Silk Road forums
Discussion => Newbie discussion => Topic started by: metacontxt on June 01, 2013, 04:21 pm
-
I see a lot of information here about learning to use PGP and so forth, but much security does a small time buyer realistically need? I mean, I have no intention of becoming a vendor and – if and when I take the plunge – will only be occasionally buying gear in recreational quantities from vendors within my home country. As I’m such a small fish, do I really need to worry about encrypting my address when sending it to a vendor, or being especially cautious about covering my tracks when purchasing Bitcoins?
Another issue regarding security – where are the best places to get the current SR URL? I get the URL off SR’s Wikipedia page, but obviously (due to the nature of Wikipedia) it would be easy for phishers to change that to a phoney site – even if they only had the fake URL for a few minutes before someone else changes it back, that would be enough time for them to capture a handful of usernames and passwords. Other options?
-
I get the SR url from silkroad reddit
-
I see a lot of information here about learning to use PGP and so forth, but much security does a small time buyer realistically need? I mean, I have no intention of becoming a vendor and – if and when I take the plunge – will only be occasionally buying gear in recreational quantities from vendors within my home country. As I’m such a small fish, do I really need to worry about encrypting my address when sending it to a vendor, or being especially cautious about covering my tracks when purchasing Bitcoins?
Another issue regarding security – where are the best places to get the current SR URL? I get the URL off SR’s Wikipedia page, but obviously (due to the nature of Wikipedia) it would be easy for phishers to change that to a phoney site – even if they only had the fake URL for a few minutes before someone else changes it back, that would be enough time for them to capture a handful of usernames and passwords. Other options?
PGP is absolutely essential! It's not about becoming a vendor, it's about protecting your information should a vendor or the Silk Road servers be compromised. You need to treat Silk Road as if it were already compromised by LE; safety and security is of the utmost importance.
Regarding the URL, you should absolutely not be using an address that you find ANYWHERE online. You need to either bookmark it (if your Tor Browser Bundle is stored in an encrypted file/folder or you're using TAILS) or else memorise it:
silkroad
vb5
piz3r
Phishers know the second that someone has entered login details to the site, and are probably running scripts that automatically change the users passphrase and PIN, withdrawing the victim's BTC in seconds.
Please read the SR Wiki - it contains necessary information that you really need to know:
http://dkn255hz262ypmii.onion/wiki/index.php?title=Main_Page
Libertas
-
Thanks for the useful advice. I was under the impression that the SR URL is subject to change...?
-
Thanks for the useful advice. I was under the impression that the SR URL is subject to change...?
Silk Road's URL has only changed once in its history, from "ianxz6zefk72ulzz.onion" to "silkroadvb5piz3r.onion".
You may be thinking of Silk Road's backup URLs which will ONLY become active if the site is taken down permanently - you can read more about them in DPR's post here:
http://dkn255hz262ypmii.onion/index.php?topic=32771
The forum backup URLs (with the 3 marketplace backup URLs at the bottom) can be found here:
http://dkn255hz262ypmii.onion/index.php?topic=155554
Libertas
-
it's about protecting your information should a vendor or the Silk Road servers be compromised. You need to treat Silk Road as if it were already compromised by LE; safety and security is of the utmost importance.
I see, I get it. But honestly, I'm playing the odds here. I generally feel that my information's secure with SR, and a reputable vendor obviously has some systems in place so that they can stay reputable (ie. grow). Let's take a look at these two wildly unlikely events - that LE have a solid lock on my name and address and what I've bought in the past - well in the miniscule quantities we're talking about, I'd say best of British luck to you, gents. I can afford decent lawyers. As an absolute worst case scenario, they get my name, address and a live order which they intercept ie. they catch me red handed. Oh well done Inspector Plod, after a lengthy and complex investigation you've busted a guy with $100 worth of narcotics. Now, have you given him the choice of the fine or the drug education class?
I do understand the need to be discreet. I think the trading floor here is pretty fucking discreet. If I ever wanted to start placing larger orders which could result in jail time, I might make more of an effort to cover my tracks in terms of BTC purchases, and familiarise myself with PGP, but for a small fish like myself...?
Do other smalltime users bother with higher levels of stealth (ie using PGP to encrypt your address etc) when making purchases, and are there others that don't bother and just give your address over straight to your vendor?
-
Meta-
Just a thought. Nothing negative here- please keep that in mind.
The time spent making this post and questioning the idea of implementing gpg security- you could have learned, understood and already implemented said precautions.
In my personal opinion, security is not something to be lax about. We all sit oh-so-comfortably in front of our computers as if we are hidden from consequence. Whether it is, or it isn't- consider danger imminent.
Welcome to a new world Meta- Enjoy your travels. Be safe.
-onion-
-
PGP isn't that difficult to use, and it could save your ass. Even if you're only buying personal amounts you should still be encrypting your address.
-
Cheers guys, if it's as simple as you say I may as well do it!
Thanks again.
The BTC obtaining process seems to me to be a greater vulnerability, however. I'm in Oz. How to purchase BTC anonymously?
-
There is an onion URL (crypTor) that does all the PGP for you (just load the PGP key of the vendor and write the message, done). You don't need to learn anything:
thah3jusrmh3rxpx.onion
It's still best to learn PGP, but if you really don't want to, using this site is very easy to do and it takes just a second.
EDIT: To prevent the possible replies of the site not being secure, it has been checked by various people and there are no callbacks at all. The page works also off-line.
-
PGP makes me feel a lot more secure
-
Complacency is bad news also.
Be aware of your actions and their reactions.
Best of luck man! :)
-onion-
-
Yeah I really don't see the point of PGP we're already on Tor, like holy shit paranoid sellers...