Silk Road forums

Discussion => Newbie discussion => Topic started by: pine on April 15, 2013, 12:26 am

Title: Pine - AMA
Post by: pine on April 15, 2013, 12:26 am
Hello gentle newblets!

AMA stands for Ask Me Anything, so ask away. There's no such thing as a stupid question. If you don't know the answer to it, then likely several other newbies don't either, so just ask.

I specialize in cryptography, general operational security, cultivated paranoia and making obscure references to monotremes.
Title: Re: Pine - AMA
Post by: ravgni on April 15, 2013, 12:57 am
Does SR block entry to your account for a period after a certain number of failed attempts?  I know the forum does but I've been trying to gain access to my old account and am a little disheartened by not knowing this since the main site doesn't give any hints to why a failure occurs (thats probably a good thing in general though.) 

Thanks
Title: Re: Pine - AMA
Post by: Atr3yu on April 15, 2013, 01:04 am
Would you advise sending bitcoins to an interim wallet (e.g., blockchain.info) before sending to SR or is that unnecessary?
Title: Re: Pine - AMA
Post by: cocktree on April 15, 2013, 01:13 am
How long do you think this place can exist as a place to sell drugs on the internet? Is that really what SR is, or is there some loftier perception as a beacon of freedom?
Title: Re: Pine - AMA
Post by: NorthWoods on April 15, 2013, 01:37 am
1) What do you recommend for removing meta data from pictures? I tried JPEg scrubber, but now it's asking me for a product key....

2) Is there a bitcoin wallet that is better than the others? I have Bitcoin Qt and MultiBit. Are they really safe? I've heard stories about missing bitcoins, that makes me nervous.

Title: Re: Pine - AMA
Post by: Atr3yu on April 15, 2013, 01:41 am
oh thanks bbhc-sales wow such clarity it burns
Title: Re: Pine - AMA
Post by: Ѕpongebоb on April 15, 2013, 01:44 am
Do you like bubbles?
Title: Re: Pine - AMA
Post by: CHROOT on April 15, 2013, 01:50 am
Is there a bitcoin wallet that is better than the others? I have Bitcoin Qt and MultiBit. Are they really safe? I've heard stories about missing bitcoins, that makes me nervous.

+1
Title: Re: Pine - AMA
Post by: baconslab on April 15, 2013, 01:54 am
In what yr did Jean-Baptiste perform a transfusion of two pints of blood from a sheep to a man
Title: Re: Pine - AMA
Post by: cocktree on April 15, 2013, 01:56 am
2) Is there a bitcoin wallet that is better than the others? I have Bitcoin Qt and MultiBit. Are they really safe? I've heard stories about missing bitcoins, that makes me nervous.
Oh god, disappearing bitcoins would make me cry
Title: Re: Pine - AMA
Post by: NorthWoods on April 15, 2013, 03:22 am
In what yr did Jean-Baptiste perform a transfusion of two pints of blood from a sheep to a man

1667
Title: Re: Pine - AMA
Post by: scout on April 15, 2013, 03:28 am
General reminder: please use the designated "spam to 50" threads for spamming and do not post spam in useful, legitimate threads like this one.
Title: Re: Pine - AMA
Post by: surripere on April 15, 2013, 04:02 am
1. What are your thoughts on quantum crypto? Will it evolve fast enough to counteract the potentially privacy-destroying advent of the quantum computer?

2. What are your favorite books on cryptography, cypherpunks, economics?
Title: Re: Pine - AMA
Post by: scout on April 15, 2013, 04:08 am
1. What are your thoughts on quantum crypto? Will it evolve fast enough to counteract the potentially privacy-destroying advent of the quantum computer?

2. What are your favorite books on cryptography, cypherpunks, economics?

great questions! +1
Title: Re: Pine - AMA
Post by: StrangeHuman on April 15, 2013, 05:22 am
My good pine! I am sure you can help me, I would just like to get some experience using PGP could you send me an encrypted message with my public key so I can decrypt it? It would be super awesome of you.

