Show Posts

This section allows you to view all posts made by this member. Note that you can only see posts made in areas you currently have access to.


Messages - kmfkewm

Pages: 1 ... 167 168 [169] 170 171 ... 249
2521
How would they use them "for their own interests" at all?  You're making the case that you're a dealer stronger, and it isn't worth it to launch investigations in to addresses across states/countries for anything but the largest purchases so LE won't let you off easy for your attempt to snitch.

Yes because we are all in America. I forgot, how silly of me.

I didn't imply that anywhere in my post.  Where in the world is having the address of somebody far away who may have purchased drugs a useful piece of information to give the police if you are arrested?

Interpol may be interested in it

2522
Security / Re: P.O box with fake info, yay or nay
« on: June 24, 2012, 11:36 am »
how does one safely access their po box? that is, without being seen by cameras (a disguise I guess?) or caught by feds waiting for you to pick up your package

At the end of the day if the feds are waiting for you to pick up your package, you are fucked. The only way around this is having shipments sent with interception detection technology that you can remotely query to see if the package has been opened on the route between the sender and your box. You still have the added advantage of making it more expensive for them to bust you, it is the difference between them knowing your address and them having to wait for you to pick up a package. Assuming a cost difference of even only one thousand dollars (which is a reasonable estimate for the man hours it would take to do surveillance for the time it takes you to pick up your package after it arrives) this quickly adds up if a thousand people are using fake ID boxes (to be exact, the cost of identifying all of them would increase by one million dollars). The cost of identifying one thousand people who are not using fake ID boxes is pretty close to zero dollars, assuming they can get the shipping information, which is assumed in either case. An increase in cost of a million dollars is significant, although a drop in the bucket for government it seems far less likely for them to spend a million dollars to identify 1,000 people ordering small amounts of drugs than it is for them to spend zero dollars to identify 1,000 people ordering small amounts of drugs.

Also, you have the other added advantages that I mentioned earlier in this thread. The only disadvantage is that you are breaking several other laws by opening such a box. Well, if you use out of state ID you may be opening yourself up to intelligence attacks.

2523
Security / Re: DEA Concern
« on: June 24, 2012, 11:20 am »
honestly they are not going to do a CD for personal use amounts of viagra, a shit load of people order it illegally online and I have never heard of anyone getting more than a love letter. The same is true for personal use amounts of xanax and other benzos as well (not the case for opiates though).

they tend to take the position that people ordering viagra online are the victims of spam pharmacies and haven't even the slightest clue that what they are doing is illegal or that what they are ordering is not officially produced viagra, and this is overwhelmingly the case.

2524
Security / Re: How many known SR cases are out there?
« on: June 24, 2012, 09:34 am »
If Bin Laden used Tor he would have been killed much more quickly. I feel bad for the person in a remote Pakistani village who is connecting to Tor, I am pretty sure that would have been enough intelligence to warrant further investigation. From what I have heard, it sounds like Osama had a human courier who took USB dongles with messages on them from him, then sent the messages quickly from random access points, and also got replies and brought the messages back on USB dongle. It doesn't even sound like he was using encryption or steganography from the reports, but I find this hard to believe personally.

He was located because they tortured someone into giving up the name of his human courier and then they identified his couriers location and covertly followed him to the compound.

2525
Security / Re: How many known SR cases are out there?
« on: June 24, 2012, 08:22 am »
It also seems entirely possible that the NSA would be able to find Bin Laden but not DPR.  Al Qaeda has used stenography and unencrypted media to store sensitive files among other stupidly lax security methods, whereas there is some evidence that governmental agencies don't have good TOR exploits at the moment.

Bin Laden was hiding with the assistance of a state intelligence agency in their own country

2526
Also keep in mind that even if you enter with a node in Fuckamericastan and exit with a node in Allahzakia , if you are in the USA you are passively exposed to USA infrastructure on your way to the entry, and if you are visiting a server in USA (or even one that is in some other country but the route to it passes through USA) you are passively exposed to USA infrastructure between your exit and the server. So a fully USA based passive timing attack will still work, even if the VPN nodes you are using are not actively owned by the FBI (which of course they could be, if I was the FBI I would certainly want to have some "anonymous VPN!" nodes in both Fuckamericastan and Allahzakia)

2527
^There's nothing wrong with it at all. It's just a redundant step for MOST. Connecting through a VPN/SSH tunnel first would benefit anyone who doesn't want to be flagged as a tor user. If you don't use bridges (and even then...), it is pretty easy to fingerprint you as a tor user. This can be very bad for some, like the last lulzsec guy, who was caught thanks to a tor timing correlation attack.

thanks for the info ie. vpn's. i was also under the impression that if you use a vpn and are downloading to your system it would also protect you because all of that first goes through your VPN before getting back to you. so even if they were able to see what you were dl'ing through an exit node, the destination would still be unknown.

i would also like to point out a flaw in paying for your vpn using an anonymous currency like bitcoin. i recently signed up for a VPN service that accepts btc but realized that since i am connecting to my vpn directly they can easily obtain my source IP. i even brought this up with the provider and they agreed.


