Quote from: StrangeHands on October 26, 2012, 05:45 pmNightcrawler makes a crucial point about public keys. The gpg keyring does not hide these public keys, they are after all public. The problem is that these keys are pseudonymous identities.They have software where they describe relationships of identities and it draws maps showing the organization of the group. This is a bad thing. Palantir makes precisely this type of software, and markets it aggressively to government agencies and police. Just look at the documents uncovered by Anonymous during the HBGary hack. This is PRECISELY the type of thing that turns their cranks. Quote from: StrangeHands on October 26, 2012, 05:45 pmThe best way is to get a secure live operating system. I use TAILS, not only does it make sure you don't accidentally do something outside of TOR, but it also makes sure it forgets what you have done.It lets you create an fully encrypted persistence volume that will hold your gpg keyring and any other files you may need.TAILS is installed on a USB stick and can be used to boot nearly any computer into a secure environment. It even provides you with a virtual keyboard in case the computer you are using has a hardware keylogger.If you use this system then your security is as good as your password. For a secure password I recommend you pick at least 4 random dictionary words(don't just pick words, take them randomly from a dictionary), 6 random letters with mixed case, 6 random numbers, and 3 symbols. Take all of these elements and put them in a random order, then memorize it(do not write it down). If your password is something like "g0verm3nt" or "chickenwing333" then your password will be cracked. Adding letters or changing letters in a word is easily defeated with password fuzzers. My personal preference is Diceware: http://www.diceware.com/ 8-10 Diceware words will be enough to stop the authorities dead in their tracks. Quote from: StrangeHands on October 26, 2012, 05:45 pmWhen you make a backup of your USB stick do a complete drive image mirror and if you need to recover write that image to a new USB stick. Do not just send your files to dropbox.Good 'ol Dropbox. The people who ensured their users that their files were 'encrypted' -- it's just that Dropbox forgot to tell their users, that _they_ held the crypto keys, and moreover, would turn them over to the authorities at the flash of a badge. Quote from: StrangeHands on October 26, 2012, 05:45 pmYou really need to understand what you are doing to be secure, if you are just following instructions without understanding the underlying security model then you will make a mistake that the bad guys will take advantage of.The single biggest asset that LEA has on here, is the ignorance and/or stupidity of some of the users. Those users who know what they're doing are few and far between, and I get the impression that some of them are starting to burn-out. You can only answer the same question so many times, before you can't take it anymore. There are days I come on here, and my blood pressure spikes -- I feel like my head is going to explode -- I want to bang my fist on the desk in frustration! There are some excellent guides on here (and some that are in the process of being produced). The problem is, nobody wants to take the time to read them, let alone take the time to really assimilate and understand them. People just seem to be incapable of grasping some of the fundamental concepts, such as the difference between privacy and anonymity. As we've seen with the original poster in this thread -- they just don't seem to have a fundamental grasp of the concepts underlying the primary security tool in their arsenal. One could excuse or forgive this, in almost any other venue, but here? On a forum where the sales and purchase of illegal drugs are discussed? The mind literally boggles.