Silk Road forums
Discussion => Security => Topic started by: gestaltassault on September 16, 2012, 04:27 am
-
Just wondering if I should start laundering my bitcoins just to cover my tracks better. I'm kinda freaked out that they asked for my ID when I Moneygramed to Bitinstant...
-
I can get you cash for your btc.. check out my listing and the contact me!!
-
or bitinstant > blockchain / mtgox > instawallet > instawallet > bitcoin fog > SR = safest (ultra-paranoia mode)
or bitinstant > blockchain / mtgox > bitcoin fog > SR = safe
or bitinstant > blockchain / mtgox > instawallet > SR = good enough
btw you don't NEED to show ID when you moneygram at cvs or at any bank branch. just say you forgot your id at home and you never were required to show ID in the past.
remember buying bitcoins is legal.
:]
-
Bitinstant -> MtGox -> Instawallet -> Bitcoin Fog -> Cleanbit -> personal wallet -> flash drive -> drive to a secure location -> print it out and snail mail it to a small African boy -> carrier pigeon to Guatemala -> type it back into a wallet -> SR.
Know any sellers for carrier pigeons on SR or should I clearnet it?
-
Bitinstant -> MtGox -> Instawallet -> Bitcoin Fog -> Cleanbit -> personal wallet -> flash drive -> drive to a secure location -> print it out and snail mail it to a small African boy -> carrier pigeon to Guatemala -> type it back into a wallet -> SR.
Know any sellers for carrier pigeons on SR or should I clearnet it?
Yet no mention of a West African swallow.
-
i had to show my id at cvs last time too just b/c it was the store manager who rang it up it was just for the camera anyways plus the name i gave on the phone was fake anyways and all 100% legal
-
Mix them up in your insta wallet first.
-
Good information.
-
The two services that I know about that claim 0% taint are Cleanbit and blockchain.info's anonymization service. Other mixing services put your bitcoins in an address with tons of other people's bitcoins and then you withdraw them after some time. If you do a taint analysis, you'll find that your old addresses are still a tiny percentage of taint in the new address, although they are mixed in with hundreds, perhaps thousands of other addresses, so while it's not impossible to follow the trail back to you, it is incredibly difficult and basically impractical for small time drug buyers. Cleanbit and blockchain.info use separate pools, so if you send 1 BTC into the mixer, then take 1 BTC out, they come from different addresses that are never connected.
I dont think that taint means what you think it means. I receive coin that shows taint and I have never owned it before. I use a different bitcoin address for every transaction and never pool them into a single address so from my digging and understanding of bitcoin there is no direct connection between the addresses.
-
I dont think that taint means what you think it means. I receive coin that shows taint and I have never owned it before.
You have never owned what before? Those coins? The previous addresses that are tainting them?
Nope Never. Never the coins and never the previous addresses. How do I know this? Because I still have all my coins lol
I have only ever spent bit coins once. That was the $150 for a vendor account. That was on a different bitcoin wallet, on a different computer, than the one I receive coins to. Many times when I look at the taint the first 50 to 100 addresses are marked with a 100% taint, none of them are mine or in any way linked to any of the previous addresses I have used. That is one of the few things that I have seen on BTC block chains that does not make sense.
-
Taint is the measure of correlation between two addresses, and primarily used to determine if there is any connection between the two addresses.
-
There's still a problem. Let's say your SR bitcoin address is 1aaaa (for simplicity). An attacker pwns the server and makes the connection between your SR account (and buying history) and that bitcoin address. They look it up in the blockchain and see that your coins came from 1bbbb, and before that, 1cccc, which is operated by MtGox. Now, 1cccc is a centralized address that MtGox does lots of transactions with, but they keep good records and answer LE requests. LE asks them which account sent BTC from 1cccc to 1bbbb and guess what, your name is on it. Now LE has linked your SR account (and buying history) to your real identity.
Here's an example of Mt Gox freezing someone's account due to taint (although it sounds like they got things wrong)
https://bitcointalk.org/index.php?topic=73385.0
-
Bitinstant -> MtGox -> Instawallet -> Bitcoin Fog -> Cleanbit -> personal wallet -> flash drive -> drive to a secure location -> print it out and snail mail it to a small African boy -> carrier pigeon to Guatemala -> type it back into a wallet -> SR.
Know any sellers for carrier pigeons on SR or should I clearnet it?
Yet no mention of a West African swallow.
Laden or unladen?
