Silk Road forums
Discussion => Security => Topic started by: kmfkewm on May 02, 2012, 06:10 am
-
That sucks if it is the case. You need to find a way to be anonymous when you buy and sell bitcoins. There is absolutely no point in using anonymous cash in methods if you connect to the exchanger from your real IP address. Buy a private VPS anonymously and connect to it via Tor, then use the VPS for exchanger stuff. Or find an exchanger that doesn't lock accounts that they see proxies connecting to. At the very least use open WiFi from a random location when dealing with them.
-
I agree. If you use get-bitcoin.com from behind Tor. Have the BTC sent to an instawallet. Use a Tor-friendly email (hushmail works fine for this), and remove exif data from the image you send of your BoA deposit receipt. Very, very secure.
-
We badly require a book, SR for Dummies or something.
In general, there's a bizarre combination of paranoia and laxity. Too much focus on tech security and not enough on the human element.
Here's a non-exhaustive list of 10 peculiar things I've seen. Check it for your sins...
1. Many people are actually using the same handles or avatars on the clearweb. I couldn't believe it. Including some of the most paranoid people on here. Without using a single 'hack', I could easily ID 25% - 50% of the people on here. No, that's not me boasting, that's you being insecure.
2. Too lazy to use PGP encryption.
3. Mentioning they were at specific locations and dates, or worst yet, that you will be in the future.
4. Using colloquial slang.
5. Mentioning specific clearweb sites that they have accounts on.
6. Indirectly or directly referring to the time. e.g. This afternoon I... etc
7. Mentioning you're going to purchase, or have purchased, certain items from Ebay or Amazon.
8. Imagining that using Tor doesn't influence how banks, exchanges, email providers and others could profile you. You use Tor to access proxies which are ideally private and located in your geographical region. Unless you think it's not weird for your bank to see you're accessing your account from Bermuda, and then Belize ten minutes later. See: "I have my rights" section below ->
9. Mentioning your jobs past, present or future, and people you know.
10. Mentioning any government controlled data relevant to your person. e.g. prescription drugs you've taken, when and for how long, how long you've been unemployed, your crazy bitch ex-wife, how much tax you paid, and unbelievably: that you have a criminal record etc.
Some General Rules:
Never, never believe that just because something is legal, that means that it can't be used against you in some way. Enough with this "I have my rights" bullshit already. It's called circumstantial evidence and prosecutors use it all the time.
Many Nos make a Yes. It's a combination of both additive and subtractive knowledge that builds an investigative case. Tor allows you to give a detective the universal set of 7 billion people to extract you from. Why narrow the field?
Remember Occum's Razor. The simplest model that fits the known facts is usually true. For example: some of you were proposing that SR itself was colluding with scammers. But why would they even do that when they could more easily simply embezzle all your money in the first place? Similarly, intelligence agencies like the NSA and CIA do not have mandates to find drug dealers. It's not in their jurisdiction. The local police, FBI and DEA do have such mandates and it is in their jurisdiction. Simple!
If you have committed security sins, or even if you haven't, then you had better start putting down some red herrings. It's just good practice to drop the occasional white lie as a matter of principal.
-- Agent SuperPine
-
this is nothing you should see what they do post on topix. their paypal addresses to each other to buy heroin and life stories. "HI PATTY ITS ME BARB CAN U SEND H TO NOWHERESVILLE, FL? HERE'S MY HOTMAIL ADDRESS"
-
topix is where the people from yahoo answers go to buy illegal drugs online
-
We badly require a book, SR for Dummies or something.
In general, there's a bizarre combination of paranoia and laxity. Too much focus on tech security and not enough on the human element.
Here's a non-exhaustive list of 10 peculiar things I've seen. Check it for your sins...
1. Many people are actually using the same handles or avatars on the clearweb. I couldn't believe it. Including some of the most paranoid people on here. Without using a single 'hack', I could easily ID 25% - 50% of the people on here. No, that's not me boasting, that's you being insecure.