-----BEGIN PGP PUBLIC KEY BLOCK-----
Version: GnuPG v2.0.19 (MingW32)

mQENBFFrT9kBCADQpYO/qlCA0OFntZRodP50mOLuJK2voCxnxyyVPaxQdCbvYOJc
WECjqsDdSjJ+mTjkLyv08vzdtzS63idHG3jhJBjrg58d30wOFXWGd6zKwPM4nKzN
PStkFXsH6ugZjajGHjVeAZOlH6oWNvp7iQsJbitYy8jR6JB4qidMzu0k4JeBYfzq
oXUwGgI9RoS+RGvWDib+QwcWsyUZ/6s1ytHceqQno+JcsMH/axJaI2zxqsN2h+Q6
PAsY88Xl2c3V6NG884y4Fp/lSXtdLjrZD/I9ivqw0As5SdLo0BG1+PmVMNPohrOe
Kz++JRE0rfmOCnZTEIT/TCVhmAl5QZwaXqkNABEBAAG0J3N0cmFuZ2VodW1hbiA8
c3RyYW5nZWh1bWFuQHRvcm1haWwub3JnPokBOAQTAQIAIgUCUWtP2QIbAwYLCQgH
AwIGFQgCCQoLBBYCAwECHgECF4AACgkQR5Zr31gQkqfzvwgAnLEpJ/O6H5XjZAie
U/+mu0Vb1yUPTLk28sMggSjkx9GD3DuQaLiF0T+BzcZPDvFgv4RSF9Y8O/Sb8MMB
7b26Il8xLda27xsZK3ev8H0kWmz/nHw4Qtz3BaFiZDAgKz6gI2U7OMgTL3B0eFb6
M3Ba6tLM+yfyZuxjGCc99UCWMwIuANm6B4wu79E5Bg3/fxu5bRGH4g8tOde+y0+5
1PNvRywDopFkk/VZyJYkeoZCzrD5tw91kdcLdueHmw/7zMAr3nTF+wtFHa09vet9
EyajW1wks5zGWZ1ThrFYf2oCarUAzr9+WNUM2CmDTKpMHxJhROPg+mpD76Sb59U3
eQCsRbkBDQRRa0/ZAQgAymSkx3K1FcLbrqxSmE9iF2fdrvkDEqlLOkP8EXhM0urq
r5vFKE0Va9C2wP+jnn2iPScfw2bhxiidryoMg/woSX+3ZY0Fa/M/KzliiX4xcXqj
jCrKODnkBFtDEYaEMxqxTZC6nIMPDRNPjZMk1t0El0KqdmshVbToCAcaP2AzOK5F
KoG0OjsskW0DG/kAAyfFrLtJmGUw54IVVF2EsQvNOEP0bK0GBQQyo4qxks5VdZ+J
cxjWxaABZ1EIdiQy2+ZAGFWVaF1mQtBsSpv8ptMP5Mr6kZIlE5uiL7HqowKK+06a
NJkDq9re6D0RXUQKBCbVgLmYx5B2Pgp2kATO+wqugwARAQABiQEfBBgBAgAJBQJR
a0/ZAhsMAAoJEEeWa99YEJKnrc0H/1z1BICw+nqzmRLuFufoCap7YTaHh3JkkFcj
qcEB0fDAyWD+ilILzJLDprREeGrNnoHip9NZA0w4W7V8BDg6ovWg0fV7hsDHlKRq
aMXk18SeiXspb2Hl7QRN9FXQo+2EThlg3VI1eUC4YsVGnOINfdR896lsveYLL9vc
lutYJJmJPRMccGHorryLoFpVSTSLy4VDDpmA0fMeaF5IQJjgZOie5FqZi2MvHE9X
XxiNuZNEdK75pcYlgEZS8YexaRzMDDGqYF//4pOUlDKzNWeOMRwdPR3Q63vRC6G5
abEVOYSR09iMoSRPaQoliipTFuNfx+AJHGAU28z3DWRityc7w+E=
=h9Th
-----END PGP PUBLIC KEY BLOCK-----

Title: Re: Pine - AMA
Post by: Spongebob Squarepants on April 15, 2013, 05:35 am
Hello gentle newblets!

AMA stands for Ask Me Anything, so ask away. There's no such thing as a stupid question. If you don't know the answer to it, then likely several other newbies don't either, so just ask.

I specialize in cryptography, general operational security, cultivated paranoia and making obscure references to monotremes.
How secure to you feel elliptic curve cryptography using GCM of the AES block cipher is?  Do you think the encrypted data could be hashed within our lifetime?
Title: Re: Pine - AMA
Post by: anonsurfer79 on April 15, 2013, 05:44 am
ruhsd
Title: Re: Pine - AMA
Post by: pine on April 15, 2013, 06:52 pm
Does SR block entry to your account for a period after a certain number of failed attempts?  I know the forum does but I've been trying to gain access to my old account and am a little disheartened by not knowing this since the main site doesn't give any hints to why a failure occurs (thats probably a good thing in general though.) 