This is basic.
1) You must use a VPN service where they have strong privacy ethics and reside where the laws of privacy are strong.
2) You must use hosts from countries where diplomatic relations are broken and extradition laws are incompatible with the country of your target. ie. if you are going to attack the US, use servers from venezuela, iran, china or russia.

That's why it is childish to make blanket statements. People who preach to be away from US servers are n00bs.
Security is always relative to its target. If you are going to attack targets within the US, obviously DON'T BE stupid to use proxies/vpns from the US, or from countries that have very close diplomatic relationships with the US (any country in europe)

But if you are attacking China, the safest host to jump from might from one within the US.
The paperwork itself to get the logs it would make the passive tracing a nightmare.

The key of intraceability when dealing with governmental tracking relies on exploiting the political and economical limitations, not in technical ones.
The key of intraceability when dealing with individuals (hacker teams, mafia, cartels) relies on technical limitations, not in political ones.

If you neither know what game you are playing nor you know how the game is played, you better not to play it at all.

so basically what you mean is if we want to "hide" from government the best bet is to study their political and economical limitations and use that for example for choosing the country where the VPN is established?   

People who get hung up on countries where VPNs are located and finding the VPN provider with the best policy are largely playing a game of fooling themselves. I could get some servers in FucktheUSAistnia, set up an "anonymous vpn!" and monitor all of the traffic going through them, so can the feds. VPNs are vastly over rated. Security by policy fails over and over and over only security by technical design stands up time after time after time. I prefer to host in countries like this, and sure I would get a VPN with a node in Russia over Texas, but it is silly to trust a promise or a law over a technical design or a math formula.

2528
For extra anonymity, I would be happy to offer 3G dongles for sale on my SR page which could be used with prepay sims bought for cash to access the net. If there is any interest for this but they would have to be shipped from Europe.

V.

How do these dongles help with anonmyity, exactly?  Are these the same thing as "air cards?"

They help anonymity about as much as using someone elses WiFi, which means not very much at all unless you only use them from random locations for short amounts of time. And much like bridges, you shouldn't use 3G dongles from vendors on SR.

Surely though if the SIM was obtained anonymously using cash and replaced regularly the best LEO could hope for is a rough idea as to the nearest mobile phone antenna? Would this really be less secure than using your home connection where it would be obvious to any fool with access to your ISP's records that you're using Tor?

V.

Of course it is better to use a 3G dongle than to use your own home connection, but they can be positioned pretty accurately and then traced. I would compare them to "portable someone elses WiFi", beneficial sure but if you use it from the same location or in locations that fall into a pattern it isn't going to do much for you.

2529
For extra anonymity, I would be happy to offer 3G dongles for sale on my SR page which could be used with prepay sims bought for cash to access the net. If there is any interest for this but they would have to be shipped from Europe.

V.

How do these dongles help with anonmyity, exactly?  Are these the same thing as "air cards?"

They help anonymity about as much as using someone elses WiFi, which means not very much at all unless you only use them from random locations for short amounts of time. And much like bridges, you shouldn't use 3G dongles from vendors on SR.

2530
Security / Re: P.O box with fake info, yay or nay
« on: June 22, 2012, 09:28 am »
you have next to no deniability even with a po box under your real id since only you and employees at that postal store know about it

fake id boxes are the clear win here

Nope, and that's not what we are saying.  You get some dope in the mail, you say you didn't order it...all else looks good, who's to say?  It seems like 'reasonable double' to me.

Same situation, except it turns out you have a bogus P.O. box, and aquired it with fake identification.  That circumstantial evidence would be enough to sway a jury.  It would be much harder to claim innocence, now not only do you have  a fake P.O. box, but you are getting dope there.

fake id boxes are *not* clear win, and there's a reason, that from day one on here, people have been saying so.  Everybody gets to make their own choice, and ride their own beef here, of course, but be aware of what you are doing, and what it looks like to a jury. 

The less illegal crap I clutter up my life with, the better I look if some Postal Inspector starts wondering why I got this weird shit in the mail....

If not, hell, we'd all get a fake i.d and trot down and open up a P.O. box in someone else's name.

From day one on SR people were saying that fake ID may not be best, in the private scene (where far more vendors than customers hang out) people laugh at the idea of getting shit sent to their real address.

Fake ID clearly doesn't *always* work or else Enelysion wouldn't have been arrested (although he did keep using a box that had a love letter sent to it)...but if it were not for fake ID boxes several people would have been busted who were not

2531
Security / Re: P.O box with fake info, yay or nay
« on: June 22, 2012, 09:26 am »
Just remember that if anything ever happens to draw heat upon your PO box, and the feds decide it's actually worth the expenditure to nail the owner of said box...  they will almost CERTAINLY catch you anyway, and at a minimum, you will be guilty of mail fraud and lose all hope of being able to plausibly deny anything else.

