Silk Road forums
Discussion => Security => Topic started by: leatherman1977 on September 05, 2011, 12:35 am
-
Hi. As you can tell from the title - I'm new. Long story short, I got carried away and bought a gram of MDMA before I realised/learnt how to use PGP to enter my address to give to the seller? I entered my true name and address raw and unencrypted into SR ( albeit trusted/reputable seller) .
Feel like a dickhead so please don't remind me!
Just wondering what the chances are of this actually ever coming back to haunt me? I've finalised the transaction and that's all sorted but I'm just pretty nervous.... i.e would the whole SR system have to be dissected/torn down by LE for this to surface? Should I never use this computer again to order off SR?
Ideally I'd like to delete my Mt Gox account as well once I've put all the bitcoins into SR.
Anyone?
-
I don't think it's a problem at all. I'd worry more over whether the seller still has your address. (Still unlikely)
I believe all order messages are deleted once the transaction is finalized. I suppose they purge the disks as well.
I've read that the order messages are encrypted. I'm not sure where the private key is stored though? As a guess- I suppose it's based on some hash of the user password, stored with the session data. So it's only in the system while the user is logged in.
-
So you made a few noob mistakes that 1000's of other users have probably made; however, the key here is "trusted/reputable seller." If the seller you dealt with has experience and is careful, your name & address will probably only be seen by that seller. (Oh by the way, go back to your SR message outbox & delete any unencrypted messages to the seller, if you have any).
You did mention MtGox and sending Bitcoins to SR. Was the MtGox account in your real name, and did you access MtGox via clearnet (i.e., not Tor)? Do you have another account such as Dwolla that was used to fund your MtGox purchases? Was this account accessed via clearnet? If there's a yes to any of those questions then there might be a record of your actual IP address, which is a link to you.
It's not a crime to own Bitcoins (they're a great investment!) but it looks suspicious to send 'em straight to SR. Again, there's a link back to you.
You're probably O.K. But definitely read up on GPG, Tor, and anonymity over the Internet.
-
If is an international shipping, and is not 1 kilo of cocaine, you will be fine.
But is always nice to encrypt your adress.
Peace and Love
-
You did mention MtGox and sending Bitcoins to SR. Was the MtGox account in your real name, and did you access MtGox via clearnet (i.e., not Tor)? Do you have another account such as Dwolla that was used to fund your MtGox purchases? Was this account accessed via clearnet? If there's a yes to any of those questions then there might be a record of your actual IP address, which is a link to you.
To all: Thanks for your friendly and informative responses.
To CaptainSensible: The Mt Gox account is in a random/fake name and new password that i've never used before but I can only make mt gox work via clearnet... which is how I deposited funds through the Australian bank details it provides (another link to me). Have since spent a lot of time learning how to use PGP/encryption etc because I don't come from an IT/Programming background. Still feel out of my depth but I hope that by only ordering small amounts of drugs for personal use - I'll stay off the radar...
Cheers again for your help.
-
Also the sec the seller hits "confirm shipment" your info is deleted forever...not even SR can retrieve afterward.
-
Also the sec the seller hits "confirm shipment" your info is deleted forever...not even SR can retrieve afterward.
THIS.
:D
nomad bloodbath
-
Hummmm... What am I missing here?
I placed an order and when I typed my address and name I didn't put any PGP key in the box...
Isn't all traffic encrypted? :-\
-
Here's how I've got it so far
You are relying on 3 things by entering any sensitive info into SR.....SR's encryption and deletion policies, TOR's encryption and finally, the seller you are dealing with.
SR could be LE all of this time or be taken over by it. How would we find out?
Any TOR node could be snooped by LE as far as I know but what level of encryption they would have to deal with is the question. None if it's an exit node I believe.
At least sellers seem to get some exposure that non nerds can figure out for themselves, if they have any street smarts that is.
So far it seems that TOR and SR are either OK or nothing worth blowing a good cover has been detected by any snooping LE just yet.
As far as bitcoins go I see it this way:
You have to fund them somehow and Dwolla seems the easiest for many.
Dwolla links to your bank account. That has you very much ID'ed unless you have a complete fake ID.
Any thing that connects to it has a link back to your real ID.
Making up fake accounts that link back to real ones that all are (or should be IMO) done in the clearnet is just adding suspicion.
