Silk Road forums
Discussion => Silk Road discussion => Topic started by: pine on May 23, 2013, 08:02 am
-
Crossposting here to give the concepts more currency than they're currently getting in the Newbie sub forum.
Original Post: http://dkn255hz262ypmii.onion/index.php?topic=159758.msg1128279#msg1128279
--
PGP Club Progress Report:
Everything is going very smoothly. People are really beginning to get their tradecraft together on SR. There are few networks with the same level of commitment to secrecy and anonymity, that shall pay a great dividend to us in the end. The permeable network is the platypus of the future.
--
That said, most of you could benefit from realizing a thing or two about PGP labeling, which is about linkability, read this carefully:
1. Using a different name (nym technically) for your PGP public key than your SR Forums username is not a good idea. People with large keychains aren't going to be able to find the right public key for you in a couple of months time because they'll simply forget the association unless they made a record of it originally.
In addition to this, this practice does not even remotely help your anonymity. These forums are page scraped by about a dozen LEO software agents every day, they can import all your public keys and make associations with your usernames since anybody who imports your PGP public key can see what PGP nym or label you've chosen, no brain surgery required.
If SR is hacked then they can also associate (from any PGP encrypted messages sent) the PGP public key keyID in use with the same username/nym you had on the forums. This is not best practice!
2. Using the same public key or username on SR as on SR Forums is idiocy pure and simple. You must become unlinkable. This is achieved by the simple expedient of using two different usernames and two different public keys. 1 nym/public key pair for SR, and the same for SR Forums. This way you are not linkable and you are not confusing anybody either.
3. Many vendors also use the same nym/public on these forums as they do on SR e.g. the Vendor Roundtable. This too is foolhardy. Do not copy this. Pine is right and they are wrong. It's of course one thing to have a SR vendor username on the forums with respect to their own feedback threads, but completely another to be socializing generally with the same nym.
I recommend that vendors deliberately play with different writing styles depending on which identity they're using. It doesn't require perfection and millions of hours of work, it just requires enough difference to throw off a full writeprint match. I am completely certain that LEO are building or have built sophisticated software for authorship recognition analysis. Fortunately, unlike PGP key labeling, this is a case in which obfuscation helps rather than hinders.
I shall quote Project PolyFront once again, to emphasize how the concept of anonymity truly works:
The literal definition of anonymity is a state of namelessness. A more technical definition of anonymity is the state of being indistinguishable from a given set size. As an example, imagine a closed communication interface with several hundred members. If all of the members use the name 'anonymous' to make their posts, they are indistinguishable from each other based on naming information (however, they may not be anonymous based off IP information). However, they are not indistinguishable from those who are not a part of the system. If two people have access to an anonymous suggestion box, any suggestion in the box may be anonymous but the set size is two. The higher your set size is, the more anonymous you are.
-- Project PolyFront
http://pz65gyca5nrafhrf.onion/PolyFront_2/polyfront.htm
Viva la Revolution!
-
You are one fine Pine.
Thanks for all that you do around here.
Our community is getting better thanks to people like you.
AD
-
Thank you!
+1
-
sub'd
-
Simply wanted to say thanks for the sage advice, Pine. This point, especially, makes so much sense.
2. Using the same public key or username on SR as on SR Forums is idiocy pure and simple. You must become unlinkable. This is achieved by the simple expedient of using two different usernames and two different public keys. 1 nym/public key pair for SR, and the same for SR Forums. This way you are not linkable and you are not confusing anybody either.