I have seen really good L prices even on the private forums. These days $500 a sheet is more realistic than $350 or $400, and crystal is not very available at all.

Yeah, darknet mode is why I said "almost all". Presumably, very few people use it besides people in oppressed countries, where connections to the other (easily identifiable) nodes are blocked.

Darknet mode is the equivalent of an entry guard, except there is no mechanism to randomly pick from a set of guards, so you get linkability between the darknet guard and the person being guarded.

I don't use Freenet but I am pretty sure a lot of users run in open net mode until they get a few peers and then switch to darknet mode using a few of those peers as their entry guards.

I agree, it is more robust than Tor for users, with some big trade offs for publishers and service providers.

It depends on what is being published. It definitely puts a lot of restrictions on service providers that Tor does not. But for somebody publishing a .pdf for example, Freenet is probably even better than Tor for the publisher. Freenet also has the advantage of being essentially immune to DDoS attacks knocking services offline. It also has the nice benefit of not requiring somebody to configure a server, or own a server, to publish content. So I would say Freenet is actually much better for publishing content than Tor is, and it has advantages for service providers and publishers in the form of resiliency, but Tor gives much more control and ease of use to people who provide services and is definitely better for service providers.

Yeah, everything has to be moved to the client. I think it's more complicated than it looks to implement all of SR's features that way (managing bitcoins, for example), and potentially puts users at greater risk when they have to run a Java app made by an anonymous person. If the SR hidden service gets pwned and you anonymize your bitcoins and encrypt your address, there's not much LE can do to you. But if LE compromised DPR and modified his Freenet app, they could pwn everyone.

Yeah that is true.

Quote from: kmfkewm on May 13, 2013, 03:46 pm

I guess the question is, do you want to get raided after SR is hacked into by the police (they already have hacked into half a dozen CP hidden services), do you want to get raided after SR is hacked into by the police (since privnote is entirely weak to MITM) OR after privnote flags you as suspicious, or do you want to not get raided because nobody can crack GPG?

True but how do we know the vendors delete our information? It seems the most likely occurrence would be a vendor getting caught for doing some on the side shit. 

The thing about CP is that it's not encrypted at all most of the time, and I bet some of the pictures have EXIF data.

CP is completely irrelevant to this conversation, the point I was making is simply that feds can sometimes hack into hidden services. You have three options:

1. Trust the security of the server and trust the operators of the server (The server is almost certainly weak to being penetrated in some way, humans are failable)
2. Trust the security of privnote and the operators of privnote (privnote is very weak to MITM, the operators could use bugged javascript etc)
3. Trust the mathematics of RSA, which have been subjected to vigorous peer review and determined to be secure

take your pick but I personally will be going with 3.

The vendor storing your information or not is completely irrelevant to the security of how you transfer your information to the vendor. If you want to be really secure use fake ID boxes or other boxes that cannot be linked to you, and switch them up periodically or especially if you think a vendor was busted.

They can monitor enough relays to pwn a few of the people some of the time.

In contrast, they can run enough i2p and and Freenet nodes to identify (though not pwn) almost all of the people, all of the time. On i2p, they could probably pwn some of the people, some of the time. On Freenet, it is unlikely they could pwn anyone, but you couldn't run a service like SR on Freenet.

And with any one hop proxy or VPN, they can pwn all of the people, all of the time.

So those are your options.

It is really hard to enumerate Freenet clients if they run in darknet mode. It is trivial to enumerate all I2P clients though. It is really hard to enumerate Tor clients because of entry guards and bridges and obfsproxy.

Freenet is really unique because it aims to provide plausible deniability in addition to anonymity. I2P has a little bit of plausible deniability from internal attackers (because essentially all clients route for each other, and there are variable length  paths), but not external attackers. Tor on the other hand is focused entirely on anonymity, it has pretty much no plausible deniability at all except for *maybe* if you run as an exit node and claim that connections to the clearnet came from Tor users (and even this will not protect you from an external attacker). If an attacker watches your Tor entry guard and the destination you surf to, you are pretty much fucked. If your direct freenet peers watch an illegal file being routed to you, they still cannot easily prove that you actually requested the file, for all they know you are just routing it for somebody else like they are. If they see you insert an illegal file into the network, they don't know if you are the person who originally published the file or if you are just routing on an inserted file like they are. The plausible deniability of Freenet is what makes it so much more robust than Tor.

