Silk Road forums
Discussion => Security => Topic started by: kmfkewm on February 17, 2012, 10:28 am
-
So it has come to my attention that at least some countries use automated mail sorters that are capable of deciphering human written addresses. More importantly, some countries are starting to store databases of all mail routing information. I was told this by a very trusted source, although I am digging around for technical specs of mail sorters right now (love open source intelligence!). This is scary.
Let's say Alice buys a pack from Bob. Bob is known to ship from netherlands. Alice gets the pack with no interception. WOOT. Then Alice leaves feedback on Bob saying that she got her package. Next Alice orders from Carol. Carol ships from New York. Alice gets her package with no interception, and then leaves feedback on Carol.
The DEA is not happy. They want Alice to fuck off. So they query mail sorting records and look for everyone who got a package from Netherlands in X time frame around when Alice left a review for Bob, in addition to everyone who got a package from New York around the time frame that Alice left a review on Carol. Lots of people are probably in both of these crowds. Now they intersect these two crowds, and out pops Alices shipping address.
My source tells me that he is absolutely certain and knows for a fact that some nations have sorters that log this information. He is not sure about other countries.
edit: The person who told me this says it is unlikely that police agencies can (legally) gain access to this information, but that intelligence agencies certainly have access to it.
https://en.wikipedia.org/wiki/Optical_character_reader
http://www.toshiba.co.jp/sis/en/scd/postal/lsm.htm
edit II: hmm maybe police can legally gain access to this information....
https://ssd.eff.org/book/export/html/16
Postal mail. The mail that you send through the U.S. Postal Service is protected by the Fourth Amendment, and police have to get a warrant to open it in most cases.
If you’re using the U.S. Postal Service, send your package using First Class mail or above. Postal inspectors don’t need a search warrant to open discount (media) rate mail because it isn’t supposed to be used for personal correspondence.
Keep in mind that although you have privacy in the contents of your mail and packages, you don’t have any privacy in the "to" and "from" addresses printed on them. That means the police can ask the post office to report the name and address of every person you send mail to or receive mail from — this is called a "mail cover" — without getting a warrant. Mail covers are a low-tech form of "traffic analysis," which we’ll discuss in the section dealing with electronic surveillance.
You don’t have any privacy in what you write on a postcard, either. By not putting your correspondence in an envelope, you’ve knowingly exposed it, and the government can read it without a warrant.
www.cryptome.org/isp-spy/usps-spy.pdf
USPS mail cover procedure
edit III: In some countries only intelligence agencies can legally access mail routing information without a specific warrant (law enforcement can check routing information of certain people with a warrant, but they can not do blanket analysis of stored routing information), USA is *not* one of those countries (USA citizens have a right to privacy of mail contents, but not routing information....there is no law preventing police agencies from doing the attack mentioned in this post.)
edit V: Apparently it is against USPI procedures to use mail covers as an initial investigatory technique. I am not yet sure if this is protected by law or not, but from the EFF information it appears not to be.
Mail covers are issued only to agencies empowered by statute or regulation to conduct criminal
investigations and are strictly controlled to assure proper use. They are not to be used as an initial
investigative step.
1. Mail covers are not authorized for exploratory purposes or for crimes punishable by
less than one year imprisonment (misdemeanors).
-
Makes sense, reminds me of when I took algebra.
Though, the mail service has no way off knowing the person who left the review on NetherlandVendor and the person who left the review on NewYorkVendor are the same person. Last time I checked atleast, buyers names are not put on vendor reviews.
This means to find intersecting addresses, they would have to somehow find a way to identify the same buyer on multiple vendors from different countries, else they would have to run some sorting to identify millions of reviews, which is impracticable and is unlikely to even work.
Not to mention, most vendors in the states, don't have written on their profile the state they're shipping from.
There's to many anonymous variables for them to try to intersect and find buyers effectively.
With no way to pinpoint which buyer left which review, they're stuck trying to cross references sets of 2 reviews(out of millions of reviews), out of millions/billions of people. For all they know the reviews they may be trying to cross references may have been left by people outside of their country. It just is rather impossible for them to accurately pinpoint buyers, unless the buyers name are revealed. Without it they may be stuck trying to cross references two different buyer reviews out of billions of people, which would take hours to come back with results.
A metaphore to explain what I'm saying:
Think of it as picking 2 matching marbles, out of a bag with over 1 million pairs(2 million marbles) in it, 1 million different pairs. What are the chances of you picking out 2 matching marbles. With that, what are the chances, that after you find 2 matching marbles(which you cant see), are those matching marbles are going to match a marble that someone in your database has. This would take way to long to try to identify if someone else in your area of jurisdiction has these 2 marbles, and even if they do, it would be rather hard to pinpoint if this person is indeed who you are looking for. Maybe you did find a match but the system overlooked it, due to the inaccuracy of the time logs kept on vendor reviews.
I'm very confident their intersect thing wouldn't work because SR doesn't give out enough information about who left what review. To make these even more impossible to work, SR could dilute the recorded time left on vendor reviews. Say only the vendor could see the day that the review was left. After a week, a buyer looking at a vendors profile, could only see the general area of the month a review was left. This would make it nearly impossible to identify the time frame of reviews, let alone match them to other reviews.
-
here is current USA federal law regarding mail covers. It doesn't say anything about not using mail covers for exploratory purposes, so this is clearly just a USPI guideline and not actually enforced by law.
Title 39: Postal Service
CHAPTER I: UNITED STATES POSTAL SERVICE
SUBCHAPTER D: ORGANIZATION AND ADMINISTRATION
PART 233: INSPECTION SERVICE AUTHORITY
233.3 - Mail covers.
(a) Policy. The U.S. Postal Service maintains rigid control and supervision with respect to the use of mail covers as an investigative technique for law enforcement or the protection of national security.
(b) Scope. These regulations constitute the sole authority and procedure for initiating a mail cover, and for processing, using and disclosing information obtained from mail covers.
(c) Definitions. For purpose of these regulations, the following terms are hereby defined.
(1) Mail cover is the process by which a nonconsensual record is made of any data appearing on the outside cover of any sealed or unsealed class of mail matter, or by which a record is made of the contents of any unsealed class of mail matter as allowed by law, to obtain information in order to:
(i) Protect national security,
(ii) Locate a fugitive,
(iii) Obtain evidence of commission or attempted commission of a crime,
(iv) Obtain evidence of a violation or attempted violation of a postal statute, or
(v) Assist in the identification of property, proceeds or assets forfeitable under law.
