two attacks are very attractive: human intelligence gathering massive amounts of customer addresses, this would be done via a nym flooding attack with persona management software allowing a small team of agents to operate hundreds or even thousands of distinct personalities / nyms on SR. Membership observability of the Tor network if bridges are not used will allow any attacker who can monitor some of the Tor directory authorities to enumerate Tor client IP addresses. If such an attacker also orders from vendors here to get postmarks, they could intersect the list of people who live in a certain radius of where the package was sent from with the list of all Tor users, and probably majorly hurt vendor anonymity. This would then need to be followed up on with small surveillance team operations monitoring all of the potential suspects looking for patterns associated with participating as a vendor on silk road. Or simply monitoring of their mail boxes until a dog hits on a pack and they get a warrant to raid and get all the other evidence that they are participating as vendors. Tor doesn't hide the fact that you are using it (unless you use bridges) and the postal system doesn't hide the rough geolocation of the person who sent a package...when those two crowds are intersected the third crowd produced may be (will likely be) small enough for surveillance operations to narrow in on the vendor. In many cases they may not even need to watch more than one person, particularly if the vendor lives in a small rural area and ships from near it. I see these as two of the most likely attack scenarios. A third likely attack scenario is the monitoring of bitcoin exchanges since about 90% of people here (my estimate) are not properly using Bitcoin and think that it is inherently anonymous when in reality the transaction history is inherently entirely public and fully linkable, making it quite unanonymous unless additional measures are taken. A fourth likely scenario is the compromise of the SR server, either after it is traced (people here are putting far too much faith in the anonymity of Tor hidden services, when in reality they can be traced with fairly little effort / skill level / legal power / some combination) or after it is remotely pwnt by hackers (people here are also putting too much faith in the SR admins security abilities, and he is putting too much faith in Tor and Bitcoin although he is probably himself fairly safe as a Tor client if he knows how to further anonymize bitcoin). After the server is pwnt the attacker could simply harvest addresses for a few months and interpol could coordinate a fairly tremendous international operation against large numbers of people who do not use GPG to encrypt their addresses. Or they might even try to MITM people who use GPG encryption, measures need to be taken against this as well. I think those are the four most likely things that will happen. You can protect yourself from all of them but I doubt more than 5-10% of the users here are. Most of the people protected from these sorts of attack are from the private forum scene also, most likely, we have groups who have been working on their security and operating techniques for over a decade now after all....some of us are pretty close to being almost impossible to bust other than by human intelligence (ordering product from a fed) or surveillance (ordering product from someone who ordered product from someone who ordered product from a fed, if they do a long term multi-jurisdictional surveillance operation without actually inserting their own malicious nodes into the network. Using fake ID boxes and counter surveillance techniques can make this more difficult / expensive for them to do, but it is really hard to protect from surveillance of identified physical product routes). We are currently working on developing hardware that will detect essentially all interceptions, that idea will turn out to be a massive leap in security for us since interception is currently also one of the biggest risks involved with this.