2. Too lazy to use PGP encryption.
3. Mentioning they were at specific locations and dates, or worst yet, that you will be in the future.
4. Using colloquial slang.
5. Mentioning specific clearweb sites that they have accounts on.
6. Indirectly or directly referring to the time. e.g. This afternoon I... etc
7. Mentioning you're going to purchase, or have purchased, certain items from Ebay or Amazon.
8. Imagining that using Tor doesn't influence how banks, exchanges, email providers and others could profile you. You use Tor to access proxies which are ideally private and located in your geographical region. Unless you think it's not weird for your bank to see you're accessing your account from Bermuda, and then Belize ten minutes later. See: "I have my rights" section below ->
9. Mentioning your jobs past, present or future, and people you know.
10. Mentioning any government controlled data relevant to your person. e.g. prescription drugs you've taken, when and for how long, how long you've been unemployed, your crazy bitch ex-wife, how much tax you paid, and unbelievably: that you have a criminal record etc.
Some General Rules:
Never, never believe that just because something is legal, that means that it can't be used against you in some way. Enough with this "I have my rights" bullshit already. It's called circumstantial evidence and prosecutors use it all the time.
Many Nos make a Yes. It's a combination of both additive and subtractive knowledge that builds an investigative case. Tor allows you to give a detective the universal set of 7 billion people to extract you from. Why narrow the field?
Remember Occum's Razor. The simplest model that fits the known facts is usually true. For example: some of you were proposing that SR itself was colluding with scammers. But why would they even do that when they could more easily simply embezzle all your money in the first place? Similarly, intelligence agencies like the NSA and CIA do not have mandates to find drug dealers. It's not in their jurisdiction. The local police, FBI and DEA do have such mandates and it is in their jurisdiction. Simple!
If you have committed security sins, or even if you haven't, then you had better start putting down some red herrings. It's just good practice to drop the occasional white lie as a matter of principal.
-- Agent SuperPine
Many psychological phenomenon are at play with most of these issues, the most threatening being a combination of the false consensus effect and cognitive dissonance. People here are drug users who tend to be surrounded by other drug users and a part of drug culture. They are biased towards thinking that this socio-ideological reality extends much further into the general public than it actually does. They think nothing of drug use, and their friends and others they interact with also have no problems with it, so they falsely come to believe that the average person in society has no problems with it and doesn't care about it. This is despite the fact that not even 50% of the population of the USA is in favor of even decriminalizing cannabis use (even for medical use). They also experience cognitive dissonance because even though they are aware that drugs are illegal and that prisons are overflowing with drug offenders, the vast majority of which were arrested for personal use amounts, the thought of them risking their own lives is unpleasant so they repress the knowledge that they are committing felonies punishable by serious prison time. Other phenomenon demonstrated are the need for socialization as well as default trust (ie: people tend to trust others unless they give them an explicit reason not to).
This results in people doing things that are not the smartest from a security point of view.
Tor allows you to give a detective the universal set of 7 billion people to extract you from. Why narrow the field?
Well you are automatically put into the set of a few million people who use Tor. They can also probably say with high probability that you are in a country with people who usually learn to speak English, and although there will be significant noise introduced, they can probably say that you are most likely in a country with English as the primary language. That does cut it down a lot, since a lot of Tor users are in places where English is rarely learned.
-
Many psychological phenomenon are at play with most of these issues, the most threatening being a combination of the false consensus effect and cognitive dissonance. People here are drug users who tend to be surrounded by other drug users and a part of drug culture. They are biased towards thinking that this socio-ideological reality extends much further into the general public than it actually does. They think nothing of drug use, and their friends and others they interact with also have no problems with it, so they falsely come to believe that the average person in society has no problems with it and doesn't care about it. This is despite the fact that not even 50% of the population of the USA is in favor of even decriminalizing cannabis use (even for medical use). They also experience cognitive dissonance because even though they are aware that drugs are illegal and that prisons are overflowing with drug offenders, the vast majority of which were arrested for personal use amounts, the thought of them risking their own lives is unpleasant so they repress the knowledge that they are committing felonies punishable by serious prison time. Other phenomenon demonstrated are the need for socialization as well as default trust (ie: people tend to trust others unless they give them an explicit reason not to).
This results in people doing things that are not the smartest from a security point of view.
I'd say that's about the size of it psychologically. Topix is like walking through the valley of the moonbears.
Tor allows you to give a detective the universal set of 7 billion people to extract you from. Why narrow the field?
