Silk Road forums

Quote from: kmfkewm on September 12, 2012, 08:16 am

www.aph.gov.au/Parliamentary_Business/Committees/House_of_Representatives_Committees?url=jcpaa/aqis/submissions/sub3.pdf

Unfortunately this PDF has some voodoo associated with it making it impossible to copy paste from it, it only pastes scrambled text. However it outlines the entire screening procedure of international mail in Australia, and confirms that since 2002 100% of incoming international mail was subject to at a minimum one of the following screening techniques, however they could not maintain 100% and had to update their infrastructure in order to do so:

*Canine sniffing for narcotics detection
*Human inspection
*X-ray scanning
*Possible opening
*Canine sniffing for the presence of vegetables etc

yeah i think it was you who said never to open PDF's in Tor and who's advice im following lol.

Don't open it then but it is obfuscated and I can not copy paste from it

Is it really fear mongering to post claims that can be backed up by multiple sources?

Im not going to give you specific amounts but yes a lot more then you are saying KMF and through regular post and on a regular basis. I know your going to say im just saying this for "whatever reason" but i have no reason to lie. What you have said is simple scare mongering propaganda from Australian Authorities.

Well I can not give you more proof of how much incoming international mail is screened in Australia than documents from Australian customs, the contractors they have hired to be able to screen the amount of mail they claim to, quotes from Australian customs officials, and my own personal conversations and interactions with Australians (who in my experience tend to have far more interceptions than people in other countries). Maybe you have managed to get more than an envelope through, I have no idea and I don't really give a shit, consider yourself lucky. All I know is if I spend the time to hunt down articles and .pdfs that I can give a dozen citations of claims of Australia inspecting 100% of incoming international mail (and one report that said 100% of international mail other than letters). I am not sure if I feel like digging up all of these old things I have read though, as I already gave a link to one .pdf as a citation and that is more than anyone has been able to show to the contrary other than anecdotal evidence from you.

www.glidepathgroup.com/assets/files/Australia_Post_Parcel_Case_Study_0907.pdf?phpMyAdmin=1bS1SNVH3ltijkhNQPMUxDVd3y1

Background
In May 2001 the Australian Government committed to 100% screening
of incoming international mail for quarantine (AQIS) and customs
(ACS) purposes by X-Ray, physical examination and canine inspection
prior to its release to the domestic postal distribution network.
Australia Post (AP) required new materials handling (MH) facilities at
both Sydney and Melbourne to be able to provide these screening
services in an efficient and sustainable manner. In 2004 Glidepath
successfully won the contract to supply the conveyor-based materials
handling systems at both locations.

I can find more if you like. 100% of incoming international mail to Australia is inspected by customs, the only way people manage to get anything of significant weight (ie: not flat, light, fits in an envelope) through is by luck. If you can find someone who has consistently gotten such packs through customs, maybe I will accept that you are correct. As it stands, I can find multiple references to 100% of incoming mail to Australia being screened. I have read one report that claimed 100% of non-letter mail is screened, and that is how people manage to get letters through, it is still screened but not 100%.

Quote from: Guru on September 12, 2012, 03:35 am

Quote from: kmfkewm on September 12, 2012, 03:14 am

Quote from: pine on September 11, 2012, 10:59 pm

Quote from: Electrofermion on September 10, 2012, 10:20 pm

Matrix: According to SR the mailing information is never stored on their servers. And TOR is encrypted. So as long as TOR and SR are trustworthy, I have nothing to worry about. If SR were untrustworthy it's more likely they'd just steal all our money.
There have been a couple times where I've messaged a vendor my address in plain text due to re-shipping, and then instructed them to delete the message immediately. Presumably SR does not store messages like that if the users delete them?
I've gotten a couple "cheap" orders of LSD which have left me grinding my teeth like mad for several hours. So I might have to give your Australian made tabs a go!

I take it you aren't aware of what the expression "passive adversary" implies?

SR's actual servers could be anywhere in the world. There would be no point in taking them down unless you obtain the right kind of information about the people connecting to it.

As such, it makes more sense to sit on top of it like a spider in the middle of a web, aggregating information over time in order to build up a blow-out bust.

Anyway, I'm not going to argue with you, because this is not an argument. JFUP.

THIS.

Why would the feds take SR down immediately after deanonymizing it? Then everyone of the vendors using it would get away and they would blow that they can trace hidden services. It would be far more likely that they would sit on top of it waiting for vendors to use their entry nodes and then deanonymize them with a timing correlation attack. maybe after gathering intelligence on vendors in this way for half a year, not to mention all the unencrypted addresses passing through the server, then they would take the server down immediately before doing an Interpol coordinated operation.

Exactly. We've seen this pattern when they bust pedo rings. They identify the maximum number of participants, after which coordinated raids are carried out, often in half a dozen different countries simultaneously.  I think the figure of 6 months for vendor surveillance is a bit on the short side -- I would expect somewhere between 10-15 months, possibly even as long as 18.

Guru

Most Vendors here dont seem to last 6 months.

And there are no great superpowers aus customs has that other countries don't, all this rumor does is open the doors for Australians to be Selectively Scammed. Take this from an Aussie who has never had any problems.