But like you mentioned, Freenet is very different from Tor and I2P. You don't run a normal server and anonymize it with Freenet, rather all of the nodes make some of their hard drive space available and content is hosted redundantly distributed throughout the network. This means running php forums etc on Freenet is impossible. However I do think a site like SR could operate on Freenet, it would just need to use custom client side software designed to work with Freenet. Just like there are Freenet specific software packages for forums, E-mail, etc.

I'm a 33. 

 I had learning disabilities in school and was in a special class for slow kids.  Then, in two years I was put into a gifted classroom.  They figured I was a genius or some kind of idiot savant after some tests. 

  I learned 12 different instruments by age 15 and memorized the Funk & Wagnals Encyclopedia set at age nine.   Wasn't intelligent, I just could recite everything I read to the word.  So I was like a tape player that recorded information and played it back for people.  It made me look smart, but I was just mimicking and mocking things I read.  I could understand or apply anything.   I had obsessions that were unhealthy and consumed all my time.

So anyway.  I love drugs and self medicating. I recently fell in love with amphetamines, i dont even care about the buzz, its the concentration effects im after. Where have you been all my life. ?!!!?  Fuck I love you!   

I think it is interesting how high functioning Autistic people are more likely to have minds like tape recorders, and low functioning autistic people are more likely to have minds like cameras. I also have exceptional verbal memory although poor visual memory. It is a bit of a risk though, it is very easy to completely memorize a complex paper but actually understanding it is more of a challenge. It seems that the more Autistic a person is the more the trade off between memorizing and understanding increases (in favor of memorizing). Thankfully I am able to understand complex things, but I can almost always verbally memorize them first. 

I have read about some Autistic people who are so good at one type of memory that they can mask deficiencies in other types of memory. For example, someone with very poor long term visual memory, but genius level long term verbal memory, could encode a picture with words. So if they are presented with a picture, they could remember it with words, and then if they are asked questions about the picture half an hour later they could describe it without actually remembering it visually. This could be perceived as them having adequate long term visual memory, when in reality they just have exceptional long term verbal memory. Most people would visually recall the image in their minds and answer the questions about it using their mental image as a reference, but someone who can remember words verbatim but who struggles to recall images, could encode the entire picture to words and then answer questions about it based off of their stored verbal information. There are of course more specialized tests that can get around this though. There are actually a lot of examples of people with high functioning Autism using what would normally be horribly inefficient methodologies to  successfully complete tests with average+ scores. This is due to them having extremely well developed abilities in areas that do not normally map directly to the test they are presented with, and poorly developed abilities in areas that normally map directly to the test (ie: using exceptional long term verbal memory to appear to have average long term visual memory).

Quote from: kmfkewm on May 12, 2013, 07:06 pm

Quote from: seuss on May 12, 2013, 06:40 pm

Yeah, having autism traits doesn't really mean one has autism.  Some people are naturally quirky or become quirky through their environment.  Some serious testing has to be done, besides questionnaires, in order to diagnose autism.

Autism spectrum disorders can be diagnosed through IQ tests with brain imaging to rule out lesions, questionnaires / interviewing, or a combination of both. An IQ test showing a large discrepancy between verbal and visual IQ is a big sign of being on the autistic spectrum,  if there is no sign of brain damage. The questionnaires tend to look an awful lot like this one although with developmental history also taken into consideration. I think that this test is good for basic screening for Autism. One research paper claimed that scoring below 26 definitely rules out a diagnosis of Aspergers. However the test is not meant to be diagnostic. On the other hand, when this test was being evaluated, only 2% of neurotypical people scored 32 or higher. So I think scoring 32 or higher strongly indicates Autism, and scoring 26 or higher indicates a possibility of Aspergers.

That's what they tell Asperger's sufferers to keep you people from raging. Its like in the old sci fi movie where they give androids an empathy test and tell them it's "just an 'IQ test''.

If the researchers told you people you were being tested because you exhibit a form of mental retardation, you people would freak out and go on school shootings or something

I don't really disagree with you, although some Autistic people have above average scores on all verbal and visual IQ tests, while still having a discrepancy between scores. Most high functioning Autistic people do have significant deficits on specific sorts of intelligence tests, but they make up for it by having very superior skill on other specific sorts of intelligence tests, which balances out their general IQ (or even raises it to above average). High functioning autism is sort of like being a genius at specific things and retarded at specific things at the same time. Most people are average at everything, and have an average GIQ. High functioning autistic people are more likely to be really good at some things and really bad at other things, and have an average GIQ. Low functioning autistic people tend to be mentally retarded on all tests, but have a discrepancy between subtests, whereas someone without Autism but with mental retardation would score about equally as low on all tests.