In this thread I would like if we bring up and analyze likely threats to the security of SR and the participants engaging in the market here. Let's discuss the vulnerabilities that law enforcement will likely attempt to exploit and brainstorm and present ways to counter them. I will get the ball rolling. One thing that I enjoyed about OVDB is that sellers had trust status assigned to them and all of the trusted sellers had reputations on private forums to be concerned about. One of the most glaring vulnerabilities SR has is also one of its strengths: anyone can become a vendor and the price of becoming a vendor is relatively cheap as compared to the amount of customer intelligence that can be obtained. As DPR has no presence on the private scene, it will be difficult for him to implement such a system. Additionally, such a system indeed opens up further vulnerabilities: if the person who assigns trust becomes compromised then the trusted vendors will all eventually come to be compromised, at least all additional vendors. Additionally, Tarpaulin and Fairydae clearly show that trust is not perfect security measures, even when long standing difficultly obtained reputations are on the line. I do believe that this sort of system protects from federal infiltration more than it does from scammers. Still, it seems foolish for us to not take advantage of the long standing reputations and history of the private source scene, especially when several of the vendors here have some history and reputation on established private forums. Additionally, the feedback system here is seemingly easily gamed. Some additional system of trust and reputation should be implemented here. One idea is from Undrugged, a site some of you may remember. I believe a similar system is in place on SafeorScam. The system is simply a variant of a web of trust, where participants can cryptographically say how much they trust other participants. A great deal of care must be taken in assigning trust, because if you say that you highly trust a person who later turns out to be a federal agent or scammer, the amount of trust others have in you will be diminished. In fact, I believe that it may be worthwhile to pursue a software system that makes the management and visualization of WoT easy for participants here. This will possibly help us to identify organized scammer and law enforcement infiltration: after one such infiltration is identified we can be more suspicious of the 'nodes' which have assigned trust to the infiltrators. Of course the primary threat to customers is that their order will be intercepted and result in a CD or raid. We have long discussed the possibility of interception detection technology, and I am strongly of the opinion that obtaining an easily implemented open source design for such technology is something that should be viewed as a top priority. Perhaps we can find people on SR who have the required skills for such a thing and form a sub group dedicated to the implementation of this technology. When coupled with fake identification or other non-linkable boxes, interception detection technology can potentially remove the risks associated with package interceptions, this would be the single greatest increase possible for the security of SR customers. The entire process of designing this technology absolutely must be publicly viewable and real time. Another thing I see as a serious threat to security is mis/dis information. This is false information, either unintentionally or intentionally introduced, respectively, in an attempt to degrade the security of participants. Misinformation may come from participants who want to help but who are themselves not as knowledgeable about subjects as they think they are. I see this frequently, users give what they think is good advice but in reality is bad advice. I see this even more on some clearnet forums where even the administrators suggest that people stay away from Tor and instead use VPNs. They may say things like "Tor exit nodes can spy on traffic, you should avoid Tor and use VPNs". This is not applicable here as Tor is essentially required to access SR (in between sites like tor-proxy aside), but is a good example of what could be either mis or dis information. In the cases where this is misinformation, it is largely due to lack of sophisticated security knowledge on the part of the person making the claim: chances are they have read some news article that discusses Tor exit nodes spying on traffic, and have jumped to the conclusion that Tor is not safe. Of course someone with appropriate security knowledge will recognize that VPNs are just as vulnerable to exit node spying as Tor is, making the suggestion at best being based on an incorrect comparison between Tor and VPN's. In the case of disinformation, it will be a federal agent making the claim, possibly even suggesting specific law enforcement agency owned VPN's that ought to be used in place of Tor. Unfortunately mis and disinformation tend to spread at exponential rates, a naive user who is presented with mis/disinformation will tend to take it at face value, and in an attempt to be helpful will propagate the mis/disinformation to other participants. Of course this can be devastating to the security of individuals and even to entire communities. I would like us all to think of ways to combat mis and disinformation here, but I will present a few suggestions. First it would perhaps be helpful if some users who are widely recognized as being security specialists are given special titles identifying them as such. More value should be given to information coming from them than information coming from people who have not been recognized in such ways. How we can safely and fairly identify such users is a matter that warrants further discussion. Also, in some cases even experts have differing opinions, we need to recognize this as well. Furthermore, it could be exceptionally dangerous if law enforcement manage to gain control of accounts that are titled in such a way that trust is assigned to them. Another potential way to counter mis and dis information is to expect that citations be included for any claims regarding security, at least where it is possible to provide citations. Additionally, perhaps threads should exist for security discussions where all substantial claims are required to have citations backing them. Another major attack vector is in the software suggested to users. Without any doubt law enforcement are going to be providing "secured" virtual machines that are actually backdoored. I suggest that the sale of virtual machine images and similar be banned on the silk road market: there is no need for these services as independent secured live operating systems already exist (see Liberte and Tails), and the the time and skill required to audit an entire live operating system is such that we can safely assume that none of the live operating systems offered for sale on the silk road marketplace will be audited. Software is another area that is ripe for exploitation, and although I have previously said that we should not ban the sale of software I now have changed my opinion. I believe that sales of software should be banned on the silk road marketplace, or that we must use a strict auditing process. I can clearly see a benefit to allowing users here to offer software that will assist in the security of vendors and customers, as well as generally make life easier. However the risk of law enforcement exploiting this by encouraging vendors to use restricted access backdoored software is far too great. Software made available through Silk Road absolutely must be open source, publicly available and audited. Preferably we could find how many of the users here are fluent in different programming languages, and create teams of people who audit