They just don't care about people importing five grams of pure crystal LSD? Of course it is intuitive to think that if they have the address and want the person they will get them from doing manned surveillance, but in practice I have seen that this is not always how things work out for them. The tracking says something about it being intercepted or other suspicious things, everyone in the group order is raided and the people with fake ID boxes just don't go to pick up. Also there are of course other benefits, it is no longer a game of recording addresses on the outgoing mail of a single person who is under surveillance, but becomes a game of putting all of these widely distributed points under manned surveillance waiting for people to pick up packages, the difference in cost between these two sorts of operation is enormous when you consider a vendor serving a customer base of a hundred people. It is the difference between a single agency actively pursuing that vendor and dozens of agencies cooperating to actively pursue the entire network. It also has the added benefit of being able to ditch the box after the vendor you work with is busted or starts acting suspiciously, not having a history of a hundred random packages from all over coming to your home address. Not to mention you are no longer worried about being blackmailed with your address if you work with the wrong person. What if you decide to start vending later and one of the vendors you worked with turns out to be a fed, it is the difference between them knowing who you are and them knowing a box that you used once that they never bothered to put under surveillance.

I personally think that people writing off fake ID boxes have unrealistic expectations about the plausible deniability that they have, if you accept a package of drugs and open it and are raided half an hour later you are going to be charged for possession of those drugs and no story you make up about how you had no idea drugs were coming to you is going to do shit to protect you.

2532
Security / Re: DEA Concern
« on: June 22, 2012, 09:15 am »
What sorts of precautions do I need to take if I just purchase some Modafinil or Viagra from SR?

People are never raided for personal use amounts of those drugs, pretty much the worst case scenario is that you will get a love letter. In theory you could go to prison, but in practice people ordering Viagra are never bothered with unless they are getting massive bulk to resell. 

2533
The thing is if they can make good money from it why the fuck would they not just do it themselves?

2534
Quote
How the hell are we going to enforce that? No idea

How about we make pictures of the holocaust illegal and arrest people who possess them on the grounds that they may have derived pleasure from a crime committed by someone else? Allow me to be the first to offer my services in tracking down such vicious war criminals before they revictimize the victims of the holocaust, for the meager amount of one billion dollars I will provide many thousands of IP addresses belonging to these suspected war criminals.

2535
I don't like being brought up in this conversation because I clicked open new tab on eight or so fucked up websites on the hidden wiki. There is no data storage going on here, I wipe the discs on my computer a few times a month. What I saw was the hidden wiki for the first time, and clicked on some things. I also clicked on the dead animal fuckers site, the mercenary for hire site, and others. I admitted to the mistake, and it was disturbing to say the least, hence me being overly aggressive in stating CP offenders are fucked in the head, and those advocating CP should open a pedo site once, and see a sad-faced child with a penis coming toward him/her, with a fucked up comment section full of nasty pedophiles getting their rocks off..

Sick bastards.

Every time you open a tab with images you are storing those images in at least your computers volatile memory, most likely traces of them are left on your hard drive as well. The simple fact of the matter is that what you did is not at all different from what a very substantial number of people arrested with CP did to get busted, they saw some fucked up sounding file names on limewire downloaded a few of them out of curiosity, deleted them and then six months later were raided and forensics people recovered the deleted images. The only real difference between you and them is the fact that you used Tor so you will not be raided or have your computer analyzed. When you call for fucked up things to happen to these people, you are calling for fucked up things to happen to yourself. Why do you think it is okay for you to load pedo sites once and admit to your mistake but if someone else does it you literally want their balls? So fucking hypocritical. Opening a pedo site once on the clearnet to see a sad faced child with a penis coming toward him/her will end up with you being ass fucked by Bubba, and you seem to be very happy about this for some reason. I am left to conclude that your secret fantasy is not pedophilia but rather being raped in the ass in prison.

Further, as I already said, you can not reasonably claim that an action is bad or good based on the emotional state it creates in the person committing it. Law enforcement are allowed to browse and trade in CP to bust other people browsing and trading in CP, but I can't recall a law enforcement operation where they molested children to bust other people molesting children. The idea that someone can have an immoral or illegal emotion is fucking absurd, and I immediately write off anyone who thinks this way as being mentally defective. Solely *actions* can be immoral (ie: murder is immoral as an action, not enjoying murdering someone does not make it moral) and solely *actions* should be illegal, and morality and legality should be *universal*. It is insanity to argue that if an action should be considered illegal or not should rely on the emotional state created in the person committing the action.

Pages: 1 ... 167 168 [169] 170 171 ... 249