Show Posts

This section allows you to view all posts made by this member. Note that you can only see posts made in areas you currently have access to.


Messages - kmfkewm

Pages: 1 ... 237 238 [239] 240 241 ... 249
3571
Silk Road discussion / Re: The "Fake passports, guns - even child pornography" need to go ASAP
« on: February 05, 2012, 06:20 pm »
Quote from: jjguy on February 04, 2012, 10:06 pm
crap... how can some of you people sit around thinking Child Porn should be sold on here with guns, fake passports or drugs? Many people who buy a gun online would be getting it for an area where they aren't allowed to own one and need it for self defense. There's no guarantee they will kill anyone with it. It's a physical object with no violent crime associated to it unless the user decides to, just like their fists or a baseball bat. You can kill someone with any number of household items. Drugs are a victimless crime, any harm to our health is done to our own bodies. We can make that decision for ourselves.

Child Porn is sometimes recorded rape of children. A crime against a human was committed during its filming. The child was unable to make up any decision.

I'm a libertarian. But even in an anarcho-capitalist wet dream I imagine there would be a system (just not the government) to either lock up pedophiles or allow the private party (family of victim) to seek justice.

Just because we believe in freedom doesn't mean we should allow the promotion of a violent crime. The whole idea of SR is to allow people to easily buy substances they should have the right to posses for their personal use, isn't it?

Since when should we be promoting taking a child's freedom away through child porn?

Well you may be a libertarian on some issues but a true libertarian would be for the decriminalization of child porn possession and distribution, although not production. Some percentage of men rape females. Men look at pornography, you can find large numbers of men by tracing the IPs recorded on pornography websites. I propose that we find all of these men and lock them up to reduce rape rates. This is the logic you are using. The only difference is that the participants in legal pornography usually agree to participate, and the participants in much of child pornography do not consent or are incapable of consent due to their stage of mental development. However, you seem to believe in some magic voodoo process whereby the offenses commited in a picture are also commited by those who view the pictures (this voodoo is named "re-victimization" by the law enforcement agencies). If you really believe in revictimization you would think that those who view images of the holocaust should be tried for war crimes.

Also
Quote
I'm a libertarian. But even in an anarcho-capitalist wet dream I imagine there would be a system (just not the government) to either lock up pedophiles or allow the private party (family of victim) to seek justice.
you are assuming that all pedophiles create victims. The most realistic statistics show that only ~16% of pedophiles who view child pornography molest children, and even this statistic is artificially inflated when you take into consideration the fact that some of those arrested were arrested for offenses like sleeping with their 17 year old girlfriend and then having naked pictures of her discovered after her parents flip out.

Child porn possession is just as much a victimless crime as drug use, or possession of holocaust images.

3572
Security / where the GPS dead drop networks at?
« on: February 05, 2012, 06:02 pm »
SR has so many members that imo it is the perfect platform to introduce localized GPS dead drop networks. Vendors already leak their rough geolocation when they mail. If you live in a populated city you can probably find a lot of customers on SR who live near you. They would probably love to pick up their drugs from a GPS coordinate instead of get them via the mail. GPS is particularly good for bulk orders, and of course for localized orders. Dead drop spikes and GPS equipment are pretty cheap these days. The idea of a GPS scene has long been discussed but none of the private forums ever had enough members that they could be realistically implemented by us (not enough geographic concentration of members). SR could change that. Feel free to discuss the idea and security techniques that apply to dead drop networks.

3573
Silk Road discussion / Re: The "Fake passports, guns - even child pornography" need to go ASAP
« on: February 05, 2012, 05:57 pm »
Everything that is grey or white market should be allowed here. Child porn shouldn't be allowed here because it will create a financial market (not that anyone would pay for CP when it is free and linked to all over hidden wiki). Although CP in and of itself is not immoral. Guns should be allowed here. All drugs should be allowed here. Counterfeit money shouldn't be allowed here because it is fucking stealing. What if some poor mom and pop shop gets stuck with your fake money, that comes out of THEIR pocket. Stealing is not acceptable agorist action. Selling CP is not acceptable agorist action imo (many agorists would argue against this and say that only production is immoral, not selling or possession or trading), although offering it freely isn't immoral.