Thanks

I don't believe so. Things that may help you login include:

I've noticed that the capcha on SR expires quickly, typing it accurately and quickly is important, paying attention to capitalization. If you're spending longer than four or five seconds logging in, it can become frustrating.

To aid your login speed, type your username/password down and copy paste them when you login. A password storage software system like KeePass is a good idea for this. In addition to secure storage, this means you'll be 100% sure you inputted the information correctly too.

If you still can't login after repeated attempts, then I suggest you contact the SR staff in the correct subforum. It might take a while to sort it out due to high volume of help requests so you'll need to be patient. If you don't have any bitcoin in the account, then it might be worth your while just starting out all over again with a fresh account.

Would you advise sending bitcoins to an interim wallet (e.g., blockchain.info) before sending to SR or is that unnecessary?

It depends on how you obtained the bitcoins. If you obtain them with cash using OTC bitcoin services (search forums for info) to some 3rd party bitcoin wallet on the internet, you can just send them straight to SR. If you acquired them on an exchange with your credit card or bank account transfer, then sending them directly to SR would mean (in the situation of the exchange and SR being compromised) you've just told LE agents that you're buying drugs on SR. Although I always recommend using OTC services to make LEO's life hell, if you do use a conventional method of obtaining bitcoin I suggest you use a bitcoin laundry to be receiving other random people's bitcoins. Search the forum for information on bitcoin laundry procedures.

If this is too expensive for you (these sorts of procedures cost ~5% - 10% for OTC and 2% - 3% for laundry) then you can obfuscate the origin of the bitcoins by splitting them up into different 3rd party wallets and sending them to different SR addresses. I have a forum post which describes how this is done.

Here are instructions I wrote a while back if you have acquired bitcoin with a credit card or bank account transfer.

http://dkn255hz262ypmii.onion/index.php?topic=29038.msg344009#msg344009

Read through it carefully!

Since the default assumption among ourselves ought to be that SR is, and always has been hacked (although we'd prefer if this was not the case obviously!), one has to use Bitcoin and PGP in a certain way to avoid any hypothetical possibility of interception.

As you are probably gathering, it's easier to do it right from the outset, than to unlink identity connections later.

How long do you think this place can exist as a place to sell drugs on the internet? Is that really what SR is, or is there some loftier perception as a beacon of freedom?

There are two Silk Roads. On one level it is a website that brings vendors and consumers of illegal/difficult to obtain drugs together. This is the practical 'bare metal' Silk Road. On another level it is the very beginning of an entirely new economic paradigm. One must appreciate that there has never existed a completely free market in history. Now there is! That is really something special. One must not mistaken its current simplicity for a lack of sophistication.

In the long term (decades!), Darknet Markets will, within our lifetimes, change the world. They will make it impossible to tax online services and products in the way the taxman is used to doing. Not just illegal kinds, but any kind. Probably small, transportable kinds mostly unless the availability of drone transports becomes ubiquitous. Right now that the IRS can't tax SR is not exactly the most important feature of the network. The primary feature today is access to some types of illegal goods and services. But SR and other Darknet Markets are growing extremely quickly. Any bank manger looking at this business plan would be singing its praises. Darknet Markets are here to stay and they are going to have a profound effect, especially in poorer countries with (even more) rent seeking government structures.

Any way you look at it, this is a true revolution. Not a violent revolution, yet, that depends on the reaction of the State, but a genuine revolution nonetheless. It is my belief that this is a unique period in history that we are privileged to witness. DPR is currently serving the same function as a 21st century John Cowperthwaite.

http://gwulo.com/node/6190

Ensure some basic institutional safeguards, such as anonymity, and then step right the fuck back, interfering only to prevent interference with the market. Right now SR is a tiny shanty town, like the way Hong Kong used to be. High levels of illiteracy, poverty and basic problems everywhere. But one day we shall grow to lead the vanguard of the black market economy into the heart of the West. Our intention is to destroy the State, not by violence, hopefully, but by enabling the voluntary actions of millions of people.

We believe the alternative is that the West shall stagnate and destroy itself by turning inward like the Chinese mandarins when their empire reached its zenith. I believe that we are the only true economic alternative to stagnation.

In short, this is about money yes, but we have dreams of even more wealth than that and not merely for ourselves. There is also a big picture that even many of our detractors would understand to be noble. Just as with Hong Kong, the smuggler is the vanguard of Free Market Capitalism. Later on, Silk Road and other illegal drug markets are expected to be a tiny part of the overall Darknet Market system, it will have achieved its goal of bootstrapping the Darknet at that point.