Well you are automatically put into the set of a few million people who use Tor. They can also probably say with high probability that you are in a country with people who usually learn to speak English, and although there will be significant noise introduced, they can probably say that you are most likely in a country with English as the primary language. That does cut it down a lot, since a lot of Tor users are in places where English is rarely learned.
While that might be true, it's worthless unless you could show suspect X is using Tor. Certainly for some of us, finding that out would be quite difficult. Nevertheless, yes, you can build a certain profile out of people's posts and use other educated guesses. By far the easiest way though, is to make a positive ID by simply asking people for their addresses. e.g. come to my special discount website. Have my free samples of felony quantities. Buy your B$ for SR with credit card and Paypal here at clearwebexchange.com etc
In case you think I'm making the last one up, there was a guy on here a couple of hours ago doing just that. QuickBitcoin or something like that. He deleted the posts though. It was so blatant that I wondered if he was legitimate and just very stupid. He had a special code for SR users to enter onto his website and everything.
-
You don't have to be totally anonymous just to buy and sell small amounts of bitcoins. A vendor does, but the buyer doesn't need to unless you are buying a barrel of Ephedrine from India for $15,000.
You could say somebody on IRC sold you a service for bitcoins and you sent the coins to that address. They can't prove otherwise that this didn't happen because bitcoin is decentralized and allows for 3rd party payments. How are they going to get DPR's priv keys to all his escrow addresses he's ever generated to match up with your transaction and at the same time get you to confess because unless there's evidence on your comp or SR usernames linking you to it and you talk they aren't going to be able to prove shit in a court of law.
Remember there are people selling heroin and stolen Oxy's for paypal on Topix for years and still have yet to be busted.
-
1. Many people are actually using the same handles or avatars on the clearweb. I couldn't believe it. Including some of the most paranoid people on here. Without using a single 'hack', I could easily ID 25% - 50% of the people on here. No, that's not me boasting, that's you being insecure.
Wow. I knew there were some egregious breaches of security (a couple of really bad ones are what led to a post I made a couple weeks back) but I would not have expected (hoped? pleaded with the gods?) that it would be this bad. Even at the low end, 25% is pretty significant.
I'd say that's about the size of it psychologically. Topix is like walking through the valley of the moonbears.
I finally have sufficient post count to give you some karma. Valley of the moonbears is worth a +1 just by itself. :D
-
Sometimes I feel like writing a "SR for dummies" on here but I feel like it would only help LE, what do you guys think? I think the main problem is the "they wouldn't bother with a small time buyer" mentality which causes SR users to be lazy or to just stay ignorant because of this mentality.
-
1. Many people are actually using the same handles or avatars on the clearweb. I couldn't believe it. Including some of the most paranoid people on here. Without using a single 'hack', I could easily ID 25% - 50% of the people on here. No, that's not me boasting, that's you being insecure.
Wow. I knew there were some egregious breaches of security (a couple of really bad ones are what led to a post I made a couple weeks back) but I would not have expected (hoped? pleaded with the gods?) that it would be this bad. Even at the low end, 25% is pretty significant.
It's sad really. It's simple to counteract, just don't use identifiers you use on other websites -> usernames, emails, avatars. Like kmf has been saying so frequently, it's the 'I'm not hurting anybody so I'm a good person and the law can't touch me' baggage that's the root of this. If you are posting, or even reading this forum, the the law considers you a criminal, it merely remains to prove it. It's no good thinking there's no laws on the books that prevent you reading or talking about drugs, there are, the criminal conspiracy laws are extremely wide ranging, and in most cases are very suspect.
I mean, you don't even actually have to sell drugs, to be convicted of drug trafficking offenses. I kid you not. As long as LE can show you 'intended' to sell drugs, that is more than enough. This is universal, in Australia, if you are caught selling tablets which are placebos, but marketed or inferred that they were MDMA, then you go to prison for as long as if you actually had sold them. Similar rules apply in America. This is from DEA guidelines:
Defendants convicted of conspiracy or an attempt to commit any offense involving a controlled substance warrant the same level as if they had completed the object of the conspiracy.
