edit: got bored, will add more later, plus go into deeper analysis with potential solutions to some of the identified problems, and citations to documents supporting the probabilities I gave. I will write one then others can do their own or comment if they disagree. Key assumptions check is technique I just learned from this pdf: https://www.cia.gov/library/center-for-the-study-of-intelligence/csi-publications/books-and-monographs/Tradecraft%20Primer-apr09.pdf Essentially, you state your assumption, and then you assess it. I will write based on the assumptions of the average SR user. I will try to use Kents Words of Estimative Probability: The format will be: Assumption    |   \ / Assessment with the probabilty of the assumption being true being represented by the first words of the assessment. ________ Law enforcement will not directly target buyers. (Law enforcement are interested in targeting dealers only. Customers are not big enough targets for them to waste time on, they really are not that interested in personal use amounts, the only reason they target users usually is so they can work their way up to vendors and with SR this isn't really feasible.)    |   \ / Probably not true. (Due to the inherent weaknesses involved with receiving product, and the relatively strong security techniques being used by vendors, it will be much harder for law enforcement to successfully compromise a vendor. Due to the media attention SR has attracted, as well as calls from high ranking politicial officials to shut it down, it is probable that law enforcement agencies are feeling pressure to make SR related arrests. The easiest way for them to reach this goal will be the targeting of customers. Furthermore, if these arrests are highly public they will serve as a deterrence and will likely cause a chilling effect, reducing the activity levels on SR as well as making many others afraid to participate in the first place.) ________________________ Law enforcement will not use highly technically sophisticated attacks for busting customers. (Technically sophisticated attacks are not what the majority of agencies targeting SR are used to using, they will not spend the relatively high amount of resources and expertise required to use these attacks against personal use drug customers)    |   \ / Probably true. Law enforcement, and particular drug enforcement agencies, traditionally use human intelligence based attacks. They have skill in this area. Additionally, there are software systems that make human intelligence attacks in online anonymous environments particularly potent (persona management software allows a small team of agents to operate a great deal of distinct pseudonyms simultaneously and with little effort). Address harvesting attacks via human intelligence undercover operations will be an effective enough technique for the gathering of significant amounts of customer information, there is no requirement for law enforcement to engage in more sophisticated technical attacks. Human intelligence is almost certainly going to be the weakest link. ________________________ Law enforcement will not use highly technically sophisticated attacks for busting vendors.    |   \ / Almost certainly not true. Pretty much the only way they have to bust vendors is to use some attack that will generally be perceived as an advanced technical attack by the average SR user anyway. (It is also a safe assumption that the feds will try to bust vendors with targeted technical attacks) ___________________________________________________________________ Federal police level attackers will not focus much resources on customers. (They will focus on vendors)    |   \ / Chances about even. From their perspective, they certainly have bigger fish to fry. On the other hand, getting drugs in the mail and money laundering are federal crimes. It is probably most likely that if federal agencies get involved in attacks against personal use customers, that they will refer the cases to local police departments. The feds must be feeling pressure to bust SR users, and they will probably have a much easier time to bust customers than vendors. On the other hand, local law enforcement agencies can focus on customers with federal agencies focusing their resources on vendors, with feds handing off customer cases to the appropriate local law enforcement branches. This is roughly equal to how multi-jurisdictional multi-target-level cyber operations are handeled in the realm of child pornography trading...we may see the same model develop against online drug trafficking. __________________ Law enforcement will not be able to use dragnet screening and interception technology to intercept a significant amount of packages sent by SR vendors. (As this method of smuggling becomes more and more mainstream, law enforcement will focus more resources on screening mail and this will lead to significantly higher interception rates)    |   \ / Almost Certainly true. There is simply too much mail going through the system for passive dragnet screening measures to inspect more than a small percentage of it. Proper packaging techniques can further reduce the risk of mail being screened, and of screened mail having contraband detected. Unless there is a break through in drug mail detection scanning technology, physical analysis of mail payload data (drug dogs, electronic sniffers, X-rays, infrared, etc) and manned meta-analysis (manne package profiling) are not likely to result in significant rates of interception. ___________ Law Enforcement will not be able to automatically perform traffic analysis on the mail flow and use the raw intelligence from this to identify addresses involved with drug trafficking, ie: Law enforcement will not be able to use *targeted* screening and interception technology to intercept a significant amount of packages sent by SR vendors.    |   \ / Almost Certainly Not True. Mail sorters have the capability to create computer readable databases of shipping routing information (return address, shipping address, date) and these databases can be queried with algorithms capable of identifying suspicious boxes (and if enough data points are available, specific pseudonyms addresses ). There is nothing advanced about this sort of intelligence gathering and analysis, and on a country by country basis it may or may not be illegal for law enforcement to engage in this sort of intelligence analysis to better target their interception detection technology / human screening-profiling systems. __________ Law Enforcement will not be able to directly break the encryption algorithms used by Silk Road vendors / customers for communications security and anonymity and financial transfer.    |   \ / Almost certainly / certainly. Although it is technically possible for strong asymmetric encryption algorithms to be directly broken, it is unlikely that any attackers are capable of this. If any attackers are capable of this, they are almost certainly cryptographic intelligence agencies. Unless there is a mathematic break through or an attacker manages to stabilize enough qubits, it will be impossible for anyone to directly break the encryption algorithms Silk Road users are using. If such an attacker exists or comes to be, they will almost certainly not be a police agency. ______________ Law Enforcement will not be able to trace the Silk Road server.    |   \ / Almost certainly not true. There are many purely traffic analysis based attacks for deanonymizing hidden services. These attacks have been carried out against the Tor network in practice. The countermeasures taken by the Tor devs buy time but they are not enough to prevent a trace, particularly by a law enforcement level adversary. It is very probable that law enforcement will be able to trace the Silk Road server within a few weeks of trying, with minimal resources. _____________ Law Enforcement will not be able to directly break the anonymity solutions being used by a significant percentage of SR users (~10%-20%+)    |   \ / Probably not true. Law enforcement will likely engage in active attacks against the Tor network, where they add nodes and analyze the signals intelligence gathered from them. Even if they do not do this to specifically target Silk Road users, they will to target pedophiles and the intelligence gathered will have an effect on SIlk Road users as well. If LE manage to watch traffic enter the Tor network and reach its destination, they can use timing correlations to link the sender and receiver even if they can not view middle nodes. Since it is very probable that law enforcement can trace and then passively observe the Silk Road server, it is likely they will be able to trace anyone who uses one of their entry guards to connect to Silk Road. Depending on the number of nodes law enforcement agencies interested in SR (or interested in sharing intelligence) have managed to get 'entry guard flags, it is not at all unrealistic for them to be able to deanonymize a significant number of Tor users connecting to SR. As entry guards change on a monthly basis, over time LE will be able to deanonmize SR users who they previously could not. Additionally, many Silk Road vendors are not using bridges. Law enforcement can very probably enumerate very large numbers of Tor client IP addresses by passively monitoring a few key directory authority IP addresses. By intersecting the population in a rough radius around where vendors ship from, with the list of all enumerated Tor client IP addresses, law enforcement will likely be able to entirely deanonymize some vendors, and narrow in significantly on other vendors. _____________________________ Law Enforcement will not be able to directly break the anonymity solutions being used by a large percentage of SR users (50-75%+), in a relatively short period of time    |   \ / Almost certainly true. It does not appear that law enforcement have begun to significantly perform sybil (node flooding) attacks against the Tor network. Had they, some pedophiles who use Tor would probably have been busted by now , in such a way that their arrest is leaked to the news or underground community. Law enforcement generally appear to lack sophisticated traffic analysis knowledge, although this should not be relied upon as the required information can be learned with a few years of study, less if a basic knowledge is already established. Most law enforcement traffic analysis operations are very simplistic and target CP traders. Tor does a good job at preventing LE level attackers from deanonymizing large percentages of users via profiling attacks, but it doesn't prevent LE from deanonymizing some X% of users (with X depending on how long LE run their profiling attacks for and how many entry guard flagged nodes they have). Tor bridges probably do a decent job of preventing LE from doing observability based attacks against some percentage of nodes. _____________________________ Law enforcement will not be able to by pass the anonymity and encryption solutions of a significant (5%+) number of SR users via by pass attacks (ie: hacking / social engineering followed by technical exploit).     |   \ / Probably not true. Many users are probably not using Tor Button or hardened browsers. Law enforcement will be able to deanonymize them. If LE posts a link to a PDF that connects to a server that they control and encourage SR users to view it, they can probably deanonymize a significant number of the people who download it. If they make a rooted live USB , they can probably get a significant number of people to use it. This sort of social engineering + technical attack alone could probably deanonymize a significant number of SR users (in the case of the live USB it could even deanonymize the people who place orders with them). Technical attacks without social engineering components can also likely compromise a significant percentage of SR users, although it may be harder to do many of these attacks without being noticed. If LE takes control of the SR server, which they almost certainly can do, they could embed java and flash. This would deanonymize everyone with improperly hardened/configured browsers, but it would likely be noticed fairly quickly. LE could also engage in more sophisticated technical attacks without drawing attention to themselves. However, it seems improbable to me that many law enforcement agencies are technically capable of pulling off such attacks. Some probably are though. They will not likely be able to compromise many people who practice serious computer security with this sort of attack . _______________________ Intelligence agencies will not be able to by pass the anonymity and encryption solutions of a very large (99%+) number of SR users via by pass attacks (ie: hacking / social engineering followed by technical exploit).    |   \ / Almost certainly not true. If NSA wanted to map out the entire SR network by real IP address, they would almost certainly have no trouble doing so with zero day vulnerability combinations. They also would be almost certainly not detected in doing this. They would also be able to spy on all communications between all SR users in the same way. exception: Users who properly implement physical airgaps could avoid having their plaintext communications contents intercepted by the NSA in this way, however since they could certainly be traced in this way NSA could get their plaintexts in other covert ways (targeted transient electromagnetic signals analysis etc). ________________________________ Intelligence agencies will not be able to deanonymize large percentages (99%+) of SR users via direct attacks on their anonymity systems.   |  \ / Almost certainly not true. NSA samples traffic at IX's. Sampled Traffic Analysis by Internet-Exchange-Level Adversaries : http://freehaven.net/anonbib/cache/murdoch-pet2007.pdf _______________ Intelligence agencies will not involve themselves with attacking SR   |  \ / Almost certainly true. Unless SR becomes a serious threat to the political establishmen I don't think any intelligence agencies will think twice about it. This is not likely to happen unless SR starts organizing/funding violent attacks against government, imo (making it a national security risk). _________________________ Law enforcement will not compromise the SR server and harvest all unencrypted addresses from the server.     |  \ / Almost certainly not true. There are too many attack vectors through which they could do this and SR server is protected from almost none of them. Hardest case they will trace the server, dump keys from RAM into a forensics laptop, root it from there and gather all the unencrypted addresses sent through the server. Simplest case they remotely hack the server through some security bug in the code and get to the E-mails from there. I find it extremely unlikely that LE will not do this and I find it just as unlikely that SR will be able to prevent it unless they majorly rehaul their security. Then again, I don't exactly know the security techniques they are implementing to prevent such a thing. I am almost certain they are not protected from this though. _________________________ Law enforcement can not deanonymize significant percentages of SR users based off of financial network analysis   |  \ / Probably not true. Most users are not properly unlinking their coins from their identities.