(2) For the purposes of ? 233.3 record is a transcription, photograph, photocopy or any other facsimile of the image of the outside cover, envelope, wrapper, or contents of any class of mail.
(3) Sealed mail is mail which under postal laws and regulations is included within a class of mail maintained by the Postal Service for the transmission of letters sealed against inspection. Sealed mail includes: First-Class Mail; Priority Mail; Express Mail; Express Mail International; Global Express Guaranteed items containing only documents; Priority Mail International flat-rate envelopes and small flat-rate boxes; International Priority Airmail, except M-bags; International Surface Air Lift, except M-bags; First-Class Mail International; Global Bulk Economy, except M-bags; certain Global Direct mail as specified by customer contract; and International Transit Mail.
(4) Unsealed mail is mail which under postal laws or regulations is not included within a class of mail maintained by the Postal Service for the transmission of letters sealed against inspection. Unsealed mail includes: Periodicals; Standard Mail; Package Services; incidental First-Class Mail attachments and enclosures; Global Express Guaranteed items containing non-documents; Priority Mail International, except flat-rate envelopes and small flat-rate boxes; International Direct Sacks?M-bags; certain Global Direct mail as specified by customer contract; and all items sent via ?Free Matter for the Blind or Handicapped? under 39 U.S.C. 3403-06 and International Mail Manual 270.
(5) Fugitive is any person who has fled from the United States or any State, the District of Columbia, territory or possession of the United States, to avoid prosecution for a crime, to avoid punishment for a crime, or to avoid giving testimony in a criminal proceeding.
(6) Crime, for the purposes of this section, is any commission of an act or the attempted commission of an act that is punishable by law by imprisonment for a term exceeding one year.
(7) Postal statute refers to a statute describing criminal activity, regardless of the term of imprisonment, for which the Postal Service has investigative authority, or which is directed against the Postal Service, its operations, programs, or revenues.
(8) Law enforcement agency is any authority of the Federal Government or any authority of a State or local government, one of whose functions is to:
(i) Investigate the commission or attempted commission of acts constituting a crime, or
(ii) Protect the national security.
(9) Protection of the national security means to protect the United States from any of the following actual or potential threats to its security by a foreign power or its agents:
(i) An attack or other grave, hostile act;
(ii) Sabotage, or international terrorism; or
(iii) Clandestine intelligence activities, including commercial espionage.
(10) Emergency situation refers to circumstances which require the immediate release of information to prevent the loss of evidence or in which there is a potential for immediate physical harm to persons or property.
(d) Authorizations?Chief Postal Inspector. (1) The Chief Postal Inspector is the principal officer of the Postal Service in the administration of all matters governing mail covers. The Chief Postal Inspector may delegate any or all authority in this regard to not more than two designees at Inspection Service Headquarters.
(2) Except for national security mail covers, the Chief Postal Inspector may also delegate any or all authority to the Manager, Inspector Service Operations Support Group, and, for emergency situations, to Inspectors in Charge. The Manager, Inspection Service Operations Support Group, may delegate this authority to no more than two designees at each Operations Support Group.
(3) All such delegations of authority shall be issued through official, written directives. Except for delegations at Inspection Service Headquarters, such delegations shall only apply to the geographic areas served by the Manager, Inspection Service Operation Support Group, or designee.
(e) The Chief Postal Inspector, or his designee, may order mail covers under the following circumstances:
(1) When a written request is received from a postal inspector that states reason to believe a mail cover will produce evidence relating to the violation of a postal statute.
(2) When a written request is received from any law enforcement agency in which the requesting authority specifies the reasonable grounds to demonstrate the mail cover is necessary to:
(i) Protect the national security,
(ii) Locate a fugitive,
(iii) Obtain information regarding the commission or attempted commission of a crime, or
(iv) Assist in the identification of property, proceeds or assets forfeitable because of a violation of criminal law.
(3) When time is of the essence, the Chief Postal Inspector, or designee, may act upon an oral request to be confirmed by the requesting authority in writing within three calendar days. Information may be released by the Chief Postal Inspector or designee, prior to receipt of the written request, only when the releasing official is satisfied that an emergency situation exists.
(f)(1) Exceptions. A postal inspector, or a postal employee acting at the direction of a postal inspector, may record the information appearing on the envelope or outer wrapping, of mail without obtaining a mail cover order, only under the circumstances in paragraph (f)(2) of this section.
(2) The mail must be:
(i) Undelivered mail found abandoned or in the possession of a person reasonably believed to have stolen or embezzled such mail,
(ii) Damaged or rifled, undelivered mail, or
(iii) An immediate threat to persons or property.
(g) Limitations. (1) No person in the Postal Service except those employed for that purpose in dead-mail offices, may open, or inspect the contents of, or permit the opening or inspection of sealed mail without a federal search warrant, even though it may contain criminal or otherwise nonmailable matter, or furnish evidence of the commission of a crime, or the violation of a postal statute.
(2) No employee of the Postal Service shall open or inspect the contents of any unsealed mail, except for the purpose of determining:
(i) Payment of proper postage, or
(ii) Mailability.
(3) No mail cover shall include matter mailed between the mail cover subject and the subject's known attorney.
(4) No officer or employee of the Postal Service other than the Chief Postal Inspector, Manager, Inspection Service Operations Support Group, and their designees, are authorized to order mail covers. Under no circumstances may a postmaster or postal employee furnish information as defined in ? 233.3(c)(1) to any person, except as authorized by a mail cover order issued by the Chief Postal Inspector or designee, or as directed by a postal inspector under the circumstances described in ? 233.3(f).
(5) Except for mail covers ordered upon fugitives or subjects engaged, or suspected to be engaged, in any activity against the national security, no mail cover order shall remain in effect for more than 30 days, unless adequate justification is provided by the requesting authority. At the expiration of the mail cover order period, or prior thereto, the requesting authority may be granted additional 30-day periods under the same conditions and procedures applicable to the original request. The requesting authority must provide a statement of the investigative benefit of the mail cover and anticipated benefits to be derived from its extension.
(6) No mail cover shall remain in force longer than 120 continuous days unless personally approved for further extension by the Chief Postal Inspector or designees at National Headquarters.
(7) Except for fugitive cases, no mail cover shall remain in force when an information has been filed or the subject has been indicted for the matter for which the mail cover is requested. If the subject is under investigation for further criminal violations, or a mail cover is required to assist in the identification of property, proceeds or assets forfeitable because of a violation of criminal law, a new mail cover order must be requested consistent with these regulations.