Not absolutely as as there is no law against it and this day and age there is plenty of legiimatre reason to stay low on the net.
I don't know if Mt. Gox's policies forbid or not and that would be the only real bad if it did.
But still no absolute proof of anything by having a fake account.....just one more bit of circumstancial evidence in any case against you.
I still see the best method (assuming anything using a bank account is involved) as just have real info in the clearnet dealings.
Have a bitcoin wallet on your pc and send everything from Mt Gox to it. Use proxy in the bitcoin wallet and run it through TOR.
You could use a tumbler or make your own by having several pc based bitcoin wallets and tumble your own :)
Then send to SR after the link has been broken (? obfuscated somewhat at least?).
You should be fine for now but that's what I would do in the future.
-
I think the thing that is being overlooked here is that (and correct me if I am wrong) when you send btc from mtgox you are not sending them to 'Silk Road' you are sending them to an address, and the address you are sending them to changes each time you load the account page so there isn't anything showing a pattern on the other end.
This is going from mtgox to SR, I imagine the same is also true from buyer to seller, none of your personal info in any way is tied to the bitcoins which is partially why SR uses it. The user can be quite foolish/careless and even without pub/private key pairs there is still no clear chain of custody from your bank account to the seller. Think of it this way:
Bank account -> MtGox
Assuming both are in clearnet and you are not using Tor to access them once the USD hits MtGox and you buy btc there is a record of you buying the btc in some way, and then your account having btc of some sort.
MtGox -> Silk Road
This is where the break in the chain of custody is from this point forward you sent a virtual currency to an address, that will not be used again, and does not contain metadata (i.e. info about the owner of that destination)
Buyer -> Seller
Now because we have an escrow system you actually 'pay' Silk Road, again since this is btc nothing identifies the destination owners information it's simply an address. Now once escrow payout occurs it becomes Silk Road that is paying the Seller, not the buyer, this is additionally key for purposes in US courts that makes a silk road purchase extremely hard to prove because this here breaks chain of custody even if everything else they had proof of, the way many US laws are written they have to effectively demonstrate that you had a transaction with an individual for illegal goods for a sum of money. In order to prove this they have to have some evidence of you providing the seller currency. Which isn't possible because 1 you aren't paying the seller, Silk Road is and 2 when you exchange btc there is no identifying information on the destination.
Bearing all of this in mind do I encrypt my address? Absolutely, but there is another way of anonyminity that consists of making sure that your SR packages, and online behavior in the clear shows standard patterns that are not suspicious. And always remember you use mtgox to learn how to daytrade with bitcoins so you can better understand how real stock trading works and you buy stuff online regularly in general.
My postal delivery woman a while back noticed I recieved LP's and so at one point I had a seller send something in an LP carrier with a crap record they got at the local salvation army and ship a decent quantity of product in it quite easily, When she dropped it off (the LP having come from germany) I told her, 'Oh wow this is great, it's an autographed LP I have been waiting for!' since she knew I recieved them regularly there was absolutely no suspicion of anything illicit.
It's all about illusion and how you are able to blend in your behaviors with normal patterns that people don't think twice about.
-
Hi. As you can tell from the title - I'm new. Long story short, I got carried away and bought a gram of MDMA before I realised/learnt how to use PGP to enter my address to give to the seller? I entered my true name and address raw and unencrypted into SR ( albeit trusted/reputable seller) .
Feel like a dickhead so please don't remind me!
Just wondering what the chances are of this actually ever coming back to haunt me? I've finalised the transaction and that's all sorted but I'm just pretty nervous.... i.e would the whole SR system have to be dissected/torn down by LE for this to surface? Should I never use this computer again to order off SR?
Ideally I'd like to delete my Mt Gox account as well once I've put all the bitcoins into SR.
Anyone?
Personal use order only and i'm sure you will be fine. As mentioned above, the risk is very small indeed. Please let us know how you go :)
-
You'll be fine.
-
I did the same thing out of silkroad.
I order a freesample with my real name and address. I was a little paranoid too, but the package arrived last Sunday and that's ok.
-
Thanks again everyone.
It all arrived very smoothly... 8 days from Germany to Australia.
All the best and long live Silk Road!!!
xoxx
End of line.......
-
Success! Leatherman, if you ever need some local Australian delivery... let us know ;)