This is what the concept of CryptoAnarchy is about. Yes, it is just ones and zeros in exotic patterns in an attempt to appear random. But it is also a new system of political economy the world has never seen before. Military stategists have understood this for a long time and have focused on what the shape of violence shall be in such a world, the so called Network War or Netwar, and Fourth Generation Warfare. But there is also the potential for peace and propensity such that the world has never seen before.

There are millions of prisoners in jails in the West serving no productive purpose, stagnating. There are at least a billion people under the thumb of corrupt and ineffective States whose only real raison d'etre is to be rent seekers. So when we talk of Freedom on the Silk Road we are not discussing metaphysical aspirations.

People with low aspirations and low intellect shall denigrate the Silk Road as the the destruction of civilized society. It is nothing close to the truth. The truth is that we are the foot soldiers of capitalism and free markets. Democracy has proved itself simultaneously too weak and too blunt an instrument to discern the will of the people, the growth of the State has finally become cancerous. There is really no other option than to join the ranks of the cryptoanarchic.

Ⓐ = Anarchy is the mother of Order.
Title: Re: Pine - AMA
Post by: pine on April 15, 2013, 08:51 pm
1) What do you recommend for removing meta data from pictures? I tried JPEg scrubber, but now it's asking me for a product key....

2) Is there a bitcoin wallet that is better than the others? I have Bitcoin Qt and MultiBit. Are they really safe? I've heard stories about missing bitcoins, that makes me nervous.

For your 1st question:

If you're talking about using pictures such as the avatars we have here on SRF, or non-drug-related pictures you wish to upload from your machine and have available to Tor users to look at, then I recommend using ExifTool. It is a powerful command line program, so you'll need to be comfortable with opening a command line/terminal window and following instructions. It's not difficult, just intimidating for newbies, but it's powerful, flexible and free.


If we are talking about photos for use on SR accounts e.g. pictures of product and so forth, then you need to purchase a new camera with cash anonymously, and *only* use it for this purpose. If you have multiple accounts or several nyms across Darknet markets you'll have to think about this a lot, otherwise you may be linkable.

This is because the FBI can detect whether a picture on Facebook was taken with the same camera used to take a photo of product for SR.

Digital photos contain tiny imperfections that are invisible to the naked eye, which correspond to certain cameras. This is sufficiently unique to create a unique fingerprint for every camera in the world. So if you use the camera for Flickr, Facebook, and then on SR, it is possible for LE agents to link the two and so find out your identity. It is almost certainly the case that for Facebook in particular, algorithms are run to establish camera fingerprints for all accounts as a method of intercepting child pornographers, but I expect the technology to generalize over time as a deanonymizing technique. If you have been using your normal digital camera to take photos of product, stop this practice immediately.

It has to be understood that LE agents have very little to go on. They are certain to develop new techniques to perfect fingerprinting technologies as a result.

Obviously you should use ExifTool on any photos taken with this too. You want a dumb digital camera, no geotag bullshit like a camera phone tends to do. Definitely avoid any Apple related product here. This is a good general rule for protecting your anonymity. The people who invent those products don't believe you have a right to anonymity no matter how much you pay, it's a culture thing. If you were a solider or intelligence officer you'd want to be using Apple products like you want a hole in the head. It is that bad, I can't even begin to elaborate on how fucked up it is.

--

As for your 2nd question:

They are pretty much as good as each other, just with different features and GUI. It's a matter of style and how you use Bitcoin, so it's up to you.

The key thing is much simpler (conceptually), you just encrypt the wallet.dat file (google for the location of this file with your particular client software) with PGP. Overwrite the plaintext version of the wallet.dat file with overwriting software in case somebody develops sophisticated malware. You'll need to be doing that per decryption. Decrypt the file when you wish to use the software and otherwise have it encrypted. This is for your "live" wallet. For your main store of bitcoins you want to have a entirely separate Bitcoin client on a thumb drive with a separate wallet.dat file encrypted ideally with a GPG4USB PGP software that is on a seperate usb stick. Copy that two or three times with different USB drives for back-up and then you can be sure your bitcoins are A: safe from thieves and B: safe from bigger thieves re: asset forfeiture. Just make sure you place them somewhere that cannot be associated with you. But that's a different discussion. Alternatively you could make Truescrypt volumes instead of using USB drives and upload the result to an anonymous cloud storage facility (again, you need to hide the fact you have access to the data somehow).