(8) Any national security mail cover request must be approved personally by the head of the law enforcement agency requesting the cover or one designee at the agency's headquarters level. The head of the agency shall notify the Chief Postal Inspector in writing of such designation.
(h) Records. (1) All requests for mail covers, with records of action ordered thereon, and all reports issued pursuant thereto, shall be deemed within the custody of the Chief Postal Inspector. However, the physical storage of this data shall be at the discretion of the Chief Postal Inspector.
(2) If the Chief Postal Inspector, or his designee, determines a mail cover was improperly ordered, all data acquired while the cover was in force shall be destroyed, and the requesting authority notified of the discontinuance of the mail cover and the reasons therefor.
(3) Any data concerning mail covers shall be made available to any mail cover subject in any legal proceeding through appropriate discovery procedures.
(4) The retention period for files and records pertaining to mail covers shall be 8 years.
(i) Reporting to requesting authority. Once a mail cover has been duly ordered, authorization may be delegated to any employee in the Postal Inspection Service to transmit mail cover reports directly to the requesting authority.
(j) Review. (1) The Chief Postal Inspector, or his designee at Inspection Service Headquarters shall periodically review mail cover orders issued by the Manager, Inspection Service Operations Support Group or their designees to ensure compliance with these regulations and procedures.
(2) The Chief Postal Inspector shall select and appoint a designee to conduct a periodic review of national security mail cover orders.
(3) The Chief Postal Inspector's determination in all matters concerning mail covers shall be final and conclusive and not subject to further administrative review.
(k) Military postal system. Section 233.3 does not apply to the military postal system overseas or to persons performing military postal duties overseas. Information about regulations prescribed by the Department of Defense for the military postal system overseas may be obtained from the Department of Defense.
-
Even if those data points don't leak when reviews are left they could still do fingerprinting attacks and automatically flag mail to boxes that get mail to them that fits a profile consistent with drug trafficking...for example if an address frequently gets mail from multiple drug source states. There are probably very accurate algorithms that can take mail routing databases and use them to automatically come to a probability that the box is involved with drug trafficking.
Best way around this is using multiple fake ID boxes.
-
Honestly, I have a hard time believing that LEO would commit the types of resources and creativity you're describing here for the purposes of identifying purchases.
That's obviously an attitude that flies in the face of "security before all else", but for personal amounts I'm willing to risk exposure to advanced attacks such as what you describe.
But yeah, I've had this exact train of thought (mail sorting database that contains comprehensive records of who mailed who when), and for me the easier attack vector is something as simple as "Before 2011, this person never received any USPS packages from California, or from overseas. Since then, they have received dozens. Let's put intense scrutiny on their packages." But then I remember that the USPS can barely stay solvent and get the mail delivered on time, and I remember how many other priorities LEO and the USPS have, and I go back to watching TV.
-
The resources required for this attack are.....a laptop computer from Wal Mart for doing database queries (approx 200 billion entries per year for USPS) , an algorithm that needs to be made one time, and some input (which is apparently gathered in the normal course of mail sorting anyway, and trivial to store for future analysis, and apparently IS being stored for analysis by various countries). It would probably be more expensive for them to *not* do these sorts of attack, in terms of expense to bust ratio.
also intersection attacks are pretty much a law enforcement investigative primitive....so are correlation attacks and fingerprinting attacks.
also remember that just because an attack sounds advanced to you doesn't mean it is advanced. You have no investigative or intelligence training. Your grandma probably thinks that being able to use thunderbird is advanced computer skills, but to someone who has technical skill it is seen as pretty trivial.
-
https://www.siemens.com/press/en/presspicture/2012/infrastructure-cities/mobility-logistics/soicmol201201-01.htm
https://www.siemens.com/press/pool/de/pressebilder/2012/infrastructure-cities/mobility-logistics/300dpi/soicmol201201-01_300dpi.jpg
https://www.siemens.com/innovation/en/news/2011/speed-in-mail-handling-centers-less-hand-work.htm
-
The resources required for this attack are.....a laptop computer from Wal Mart for doing database queries (approx 200 billion entries per year for USPS) , an algorithm that needs to be made one time, and some input (which is apparently gathered in the normal course of mail sorting anyway, and trivial to store for future analysis, and apparently IS being stored for analysis by various countries). It would probably be more expensive for them to *not* do these sorts of attack, in terms of expense to bust ratio.
Have you forgotten the cost of investigation? The cost of prosecution? The cost of incarceration? Not just in terms of money, but also in terms of manpower. And don't forget the "opportunity cost" that comes from not having time to investigate/arrest/prosecute a "higher value" target.
You tend to only see security issues through the microscope of technology. You seem to completely ignore the most predictable aspect of law enforcement: they are never in shortage of somebody to investigate, arrest, and prosecute. What they are in shortage of, is hours in the day.
also intersection attacks are pretty much a law enforcement investigative primitive....so are correlation attacks and fingerprinting attacks.
To investigate somebody they suspect of a serious crime. Not to randomly look for people purchasing misdemeanor amounts of narcotics.
Good luck establishing probable cause based on a pattern of package deliveries. Poison fruit.
also remember that just because an attack sounds advanced to you doesn't mean it is advanced. You have no investigative or intelligence training. Your grandma probably thinks that being able to use thunderbird is advanced computer skills, but to someone who has technical skill it is seen as pretty trivial.
I didn't say it sounded "advanced" to me. Your incredibly condescending attitude is very irritating. Don't put words in my mouth. Don't assume you know what I know.
Based on the way you behave...be honest with us. You're on the spectrum right?
-
Have you forgotten the cost of investigation? The cost of prosecution? The cost of incarceration? Not just in terms of money, but also in terms of manpower. And don't forget the "opportunity cost" that comes from not having time to investigate/arrest/prosecute a "higher value" target.
Have you forgotten that law enforcement agents don't give a fuck about the cost of incarceration because they are paid with stolen tax dollars? Have you forgotten that jails have ~%80 people arrested for personal use possession amounts of drugs and ~20% arrested for distribution offences? Seriously it amazes me that nobody gave me the memo that personal use of all drugs has been legalized in the USA, stupid me thought it was still against the law but obviously I just didn't get the "Member of silk road" memo that all drugs have been entirely decriminalized for personal use. Fuck I guess I should go through my spam filter, did you get the memo via E-mail?
You tend to only see security issues through the microscope of technology. You seem to completely ignore the most predictable aspect of law enforcement: they are never in shortage of somebody to investigate, arrest, and prosecute. What they are in shortage of, is hours in the day.