Furthermore, merely having an account on SR, whether you acquired drugs or not, makes you guilty of criminal conspiracy. People don't understand these laws at all. They are very draconian. Essentially, LE has given up because it's not smart enough or has enough resources to actually prove anybody broke the law. So they apply a new kind of a law, called the conspiracy laws, which are quite literally straight out of the Middle Ages (England in 1305) Again, the DEA says:
A conspiracy is an unlawful agreement by two or more persons to violate the law. Whether or not the persons accomplished what they conspired to do is immaterial to the question of guilt or innocence in regard to a conspiracy. The success or lack of success of the conspiracy doesn’t matter. The laws of the United States and many individual states provide that if a defendant is convicted of a conspiracy to commit any offense involving a controlled substance, the punishment is the same as if the object of the conspiracy had been completed. In other words, the punishment is identical to the crime the conspirators sought to commit. Conspiracy is not a lesser-included offense of the object of the conspiracy; it is a separate crime within itself. If the conspiracy ended before the goal of the conspiracy could be accomplished, this fact alone does not absolve the conspirators of their crime.
Notably:
Whether other members of the conspiracy knew the crimes were going to be committed or even if they discouraged other members from committing these crimes is irrelevant. The prosecution must only show that these crimes were committed to further the goal of the conspiracy. The prosecutor does not have to prove that as a member of the conspiracy, the defendant either participated in, or even knew of the existence of these crimes, only that he was a member of the conspiracy at the time they were committed.
You know, even the Old Testament, not exactly a model for 21st century judicial proceedings, says the crimes of the father shouldn't result in punishment on the child. The basic concept that scapegoating is fundamentally unfair. Yet under the law of the USA, if one of us murders another person to further his drug enterprise, then we are all held accountable as if we had committed murder ourselves despite not knowing each other, aiding or abetting that person in any way. There are caveats to conspiracy laws as there are for all legal matters, but the gist of them, is what I've just told you. These laws are not almost Orwellian, they actually are 1984 inventions, where thought-crime is prohibited.
Now, whether those laws are enforceable, now that is a different matter. But that is the law.
I'd say that's about the size of it psychologically. Topix is like walking through the valley of the moonbears.
I finally have sufficient post count to give you some karma. Valley of the moonbears is worth a +1 just by itself. :D
But we fear no evil!
-
- vpn suggestion noted, not possible to access "some" exchangers over Tor so have been using a workaround not my real ip...thanks
- "sr for dummies" is spoon feeding and like anything its technical knowledge / common sense built up over a yr or so...and the info changes, and
who is going to produce it, what stops someone paying for it as an ebook or whatever and reselling it ...{get the idea..}
- again its like the vm Tor workstation fiasco seems nobody wants to pay for free software and knowledge, not aware of the sales figures but
that seemed to be the state of play few months ago...
Thanks
-
- vpn suggestion noted, not possible to access "some" exchangers over Tor so have been using a workaround not my real ip...thanks
- "sr for dummies" is spoon feeding and like anything its technical knowledge / common sense built up over a yr or so...and the info changes, and
who is going to produce it, what stops someone paying for it as an ebook or whatever and reselling it ...{get the idea..}
- again its like the vm Tor workstation fiasco seems nobody wants to pay for free software and knowledge, not aware of the sales figures but
that seemed to be the state of play few months ago...
Thanks
-
I thought that if you do have to buy coin from your bank account, heaven forbid, then all you would have to do is launder them. Once laundered the only would be: from your account> mtgox> bitlaundry> smoke.. as far as i know.
-
I thought that if you do have to buy coin from your bank account, heaven forbid, then all you would have to do is launder them. Once laundered the only would be: from your account> mtgox> bitlaundry> smoke.. as far as i know.
For the most part, yes. Let's say you buy coins from your account>mtgox and ordered some drugs off SR. It gets intercepted by LE and they come knocking on your door. If you deny everything and play ignorant to the whole situation then how could they possibly know that you are using SR unless you tell them? Okay now let's just say they assume you're ordering them online and they confiscate your computer, how the hell are they going to know you're going on SR and what you're ordering if you're using TOR? Okay now on top of that let's say they check your bank statements (come on would they really do that?) and see your transfers to mtgox and now they ask you "What are those transfers for?" you can say so many things that they can't possibly check "I trade currencies", "I pay for services using digital currencies", etc. Now imagine if you take the simple security precautions you can find in these forums, do you really think they'll go to this much trouble to catch a person buyer? I don't think so because remember, anything LE does costs money, money they don't have.