Do you like bubbles?

I was much enthused with them when I was smaller. Nowadays I don't think about them that much.

In what yr did Jean-Baptiste perform a transfusion of two pints of blood from a sheep to a man

I thought it was during the first world war, but I see somebody else has googled the answer and it looks like it was earlier. Bizzare how such a practice went from weird science to a normal everyday occurrence in such a short time. I guess society is very adaptable, but it's still sort of freaky.

1. What are your thoughts on quantum crypto? Will it evolve fast enough to counteract the potentially privacy-destroying advent of the quantum computer?

2. What are your favorite books on cryptography, cypherpunks, economics?

1. I think quantum computers aren't going to have very much to say about public key cryptography in the end. If somebody is hiding a working QC with a large number of qubits at its disposal, then I am wrong. But there is so much anticipation about the impact of QC on crypto in general that I think effective solutions shall be devised to counter Shor's algorithm long before it is capable of factorizing composite numbers of a useful size. There exist lattice-based and multivariate-quadratic cryptographic systems which should defeat brute force quantum computing. So if RSA is broken, it's not the end of the world. I think diversity will defeat cryptanalysis in the end.

2.

Econ:

The Wealth of Nations by Adam Smith
Capitalism, Socialism and Democracy by Joseph Schumpeter
Economics in One Lesson by Henry Hazlitt
The Nature of the Firm by Ronald Coase

Not many people appreciate it, but I would guess that Julian was influenced by the Chicago School of Economics a good deal, esp. Coase. His thought process is very similar.

Cypherpunk:

Any book by Daniel Suarez

Crypto:

Any book by Bruce Schneier
Title: Re: Pine - AMA
Post by: Hunter Guy on April 15, 2013, 08:58 pm
Hey, pretty general question but any tips for keeping anonymous online?  Like any programs or recommendations. Hope that isn't too broad.
Title: Re: Pine - AMA
Post by: Slacka on April 15, 2013, 10:05 pm
A technical question for you, Pine.
I use GPG4USB  (ver 0.3.2-1) on my linux (Ubuntu) box, and would like to change my GPG private key password to something stronger. I have researched the Internet for the answer, but can't seem to nail it.
Your thoughts?
Title: Re: Pine - AMA
Post by: pine on April 16, 2013, 02:16 am
As a vendor, is it okay for me to leave tor running with silk road all day, or should log in and out as quickly as possible?

That's a tricky one. There's a few layers to that question and I'm not certain of the answers to them. Some information may help you make a decision. I think it's really two separate questions.

1. Is having Tor running all the time a threat to my anonymity?

2. Is connecting to a hidden service for a long time a threat to my anonymity?

The main attack vector that occurs to me is that an entry guard could be compromised. See here for an explanation of what that means:

https://www.torproject.org/docs/faq#EntryGuards

I believe the Tor Browser Bundle now does persistent entry guards. But if you're using Liberte, then Tor is forced to choose new entry guards each reboot. The result is that you're more exposed to a timing attack on your anonymity if you're accessing regular clearnet websites. If you are using bridges then you are also using persistent entry guards. If you are using a private bridge you've setup yourself, then you're using a persistent entry guard that you know is good.

I'm inclined to say that the answer to (1) is no, with the proviso that you're using the TBB. Possibly investigate obtaining a private bridge if it concerns you.

--

Just because you're connected to the Tor network, doesn't mean that you're using it a lot. My point is that you could stay on Tor for 24 hours, and only be communicating with SR's hidden service for a relatively small fraction of that time because you're not actively using the site and therefore not generating lots of HTTP GET requests for different webpages.  Conversely you could be connected for 1 hour, and actively generating lots of HTTP GET requests by clicking around the place like a mad person.

I'm also inclined to say that the answer to (2) is no. I would suggest that you act as a relay if you're on Tor for very long periods e.g. days or weeks. Acting as a relay introduces some new attack vectors similar to that of a hidden service I believe, but on the other hand it makes it very difficult to disassociate traffic from the relay operator from the other traffic that is being relayed, which would improve your anonymity. Eventually all Tor users will be relays anyway. As an added bonus, using Tor shall be faster too.



My good pine! I am sure you can help me, I would just like to get some experience using PGP could you send me an encrypted message with my public key so I can decrypt it? It would be super awesome of you.