Yes law enforcement have limited resources. That is why they use intelligence to narrow in on the areas in which they should focus. According to your (completely retarded) theory, law enforcement wont do these "advanced" attacks because they require "too many resources" (a laptop computer, information that is already being logged and stored for analysis), and instead will do, I assume, more basic attacks (like randomly profile mail?). However, a non retarded person will quickly realize that if law enforcement waste their resources primarily focusing on things with low return (like random mail profiling) they will have less arrests than if they use intelligence to know where to focus their resources (automatically flagging boxes that fit a profile of drug trafficking, determining boxes that fit this profile based off of mail traffic analysis, for example). Now they can focus on packages to these boxes and lo and behold their interception rates are going to significantly rise! Wow, they spent resources in a smart way and got a big return, instead of spending resources in a retarded way (your way) and getting a shit return. God damn !
To investigate somebody they suspect of a serious crime. Not to randomly look for people purchasing misdemeanor amounts of narcotics.
There is nothing random about narrowing in on evidence via intelligence, in fact it is pretty much standard procedure.
Good luck establishing probable cause based on a pattern of package deliveries. Poison fruit.
Good luck learning the difference between evidence and intelligence, I know it is a hard distinction for simple minded people to grasp but keep at it maybe one day it will click for you. Here is a hint, intelligence narrows in on evidence so limited resources can be focused on areas where they get a high return, rather than applied randomly and getting shit returns. Intelligence is not evidence.
I didn't say it sounded "advanced" to me. Your incredibly condescending attitude is very irritating. Don't put words in my mouth. Don't assume you know what I know.
here let me refresh your memory for you:
I'm willing to risk exposure to advanced attacks such as what you describe.
-
Ok, now that I know what I'm dealing with, and understand that to you, winning the argument is more important than being in line with reality, I realize that debating with you is pointless. So I'll offer a few more words, but I really don't want to get into a TLDR back and forth with you.
We're talking right past each other. You're describing theories, I'm describing reality. You work with computers all day. I work with people, often law enforcement and other government officials, sometimes even in the intelligence community. I know how to read people, and I listen. Two very important skills in my line of work.
You seemingly have no understanding of jurisdiction, or of how little information is properly shared between government entities. And given how much case law you seem to research, it blows my mind that you haven't noticed how unsophisticated the "attacks" were in uncovering people who have been busted receiving narcotics in the mail (and how few of them involved USPS compared to private delivery, etc). You also haven't demonstrated that the postal service will do anything other than confiscate and destroy small amounts, and in fact the opposite seems to be the case (that the policy for small amounts is confiscation and destruction).
You can never have perfect security. You should however have an appropriate amount of security for the risk you're exposed to.
And that's where people like yourself fall into the deep end. The concept of "appropriate amount" is too nebulous for you. So you take things to logical extremes.
What would happen when the New York Post finds out the USPS and the FBI are working together to profile every piece of mail being sent in this country, for the purposes of prosecuting misdemeanors?
Clearly you don't understand how the system works. Us powerful white people like to have our drugs. However, we have to pander to the powerful white people who don't like drugs, so we arrest minorities who do stupid shit and get busted. Whenever a powerful white person gets busted for drugs, it's because he screwed with the wrong person, not because the postal service is doing intersection attacks. If we find out somebody is starting to go after affluent white people who discretely get their drugs and commit no other crimes, you can be damn sure that effort will mysteriously go away. Get it?
Probably not.
-
Heh, quite sly of you to remove your admission of autism.
-
I actually said that if you subtract the (positive) difference between my IQ and average from an average IQ that the resulting IQ would be mentally retarded, and pointed out that you obviously are not (any helpful sort of...) autistic since you couldn't even keep in your memory something that you had just previously said (the attack being advanced), but I decided that it was kind of mean (and entirely pointless) so I deleted it.
Anyway sorry for trying to be helpful, hope that your cognitive dissonance keeps you feeling safe, hopefully people who are not retarded can understand this attack and how simple it is to implement, an take the proper counter measures. I will read your last reply later have better shit to do right now. These academic research papers are not going to read themselves :).
edit: ah fuck it I can't help but respond to your retardation.
sometimes even in the intelligence community.
I talk with people in the intelligence community on a regular basis
What would happen when the New York Post finds out the USPS and the FBI are working together to profile every piece of mail being sent in this country, for the purposes of prosecuting misdemeanors?
Getting drugs in the mail is generally a felony. Actually, since it is always a federal crime I think it is always a felony. Hm, seems a felony is anything punishable by one year or more in prison. Hm the least scheduled drugs are punishable by up to one year in prison for getting them in the mail, so it is even a felony to get them via mail. Of course if they decide to prosecute or not is entirely up to them, and you are probably going to get a love letter for Xanax (although on the books you can get up to five years in prison for getting a single xanax tab shipped to you). Still you are retarded if you think getting drugs via mail is a misdemeanor offence. And my guess is if that does happen, people will cheer the law enforcement community and say if you have nothing to hide you have nothing to worry about, that seems to be the general theme.
There are local police agencies in USA using lisence plate scanners that keep real time positioning logs of all vehicles in certain cities for traffic analysis. Local police use logs from these to locate burglary suspects (via crowd intersection attacks!!!), find stolen cars, etc. I don't see people throwing fits about this, or even being aware about it in general, despite the fact that it has been reported on to a limited extent. Of course in your mind....this is technology that local police would never use for finding small time criminals. Because you participate in cognitive dissonance to make yourself feel safer than you are.
Ok, now that I know what I'm dealing with, and understand that to you, winning the argument is more important than being in line with reality, I realize that debating with you is pointless. So I'offer a few more words, but I really don't want to get into a TLDR back and forth with you.
Shit don't tell me to not put words in your mouth if you are going to take them out of my head!
We're talking right past each other. You're describing theories, I'm describing reality. You work with computers all day. I work with people, often law enforcement and other government officials, sometimes even in the intelligence community. I know how to read people, and I listen. Two very important skills in my line of work.
I am describing....attack scenarios? You are describing....a bunch of bullshit? I am sure you are a great politician :)
You seemingly have no understanding of jurisdiction, or of how little information is properly shared between government entities. And given how much case law you seem to research, it blows my mind that you haven't noticed how unsophisticated the "attacks" were in uncovering people who have been busted receiving narcotics in the mail (and how few of them involved USPS compared to private delivery, etc). You also haven't demonstrated that the postal service will do anything other than confiscate and destroy small amounts, and in fact the opposite seems to be the case (that the policy for small amounts is confiscation and destruction).
