Silk Road forums

I believe that certain native groups use peyote in religious rituals.  That is one of the few exceptions.

Native Americans can use peyote. People in Santo Daime can use DMT. Catholic children can consume alcoholic beverages under the age of 21. There are three of the most widely known religious exceptions made to the controlled substance act. If I am busted with peyote I will go to prison. If I am busted with DMT I will go to prison. I HAVE gotten in trouble for drinking underage in the past. These laws have a foundation in religion. Religious sentiment is largely responsible for prohibition, it was in the case of alcohol and it is in the case of other recreational drugs as well. The constitution of the United States claims that there shall be no laws favoring one religion over another. This is CLEARLY not enforced in practice, or else there would not be native Americans legally getting high on mescaline, people in Santo Daime getting legally high on DMT or underage Catholic children drinking wine regardless of the amount they consume. There is no religious equality in U.S.A. , there are exceptions made for specific groups and there are entire laws made just so a bunch of brain fucked Christians don't get their panties up in a bundle. And don't even get me started on gay marriage being illegal, that is entirely to appease a bunch of brain dead primitive sky wizard worshipers and it is EXPLICITLY FORBIDDEN for this to happen in the constitution. Christianity is the WORST THING that has EVER happened to the United States.

I was raised Catholic, and this is damn-near unheard of. Even in cases where it does take place, the amount of wine allotted to each participant is certainly no more than 5ml.  Kids can get more alcohol from consuming cough syrup when they're sick.

Uhm damn near unheard of ? Which Catcholic churches don't have children under the age of 21 take communion? Wine is a controlled substance and nobody under the age of 21 is allowed to consume it or possess it in ANY AMOUNT. The only exception is made for the children of Catholics and this is BLATANTLY favoring one religious group over another.  Simply because of their religion Catholic children are allowed to consume wine, children who consume wine that is not from a Catholic priest can get in trouble for consuming or possessing ANY AMOUNT of alcoholic beverage.

No argument with you here. What you have written is especially true of morality laws, such as the statutes against 'obscenity'.  If one studies the history of how these laws were passed, one can be forgiven for being flabbergasted by the machinations. The so-called Comstock Act of 1873 (provisions of which are still in force today) govern so-called 'obscene' materials. Apparently, this law was sneaked though when there was not even a quorum in Congress. So, technically, the law should never have been placed on the books, but countless people have been jailed for 'obscenity' offenses nonetheless.

Religion is a disease and the USA has a bad case of Christianity.

Do you enlightened pacifists think that a man who rapes and murders a three year old should be given a death sentence? Or does your same outlook of pacifism and forgiveness also apply to him? Do you think he deserves any punishment at all, perhaps a life sentence if not death? The reason I can feel fine in calling for death of DEA agents is because I recognize that they are violent career criminals. They are guilty of millions of kidnappings, many thousand homicides, millions of armed robberies, home invasions, terrorism and more. Such people must be brought to justice , just as a man who rapes and murders a child must be. Death is a fitting punishment for their crimes, but even if we are so pacifistic as to think no man is worthy of being killed, we must at least keep these wild beasts in cages until the day they die of natural causes. To think otherwise means one of two things; either you would not wish justice upon anyone who commits murder, kidnapping, armed robbery, home invasion and terrorism OR you excuse the behavior or those who commit these crimes so long as they are acting in the name of the state. I imagine that the second option holds true for you, and thus you are statists and indeed are enemies to Anarchy. I wonder why would a statist come and obtain the services of an anarchist enterprise? Why don't you go run to your state for your recreational drug needs?

USA is full of religious fanatics who have far too much control over the nation and world. It is a hypocritical country that only pretends to follow its own constitution. The politicians claim that there is no respecting one religion over another, yet some religions are given exceptions to the controlled substance act allowing them to use drugs such as DMT and Peyote, while other people sit in prison for possessing the same drugs. Catholic children are allowed to consume alcohol in the form of wine, but kids are always being busted by the police for drinking underage at parties. Half of the laws in the country are the product of religious groups, and none of them make any sense unless you believe in the fairy tale book written by a bunch of shepherds over 2,000 years ago. The political system is completely corrupted, ostensibly they create laws for moral reasons but in reality the politicians only use the christian morals to appease the masses. In reality the politicians and their friends are cashing in big time on controlling things such as gambling, recreational drugs, prostitution, etc. USA has more people in prison than any other country in the entire world and a huge percentage of the population is monitored by parole or probation officers. The education system is abysmal and the population is stupid. Propaganda is everywhere and it controls the majority, making democracy little more than a mirage to placate the masses. The entire political system is to a large degree fixed. Half of the people are either broke or in prison. I hope that it collapses soon and that there is a massive purge. 

Quote from: kmfkewm on October 21, 2012, 06:33 pm

The most important step to take right now imo is for DPR to configure the server to use Tor via Tor so that it gets layered entry guards. Until the Tor people add layered entry guards by default it needs to be done manually.

I know you've been pushing this idea for a while, but you should be aware that the Tor devs will eventually remove the ability to run Tor over Tor. There's a trac ticket about it.

https://trac.torproject.org/projects/tor/ticket/2667

As you can see, this feature will be removed by the final version of Tor 0.2.4, which will be ready in 6-8 months, and the change should be backported to 0.2.3. I don't know if layered entry guards will be available by then. So unless you want to run an old version of Tor, <= 0.2.2 (not recommended), this will be a problem.