-----BEGIN PGP PUBLIC KEY BLOCK-----
Version: GnuPG v2.0.19 (MingW32)

It appears that your PGP key lacks an encryption subkey. You need to make a new PGP key that includes one, then I'll send you a test message. I think maybe you got halfway through making a PGP key on the command line, it's unusual to see this with one made via the GUI. Whatever the case, just make a new one and get back to me. Thanks.

Hey, pretty general question but any tips for keeping anonymous online?  Like any programs or recommendations. Hope that isn't too broad.

Some of us are pretty hardcore. Not all of this will apply. The most important thing is your threat model. There is no security precaution high enough if your threat model is serious enough. Conversely for others their threat model is low and so some security precautions would be overkill. The following information is not intended to be comprehensive. Keep a notebook and search these forums and you'll quickly accumulate more useful information.

Programs:

GPG - to encrypt your emails. I have a thread linked in my sig which describes how to use GPG in an anonymous way.
Tor   - to encrypt your internet traffic. Use bridges as persistent entry guards.
FDE  - to encrypt your hard drive. Super glue your RAM to the motherboard (lulz).

If you're doing that, you're already way out ahead of 99% of people. It's still pretty basic though.

--

Outside of that, don't use social networks, don't use your real name anywhere. Use different emails and nyms and avatars for every website you use. Some email services allow you to use aliases for your email such that you can do this easily. This makes life hard work for the algorithms rooting through the Deepweb. When using public transport always use cash and never, ever use loyalty cards of any kind.

At this point congratulations! You're on the terrorist watch list :)   It was probably supergluing your RAM that did it. :)

It's ok. Anybody with an IQ over 100 is probably already on it, you got tested, right? :)

Use a unique writing style you have adopted for each nym to defeat stylometric analysis. People talk differently to different people anyway, depending on what circles they're in. Push that tendency to an extreme.

In a way, the people building the Utah faculty are making a huge strategic mistake. Huge numbers of people are already adopting measures which make linkability extremely difficult. It's not that the data is hard to find or decrypt, it is that the data does not exist. No amount of intelligence agents or analysts can counter that. It's practically a filter for people stupid enough to form networks based on personal relationships. I mean politicians, most corporations are fucked. We'll be good though. Outside of spy school (possibly), nobody is as paranoid as hackers, and no hackers are as paranoid as the cypherpunks, it goes with the territory. The best allies. As enemies your worst nightmare.

In practice most people are caught out by operational security flaws such as opening their big mouths too often or to the wrong kind of people, not technical measures. That's partly what got Sabu. That's what got Bradley Manning.

A technical question for you, Pine.
I use GPG4USB  (ver 0.3.2-1) on my linux (Ubuntu) box, and would like to change my GPG private key password to something stronger. I have researched the Internet for the answer, but can't seem to nail it.
Your thoughts?

Yes, this is something useful you can do. Sometimes people assume you can't, but PGP is very flexible. You can edit your PGP key to change the name, email address(es), comment, password, and even add a small picture.

Export your private key first from GPG4USB. The option is in the context menu when you right click on your PGP key. Once you have that, import it to your Ubuntu version of GPG (gpg --import blahblah.asc) from whatever directory you put it in.

Once it's there, you need to type the following into the terminal.

gpg --edit-key [keyID or name]
Command> passwd
Enter passphrase:
Enter the new passphrase for this secret key.
Enter passphrase:
Repeat passphrase:
Command> save

Now export the private key from the Ubuntu version of GPG and import it back into GPG4USB. Once that is done, there is the little matter of the two copies of your secret key on the hard disk. Use shred -fuv filename1, shred -fuv filename2 to overwrite them. That's it.
Title: Re: Pine - AMA
Post by: TR0N on April 16, 2013, 02:21 am
Wow. pine, you are pretty 1337. First of all, thanks. And thanks for responding to my PGP message. I can't decrpyt it because I lost the private part of the public key I sent you with a usb drive reformat, but I got a new key and did get it figured out! I have a couple n00b musings for you.

a) I'm wondering about Liberte. I've setup a bootable flash drive and it seems pretty sweet but there's not a lot of good info on it. I like how everything is pre-configured (I'm a n00b), built in Tor, PGP etc., but is it safe?

b) Wondering how to stay anonymous while dealing with a clearnet BTC vendor without getting flagged. In the other thread you linked you mentioned it was easy once you know how ... can you provide / link to this info?

And again, thanks!
Title: Re: Pine - AMA
Post by: NorthWoods on April 16, 2013, 04:58 am
1) What do you recommend for removing meta data from pictures? I tried JPEg scrubber, but now it's asking me for a product key....