Pretty sure that feds have full jurisdiction over the entire country.....I am fully aware that jurisdictional issues are a major hurdle that LE have tremendous trouble to overcome, but in many cases they are starting to overcome these hurdles. Plus feds are feds. Most of the attacks say that an interception happened, but not how the interception happened. They try to keep intelligence gathering methods pretty low key so people don't try to counter them. For schedule IV and V drugs confiscation of small amounts generally doesn't lead to anything more than a love letter, but for schedule I drugs you can generally expect to get fuxxed. Anyway show me any proof that it is their standard procedure to destroy personal use amounts of drugs. Like I said I missed the memo legalized personal use amounts of all recreational drugs in USA that you seem to have gotten.
Clearly you don't understand how the system works. Us powerful white people like to have our drugs. However, we have to pander to the powerful white people who don't like drugs, so we arrest minorities who do stupid shit and get busted. Whenever a powerful white person gets busted for drugs, it's because he screwed with the wrong person, not because the postal service is doing intersection attacks. If we find out somebody is starting to go after affluent white people who discretely get their drugs and commit no other crimes, you can be damn sure that effort will mysteriously go away. Get it?
Why are so many of my affluent white friends going to prison for small drug charges then? Is it because they didn't get them shipped via the mail (which makes it a more serious crime)?
-
What would happen when the New York Post finds out the USPS and the FBI are working together to profile every piece of mail being sent in this country, for the purposes of prosecuting misdemeanors?
You mean they aren't? As far as I care, every damn agency in the USA will do whatever they please, as history has shown us.
-
Yo... kmfkewm bring the best public forum ever back online... I'd love to not have to use SR anymore. It is fucking bullshit compared to the wonderful community that once was. Bring it back, do it. At least just put it up for a week like you once said so we can archive the priceless information :'(
-
I am currently programming a fully decentralized market interface that has forum like features :)
that a single person / server admin will not be able to take down due to redundancy :)
with a lot of security and useability features. Give me a year to finish it
-
Why are so many of my affluent white friends going to prison for small drug charges then? Is it because they didn't get them shipped via the mail (which makes it a more serious crime)?
I guess they don't have the right friends and connections?
Nearly everybody I know in my life does drugs on some level or another. I don't know anybody who has done time for drugs.
My anecdote trumps your anecdote!
You know what I love about autistic people? How easy it is to push their buttons.
-
I am currently programming a fully decentralized market interface that has forum like features :)
that a single person / server admin will not be able to take down due to redundancy :)
with a lot of security and useability features. Give me a year to finish it
I heard a rumor about this. But damn, a year. Bring back the good shit for us, at least as an archive :'(
-
Why are so many of my affluent white friends going to prison for small drug charges then? Is it because they didn't get them shipped via the mail (which makes it a more serious crime)?
I guess they don't have the right friends and connections?
Nearly everybody I know in my life does drugs on some level or another. I don't know anybody who has done time for drugs.
My anecdote trumps your anecdote!
You know what I love about autistic people? How easy it is to push their buttons.
Is insulting me making it easier for you to cling to your cognitive dissonance?
-
Is insulting me making it easier for you to cling to your cognitive dissonance?
What is the cognitive dissonance that you think I'm suffering from?
My point of view is entirely consistent. I pointed out that I am comfortable with not having "perfect" security. Anybody who thinks their security is perfect is a fool. Therefore, everybody must be willing to accept some amount of insecurity. The amount of insecurity I am risking is acceptable given the penalty I would be dealing with. Am I accepting more insecurity than somebody else? It's debatable if the exposure from fake IDs and PO boxes trumps the potential exposure of intersection attacks.
You clearly think I'm somebody who believes that I can't ever get caught. That's not what I'm saying at all. I'm saying that if I get caught, I already know I won't have any consequences. And even still, I take appropriate precautions.
With all the idiots running around this place, there will be plenty of canaries in the mine.
-
I am currently programming a fully decentralized market interface that has forum like features :)
that a single person / server admin will not be able to take down due to redundancy :)
with a lot of security and useability features. Give me a year to finish it
kmfkewm, would it be possible to develop such a thing by outsourcing it? I'm not sure how far along your project is, so this may or may not make sense. I don't mean giving the project to somebody else, I mean giving a small piece of the project to develop to some software house or members of the open source community. Then collecting all the little pieces and integrating it into something nice i.e. you'd be less programmer and more project lead. Division of labour etc. And you could specify the requirements to be as detailed as you like.
See, no matter how talented a programmer one might be, there are serious time/financial constraints on an individual that don't exist for the DEA. So it seems to me, that if you want to get 'to the next level', you've got to start organizing capital, financial and human to achieve more complex objectives. Being able to develop such systems would put us permanently ahead of LEO, it'd be a real game changer in this arms race.
As for where the capital might come from, I think it would be relatively easy for a group of sellers including myself to create rounds of funding for each piece of the project, in small blocks of say 10k. There could be different types of funding structures, so that the basic skeleton of the system is mandatory to fund, whereas features that the sellers would want could be more of an optional thing, and this way you've some customer feedback on the constraints of the system.
It's a rather large idea I frankly don't right now the time or money to pursue since I've so many other projects on, I'm sure you're in a similar situation, but I think we'll be talking about this again in the future, it's the kind of issue that has a recurring tendency to pop up. It always amazes me how financial capital has the potential to turn ideas into realities, and it always impressed me how Linus built his kernel by coordinating the activities of dozens of other programmers he'd never even met.
Anyway, food for thought. I'd prefer to fully commit to some R&D program like this and start talking dates, times and dollars but realistically I think I'd only be ready for something like this next year (one must also eat after all!).
-
kmfkewm
What you are describing, the type of systems and algorithms, may sound simple in theory, but will require a massive amount of computing power. Not to mention, they couldn't be completely accurate. They can't just go off of, who recieves packages from drug states.... Every state in the country more than likely recieves thousands of packages from every other state in the country every day. There is so much mail in the system. They can't profile just on state-state.
And as far as profiling packages on how they look.... that's pretty hard for a vendor who knows what they're doing. Anyone vendor who knows what they're doing will package it like the millions of other legit mail parcels in the mail system.
As far as tracking this stuff based on when the feedback was left, there are way too many probability and chance of false results coming up. They may narrow the results to a few thousand or few hundred packages... but understand this. There are so many packages in the mail system. They do not have the time, resources, or man power, or will for that matter, to 'redflag' all of these possible suspects, because that would mean checkings hundreds or possibly thousands of packages all over the country.