3574
Silk Road discussion / Re: CP
« on: February 05, 2012, 06:28 am »
Quote from: Horizons on February 03, 2012, 12:59 pm
Quote from: kush Friendly on January 28, 2012, 03:05 am
Quote from: doctor on January 28, 2012, 02:56 am
that's such a horrid way to answer this. I think if i ever saw child porn i could never have sex again.
Your pathetic. It's just an image. Look past it. I'm not sexually attracted to small children, but I don't care If I see it. Just move on.

Ugh. You're telling us you're not disturbed even a little bit by CP? You must have some chemical imbalance in your nervous system.

CP is such a broad thing. I am not disturbed at all by pictures of naked 17 year olds. I am really not even disturbed at all by pictures of naked one year olds. I would be disturbed by pictures of one year olds being raped, but if someone else likes them I don't really care. If someone actually rapes a one year old they should be killed though, or at least left to die in prison.

Also I would be about as disturbed by a picture of a one year old being raped as I would be by a picture of someone who blew their head off with a shotgun, and probably slightly less disturbed than I would be by a picture of a girl in a tub shitting on her face. I also don't care if you like such pictures, although to be fair you will kill yourself if you shoot yourself in the face with a shotgun, and you probably shouldn't be killed or sent to die in prison if you shit on your face in a bath tub.

3575
Silk Road discussion / Re: CP
« on: February 05, 2012, 06:23 am »
Quote from: doctor on January 28, 2012, 02:56 am
that's such a horrid way to answer this. I think if i ever saw child porn i could never have sex again.

Lol why the fuck not?

3576
Off topic / Re: How we could get busted
« on: February 05, 2012, 05:28 am »
I should also note that since Tor is so popular it is automatically safer from this sort of attack than say I2P. I2P has like 5k users total last time I checked. They are spread through out the entire world. And it isn't that hard to get a list of all I2P nodes, a fairly weak attacker can do it. If you ship drugs and use I2P you are quite probably fucked via this attack, even if you live in a dense urban area.

Let's say there are 100 I2P users in New York. I know this vendor ships from New York because I placed an order with them. I now know this vendor is one of 100 people. If I merely talked with the vendor, instead of getting their rough geolocation data via the mail, I would only know that they are one out of the 5000 people who use I2P. See how much damage leaking geolocation did to their anonymity? It isn't quite as bad with Tor though, because if there are 100 I2P users in new york there are probably 5,000 Tor users there (both numbers pulled out of my asshole, but to demonstrate that Tor is much more widely used than I2P).

Then again you are still narrowed in as one of the 5k people using Tor in New York, much worse of an anonymity set size than the 100,000+ Tor users in the world that Tor thinks you are blending in with (since it doesn't know you leaked your rough geolocation).

And if you live in Nowheresville and ship drugs from a few blocks away, you are going to stick out like a sore thumb as the only Tor user in Nowheresville. The police will probably assume you are the same Tor user sending them drug packages from Nowheresville, even if they can't trace you through the network. They can still observe you are using the network, and they know roughly where the person sending these packs lives.

3577
Off topic / Re: How we could get busted
« on: February 05, 2012, 05:18 am »
I suggest reading through the papers at freehaven

http://freehaven.net/anonbib/date.html


3578
Security / Re: In remote location is it best to leave TOR on 24/7 or get on/off quickly?
« on: February 05, 2012, 04:08 am »
Quote from: CaptainSensible on February 01, 2012, 08:43 pm
Quote from: cloud9ne on February 01, 2012, 02:38 am
Use bridge nodes then your ISP doesn't see Tor being used at all

As I recall, a bridge node is just an unpublished Tor entry relay. The type of packets used by Tor are readily identifiable by a network administrator who knows what he's looking for.  Using a bridge that you set up is a good way to decrease the chance you can be profiled, since your bridge has not been modified to trace and/or modify Tor traffic.  And the other people who connect to your bridge will also be less likely to be profiled, which means you'll be doing the community of Tor users a good deed.   