2) Is there a bitcoin wallet that is better than the others? I have Bitcoin Qt and MultiBit. Are they really safe? I've heard stories about missing bitcoins, that makes me nervous.

For your 1st question:

If you're talking about using pictures such as the avatars we have here on SRF, or non-drug-related pictures you wish to upload from your machine and have available to Tor users to look at, then I recommend using ExifTool. It is a powerful command line program, so you'll need to be comfortable with opening a command line/terminal window and following instructions. It's not difficult, just intimidating for newbies, but it's powerful, flexible and free.


If we are talking about photos for use on SR accounts e.g. pictures of product and so forth, then you need to purchase a new camera with cash anonymously, and *only* use it for this purpose. If you have multiple accounts or several nyms across Darknet markets you'll have to think about this a lot, otherwise you may be linkable.

This is because the FBI can detect whether a picture on Facebook was taken with the same camera used to take a photo of product for SR.

Digital photos contain tiny imperfections that are invisible to the naked eye, which correspond to certain cameras. This is sufficiently unique to create a unique fingerprint for every camera in the world. So if you use the camera for Flickr, Facebook, and then on SR, it is possible for LE agents to link the two and so find out your identity. It is almost certainly the case that for Facebook in particular, algorithms are run to establish camera fingerprints for all accounts as a method of intercepting child pornographers, but I expect the technology to generalize over time as a deanonymizing technique. If you have been using your normal digital camera to take photos of product, stop this practice immediately.

It has to be understood that LE agents have very little to go on. They are certain to develop new techniques to perfect fingerprinting technologies as a result.

Obviously you should use ExifTool on any photos taken with this too. You want a dumb digital camera, no geotag bullshit like a camera phone tends to do. Definitely avoid any Apple related product here. This is a good general rule for protecting your anonymity. The people who invent those products don't believe you have a right to anonymity no matter how much you pay, it's a culture thing. If you were a solider or intelligence officer you'd want to be using Apple products like you want a hole in the head. It is that bad, I can't even begin to elaborate on how fucked up it is.



Wow. Thank you. I am now thoroughly freaked out. Lol
I was originally just wondering how to get the gps info off the picture but thank you for letting me know that I have so much more to be worried about.

Title: Re: Pine - AMA
Post by: KarmaKoolAid on April 16, 2013, 05:08 am

Wondering how to stay anonymous while dealing with a clearnet BTC vendor without getting flagged. In the other thread you linked you mentioned it was easy once you know how ... can you provide / link to this info?



This is a great question. After hearing about the Silk Road it was incredibly easy to get on and to learn how to get simple programs for PGP running, but this has been by far the hardest part for me and very few people are giving any advice about how to quire bitcoins safely and securely. It also doesn't help that there are a million different potential methods to use and plenty of people acquiring bitcoins for other uses
Title: Re: Pine - AMA
Post by: Miss Sexy Boots on April 16, 2013, 08:41 am
Dear Pine,

A few questions if you have the time:

1/ Is it safe to run uTorrent (downloading a torrent from say Pirate Bay via my legit wifi) at the same time as using my TORBROWSER searching and accessing SRF (for example)?

2/ Is it a smart move to randomly hit the "USE NEW IDENTITY" button on Vidalia? (From time to time)... Im a tad OCD so I do not want to unnecessarily keep hitting this button as it may 'single me from the heard'.

3/ Clearly we should not bring our Smart Phones/ iPhones when we are picking up from the drop (Because of both GPS and Cellular Tower Triangulation etc) but if the Smart Phone was on 'AIRPLANE' mode - would that sufficiently hide the location of the phone from spying eyes?

4/ When are invisibility jump suits coming on the market on SR? :)

Cheers,

MSB
Title: Re: Pine - AMA
Post by: StrangeHuman on April 17, 2013, 01:24 am
It appears that your PGP key lacks an encryption subkey. You need to make a new PGP key that includes one, then I'll send you a test message. I think maybe you got halfway through making a PGP key on the command line, it's unusual to see this with one made via the GUI. Whatever the case, just make a new one and get back to me. Thanks.

Thank you for your reply, lacks an encryption subkey hey? To make a new PGP should I delete my old one and just make a new one? Do I have to actually make the PGP key because I thought it was just automatically generated by the program. Sorry about the noob questions but I suppose that is what this thread is for.