Not to mention, checking a single package isn't the quickest thing. For a dog to pinpoint a package, it can take up to a minute. They don't have the time to have a dog check and recheck multiple packages over and over again that they suspect. This would put a MAJOR slow down in the mail system, and would cost way way to much to hire the additional man power to do it.
The only thing they can reliably go off of, is hoping stupid criminals package their drugs in stupid ways so they can profile the exterior.
You must realize the steps required, the time required, the man power, and cost required, to effectively utilize a system as you describe. Even if they do use this algorithm, to pin point people POSSIBLY recieving drugs, based on the states they recieve from(still an incredibly inaccurate way to track it as packages are recieved everywhere from everywhere everyday)... they would need 10-100 dogs, and trained handlers for those dogs are each mail hub in the country, since it takes so long for a dog to pinpoint a drug package from a legit one.. this is because they have to lay multiple legit packages next to suspect ones and allow the dogs to sniff it over and over again before they can get a warrant.
It's completely unrealistic for them to go to this length as it would cost WAY WAY too much funding. The only reliable and affordable method they have presently to stop drug traffickers in the mail are by teaching mail sorters to spot suspicious packages from idiotic criminals.
Dogs are NOT masterful. Nearly every dollar in the US has cocaine residue on it. Meaning so do a lot of peoples hands, and so do a lot of peoples packages. They can't just sniff each and every package, as it goes down the line, not only is the dog not a supercomputer speed worker, but the dog would go off on 90% of the packages in the system. The way they use a dog to pinpoint drug packages is in comparison to other legit packages, trying to pinpoint the one with the strongest odor.
Your idea would be an effective solution to the drugs in mail problem, only if the united states put forth massive amounts of employees, trained dogs, trained handlers, at every hub in the country. It takes a lot time to effectively train a drug dog. This being said, this task would require way too much effort and way too much funding and would massively slow down the mailing system. A slowed down mailing system would adversely effect the economy and this is something we can't afford now.
It's incredibly unlikely they would ever implement something like this. It's a simple solution. But remember there are a lot of simple solutions the government could do, but they all have cost.... money, time, effort, manpower, invasion of privacy, etc. If the government jumped on every solution they had to every problem and ignored all of those above concerns, the US would be the worst country on the planet, highly regulated, with very little freedom.
-
The truth likely lies between these two points of view on Security. On one hand I agree with Tommyhawk that LEO is likely to be ultimately compromised by A: the Numbers and B: their own Politics, but I also agree with kmfkewm in thinking that governments have also been known to take extreme measures without relationship to economy. Putting tracking dots on practically every single sheet of printed A4 is seriously, seriously over the top, yet it has already been done, and as far back as 2001 too. Because the Silk Road appears like such an anomaly, it will be the focus of much political capital and subject to disproportionate attack vectors that would probably impinge more on the freedoms of civilians than ourselves.
We are effectively waiting for LEO to make the next move, fairly soon I would imagine our conjectures will become realized. It would not surprise me if secret Congress hearings are being held last year or this year. Wiser heads have probably told the senator to shut the fuck up, since more media attention will make the Silk Road mushroom in size (haha! Mushroom... I'm so funny). Surprisingly, I don't think the same has occurred in the UK since it is clear that a D notice has not yet been issued on the Silk Road if the BBC can explicitly mention it in their Five Live interviews. Possibly the British are either playing a different game, they are taking a lazare faire approach (as a devil's advocate I would argue this is the best policy for a nation state, i.e. containment rather than control, there is actually a place where LEO and the Silk Road's objectives meet in some ways e.g. the reduction of violence on the streets since less enforcers are required).
-
If it were not for trying to outsource it multiple times in the first place, it would probably be done by now and it would also have cost a lot less money. The people who have offered to do it for pay so far all entirely lack the skill required. Best bet to do it right is to do it myself imo, and stop wasting money on people who don't know how to do what is requested.
-
What you are describing, the type of systems and algorithms, may sound simple in theory, but will require a massive amount of computing power.
No they wont. There are 200 billion pieces of mail through USPS every year. I ask a database management specialist how hard it would be to query that database looking for an address that got package from X location in Y time and also from Z location in T time. He said that an entry level laptop computer could return the list of addresses that fit this pattern in less than a day, a powerful network cluster could return results like this without even justification of a coffee break.
Not to mention, they couldn't be completely accurate. They can't just go off of, who recieves packages from drug states.... Every state in the country more than likely recieves thousands of packages from every other state in the country every day. There is so much mail in the system. They can't profile just on state-state.
Sure but I am also certain that there are fingerprints that stick out as worthy of further investigation. Assholeoutlaw pointed out one I had not thought of, profiling for addresses that only started getting a lot of mail / international packs after SR launched. There are probably a lot of interesting patterns that can be searched for, and to search a total of 200 billion entries for such patterns would require a trivial amount of computing power.
And as far as profiling packages on how they look.... that's pretty hard for a vendor who knows what they're doing. Anyone vendor who knows what they're doing will package it like the millions of other legit mail parcels in the mail system.
Well they do profile mail based on how it looks all the time,but yeah smart vendors use good packaging that doesn't stick out. This thread is more about traffic analysis though, it is interested in patterns in routing data nothing else.
As far as tracking this stuff based on when the feedback was left, there are way too many probability and chance of false results coming up. They may narrow the results to a few thousand or few hundred packages... but understand this. There are so many packages in the mail system. They do not have the time, resources, or man power, or will for that matter, to 'redflag' all of these possible suspects, because that would mean checkings hundreds or possibly thousands of packages all over the country.
The point I made in the original post is that all of this address routing information is potentially being stored already. In some countries *every single routing address: return address, to address, date sent* is recorded by the machine that sorts the mail. It is entirely possible for this to happen in USA as well and probably already is happening since the technology to do it is integrated into a lot of mail sorting technology and it isn't illegal for the feds to access such databases of routing information. USPS sends 200 billion packages a year about, searching a database of 200 billion entries for patterns is not computationally expensive. There is no man power involved, it is all computing power.
Also you are not understanding how an intersection attack works. At any given time there are probably tens or hundreds of thousands of packages in route from location X. At any given time there are probably tens or hundreds of thousands of packages in route from location Z. But during those two time frames, there is probably not much cross contamination. If you know someone has a pack from location X coming to them in a certain time frame, and know this same person then has a pack from location Y coming to them in a different time frame, you can query the database for everyone who had packs from location X in this time frame and from location Z in this time frame. Then you intersect the crowds and remove addresses that are not in both of them. The resulting crowd is not likely going to be very large, and every single additional query that you add is going to likely reduce it by a lot.