Still, the fact that your ISP can see you're on the Tor network is not necessarily a bad thing -- plenty of people are on Tor for reasons other than checking out Silk Road.
If you ship me drugs I know you are a Tor user in your city. How many regular Tor users does your city have? People in higher population density areas, and more urbanized areas, may not have to worry as much about this sort of attack. But if you live in a rural area and ship drugs from near by, the fact that you are the only Tor user within a 100 mile radius of where these drug packages are being sent from is not going to turn out very well for you even though there is a Tor user 2000 miles away from you using Tor to look at legal porno.

3579
Security / Re: In remote location is it best to leave TOR on 24/7 or get on/off quickly?
« on: February 05, 2012, 04:03 am »
using bridges is a good idea. anyway it doesn't matter if you leave Tor running or not. I would personally not leave Tor running when you are not using it, because if you do that it implies that you are leaving your computer running with encryption keys in memory while you are not present.

3580
Off topic / Re: How we could get busted
« on: February 05, 2012, 03:52 am »
Quote from: IllSpill on February 05, 2012, 02:35 am
You also have to consider that going on SR or using TOR by itself isn't illegal (unless if I'm wrong), so if they track you going on here it doesn't mean that you are doing it to traffic drugs, but buy and sell the legal products on here. There's a lot of ambiguity, the more the better.

This is an attack for pwning people who ship drugs and use Tor , not an attack for finding who is going to SR. Tor does a fairly decent job of keeping them from knowing that you are going to SR. It does nothing to hide the fact that you use Tor, unless you use bridges. The attacker already knows that vendors here use Tor. They can find roughly where they are geolocated by placing orders from them. Then they can say "Well, we know this vendor uses Tor and ships from this location. There are two Tor users in this area. One of them is probably the vendor". Now of course you can say so what using Tor isn't illegal, but this is where the distinction between evidence and intelligence comes into play. They will not use the intelligence in court, but they will use it to (legally) pull over the two Tor users (when they are speeding)...or they will (legally) pay extra special attention to the mail going to those two people.

You hide with a crowd. Tor assumes that your initial crowd is "everyone in the world who uses Tor". When you make your initial crowd "Everyone in this rough geolocation who uses Tor" you are seriously fucking hurting your anonymity. Tor doesn't take into consideration the mail part of our threat model, as far as Tor is concerned the attacker doesn't know your rough geolocation.

this is why it is important to actually know about security....if you don't know the limitations of your tools you will end up fuxx0red

but this also assumes the feds know what they are doing, and it really seems to me like they don't although I know some government people do, its really hard for me to wrap my mind around how they are both completely incompetent and ultra leet simultaneously but it tends to be true. Even within the federal police agencies themselves , disregarding military and intelligence.

3581
Off topic / Re: How we could get busted
« on: February 05, 2012, 01:04 am »
I would actually call it a membership observability attack coupled with an intersection attack , using rough geolocation intelligence as the second parameter

I think for some vendors, particularly those in rural areas, that it will be enough to fuck them. It is really bad for everyone though. Bridges probably help. They might not be enough.

Using WiFi from random locations + tor and not using Tor from home is of course the best bet though

if i were a vendor I would consider doing this.

How many people do you think use Tor in your city? The lower the number the more you have to worry. And that is before other techniques are used to remove noise...for a simple example how many of them use Tor in patterns that fit with your observed usage patterns? Tor doesn't hide the fact you use it or how often you use it or when you use it.

3582
Off topic / Re: How we could get busted
« on: February 04, 2012, 09:48 pm »
Quote
1. Sure. It's an arms race between geeks. But we know that certain technologies are very difficult to counter. Public key cryptography is an example. Algorithms can be developed that are like scrambling eggs. Easy to achieve, and highly improbable or computationally expensive to counter.

GPG isn't going to help you much when a firefox vulnerability is exploited and you are rooted. Then they will just steal your private key or spy on your plaintexts.

Quote
The first key thing is the diversity of networks. Let's say somehow SR is taken down. Well, then there's alternatives like BMR. Let's say TOR is taken down entirely. Well, then there's Freenet and others. Let's say Bitcoin is destroyed. The communities will simply flock to the next medium of exchange like a shoal of startled herring.

We were using pecunix and liberty reserve with exchanger chaining and anonymous ATM cards / fake ID wires for cashing in/out drug money long before Bitcoin + financial mixes were the standard, or even around. Eventually the online free market community will be highly redundant and fully decentralized. Having centralized targets like SR and BMR is a bad idea that needs to be fixed. Sooner or later it will be.