UPDATE: It seems the messages I sent out yesterday where received and replied to and I had no trouble reading the replies, it is safe to just keep doing what I am doing? Or will my lack of subkey compromise my security in some way?
Title: Re: Pine - AMA
Post by: Hippy Tribe Chief on April 17, 2013, 01:38 am
Vendor, cash out..

Yea so i'm going to start vending. How do i cash out?

In the short term, how do i cash out properly and quickly while keeping business moving. I gotta pay bills.. but it might look kinda weird paying my electric bill with virtual credit card numbers..  and down the line doing shit like that may catch me a rico case.
Title: Re: Pine - AMA
Post by: seatturtle on April 17, 2013, 08:29 am
Pine, you RULE. Your posts and threads are by far some of the most helpful in the forums. A few months ago, getting into tor and sr, I had no idea that in a way i was kind of in the very beginning stages of bootcamp for the future-wars. I've become obsessed with internet privacy and security, encryption, and the cypherpunk movement. and the more i pay attention, the more it seems like a battlefield (Obama signed the new cispa into act today, which prevents many mainstream tech firms from promising you privacy from legal inquiry at all) All of the security lessons were learning from tor have immense applications for the future, that none of us can probably yet fully appreciate.

As per your advice from another thread, I am running tails from a live dvd, which are write-free, correct? I have attempted many times to run from live-usb (used the tails usb installer to clone), only to find out that my computer model is on the "known bugs" list for have a bios that cannot detect the live-usb partition. Is there anyway I can save data to the tails dvd, or am i out of luck..? I also have another computer with a fresh harddrive, but it also doesnt detect the usb. It also doesnt shut down tails DVD correctly (no data wipe, and no dvd eject) which sucks because I have no personal info on that computer at all and i really wanted to use that for tor stuff. Otherwise, I have FDE with truecrypt and a very strong password for the bootloader for my main laptop/OS along with more sensitive stuff in hidden volumes. any tips on how i might get the usb working for my other computer? Im going to scour the tails forums too...

What are your thoughts on tor bridges? I've been using the ones provided by torproject to keep my ISP from seeing that I use tor, but since my tails dvd is write free as far as i can tell, everytime i use it my ISP can see for a bit that i connected to tor before i configure the bridges. I also wonder how safe using some of these bridges are, could they be compromised, and if so can they learn anything about me when i use their bridge? my noscript is always set to block global scripts too, i don't know if that improves my situation..n00b city here :)

If you use tails, do you use any methods of extra encryption you'd want to share if its not too much trouble? Does tails do a good job of encrypting everything already?

I use a clearnet platform to buy btc, but i use moneyorders with anon names and addresses to buy and send them to multiple wallets/addresses that i only access with tor and a VPN before they go to sr,,,just as an extra precaution.
thanks so much for hosting this forum. I'm excited to do your pgp tutorials! LONG LIVE THE DEEPWEB AND ANONMARKETS!!
Title: Re: Pine - AMA
Post by: moksha on April 17, 2013, 08:36 am
What do you think bitcoin will be priced in 5-10 years, if at all you think it'll succeed\ for that long?

AND ARE YOU THE REAL PINE?!??!

( I'm kidding :P )
Title: Re: Pine - AMA
Post by: Mike Hunt on April 17, 2013, 09:39 am
What do you think bitcoin will be priced in 5-10 years, if at all you think it'll succeed\ for that long?

AND ARE YOU THE REAL PINE?!??!

( I'm kidding :P )

+1 moksha I would like to hear Pine's answer on that one and also How long til the 21 million bit coins are produced and does the progam just come to a halt or does it trigger world war three
Title: Re: Pine - AMA
Post by: Countdown2013 on April 17, 2013, 10:06 am
Hello Pine, Liberte vs Tails whats your preference if you had to use one?

I run tails and it seems really great , a few problems along the way with storing data as it automatically wipes but all sorted now!

I think someone asked a similar question earlier but any advice/tips on making tails safer?
Title: Re: Pine - AMA
Post by: Slacka on April 17, 2013, 09:04 pm
Okay, Pine. I seem to have hit the wall, novice that I am.

I can get my private key exported to my GPG folder, however, when I enter the following command:
gpg --edit-key [keyID or name]   ... and replace keyID with what looks like a keyID (16 alphanumberic) from the exported key, I just get three lines showing GPG4USB version, etc. It does not indicate that it ran.

Then when I enter 'passwd', it indicates I will be changing my unix user password.
Then is as far as I've gotten.

Thanks again, for your help.