Not to mention, checking a single package isn't the quickest thing. For a dog to pinpoint a package, it can take up to a minute. They don't have the time to have a dog check and recheck multiple packages over and over again that they suspect. This would put a MAJOR slow down in the mail system, and would cost way way to much to hire the additional man power to do it.
You are not understanding the attack. The attack identifies a pseudonyms real identity, at which point that persons mail can be more closely screened. The attack is not "Okay we know this person ordered a package from roughly X location, let's scan all packs from X location looking for drugs!". It is "We know this pseudonym ordered from X location in this time frame and Y location in this time frame, according to mail logs only this shipping address falls into this pattern, so this pseudonym is tied to this shipping address". That is how the intersection attack works anyway, the fingerprinting attack works more like "This address gets a lot of packages from netherlands and california, lets automatically flag it".
The only thing they can reliably go off of, is hoping stupid criminals package their drugs in stupid ways so they can profile the exterior.
I think traffic analysis will be pretty effective personally.
You must realize the steps required, the time required, the man power, and cost required, to effectively utilize a system as you describe. Even if they do use this algorithm, to pin point people POSSIBLY recieving drugs, based on the states they recieve from(still an incredibly inaccurate way to track it as packages are recieved everywhere from everywhere everyday)... they would need 10-100 dogs, and trained handlers for those dogs are each mail hub in the country, since it takes so long for a dog to pinpoint a drug package from a legit one.. this is because they have to lay multiple legit packages next to suspect ones and allow the dogs to sniff it over and over again before they can get a warrant.
Well we should assume the USA already is storing all routing information of all mail that passes through it, since it is technically possible to do with mail sorting equipment that is already on the market and since other countries are known to be doing this. We can also assume that such an algorithm exists, I mean it is really just a basic intersection attack it exists to be targeted at E-mail and other internet communications, "porting" that to work against real mail would be trivial. Also they would be identifying the shipping address that is likely tied to drug trafficking, so they could just have the dog smell packages when they make it to the post office that delivers it to the target. That would make it pretty simple. You also need to keep in mind that if they do this they will probably start intercepting a lot more packs than if they just have drug dogs randomly smell mail.
It's completely unrealistic for them to go to this length as it would cost WAY WAY too much funding. The only reliable and affordable method they have presently to stop drug traffickers in the mail are by teaching mail sorters to spot suspicious packages from idiotic criminals.
They apparently already have most of what is required to be doing this.
Your idea would be an effective solution to the drugs in mail problem, only if the united states put forth massive amounts of employees, trained dogs, trained handlers, at every hub in the country. It takes a lot time to effectively train a drug dog. This being said, this task would require way too much effort and way too much funding and would massively slow down the mailing system. A slowed down mailing system would adversely effect the economy and this is something we can't afford now.
You have kind of lost me at this point but it seems you entirely misunderstood how this attack works :(. The information needed to perform these attacks is ALREADY probably being recorded and stored in USA, it is in use in other countries.
It's incredibly unlikely they would ever implement something like this. It's a simple solution. But remember there are a lot of simple solutions the government could do, but they all have cost.... money, time, effort, manpower, invasion of privacy, etc. If the government jumped on every solution they had to every problem and ignored all of those above concerns, the US would be the worst country on the planet, highly regulated, with very little freedom.
The USA is a shitty highly regulated country with very little freedom....we are using the same technology that Chinese and Iranian dissidents use, so that we can avoid being thrown into re-education camps and prisons....sorry if you were brainwashed into thinking you are free. You are free to do what the state tells you you can do. The only reason average Americans think that people in China are not free is because the Chinese State says that Chinese citizens can't do things that the American State doesn't say American Citizens can't do.
-
Yo... kmfkewm bring the best public forum ever back online... I'd love to not have to use SR anymore. It is fucking bullshit compared to the wonderful community that once was. Bring it back, do it. At least just put it up for a week like you once said so we can archive the priceless information :'(
This guy has been posting alot and alot of people also have said he acted in ways like a LE may act. I dont know I dont have any experiences with him. Does anyone know if this is true or not? PM me if ya want!
-
This research seems to confirm my growing belief that the most effective way to participate in this sort of system is if you're living a nomadic lifestyle. This would especially be true of vendors. Consider if you had a trusted partner, bulk access to drugs, an RV, a small plane, and no geographically concentrated obligations. Never stay in a single location you're operating from for more than a couple weeks. Live in the RV and rent an office for a couple weeks in whatever new city you're in to do order prep. Fly the drugs from place to place to minimize the risk of random traffic stops (general aviation is surprisingly unregulated). Set up shop, use random wifi on a disposable device, ship heaps of orders, destroy the wifi device and then bounce. Take a couple week vaca before the next round :) . You'd need a solid way to launder BTC -- but tell me that wouldn't be a ballin lifestyle that wouldn't keep you awake at night wondering about geographic profiling...
-
If it were not for trying to outsource it multiple times in the first place, it would probably be done by now and it would also have cost a lot less money. The people who have offered to do it for pay so far all entirely lack the skill required. Best bet to do it right is to do it myself imo, and stop wasting money on people who don't know how to do what is requested.
I'm referring to going to the middleware software industry, not our friends at the Silk Road or OVDB. Just give each software house in different jurisdictions that speak different languages a few classes each to complete. They don't know how it all fits together in the end or for whom the product is intended. Then you get the product back and analyze it for fulfillment of the requirements. If it doesn't do the job, we don't have to pay for it (albeit we'd pay good money for good work, since we want "Yes Sir, No Sir, 3 Bags Full Sir" and not 20 questions.
I'm sure you're a good programmer kmfkewm, and I also know the difference between a bad programmer, a good programmer and a great programmer can literally be 2 orders of magnitude, but there's a limit to how many hours there are in a day and so there's an upper limit on how productive one individual can be. That's all I'm saying. It's much much faster to read code, than it is to write it.
Take GUI interface coding as an example, it's something that can take a considerable amount of time, and it isn't the most useful use of your time even though it's important to have a good one. Most programmers can code a good GUI.
Just think about the idea for a while, don't dismiss it completely just yet. (:
-
Thought of a way to do an attack with out pseudonym data, just with reviews, mail routing information, and general knowledge of where the vendor ships from (let's assume that the vendor probably ships from within a 240 mile radius). This one might actually be infeasible though :P.