-
You don't have to be totally anonymous just to buy and sell small amounts of bitcoins. A vendor does, but the buyer doesn't need to unless you are buying a barrel of Ephedrine from India for $15,000.
You could say somebody on IRC sold you a service for bitcoins and you sent the coins to that address. They can't prove otherwise that this didn't happen because bitcoin is decentralized and allows for 3rd party payments. How are they going to get DPR's priv keys to all his escrow addresses he's ever generated to match up with your transaction and at the same time get you to confess because unless there's evidence on your comp or SR usernames linking you to it and you talk they aren't going to be able to prove shit in a court of law.
Remember there are people selling heroin and stolen Oxy's for paypal on Topix for years and still have yet to be busted.
Yeah I can't think of the last time someone went to prison for a drug crime less than importing $15,000 worth of meth precursor chemicals from India, sheesh me and my paranoia.
Bitcoin has a fully public transaction history.
-
I thought that if you do have to buy coin from your bank account, heaven forbid, then all you would have to do is launder them. Once laundered the only would be: from your account> mtgox> bitlaundry> smoke.. as far as i know.
Although using a good mix will hide the final destination of your coins, it will not hide the fact that you used a mix , and you may risk money laundering charges
-
I thought that if you do have to buy coin from your bank account, heaven forbid, then all you would have to do is launder them. Once laundered the only would be: from your account> mtgox> bitlaundry> smoke.. as far as i know.
For the most part, yes. Let's say you buy coins from your account>mtgox and ordered some drugs off SR. It gets intercepted by LE and they come knocking on your door. If you deny everything and play ignorant to the whole situation then how could they possibly know that you are using SR unless you tell them? Okay now let's just say they assume you're ordering them online and they confiscate your computer, how the hell are they going to know you're going on SR and what you're ordering if you're using TOR? Okay now on top of that let's say they check your bank statements (come on would they really do that?) and see your transfers to mtgox and now they ask you "What are those transfers for?" you can say so many things that they can't possibly check "I trade currencies", "I pay for services using digital currencies", etc. Now imagine if you take the simple security precautions you can find in these forums, do you really think they'll go to this much trouble to catch a person buyer? I don't think so because remember, anything LE does costs money, money they don't have.
Why wouldn't they check your bank statements in a criminal investigation?!? Also LE has enough money to dedicate teams of cops to busting a few people trying to get their dick sucked by hookers i'm sure they have enough money to bust you.
-
Ok so let's say hypothetically that one were to have purchased bitcoins from Mtgox and then transfered it directly to the SR wallet... if said person were to then transfer it through several other wallets in different amounts thereafter and back to SR but to a different wallet address... would that be secure? I mean what link is there between the wallet address assigned by SR and SR itself? The wallet isn't actually owned by SR is it? wouldn't it just be the same as transferring it to Instawallet first then to SR anyways?
-
Ok so let's say hypothetically that one were to have purchased bitcoins from Mtgox and then transfered it directly to the SR wallet... if said person were to then transfer it through several other wallets in different amounts thereafter and back to SR but to a different wallet address... would that be secure? I mean what link is there between the wallet address assigned by SR and SR itself? The wallet isn't actually owned by SR is it? wouldn't it just be the same as transferring it to Instawallet first then to SR anyways?
I'll answer, but I could be going out on a limb here when I talk about B$, so recheck this with the Bitcoin aficionados.
SR has all your private keys associated with the Bitcoins addresses you've used on SR. Otherwise they wouldn't be able to update your account balance when you send bitcoin to an address you had previous used on SR.
Effectively, SR owns your Bitcoin wallet (as does pretty much any Bitcoin service online). Now, if we were LEO doing blockchain analysis and we had all SR's private keys and account details associated with them, we could see that Bitcoins entered SR and returned to SR to an account controlled by a single entity. This loop suggests that the transactions were controlled by 1 entity. It is circumstantial evidence rather than hard evidence.
For a bitcoin to get recycled in and out of the Silk Road is probably normal, given it's influence on the bitcoin economy. But for a bitcoin to get cycled from that 1 SR account and then that exact bitcoin comes home later to that same account, that is pretty unlikely in my estimation. If you had a different SR account for it to arrive into, that would be different unless there was a way for LE to show an ownership connection between those two accounts e.g. you sent vendors the same geographical address and it wasn't encrypted from both accounts.