software. The people creating software are not barred from making profit, nothing stops people from donating to their efforts. One could easily say that this is counter productive to the spirit of a free market, however the fact remains that software distribution is a major attack vector, and I believe that our security is more important than the right of a person to sell software here in a restricted fashion, indeed the model could not be worse than one in which the only people buying a product are the only ones incapable of properly auditing it. A million arguments can be given for keeping closed source or restricted access software available here: vendors could be using advanced security techniques to isolate said software (realistically, almost none of them will be), vendors could independently get the software audited themselves (realistically, none of them will), it is up to the buyer and their responsibility if they are successfully exploited through this attack vector (true enough, but if a vendor is exploited in such a way all of their customers are put at risk, as much as it goes against my beliefs regarding other things I truly believe that regulation for the good of the community is acceptable in this instance, there are far too many vendors who do not appreciate the risk of running unaudited software and far too many vendors who naively trust anyone who makes enough posts and seems friendly). Additionally, it does not violate the principles of a free market if DPR opts to restrict the sale of closed source and restricted access software: it is his marketplace and he is free to do with it as he pleases. I believe that a culture of paranoia is essential for the ongoing security of the silk road community. How we can instill such a culture is an open question. A great many of the participants here are naive not only to criminality (most having probably never participated in an organized crime enterprise before, or having had many run ins with authorities), but also to technical security. Particularly it is important for DPR to have mistrust of everyone. I believe that if he places trust in others, that eventually he will trust a malicious party who could do damage to the silk road community. In the past I have seen him engage in activities that strike me as being somewhat naive, offering positions of technical privilege in the form of job offerings (in fact even I was offered such a position fairly early on, based off seemingly nothing other than my apparent skill with server hardening). It is in the best interests of DPR and SR to consider that everyone participating on SR is a federal agent. On the other hand it is also clear that he will need assistance with securing and maintaining silk road. I strongly suggest that he creates a thread for brainstorming and technical assistance in regards to SR, and asks for any help in that thread, to be thoroughly analyzed by the larger community and implemented by him and him alone. every additional person with privileged access to or information regarding the SR server is an additional attack surface for law enforcement to target, every job opening that offers access to privilege or information is a potential opening for federal law enforcement infiltration. He will be wise to recognize this, and to assume that all participants here are interested in deanonymizing him and compromising SR. Public sites are important, centralization is bad, compartmentalization is key. Nobody can doubt the role of a large public site such as SR. SR has single handedly transformed the online drug dealing community from a comparatively small community to a mainstream phenomenon. Indeed this is a key event, somewhat of a tipping point if you will, and in fact in line with the Netwar theory of such groups: that they will start small and eventually grow to the point that they spiral out into the mainstream. We should always have a public marketplace. That said, having a single point of failure is bad. In fact there are an abundance of private forums and the world of online drug trading will not go away if SR falls. However, I believe it is important for people here to branch off into private forums with restricted membership. There are several advantages to this. For one, it will help keep communication channels open in the event that SR is severely compromised. Even on tight knit private forums, an act such as being hacked or shut down can fragment membership and lose participants as communication ties that rely on the centralized node are cut. An additional benefit is that restricted membership forums inherently grow more resistant to scammers over time, if a private forum consisting of 600 participants on SR is created, as scammers start to be identified the ratio of scammer to legitimate accounts will grow in favor of legitimate accounts. On a public site such as SR, scammer accounts are a fully renewable resource. Even infiltration by law enforcement can be stymied by implementing restricted membership private forums: on SR mass registration of law enforcement accounts can go on indefinitely but on the hypothetical private forum, the ratio of legitimate to law enforcement accounts is unlikely to change much from what it initially is. Additionally, if small groups from SR splinter off into private communities, there are techniques to reduce the damage of even multiple law enforcement infiltrations: requiring multiple people to vote on all new members and keeping records of who votes to grant membership can quickly identify topologies. The effectiveness of this may be limited unless law enforcement nodes can be identified. Additionally, communications technologies that inherently support compartmentalized and massively distributed group interactions are important. Thankfully a great deal of development time is currently being spent on such technology. Another thing I would like to mention is the role of intelligence in such an organization. The importance of this is frequently overlooked. It would be strongly beneficial if SR could rally hackers friendly to the cause to try and pwn law enforcement personnel, intercept their communications, identify the law enforcement accounts on SR, etc. All forms of intelligence gathering should be employed against our enemies as information is what wins wars. of course securing our own information is of utmost importance, addresses should be encrypted, hardened systems used, Tor used, great care taken in protecting our shipments from being flagged, etc. However, defensive security is only one half of the battle, and it is equally important for us to gain as much intelligence on law enforcement as we possibly can. The strength of a public site like SR is certainly in its community. Utilizing the community to its full potential is important, and this importance is reflected in several of the other things I have discussed in this thread. Another thing we must always be careful about is becoming complacent. We must always remember that we are engaging in illegal activity, and that it is the job of law enforcement to hunt us down and imprison us (of course it being their job does not excuse them from responsibility, and they should be harshly punished for their crimes against humanity). All too often I see people here who seem to have forgotten this. When I see posts from people wanting to use credit cards to pay for their drugs here, it makes me cringe. We should never let convenience out weigh security, and we should never forget that we do indeed need security as we are engaged in highly illegal behavior. This is not E-bay, do not be confused by the friendly nature of this implementation of drug trafficking into thinking it is anything other than drug trafficking. Don't be fooled by friendly posters, the federal agents are sometimes the ones you least expect.