-
There's still a problem. Let's say your SR bitcoin address is 1aaaa (for simplicity). An attacker pwns the server and makes the connection between your SR account (and buying history) and that bitcoin address. They look it up in the blockchain and see that your coins came from 1bbbb, and before that, 1cccc, which is operated by MtGox. Now, 1cccc is a centralized address that MtGox does lots of transactions with, but they keep good records and answer LE requests. LE asks them which account sent BTC from 1cccc to 1bbbb and guess what, your name is on it. Now LE has linked your SR account (and buying history) to your real identity.
That's why you want to use a good mixing service. SR's internal tumbler *might* be good enough, but I'd prefer a 0% taint mixing service.
The only problem I see with the above is
a) Your bitcoin address on SR changes with each deposit
b) SR does not have a 1:1 from buyer to seller. Meaning, if you as a buyer deposit bitcoin into SR and buy product from me as a vendor, there is no link between the two. The bitcoin, escrow, etc is all done in a database and not part of the block chain. When the vendor takes the bitcoin from SR to an external wallet, SR pays on a FIFO thus the bitcoin paid out is not the same as what you paid in.
Now, I have been digging into bitcoin as well as writing interfaces using the JSON php interface to to the bitcoind service. My findings so far are that short of a breach of both the bitcoind daemon and the site database it would be very hard to link a given user ID to the addresses used by that user for pay in. Due to the way SR pays out, it would be almost impossible to link any given payout to a single purchase and very difficult to link any payout to a given vendor. Due to the way the bitcoind daemon works, with the constant changing of bitcoin addresses on pay in, short of a breach of the bitcoind daemon it self, it would be almost impossible to link any given address to SR.
From what I have gathered, taint is nothing more than the existence of a block chain for a given coin. Meaning that the coin has been used by multiple addresses. Most of the taint that I have seen is nothing more than the .0015btc transfer fee's collected by bitcoin nodes for processing a hash.
I am not saying that a mixer is not needed, I am simply saying that understanding the system gets you closer to understanding how bitcoin chains can be followed and how you can better protect your self.
-
Ideally all contact with MtGx / Cryptoxchange will occur from a computer completely not connected to the user (e.g. public library). That way the account (and subsequent movements of bitcoins) can't get tracked back to you.
-
or bitinstant > blockchain / mtgox > instawallet > instawallet > bitcoin fog > SR = safest (ultra-paranoia mode)
or bitinstant > blockchain / mtgox > bitcoin fog > SR = safe
or bitinstant > blockchain / mtgox > instawallet > SR = good enough
btw you don't NEED to show ID when you moneygram at cvs or at any bank branch. just say you forgot your id at home and you never were required to show ID in the past.
remember buying bitcoins is legal.
:]
This is exactly what I was looking for and very simply put. Thank you :-)
-
The bitcoin address is just used to identify the buyers. Remember, you don't have to actually receive drugs to break the law. Submitting an order qualifies as "attempting to purchase a controlled substance". It show intent, and that's all that matters.
However, the bitcoin address on SR is not a link to the person. They could link it to an account but linking the account to a person would be impossible.
I am sure you are thinking I am wrong with the above statement, but take a moment and think out it. It is very hard to link a person on the net to a given purchase because you can not link the location or IP (This is TOR), you can not definitively link an account to a shipping address or name (If the person is using pgp then the only person that knows the address is the vendor), It would be difficult if not impossible to prove in court that the data contained in the database are transactions (Remember, this would be circumstantial at best in a court because there could be false transactions in the database and they would have to prove with a delivery that the person in question was the one receiving the goods)
You may think that they could follow the bitcoin transactions back to the place where the person purchased them, but most don't use methods that require ID and even if they tried they would have to ID every btc address in the chain from purchase to entering SR. If any one single address can not be identified then that means that they can not link the buyer to SR.
This kind of case would be a nightmare for a DA and they would, more than likely, walk away from it because it would be unlikely to succeed.
Think of it like posting a picture on the web of you standing next to an MJ plant. They can not prove when it was taken, they can not prove where it was taken, all they know is that at some point you were next to an MJ plant and that is not enough to even get a warrant.
-
Fake money gram info sent to bitinstant sent directly to sr address. super simple, the only downside is the rather large bitinstant fee.
If your sending an amount which require id, just break the money gram order up into multiple orders.
-
Bitinstant -> MtGox -> Instawallet -> Bitcoin Fog -> Cleanbit -> personal wallet -> flash drive -> drive to a secure location -> print it out and snail mail it to a small African boy -> carrier pigeon to Guatemala -> type it back into a wallet -> SR.
Know any sellers for carrier pigeons on SR or should I clearnet it?
Yet no mention of a West African swallow.
Well, west african swallows don't have the air velocity. They average 24mph, whereas the carrier pigeon does 50, and up to 110 if it's feeling particularly awesome that day.
Were it to be a matter of carrying a larger burden, however, say a coconut...