Quote
Once the illusion that the government can track everybody and everything is dispelled, you cannot put the genie back into the box. It's now already far too late for that. To put it bluntly, there are too many people like you and me.
e a

Well the US government would have absolutely no problem pwning the shit out of SR if they put their military and intelligence agencies on it. But the feds are not so l33t.

Quote
    1.2. The second key thing is 'price'. Most things are technologically possible. In theory you can make computer software do anything you can imagine. In practice there are definite real world constraints. The government has a large checking account, but even that has definite limits. Even the genius expertise of the Stazi in East Germany and the technological sophistication of the Soviet military intelligence services using 50%+ of GDP of a superpower state could not prevent the fall of communism. Fighting markets, is an exercise in futility even for the smartest people on the planet.

True but then again you are paying for your own enslavement thanks to taxation.

Quote
    1.3. The third key thing is that there are many here and elsewhere I've seen who are busily at work on completely distributed systems which are far more formidable than our current incarnation of Silk Road and TOR.

These projects are required, and they are slowly attracting attention from people who can make them a reality.

Quote
2. Sure. But even my ISP doesn't know me. In fact they think I'm somebody else. Deeper and deeper into the Rabbit Hole Alice! Some buyers and sellers are naive, but a goodly number of us are real professionals using many varied methods of camouflage that we don't necessarily describe on the Silk Road forums.

Using hacked or open WiFi in addition to Tor is probably a good idea for vendors. Customers probably don't need to be doing this.

Quote
Now, for the average user, it could be a problem. Not everybody can be behind "Over Nyan Thousand Proxies" after all. But I don't think we've hit a critical mass yet. General anonymity for geeks is one thing, generalized anonymity for the population is another. It's a problem, but not a serious one today.

Even if you are behind 9,000 proxies you will be pwnt if the attacker can passively watch you at your ISP and passively or actively watch your traffic arrive at its destination. Traffic confirmation for the win.

Quote
3. You have to have some evidence in the first place in order to setup arrest warrants. Let's say you have 'reasonable ground for suspicion that user X is using TOR for illegitimate purposes'. Your argument was that consistently high traffic would serve as grounds for monitoring in RL or arrest right? Well, that puts everybody operating exit nodes under watch and also anybody downloading/uploading data. Using email and websites is not data intensive, you'll be sweeping up dozens of users into the net for no reason. Judges notoriously dislike having their time wasted.

Well first they use intelligence (this person uses Tor and lives within twenty miles of where a known vendor shipped product from. Only ten other people in this radius use Tor) to narrow in on evidence (let's inspect these ten peoples mail extra close looking for drugs). They don't ask for an arrest warrant until they have enough evidence. Confusing evidence with intelligence is common and dangerous.

Quote
Widespread key-logging on the other hand, that could be a problem. i.e. magic lantern antics. They can only achieve such a thing with 'defense of the realm' bullshit (patriot act), and whatever else we are, we're certainly not terrorists. Hell, you'll not find more fervent defenders of the western ideals of markets and democracy except for the Silk Road.

Yeah hacking is scary because it can be used to go around encryption and anonymity systems. And it is very difficult to protect from. And even moderately protecting from it requires a lot of technical know how and a lot of time into system configuration. Although just using Linux or BSD and the tor browser bundle will put you significantly ahead of the bell curve.

Quote
4. Take a look at the TOR cloud project sometime.

Isn't that for getting a lot of bridges to the Tor network? Not sure.

Quote
5. Probably. But let's face it, it's much easier to bust buyers than sellers. Then what do you have? Nothing. It's comparable to arresting the Johns to deter prostitution. You cannot bust large amounts of sellers. Sellers who take reasonable precautions never reveal their real world address. There is simply no reason for them to ever do so. It has to be taken on a case by case basis. It is an order of magnitude easier to bust sellers in RL. LEO loves large numbers. $XXX million in street value. over nyan thousand dealers off the streets. That kind of thing. Even if the Silk Road was the same size as the offline black market, it wouldn't attract more LEO resources in the long term.