The things to watch out for are:
- anonymously obtaining bitcoin or visa versa for your currency.
- using Tor network/proxies as described in this thread whenever accessing any wallet related service. e.g. the exchanges, instawallet etc.
I am wary of instawallet. It is good and it is popular. Maybe too popular. I would like to see more diversity of temporary instawallet like services being used instead of one entity. I also am concerned that people might be using these services on the clearweb. On the other hand, it's better than using a wallet on your computer. What if a edition of bitcoin wallet sent your IP address and Bitcoin address to LE? I'm not saying it is happening, only that you can circumvent that possibility in the first place.
Again, if you are anonymous in the first place, it is best. Hypothetically you then don't need to use a mix or pool service for bitcoins. Then even if SR was compromised completely, it would not be relevant. There's a long way between the cup and the lip from LEO's perspective, but why make their life easier? Earn your tax payer dollars you animals!
tldr;
1. Don't send from exchange to SR wallet directly.
2. 100% definitely don't use clearweb and do No.1
3. If you did 1 or 2, it's ok, everybody makes mistakes, then put your bitcoin through a mix and use instawallet-like services all of which you are doing through proxies which you are accessing through the Tor network. Then forward your bitcoins to a new SR account or one not associated with your old one. Not associated with your old account. This is the important bit or everything you've done could be a waste of time (if SR fell to LE) e.g. use a new PGP public key, don't send your address to old vendor you used before through your brand new SR account, think it through step by step.
-
Thank you pine, i just posted this exact question in security two minutes ago. Feel like a bit of a plonker now.
So its the fact that the coins are moved inside one entity, with presumably 10% going to another wallet each time.
Do LE have these details at the moment ???? Would we know if they did?
And finally if using a proxy from tor to use mtgox, will i show up as using tor or not?
Thanks again..
-
Thank you pine, i just posted this exact question in security two minutes ago. Feel like a bit of a plonker now.
So its the fact that the coins are moved inside one entity, with presumably 10% going to another wallet each time.
Do LE have these details at the moment ???? Would we know if they did?
And finally if using a proxy from tor to use mtgox, will i show up as using tor or not?
Thanks again..
I'm not sure we're on the same page, but if I interpret your concern correctly, then I'm pretty sure the Silk Road has its own private pool/mixing service, I'm not sure it's possible to distinguish SR related internal traffic from the rest of the bitcoin network for many reasons, not least of which SR is a huge part of the bitcoin economy.
With respect to LE and SR compromise, the answers are No Idea and No. You ought to use SR as if it were run by the DEA, that is why you use PGP when communicating on there.
Lastly; if you use just Tor, mtgox and other exchanges will see that. Indeed, any financial institution. If you use a private proxy and use Tor to communicate through that proxy, then you are anonymous. It is less likely that they have a list of all the public proxies in the world, but possible they have some of them, hence the private proxy.
Suggest reading here:
http://dkn255hz262ypmii.onion/index.php?topic=21578.msg221779#msg221779
-
That sucks if it is the case. You need to find a way to be anonymous when you buy and sell bitcoins. There is absolutely no point in using anonymous cash in methods if you connect to the exchanger from your real IP address. Buy a private VPS anonymously and connect to it via Tor, then use the VPS for exchanger stuff. Or find an exchanger that doesn't lock accounts that they see proxies connecting to. At the very least use open WiFi from a random location when dealing with them.
Yeah, but than you transfer the funds to a bank account under your name, ID, social security and everything?
-
That sucks if it is the case. You need to find a way to be anonymous when you buy and sell bitcoins. There is absolutely no point in using anonymous cash in methods if you connect to the exchanger from your real IP address. Buy a private VPS anonymously and connect to it via Tor, then use the VPS for exchanger stuff. Or find an exchanger that doesn't lock accounts that they see proxies connecting to. At the very least use open WiFi from a random location when dealing with them.
Yeah, but than you transfer the funds to a bank account under your name, ID, social security and everything?
