Silk Road forums

There is significant evidence that marijuana is carcinogenic, however exactly how much so is a matter of debate. There have been studies showing that marijuana smokers are at increased risk of lung cancer, cigarette smokers are well established as having a much higher risk of lung cancer, but smokers of marijuana and cigarettes have a lower risk of lung cancer than smokers of only cigarettes. Marijuana may have some cancer inhibitory effect as well as being carcinogenic, I have not seen any conclusive evidence as to why users of marijuana and cigarettes are at lower risk of lung cancer than users of only cigarettes. Additionally most marijuana smokers also are cigarette smokers. There was a study saying that marijuana use in childhood leads to lowered IQ through adulthood, but there was another researcher who pointed out flaws in this study so it is not really conclusive. There is strong evidence that marijuana can trigger latent psychological disorders in those who are susceptible, much like pretty much all psychedelics. Marijuana can lead to panic attacks as well, and panic attacks are imo the most negative effect most users are likely to experience. Overall marijuana is quite a safe drug, if you eat it or vaporize it or even use a water pipe of some sort you can eliminate or greatly reduce the increased risk of cancer. This leaves you with the risk of triggering a latent psychological disorder, but if you do not have a family history of mental disorders the risk of this happening is quite small. You could possibly become mentally dependent on marijuana, I have seen this happen to a few people but they are few and far between. There is some risk that you could become demotivated as well, but this is also not particularly common in my experience, I know a lot of highly accomplished marijuana smokers.

So in summary:

A. You could increase your risk of cancer, but this can be eliminated or greatly reduced depending on the way you consume marijuana. Also, it is apparently safer to smoke marijuana and cigarettes than to smoke only cigarettes.

B. You could trigger a latent psychological disorder, schizophrenia is of particular concern. The chances of this happening if you don't have a family history of mental illness are quite small.

C. You could come to depend on marijuana to not be bored, or have mental cravings for marijuana and feel uncomfortable when you are not high, but this is fairly rare and I have only seen it effect the heaviest of users.

D. You could lose motivation, but this is pretty rare as well and there are lots of accomplished doctors, scientists and others who have mentally and physically demanding jobs who use marijuana. This is also much more likely to effect heavy users than light to moderate users.   

E. You could suffer from quite intense panic attacks while under the influence, this is not particularly rare and it seems like it effects quite a lot of marijuana users at one time or another. Some people are more sensitive than others. The panic goes away when the high does, and you can probably stay in control  of yourself, and if you keep some fast acting benzo on hand you will be even better off.

F. Driving skills are negatively effected while under the influence of marijuana, but not to the same extent as when under the influence of alcohol.

I think that is a pretty comprehensive list of the negative health effects of marijuana, and as you can see many of them are preventable / reducible with responsible use and thoughtful planning. 

Okay here is my take on this. First of all, I have no idea about that ISP or the percentage of Tor nodes that are hosted by them. It seems that they are a big ISP, so they probably do carry a lot of Tor traffic. As to the claim that the NSA or CIA owns them, well who knows. Nobody really thinks that Tor will keep them anonymous from the NSA anyway. They have Narusinsight super computers at many major IX's and they can passively monitor all Tor traffic that goes through the USA anyway. Even if they couldn't passively monitor huge portions of US internet traffic, they can hack into pretty much anything and they could by pass Tor to get to targets if they really wanted to. The CIA can by pass Tor to get to targets if they really want to. It is silly to think that the NSA would actively add nodes to the Tor network when they can already passively monitor traffic into and out of all Tor nodes in the USA. A single Narusinsight surveillance computer can completely monitor and record traffic from several thousand residential internet links in real time, and the NSA has at least half a dozen of these things at major internet hubs across the USA. Also, they don't monitor in real time but rather switch rapidly between connections (sampling), allowing them to gather enough traffic for correlation attacks against millions of internet connections. Monitoring the few thousand Tor nodes in USA is not going to be a problem for them. Passively monitoring enough Tor traffic to do massive damage against Tor is easy enough to do for IX level attackers without the need for them to add a single node to the network : http://freehaven.net/anonbib/cache/murdoch-pet2007.pdf (Sampled Traffic Analysis by Internet-Exchange-Level Adversaries)

This makes his claim that the NSA may own these nodes to be dubious at best. The NSA doesn't need to own Tor nodes to break Tor anonymity. The other intelligence agencies he named may not have as much signals intelligence as the NSA, and may need to add their own nodes if they don't want to just hack their way past Tor. We have not got a lot to worry about intelligence agencies. Intelligence agencies actually do have bigger things to worry about than us. Some of them, like the NSA, are legally restricted from spying on US citizens unless they are in contact with terrorists or foreign intelligence agents. This does not mean that they respect the law, but it does mean that they rarely if ever bring their illegal activity to light by busting drug dealers. If he had any proof that the FBI or DEA owned that big ISP, I would be a little bit more worried. But he doesn't have proof that Cogent is a front for any agency, from NSA to your local police. He calls Tor TOR, which is usually a dead give away that somebody actually doesn't know that much about Tor. In academic articles it is called Tor, researchers studying it call it Tor, the media calls it TOR and usually people who call it TOR have learned everything they know about it from the media.