Australia has some of the best customs in the world, take it from somebody who has been around long enough to see how long people in Australia last before they get a package intercepted versus anywhere else in the world. Australian customs check almost 100% of incoming mail the only way people manage to consistently get things through is if they fit in a letter sized envelope. Even a DVD case of drugs is going to be a challenge. What is the biggest shipment that you have ever gotten through? I don't care if you answer, but my bet is that it was light flat and fit in an envelope.

actually I agree that 12-18 is far more likely than 6

Quote from: Bungee54 on September 11, 2012, 05:17 pm

Quote from: Errl_Kushman on September 11, 2012, 03:53 pm

After a dab, it was a big much to digest in one sitting but, i agree with many of KMFKEWM's points.

-I feel that I get too complacent, even though I do a good job at keeping my real identity and activities unknown. For example, drop spots to me are a must. No matter what anyone says, ordering illegal drugs in your own name, to your own address is never the best idea. I don't care what type of plausible deny-ability you have, if it never comes to your address and the location cant be traced to you, I feel safer.

-I think of everyone as a cop. Until proven otherwise, then I still suspect. Every post made, every comment or review is being read by officers who would think nothing of taking you away from your family, job, and current lifestyle. It might just be a little blow to you but, its a felony and a notch on the belt to a cop. I'm often surprised there isn't a sticky reading "EVERYTHING YOU SAY ON THIS FORUM IS BEING COLLECTED AS EVIDENCE BY THE FEDS "

-I've often wondered if SR has any form of counter surveillance. Just the other night I spent a while mind mapping what counter surveillance for a place like SR could look like. More than 2,500 years ago an old wise China Man wrote about the need for Spy's. I agree. *They have spies amongst us, we probably don't have spies amongst them. That's an issue.

-I agree, software sales on the road bring  a huge security risk. As KMFKEWM said, "Windows 7 Darknet Edition" could really be well paid federal agents attempt at infecting and infiltrating the road. Risk outweighs reward I feel.

-A team of "Experts" should be assembled. However, being anonymous in this case can be a bad thing as we should fall back to point #1 and assume everyone is a cop!

-I'm very interested in the photosensitive package tampering device. Agreed it would need to be open source. I don't think it would be too difficult. I don't know what parts are available but, I assume it could done using any SoC and basic radio-shack parts. Biggest thing would be tampering.  If its open source, it would be easy to reproduce and replace if the package was nabbed by LEO.  This aspect would need to be hashed out more thoroughly as I can already think of a few solutions to this.  This is pretty basic stuff, no offense but, until you start thinking about tamper proofing, this is basic Hardware Engineering 101.

I assume (or hope) there is already some process thought through in the event of infiltration, server takeovers, etc. Maybe I'm wrong.

2nd that !  thanks OP ! great comments are here!


The tampering issue is already solved.

One time rfid key which is sent and which  only the receiver knows ..device is a cmos which deletes itself upon light etc...no way to reproduce that...fuck the FEDS!

I could put something in a package to see if its been tampered with?? do you have a link to more onto on this?

Thanks

It is fairly simple in theory. The device would consist of a small amount of volatile memory which holds a PRNG seed. A PRNG seed is some initial entropy that deterministically influences the output of a pseudo random number generator. The device would also have an RFID tag capable of transmitting, battery powered RFID can transmit significant enough distances. The volatile memory is hooked to a photovoltaic ('light sensing') cell. After making the package, you would put the device in it and then close it up. Then wirelessly activate the device and load a seed to it. Now when the package is opened light will enter it triggering the photovoltaic cell causing the seed to be wiped from the memory. This makes it impossible for LE to analyze the device to reset it to a non-compromised state. When the package arrives at a fake ID box, the recipient could use an RFID wand to scan for a pattern that they could know because they have shared knowledge of the seed. If they detect this signal, then light never hit the photovoltaic cell, if they do not then either there was a malfunction or an interception. Since they know there was an interception, they can just avoid going to the box store, and since the box is obtained with a fake ID it can not be linked back to them.

There are more fine details that would need to be worked out, but that is it in a nutshell. it may even be possible to have it broadcast its interception status after some predetermined time delay, through the cellular network and to a burner phone.

We have most of the theory figured out, now the trick is to translate that into a step by step list of instructions on how to create these devices with easily obtained materials, and perhaps to program an open source controller for it.

Quote from: Electrofermion on September 10, 2012, 10:20 pm

Matrix: According to SR the mailing information is never stored on their servers. And TOR is encrypted. So as long as TOR and SR are trustworthy, I have nothing to worry about. If SR were untrustworthy it's more likely they'd just steal all our money.
There have been a couple times where I've messaged a vendor my address in plain text due to re-shipping, and then instructed them to delete the message immediately. Presumably SR does not store messages like that if the users delete them?
I've gotten a couple "cheap" orders of LSD which have left me grinding my teeth like mad for several hours. So I might have to give your Australian made tabs a go!

I take it you aren't aware of what the expression "passive adversary" implies?

SR's actual servers could be anywhere in the world. There would be no point in taking them down unless you obtain the right kind of information about the people connecting to it.

As such, it makes more sense to sit on top of it like a spider in the middle of a web, aggregating information over time in order to build up a blow-out bust.

Anyway, I'm not going to argue with you, because this is not an argument. JFUP.

THIS.

Why would the feds take SR down immediately after deanonymizing it? Then everyone of the vendors using it would get away and they would blow that they can trace hidden services. It would be far more likely that they would sit on top of it waiting for vendors to use their entry nodes and then deanonymize them with a timing correlation attack. maybe after gathering intelligence on vendors in this way for half a year, not to mention all the unencrypted addresses passing through the server, then they would take the server down immediately before doing an Interpol coordinated operation.