I would cash out with an ATM card obtained with fake documentation / stolen identities if required, and shipped to a location that I can not be tied to (or to someone I trust to destroy their copy after transferring it to me, and then have them message me an encrypted copy of the magstrip data so I could encode it to a blank card and never have to physically pick anything up). I would also cash in anonymously, I hear there are IRC channels where people offer bitcoins for cash in the mail and such. At the very worst I would try to find a western union accepting exchanger and send with no ID or fake ID. Or maybe I would buy some greendot recharge packs and offer them for bitcoin. There are a lot of options, and they all have different levels of anonymity, but I can assure you that I would not cash in or out through a bank account under my real name. I don't care if it is absolutely legal to buy and sell bitcoins, or not, I care if I will be linked to a drug deal or at risk of being charged with money laundering if I use a mix. Not to mention none of the mixing services are using blind mixing algorithms so the anonymity they can provide against the mix operator is zero.
-
We badly require a book, SR for Dummies or something.
In general, there's a bizarre combination of paranoia and laxity. Too much focus on tech security and not enough on the human element.
Here's a non-exhaustive list of 10 peculiar things I've seen. Check it for your sins...
1. Many people are actually using the same handles or avatars on the clearweb. I couldn't believe it. Including some of the most paranoid people on here. Without using a single 'hack', I could easily ID 25% - 50% of the people on here. No, that's not me boasting, that's you being insecure.
2. Too lazy to use PGP encryption.
3. Mentioning they were at specific locations and dates, or worst yet, that you will be in the future.
4. Using colloquial slang.
5. Mentioning specific clearweb sites that they have accounts on.
6. Indirectly or directly referring to the time. e.g. This afternoon I... etc
7. Mentioning you're going to purchase, or have purchased, certain items from Ebay or Amazon.
8. Imagining that using Tor doesn't influence how banks, exchanges, email providers and others could profile you. You use Tor to access proxies which are ideally private and located in your geographical region. Unless you think it's not weird for your bank to see you're accessing your account from Bermuda, and then Belize ten minutes later. See: "I have my rights" section below ->
9. Mentioning your jobs past, present or future, and people you know.
10. Mentioning any government controlled data relevant to your person. e.g. prescription drugs you've taken, when and for how long, how long you've been unemployed, your crazy bitch ex-wife, how much tax you paid, and unbelievably: that you have a criminal record etc.
Some General Rules:
Never, never believe that just because something is legal, that means that it can't be used against you in some way. Enough with this "I have my rights" bullshit already. It's called circumstantial evidence and prosecutors use it all the time.
Many Nos make a Yes. It's a combination of both additive and subtractive knowledge that builds an investigative case. Tor allows you to give a detective the universal set of 7 billion people to extract you from. Why narrow the field?
Remember Occum's Razor. The simplest model that fits the known facts is usually true. For example: some of you were proposing that SR itself was colluding with scammers. But why would they even do that when they could more easily simply embezzle all your money in the first place? Similarly, intelligence agencies like the NSA and CIA do not have mandates to find drug dealers. It's not in their jurisdiction. The local police, FBI and DEA do have such mandates and it is in their jurisdiction. Simple!
If you have committed security sins, or even if you haven't, then you had better start putting down some red herrings. It's just good practice to drop the occasional white lie as a matter of principal.
-- Agent SuperPine
after reading this my first thought was, "impressive." zooming my browser out after reading your sig and seeing your avatar, my heart skipped a beat. it was love.
but then i considered what you just said and realized it was very unlikely pine would have an actual avatar of herself - and that it was actually probably a dude. does that make me gay? oh no, am i gay???!?!?
-
yes you are
-
Smeegol... Pine's avatar is the girl who took a photo of herself everyday for a year... I forget her name!! - She is pretty beaut though! :)
-
like walking through the valley of the moonbears.
+1 karma for that. pissing myself ;D
-
yes you are
ohhhhh youuuuuuuuuuu! :-*
:|
-
Smeegol... Pine's avatar is the girl who took a photo of herself everyday for a year... I forget her name!! - She is pretty beaut though! :)
wonder if she has that sexy british accent too? ;D
-
In general, there's a bizarre combination of paranoia and laxity. Too much focus on tech security and not enough on the human element.
I'm guilty of this. It's time to clean up my act...thank you pine for all your insightful posts