If the devs remove the ability to do Tor via Tor and don't add layered entry guards themselves they will essentially be flipping off anyone who wants an actually highly anonymous hidden service. In the mean time, Tor via Tor still works and SR should be on the schedule of cutting edge anonymity not waiting for the Tor devs to play catch up. They are balancing the overall health of the network with the anonymity of hidden services, and right now they are not favoring hidden service anonymity as much as they could be (or should be imho). If they remove the ability to do Tor via Tor and don't replace it with layered entry guards for hidden services it will really piss me off and it is not in the best interests of hidden service anonymity.

that is too crazy to be LE

What this article tells me is that we really need to step up our security because we are going to be getting some more tech savvy LE trying to attack us. The most important step to take right now imo is for DPR to configure the server to use Tor via Tor so that it gets layered entry guards. Until the Tor people add layered entry guards by default it needs to be done manually. People greatly over estimate Tors ability to keep a server anonymous, this is fact. A large increase to anonymity is provided by having the hidden service use two instances of Tor, a hidden service instance and a client instance. This protects from a very serious attack and greatly increases anonymity for both the client and the hidden server.

Second we need to seriously look into isolation techniques. Running the web server in a virtual machine that only knows an internal IP address is probably a good idea, even better would be to use a dedicated Tor server and then the server for everything else connected to it and forced to route everything through it. Using the virtual machine technique has advantages and disadvantages, primarily the advantage is that it is easier to configure and the disadvantage is that it increases an attackers ability to pwn the web server in the first place (but decreases their ability to get the servers IP address after having rooted the server). The two physical servers solution has all the advantages of the virtual machine solution and the only disadvantage it has is the difficulty of configuring it (particularly remotely).

Vendors should also be concerned with isolation of web browsers and other network facing applications from their external IP addresses. This can be achieved in the same way as it is for servers, either with virtual machines or with two+ dedicated hardware machines. The advantages and disadvantages stay the same. People also need to make sure that they are hardening their browsers. First and foremost it is highly suggested that you either use the TBB (which unfortunately doesn't allow for easy isolation) or that you manually compile the browser from the bundle yourself (which unfortunately is a pain in the ass to do). Tor Browser has been hardened from various attacks and it is the only browser that is considered secure to use by the Tor developers. Additionally, I suggest entirely disabling javascript and leaving it off, or at least using NoScript or similar.

Of course you need to learn how to use GPG and start using it to send your address if you have not yet. Indeed, the more messages you encrypt the better, you should encrypt as much as possible. You should encrypt your full hard drive if you have not yet, for SWAP have it encrypted with a temporary random key if you need SWAP. Another technique that has some security benefits is to boot off a live CD without a hard drive, but I personally think it is better to have a proper persistent configuration (live CD's that I am aware of are not configured in such a way as to give you the most security possible).

Cash in anonymously when you obtain bitcoins, and then mix them as well. Mix bitcoins before you cash out, and cash out anonymously as well.

Avoid using shitty operating systems like Windows. Look into a security oriented distro of Linux, and I do not mean tails or liberte but rather actually installing and configuring Gentoo or something. OpenBSD isn't linux but it is nice. FreeBSD is nice also but it lacks ASLR so meh. The primary thing to be concerned with is minimalism.The less crap you have running on your box the less attack surface there is for an exploit to pwn you.

We really need to make sure that our security (of both the server / site and the individuals using it) stays tip top because we can expect to see increasingly skilled law enforcement trying to compromise us. Right now we largely have the advantage over them, but let's not get complacent and lose our edge.

Quote from: kmfkewm on October 20, 2012, 03:48 am

Just heard that at least some people who ordered drugs from the farmers market have gotten cease and desist letters from the DEA informing them that if they continue to order scheduled substances they will be arrested. In a way that is a good sign for them, it means they probably are not going to be arrested for having ordered substances from the farmers market. I bet they wish they used fake ID boxes, it is a safe bet that their mail is going to be watched if anyone has their mail watched. This clearly highlights one of the advantages of using fake ID boxes...none of them had DEA visit them but clearly the boxes they used are known to DEA and thus if they used real boxes they are now known to the DEA as illegal drug buyers.

When you use a 'fake name'  doesn't that put you at more of a risk.   what happens when someone realizes you're using a fake name.   Almost immediately they're going to realize that that one package a week you're receiving in your box is drugs.   Why else would you be using false info?   

Personally I don't think using fake info is a good idea.

And how are they going to realize that you are using a fake name? And who is even going to care to look into it? People have been using fake ID private mail boxes to get drugs for many years and none of them who have been busted were busted due to the fact that they used a fake ID box. Let me just say that I have never seen someone fucked for using a fake ID mail box but I have seen countless people who were protected by doing so. The people getting threatening letters from the DEA due to their farmers market orders are the most recent example, the people who had shit sent right to their houses are stressing out now because their real life identities are linked to farmers market, but the people who used fake ID boxes have dropped their old ones and gotten new ones, maintaining unlinkability of themselves to farmers market.