It is probably a lot easier to bust buyers than sellers, but most sellers are putting way too much faith in Tor keeping them anonymous without understanding the limitations of the Tor network. The most dangerous thing they are not understanding is that Tor doesn't hide the fact that you use Tor unless you use a bridge, and the postal network doesn't hide the rough location a package was sent from. When these two data bits are combined vendors may be in serious trouble (who all uses Tor and lives within X radius of where this package was shipped from? One of them is probably the vendor. And there are not that many of them.)

Quote
Let me say one thing that has probably already occurred to you. We expect to see a wave of 'moral panics' in the future regarding the Silk Road. That will attract attention and LEO resources for sure. But over time LEO will come to recognize the points I mentioned in 1.1, 1.2, 1.3. They will ultimately STFU and focus on offline interception activities because it's in their interest to do so.

It is in LE interests to do whatever makes them money and justifies their expanding budgets

Quote
They are servants to what economists call the principal agent problem. It is not in their self interest to draw attention to the Silk Road, and they will justify this as 'not wanting the word to spread', but it'd be more accurate to state that they like feeling strong and not feeling weak. The illusion of invincibility is more important to LEO than actual results. That is why we recently heard of 'biggest multi-million dollar drug bust in 15 years' when in reality when you analyzed the situation you found that 10k of drugs and 10k in cash was actually discovered. Nonetheless, they handed down a century in prison to those amateurs to make themselves look better.

It amazes me that people see small time drug dealers being caught with 10k of drugs and called multi million dollar drug traffickers, but they still think LE wont do the same shit to them when their small order is intercepted. LE lie. And the laws on the books are much much harsher than many people here seem to realize. Plus drugs in mail is always a federal offense.

3583
Off topic / Re: How we could get busted
« on: February 04, 2012, 09:29 pm »
Quote
By TOR nodes, I'll assume you mean the computers which are at the periphery of the TOR network i.e. the outer shell of the onion.

Tor nodes is commonly used terminology for the nodes that route communications on the Tor network. Although it should be noted that technically clients could be considered Tor nodes, this isn't how the term is very commonly used.

Quote
How do you even know you have a periphery node or exit node? Sure, you can setup your own TOR nodes. But I'm really not sure you can specify that you have an exit node. And I'd imagine with more nodes, the layers of the onion grow deeper, since that seems to make sense.

You can specifcy that you have an exit node. It is also very easy to see if you are being used for an entry node, simply compare the IP addresses sending you data to the public list of Tor node IP addresses that all clients have. If an IP sending you information isn't another public Tor relay it is either a bridge (easy to confirm by trying to use it as a bridge) a hidden service or a client.

Adding nodes to the network to enumerate Tor client IP addresses is one of the least effective ways to go about it, since clients select three nodes that they always use to enter traffic into the network if they are up. These are called entry guards and they protect from a lot of attacks. It would be much easier to just get a warrant to passively monitor some of the directory authority nodes, where all Tor clients that do not use bridges directly connect to bootstrap a list of all public Tor nodes. After all you need to get a list of Tor node IP addresses if you want to use the Tor network. If you use a bridge it acts as a proxy between you and the directory authority nodes though.


Quote
2. Ok, assuming for arguments sake that you do have an IP address of a user. You get data to geo-locate from ISP et al.

The biggest problem with his thought experiment is that he assumes the most active Tor clients are drug vendors or buyers. The Tor network had over a hundred thousand users before there was even a single Tor hidden service drug forum (that I knew about anyway, although I am pretty sure I was a member of the first hidden service drug forum several years ago).

He needs to tweak his attack a little. Instead of assuming that the most active Tor nodes are drug vendors, you need an additional bit of information. This is rough geolocation of vendors. This leaks when they send mail out via the postal network. Now you can see the Tor clients who are within say a fifty miles of where packages were roughly shipped from. There are a shit ton of Tor clients that are very active and that have absolutely nothing to do with the drug trade. There are probably very few Tor clients in any given fifty mile radius, and unfortunately vendors leak their rough geolocation when they send mail out. This is a very dangerous attack and it will be quite effective at fucking vendors,(probably) particularly if they don't use bridges.

