Silk Road forums

chicken motherfuckin butt ?

Quote

If someone wanted to trace your coins that method wouldn't really help. It would make it slightly more difficult for someone, but all they would have to do is track the individual bitcoins that you are transfering.

Looking at the block chains it seems that a group of coins transferred in small amounts to other addresses through tor, then moved or transferred to another address then returned to a new address on the original client, would be hard to trace and say that it was all the same person. The more they are transferred the more links in the chain, add the fact that they are never received by the address that sent them and you have, to my understanding, something that is described in the bitcoin wiki as a way of remaining anonymous.

Plausible deniability is not anonymity. Mixing your own coins with themselves is not really mixing at all. Okay the most secure sort of mixing is with blind signature "tokens". You give a bitcoin to the mix, it gives you a blind signature signed token saying "IOU one bitcoin". Because of the blind signature algorithm, it can verify its signature at a later point in time but it does not know what the signature on your token actually looks like. This offers perfect unlinkability, but only to within the set size. If you use such a mix and only you use it, the mix operator (and anyone watching) will know that it is you redeeming the signed IOU for a bitcoin to another account, because you are the only one who ever got an IOU. Thus, even with provably unlinkable mixing systems, the anonymity provided is exactly correlated with the size of the user base. If a thousand people got tokens from the mix, someone redeeming the token for a bitcoin to another account could be any of the thousand people who got a token.

Of course you could argue, but it was not me who redeemed the token it was someone I traded it to for one bitcoin worth of goods!!! But that is more plausible deniability than anonymity. If a thousand people had used the mix you could say "But you have absolutely no way of proving it was me who redeemed this token, because there were a thousand issued and only the people who received them know what the signature on theirs looked like!!"

Quote from: i3lazd on July 03, 2012, 09:49 pm

what is prob that a buyer that has spent a few thousand will get caught up?

Law enforcement usually aren't interested in buyers unless you are buying in bulk. It's the sellers they are after, and even then from here only a tiny amount have been busted, and then they were doing dipshit things like bragging to friends etc.

99% of the time, when drug dealers get caught, it isn't some magical technological method that got them caught, it was basic police human intelligence work. (snitches).

True enough but times change. if law enforcement plan to continue to fight the war on drugs, we will see more and more technical attacks from them. We will also see less and less human intelligence attacks as it becomes more and more impossible for them to move upwards (inwards??) toward sources by doing this. The drug game is changing. The method used by the online scene is superior and will continue to grow in popularity at an exponential rate. It is not effectively combated with the same techniques as the enemy has traditionally used. Fortunately they are inherently slow to adapt to change so we may still have a while. We also have a substantial head start, and the fruits of decades of security research to protect us.

Tor is pretty good for what it is. Low latency is in itself a very strong limitation for an anonymity network to have. There are entire classes of attack that are impossible to protect from with a low latency anonymity network. Tor is at least good at preventing most attackers from instantly deanonymizing all of its users, although NSA can probably come pretty damn close to doing this. Other than that it is largely a game of chance and time, with the time it buys you from an attacker being inversely proportional to the number of links the attacker can observe. There are two 'types' of attacker, although some are simultaneously both types. These are passive and active. A passive attacker can watch connections at infrastructure, such as your ISP or an IX. Active attackers own nodes on the network, so they can watch traffic as it comes to them and exits them. Another terminology used is internal and external, with internal attackers being active and external attackers being passive. Active and passive seems to be more popular terminology though. A passive attacker who can monitor an ISP with fifty Tor relays on it is as powerful as an active attacker who owns fifty Tor relays. A global passive attacker is one who can see all links between all nodes of the network, NSA is likely very close to this so they can deanonymize most Tor connections in real time.

The most powerful attack against low latency networks is end point timing correlation. An attacker who observes a packet at one point on the network can use statistics and timing to identify that packet at every other point on the network they see it at. So if they originally see it is coming from you, and also observe it arriving at the destination, they can link you to the destination. Tor wants to be low latency so it can be used for general surfing of the internet, instant messages etc. They know that they are completely fucked by global passive adversaries, but they try to protect from less powerful attackers. The primary strategy of Tor is to have a huge network of nodes owned by a wide assortment of different volunteers. Even if the volunteers are malicious and actively monitor the traffic going through their nodes, the hope is that they are not colluding with each other. So if FBI watches you put a packet in and then some Chinese intelligence agency watches your traffic arrive at its destination, even though they are both malicious they are not going to share intelligence with each other and you are safe. The middle node can also give some advantages here. If the first node is owned by FBI and the final node is owned by the German feds, unless they routinely share all intelligence, the German feds can not get in touch with the FBI to collaborate on a specific case of exit traffic if the middle node is owned by the Russian feds and they are not willing to cooperate. Tor depends on the lack of trust between various government and other criminal agencies that wish to attack it, as well as the support of libertarians and general geeks who run Tor nodes out of a desire for freedom or technical interest rather than to gather intelligence.