If the attacker assumes that the customer leaves a review within a week of when they get an order from a vendor who ships from a known general location (~240 mile radius), they can do this:
Who all was sent and received a package sent from within this ~240 mile radius within a week prior to when a review was left? Add all of these addresses to a "potential suspect - low certainty" crowd. Do this for every single review that is left. Take all resulting "potential suspect - low certainty" crowds, and look for addresses that appear multiple times. The more times an address appears in a "potential suspect - low certainty" crowd, the more likely that person is getting drugs from SR.
Without having access to the database of mail routing information it is impossible to see how much noise there would actually be. If a vendor is shipping from the middle of fucking no where there probably isn't that much outgoing mail though (meaning that the potential suspect crowd related to that order could be pretty low number). Not sure how many non drug users would appear in a significant number of potential suspect crowds though...probably a lot though (a lot of people probably get mail from New York City in the week prior to you leaving a review on the vendor who just sent you a pack from NYC). I guess it would probably actually be better to assign a "suspect potential" score based on the total crowd size. For example, if you are one out of five thousand people who got a package from the middle of fucking no where in a week prior to leaving your review, you could get 10 potential suspect points for that, where as if you are one of the five million people who got a package from New York City in the one week time span prior to you leaving a review, you only get .05 suspect points.
Over time, shipping addresses with higher amount of suspect points would be more likely to be tied to people leaving reviews on SR.
Disclaimer: this attack variant is largely mental masturbation on my part, I am not quite sure it is infeasible but it is certainly a lot less likely to be useful than the other mentioned attacks ;).
Of course if the attacker can also get a list of all Tor client IP addresses (by monitoring directory authority servers....easy if you do not have a bridge) and corresponding customer registration addresses (from ISPs)....they could intersect the list of "potential suspect" shipping addresses with the list of Tor user addresses and probably deanonymize everyone who leaves a single review. (Alice is the only Tor user in this crowd of 10 million shipping addresses that potentially got an order from this vendor).
Let's hope only intelligence agencies have access to both databases. I wouldn't be surprised if LE have access to both, but I am not sure if they can translate every Tor client IP address into a customer address in a dragnet fashion (of course they can ask an ISP for the customer address of X tor IP address...but if they can ask for all Tor client IP addresses corresponding customer registration address and keep a big database, is another question).
-
This research seems to confirm my growing belief that the most effective way to participate in this sort of system is if you're living a nomadic lifestyle. This would especially be true of vendors. Consider if you had a trusted partner, bulk access to drugs, an RV, a small plane, and no geographically concentrated obligations. Never stay in a single location you're operating from for more than a couple weeks. Live in the RV and rent an office for a couple weeks in whatever new city you're in to do order prep. Fly the drugs from place to place to minimize the risk of random traffic stops (general aviation is surprisingly unregulated). Set up shop, use random wifi on a disposable device, ship heaps of orders, destroy the wifi device and then bounce. Take a couple week vaca before the next round :) . You'd need a solid way to launder BTC -- but tell me that wouldn't be a ballin lifestyle that wouldn't keep you awake at night wondering about geographic profiling...
then I would stay awake at night worrying that I would leave a pattern in license plate scanning databases or cellular geopositioning databases that could be correlated with my pattern of shipping. Des used to use RV and travel around USA. FBI still managed to find her location some how. She used complete SHIT security though, so isn't that good of an example. They probably just triangulated her phone, she gave many of her customers her phone number lol.
-
kmfkewm, your devil's advocate attack seems to target buyers more than sellers.
Wouldn't it just be easier to attack by the barcode?
Each package of size > envelope has a barcode. Barcodes are intended to be scanned by the millions. So, if you adopt a unique barcode per box of packages, then you have a lead on the majority of sellers.
All you need to do is:
Ensure the major suppliers of packaging pass on their barcode IDs to you. e.g. for each box, and then acquire packages from all the vendors on the Silk Road. Then you can make more specific requests of the suppliers for the shop where the box was purchased or the IP address of the buyer. Sooner or later, you'll have the financial details of each seller unless they used prepaid cards/cash for the boxes, and even then you have their geographical location + potential CCTV stills or an IP addresss if they bought them online.
I mean, I don't think this is that likely, but it's possible.
Also; Re the RV situation, I'd say wandering about in a densely populated city is far safer on many levels.
-
I don't see what all the hoopla over the tread is for. KMFKEWM is pointing on methods the could easily be implemented by LEO. I have not researched it extensively, but it seem to be pretty possible. The main way to guard against this type of analysis is multiple drop locations (none of which you store your drug at). This, IMHO, seems to be the cornerstone for whatever physical security you should have.
-
I am currently programming a fully decentralized market interface that has forum like features :)
that a single person / server admin will not be able to take down due to redundancy :)
with a lot of security and useability features. Give me a year to finish it
Will this code be open for review at any point? I'm sure you've got skills, but if you're doing this all on your own, what's to say that just because you're the one doing it that it's going to be any more or less secure than anything currently out there? At least Tor has had researchers from around the world poking at it over the last several years.
And yes, I know the code that runs SR is closed-source, too, and I have no idea who has seen it, whether or not it's been audited in any way, or anything of that sort, and that *absolutely* means that I have less trust in it than if I had the opportunity to look at the code and the system configurations. Unfortunately, I don't have such an opportunity and never will, so my (in)security or lack thereof is all on me. It would be nice to see a system where that wasn't entirely the case.
-
Kmfkewm! Halp! Halp your fellow forumite creatures!
I'm sure you had your reasons for choosing kmfkewm as a handle, but is there some shorthand we can use to refer to you?
A nickname! Or abbreviation! Anything, god, please :D
I'm reduced to thinking of your name as 'k-whiff-m' in my head to date, or K-M-F-KEW-M when I am concentrating and then copypasting the handle since spelling it is almost impossible to remember with at least five syllables -.-
-
I always thought his handle was a riff on KMFDM. I've been trying to figure out what the KEWM has stood for ever since.
-
kmfkewm is the result of my pounding on my keyboard. I didn't actually plan to stick around here as much as I have or I might have picked a better name. Now I have come to think of it as K.M.F. Kew-meh
-
- so this is my thinking with regards to the punched hole in jiffy bags coming from NL, moral of the story is imoa is it doesn't have to be opened to be inspected or
for a quick peek.
- with the database growing for tracking and trend analysis plus anything learned from the above = good intel.
???