Quote
The problem with your idea of of IDing everything in clearnet, is that 99.99% of us have *no idea* who the others on the Silk Road are. For all we know, Silk Road himself/herself could be a 90 year old witch doctor in the Congo. At the most, you get 1 guy or girl. Either a frequent buyer/seller. At most you're picking up a couple of grams or ounces of some drug, most likely weed. Doesn't seem worth it to me economically, but maybe it would be done as scare tactics or something.

Didn't SR ship product out before? The postmark will leak his rough geolocation at least down to city he mailed from if not more. I wonder how many people use Tor in that area? Probably not many.

Also you are totally brainwashed to think it isn't worth it economically to the police to bust small scale drug users. They are spending free money that they steal from the tax payers, and as far as they are concerned a bust is a bust. Maybe the feds only care about larger scale traffickers usually, but you are naive if you think that local police forces will not attack SR as well. If the local police in small Texas City find a SR user in New York they will just seamlessly forward the case on to the NY police. There is actually substantial coordination between local police forces, particularly against small scale cyber criminals. If you don't think your local police department cares if you buy a few grams of coke, why is it that there are people in jail over a few grams of coke?

Quote
How is frequently using the TOR network probable cause? I mean, don't judges have to sign things like arrest/search warrants? Hurr Durr, this guy uses TOR a lot isn't exactly indicative of him being a major SR seller. Hell, you'd probably find more pedophiles and conspiracy theorists this way!

Yes this is why his theory is incorrect. Drug users are a small minority of Tor users. Although this may be changing thanks to all of the publicity SR has been getting. Also understand the difference between evidence and intelligence.
Quote
4. If you use/operate your own bridge, which I assume smart sellers would, then the ISP doesn't even know that the seller is accessing the TOR network full stop.

Using your own bridge to access the Tor network is certainly helpful against a wide variety of serious attacks. But it isn't impossible or even particularly hard to tell that someone is using a Tor bridge. It is a lot harder to tell someone is using a Tor bridge than to tell someone is using the Tor network without a bridge though.

Quote
5. Assuming you bust ALL USA sellers somehow. The Silk Road still lives on. There's a heavy preponderance of English, Australians and others here. Congratulations LEO, you just managed to increase profits for ex-USA sellers.

Again drinking the koolaid that LE want to stop drugs. LE want to make money for LE and justify their budgets. Of course they make more money for their department / agency when they steal it from a big coke lord, but busting people for minor drug offences is a large part of an individual agents bread and butter.

Quote
6. Silk Road itself is not small, it is big. 150,000 people are on it. Even assuming 1 out of 10 are legitimate buyers or sellers means you would need to arrest 15,000 people. I mean, wat? Meanwhile back in RL the big fish are running rings about LEO due to their resource exhaustion.

15,000 new people in jail = big profits for the private prison industry, parole industry, drug testing companies etc. It isn't small bucks for them, and they don't care how much it cost to bust those 15k people because it isn't like they are spending their own money on it.

3584
Security / add a profile section for gpg keys
« on: February 01, 2012, 10:30 pm »
this forum is currently doing key exchange in a way that private forums stopped using years ago because of how shitty it is. My advice is to add a profile option so people can paste their public keys in it, and then you can find anyones public gpg key by clicking on their username and going to their profile, instead of digging through a 20 page thread. If you want more tips on how to better organize and run this forum feel free to ask, there is a lot of room for serious improvement and I am a bit dissapointed that none of the mods or admins here seem to be taking initiatives to improve the SR forum.

3585
Security / Re: Silk Road computer security project
« on: January 26, 2012, 05:32 am »
The difference between your project and the project I think the Agorist community needs is that your project is a bundled bunch of freeware installed on an insecure OS by a fucktard and what the agorist community needs is a decentralized military grade market oriented network , user interface and operating environment.

If loyalty to SR matters more to you then having the best system at your disposal feel free to keep using it. Anyway anything like this is still a long way away, most of what is required is already there but a lot still needs to be created from scratch and just the configuration of the components that are already there would take several hundreds of hours. Add in making the missing components and configuring everything totally and you are looking at a few thousand hours worth of work and that assumes the workers already have the required skills and know how. How long did it take you to install spybot?

Pages: 1 ... 237 238 [239] 240 241 ... 249