Unfortunately, it is not impossible for your entry and exit traffic to be observed by a single malicious entity, or a pair of colluding / intelligence sharing entities. If this happens, you are deanonymized. This is actually fairly likely to happen if you use Tor over a long enough period of time. How long exactly it will take depends on the number of nodes that your attacker owns, as well as the number of nodes they can passively observe traffic to and from. It is actually not entirely accurate to assume that they must own your exit node either. If you are visiting clearnet websites with Tor, they do not need to own your exit node if they already can a. get logs from the clearnet server, b. have the clearnet server under passive surveillance c. own the clearnet server. If a b or c happen to be true, then you are fucked if you use one of their entry guards. You use three entry guards at a time, and the entry guards you use ideally will change once every 30-60 days, although you can fuck this up by doing things like using live CDs without persistent entry guards and lead to MUCH faster guard node rotation. How many rotations you have before you are fucked, could be zero, could be an infinite amount, it comes down to luck and how many nodes they own/watch.

Hidden services can help here a little because they are themselves anonymous, so before the attacker can watch your traffic and know it is arriving at the hidden service, they must first identify the hidden services IP address. Unfortunately locating hidden services is borderline trivial, and only complete dumb fucks such as the FBI do not seem capable of doing this. In reality, it can be accomplished with significant probability for a relatively small investment of a few thousand dollars at the most, for an agency who can use the legal system to order passive surveillance against identified entry guards (such as the FBI) it would be trivial to deanonymize a hidden service in a few months at the very most, but the FBI is apparently staffed by a bunch of technical know nothings so they have not managed to do this level of attack yet. Once the hidden service is identified and put under passive surveillance, then it is a waiting game of how many rotations you have before you land on a bad entry node.

Also, there are some techniques you can do that can make hidden services much harder to trace. Using strict entry guards will protect you from an attacker who can not order passive surveillance of identified nodes, although it will make you vulnerable to DDOS. There are also techniques that could make it much more difficult for even an attacker of the FBIs level (well, their level if they were not fucktarded) to trace hidden services.



 

I've had much more sent here before, no hiccups until now. I'll bet most people get shit sent to their houses on SR.

If most people jumped off a bridge would you ??

If I had anything at all on a hard drive  that would get me some serious time  I would not  do anything short of take a blow torch to it. I sure would not  trust any software to do it.

The Gov has software  the public does not even know exist or  hat they are capable of doing.   It is only in the Governments best interest to have a hole card up it's sleeve. 

At any rate why risk/chance it? Just utterly destroy it and there you have it.

Wiping is your best bet , it is equal to using a strong magnet on it.

what could possibly lead you to think it is a good idea to post even slightly ***ed out tracking info of your illegal drug purchases ?

Quote from: jewfro on July 03, 2012, 07:17 am

weed has nuff shit in it to make at least just as protective as it is damaging to your lungs,

and moar. on the + side

whatever. i really don't understand the whole cigarette industry with all the additives and shit. fuck, im sure there's better flavour enhancers than piss lol

Lol yeah maybe but you can't argue that it makes people paranoid and can cause psychosis. I'm not saying people shouldn't smoke dope, do whatever. However the myth surrounding weed as this mythical harmless drug is to be frank, bullshit hippie-chat. It is just as dangerous as any other drug if not used in moderation.

Agreed. Marijuana can be extremely powerful and provoke intense feelings of panic and fight or flight. Few drugs make me feel like I may end up running naked down the street, but marijuana has gotten me to this point.

I wouldn't dare run naked in the street though, as limetless may see and chase after me.

Actually for vendors you can probably deanonymize yourself very quickly by saying things about yourself. LE is already aware of your rough location based on shipping information. So if you say something like "fuck I got in a car wreck the other night" law enforcement can quickly check records of such events and find a list of potential suspects. Even saying something as innocent as "I rented this movie within the past two weeks" can get your name on a short list of suspects.

I would say this sort of attack is the leading cause of deanonymization in people who are technically secure.