Silk Road forums

Discussion => Newbie discussion => Topic started by: EmeraldCircles on June 04, 2013, 08:25 pm

Title: How safe are digital goods?
Post by: EmeraldCircles on June 04, 2013, 08:25 pm
I'm a newbie here so I'm sure this will be taken with a grain of salt.. and it's kind of long...  Just wanted to bring this up & see what people think.

So, apparently it's common for new SR users to purchase some digital goods and get a few orders under their belt.  As I was looking at doing the same I started thinking.  What if LE is really doing everything they can to bring this thing down, or at least scare a lot of people away from it?  Doing so would certainly make the career of some narc, FBI guy or whatever.  It doesn't have to be a takedown of the big sellers, it could be a security breach that exposes a lot of buyers.  If you can't kill the supply, chip away at the demand, right?

Certainly, in the US, it would be illegal for the FBI to set up a seller account and actually sell good drugs.  Of course selling baby aspirin wouldn't work either.  That's where porn, warez, ebooks, etc. come in.  It may not actually be illegal to sell that stuff as part of a sting operation and it may even be possible to get permission from the content owners in the interest of stopping piracy, etc. etc.

So, let's say LE sets up a bunch of these accounts, selling various files or passwords to pay sites.  More often than not, you would be getting one of the following when you make a purchase:

-- A clearlink URL (Dropbox, Rapidshare, etc) to download a large video file, zip, rar, etc.
-- A user name and password to a commercial site.
-- An email with an attached (smaller) file.

All three of these scenarios present security risks if your adversary (as the seller) is resourceful enough:

-- Since Tor users will often be relaying, and on wi-fi, download times for large files will be very long.  They will probably be inclined (maybe with the seller's input) to download this file from clearnet, somewhere with a wired fast connection.  This will result in the buyer's IP getting logged.  That's assuming Dropbox or Rapidshare would be willing to help - and why wouldn't they?  The URL provided by the seller would be the flag that says -- SR buyer X purchased this from LE seller Y.

-- Why wouldn't Brazzers and company be willing to give out a few accounts to LE so that SR buyers can flag themselves when they log in?  Seems like a no brainer, even if the buyer never gets "busted", it's in their best interest to (again) help stop piracy, etc, etc.

-- Finally, any file downloaded from anywhere can have all sorts of malware hidden within. Assuming our LE friends are resourceful enough, there's no reason to think they don't have a few executables stashed away which are not yet known to the general population of Anti-virus makers.

In these scenarios, the seller could go on selling for quite a while, with great product and great feedback.  At a minimum LE could be logging the IPs of hundreds of SR buyers.  What would that be good for?  Well, how about a sting operation, with controlled deliveries to a couple dozen known SR buyers -- again to scare the shit out of everyone else.  What if some of these flagged buyers become sellers later on?  Worst case, with malware, they could have access to keyloggers or be receiving clearnet messages from your machine, while you're using TOR and/or SR.

Anyway, just a thought.  Kind of makes me think an 8ball in the mail might be safer than that cracked copy of MS Office.  What do you think?  Is it time to order some anti-psychotic meds?  Maybe so and maybe not...
Title: Re: How safe are digital goods?
Post by: woundedvet11 on June 04, 2013, 09:40 pm
You have some clever and elaborate ideas there. It just goes to show that criminals make the best cops. That being said, yup, time to up your meds. That level of work and elaborate coordination is too much for an agency to mount when going after a bunch of random users.

It was a great read though. Why not write the ebook and sell it on SR?
Title: Re: How safe are digital goods?
Post by: EmeraldCircles on June 06, 2013, 01:12 pm
Great idea! ;)
Title: Re: How safe are digital goods?
Post by: Derry on June 06, 2013, 01:35 pm
That's some good thinking there. Problem is, it's too extreme. If I were a politician, I wouldn't do this. If I were a manager of Brazzers, I wouldn't do it.
Why? Imagine if the public found out that their government is putting trojans into their PCs and following people online. There would be outrage and the politician
would be probably fired. And for what? It's not like digital goods are dangerous and he can't boast about it either. A politician would rather put his money and effort
into something that wins votes. Not this.
Title: Re: How safe are digital goods?
Post by: Wadozo on June 06, 2013, 02:12 pm
To protect yourself from some LE malware embedded in PDF files, compressed Zip files, etc, you should only open these in a VM (Virtual Machine), essentially it's an Operating system which runs inside the host Operating system installed on your PC/Mac. Really, opening any file downloaded from Tor should be avoided or done so on a PC that will never connect to the net if you must.
Pine (pine), a knowledgeable member of the Forum, has written a tutorial on how to do this safely. This and many other tutorials can be found here -

http://dkn255hz262ypmii.onion/index.php?topic=38861.0

#####
Wadozo, please do not direct people through onion.to - I have edited the address for security purposes.

Libertas
#####
Title: Re: How safe are digital goods?
Post by: Libertas on June 06, 2013, 05:21 pm
Wadozo, I have edited out the "onion.to" link in your comment above. Please do not use onion.to to visit Silk Road or the forums; whoever is running that proxy has access to your login details if you enter them through onion.to.

Libertas
Title: Re: How safe are digital goods?
Post by: Wadozo on June 06, 2013, 07:14 pm
Wadozo, I have edited out the "onion.to" link in your comment above. Please do not use onion.to to visit Silk Road or the forums; whoever is running that proxy has access to your login details if you enter them through onion.to.

Libertas

Libertas,

FYI - The link I posted was one I had queried to former Mod, Guru, and from memory, Mod scout. I will post the link to the thread once I find it but I'm 99% sure Moderator scout posted that the link/s was perfectly fine to use.

Update - Here is the link to the thread where scout talks about the .to links to the Louis Cyphere Security Thread. I should have posted the .onion link, however, the .to link I posted is linked to the same page.  http://dkn255hz262ypmii.onion/index.php?topic=38861.0
Title: Re: How safe are digital goods?
Post by: EmeraldCircles on July 22, 2013, 05:42 pm
Good points Wadozo.  A lot of digital goods are essentially useless (except to boost stats) if they can only be opened in a sterilized environment. 

Title: Re: How safe are digital goods?
Post by: BTC King on July 22, 2013, 06:38 pm
Libertas,

FYI - The link I posted was one I had queried to former Mod, Guru, and from memory, Mod scout. I will post the link to the thread once I find it but I'm 99% sure Moderator scout posted that the link/s was perfectly fine to use.

Update - Here is the link to the thread where scout talks about the .to links to the Louis Cyphere Security Thread. I should have posted the .onion link, however, the .to link I posted is linked to the same page.  http://dkn255hz262ypmii.onion/index.php?topic=38861.0
irrespective of what scout says onion.to links have no place on this forum