He acts like I2P is superior to Tor. In reality, the NSA can monitor the US based I2P servers just as easily as they can monitor the US based Tor servers. I2P has a handful of its own issues as well. Down time correlations against hidden services can deanonymize them as soon as they have down time, and it is easy to get the list of all I2P routers and therefor users as well. It is a bit harder to do this attack than I once thought, as nodes are not immediately unlisted once they go down. However, an attacker can keep pinging every I2P node and wait for a hidden service to go down (or DDOS the hidden service) and see which node stops replying to pings when the hidden service goes down. I2P would be absolutely horrible for Silk Road entirely because of the fact that everybody is a router. Fifty thousand or so people use I2P currently, they are spread through out the world, and it is easy to get all of their IP addresses. Guess what happens now when some vendor in New York sends a drug package to the police? The police see all of the I2P routers in New York and they have already narrowed in on their target, if the target lives in a remote area the police can probably deanonymize him immediately after seeing where he ships from.

In short, this guy is admittedly speculating, he has not given any real proof, he suggests using a network that is much worse than Tor for our specific threat model and imo in general, he thinks that NSA would actively attack Tor when in reality they would almost certainly passively attack it and he doesn't appear to have researched Tor much because he calls it TOR. I am not very worried from what he said, and I would chalk this up to FUD or possibly even worse considering he seems to suggest that Silk Road starts using I2P despite the fact that I2P would be the absolute worst choice for Silk Road users.

We must have gun control to prevent people from shooting the state agents coming to collect the debt to the socialized healthcare system!

from a moral standpoint health care is not something that should be provided by society by force. Nobody has the right to point a gun at you and tell you to give your money to some sick person. That said, it is good for society if people voluntarily give money to provide for the health of humanity. Single people have donated billions of dollars to healthcare, Bill Gates immediately comes to mind. Having universal health care for everybody is a goal that we should strive towards, but it should absolutely not be paid for by slaves.

This dude is a total hero in my book. Fuck the police, I hope he takes out as many of the bastards as he can. I feel slightly bad that he killed family members, I certainly would not condone that, but at the end of the day the pig whose daughter he killed stands for a system that results in other peoples daughters being killed.I have absolutely no pity for the police and I hope they take the massive support shown for this cop to be a fucking sign. I am amazed at how openly so many people in USA are rooting for this guy despite the fact that he is killing cops.

the solution is right here. You can view these forums without logging in or authenticating. So post your public GPG key. Now come back. Is the key still yours? Yup! So long as the attacker in the middle cannot determine when to MITM from when not to, you can always detect pretty quickly if MITM is happening. At worst they MITM some small percentage of the time, so you don't pick up on it but they still pwn some people. You could make a script that constantly loads the forum post you put your public gpg key in via Tor and see if it ever changes. I have long been a proponent of defeating MITM attacks with anonymity and non-authenticated middles .

What does this mean for the future of sr. Can this be fixed

Not much and yes.

you can just hit the print screen button, take a screenshot of the open image, then cut out the part you want and paste it into a new image and then save the new image.

The USA doesn't block bridges, so how are they exploiting it? If you want to thwart traffic analysis by your government, use bridges/relays outside of your country to maximize jurisdictional barriers. Actually, the probability of all 3 of the relays in a circuit residing inside your jurisdiction is very small already. Tor relays are spread across 75 countries, so there's little the US or Chinese governments can do to correlate traffic, unless they get really lucky (yes, there are some sophisticated fingerprinting attacks but none have been discovered in the wild).

I agree that the US is not much interested in bridges. Also although Tor project developers very frequently meet up with law enforcement and such, they are to the best of my ability to tell not in cooperation with law enforcement at all. Mostly they just tell them the basics of how Tor works, shit that all of us already know. Also Tor project very frequently gives the same information to a wide range of people, if I recall correctly they helped Wikileaks with their hidden service configuration as well. So they are pretty impartial about who they will talk about Tor with, but they are quite dedicated to Tor itself and keeping it as anonymous as they can for all who use it, and I do not think for one second that they will compromise Tor for anyone unless they are absolutely forced to (and even still there isn't much they can do , although they could be forced to give up bridge IP addresses perhaps. EFF lawyers back them up for free, so they have access to a pretty powerful group of lawyers to help defend them from legal attacks).

I would also like to point out that although from an active internal perspective, the distribution of Tor nodes makes it unlikely for such an attacker to correlate traffic, but from a passive external point of view it is quite likely that the US government can correlate large amounts of Tor traffic. NSA has access to multiple Narus Insight super computers with direct access to major IX's in the USA, so it is very likely that they can externally monitor a lot of Tor traffic passing through nodes they don't own. Thankfully NSA is prohibited by law from using this intelligence against Americans who are not in contact with terrorist or foreign intelligence agencies, and I think they are actually restricted to only targeting terrorists and foreign intelligence agencies in the first place. Of course they do whatever the fuck they want, but they don't want to fuck with us.

Bridge enumeration is mainly a problem in China and other places that actively block connections to the Tor network.

Mostly, although it can also be a problem for people trying to find bridge users to do other attacks, particularly known rough geolocation + Tor client enumeration & geolocation to narrow in on shippers.

However, it seems to introduce a new problem: the bridge authority operator is linked to the users. I mean, how do they find out about the bridge authority besides some kind of prior knowledge of the operator? On the other hand, if anyone can find out about a bridge pool, what is to stop censorship regimes from finding out about it?

Even more concerning is who runs these bridge pools? What stops an attacker from purporting to run such a pool, but only providing compromised nodes that they control? At least when we use the official Tor bridge pools, we know that anyone is free to publish a legitimate bridge, and that there is a chance we will get their legitimate bridge when we request bridge addresses.

It's similar to the problem that plagues exit guards, which haven't been implemented.

The biggest problem with exit guards is that they do massive damage to Tor's ability to prevent traffic linkability. The Tor devs will never implement exit guards, historically preventing exit traffic linkability has been their primary focus.