Silk Road forums
Discussion => Newbie discussion => Topic started by: brutusk on February 04, 2013, 10:54 am
-
I want to address a few issues that have come up with several vendors after the recent surge of new buyers. SR isn't a game. You need to keep yourselves safe. Unfortunately, a lot of new buyers have a false sense of security because of the reputation SR has for being "anonymous." It is only as anonymous as you make it. Anonymity is not automatic here. Everytime you make a transaction on the road you are, very briefly, giving up your anonymity.
If you have gone to all the trouble to figure out how to get to SR, read through the forums and figured out how to make a transaction, why would you throw all that out the window by skipping a few very obvious and highly recommended steps?
DO NOT CUT CORNERS. YOUR FREEDOM AND SAFETY IS AT RISK.
A huge number of new buyers skip a few very basic steps to protect themselves and their vendors. I have outlined a few things below that you really MUST do to keep yourselves safe.
1. When you choose your SR username, pick something random and unrelated to you that will return many pages of results if googled. For christ's sake, PLEASE do not choose a username that is a derivative of your real name!
EXAMPLE:
If your name is Mark Smith, do not use Msmith90 or anything else with your real name in it.
Use a movie or book title, a character from a film, anything, it isn't that hard to think of something that isn't your real name. The more unique your SR username, the easier it is to tie your real life name to your SR persona. You do not want unique, you want generic.
2. PLEASE FOR THE LOVE OF GOD LEARN HOW TO USE PGP!!!
You have figured out TOR, you have figured out SR, you have even figured out Bitcoin...but PGP is too hard? Give me a break. It isn't hard. It's done with software. The software isn't hard to use. Many top vendors (myself included) require PGP for communication, and get tired of hearing buyers whine about how hard it is.
PGP protects you and your vendor. LE does not have the ability to break PGP encrypted messges. It has been noted numerous times in the forums that LE hates PGP for this reason. If you use PGP THEY CAN'T READ YOUR MESSAGES.
Let me say that again. IF YOU USE PGP LE CAN'T READ YOUR MESSAGES.
You will find an excellent, easy to follow PGP tutorial here that was written by a highly respected forum member:
http://32yehzkk7jflf6r2.onion/gpg4usb/
Now go buy yourself a cheap USB drive and learn how to use the software.
"But aren't our messages on SR safe because we are using TOR?"
NO!
Last summer DPR addressed this issue in the forums.
Private messages are stored on the SR server for four months, even when you use the DELETE option. This is done for technical reasons (he explained it very well, I'm not going to rehash it here. Use the search function to find the post). FOUR MONTHS. That means that if the servers fell into the wrong hands all the unencrypted, incriminating messages that msmith90 sent his weed dealer for the last four months are now exposed to whoever is controlling the server.
"Do I really need to encrypt my address since we're using TOR?"
YES!
The shipping info you put in the box IS deleted from the server when the order is confirmed. If the servers are ever compromised, who do you think LE is going to go after first? THE PEOPLE WHO HAVE THEIR MAILING ADDRESSES UNENCRYPTED AND ATTACHED TO A DRUG ORDER THAT HASN'T BEEN CONFIRMED BY THE VENDOR YET!
Do you really want to be the dude/dudette that got busted because you were too lazy to spend 15 minutes learning to use encryption? Is it worth going to prison over? Because that is the position you are putting yourself in. Prison. Because you didn't want to bother with PGP.
ENCRYPTION, PEOPLE--USE IT!
3. Now that you have learned how to use PGP, here are some tips:
-Do not use your real name or real life email address in the key. Use your SR username and a fake email address.
-If you set up your PGP key under a name OTHER THAN your SR username, make sure to let your vendor know this when you send them your PGP key.
EXAMPLE:
"Hi, here's my public key, it's listed under the name Hunter S. Thompson"
-When you give out your key, ONLY give out the PUBLIC key. The PRIVATE key stays on your computer. The software requires BOTH KEYS to decrypt messages. That is why PGP foils LE. NEVER SEND OUT YOUR PRIVATE KEY. EVER. If someone has both keys it is possible to hack your messages.
Repeat after me: I WILL NEVER GIVE OUT MY PRIVATE KEY.
To sum up:
1. Be anonymous
2. Learn PGP
3. Use PGP
4. Use PGP
5. Use PGP
Be safe, folks.
B.
-
8)
This was GREAT advice for anyone who takes the time read it and adhere to it.
-
Private key is passphrase or the fingerprind and other info?
-
Good advice here. People, PGP is EASY to learn. A lot easier than I expected. So learn it! Like OP said, its vital to being fully anonymous.
-
Aside from the legal advice, I would also add the following for new buyers.
SR is giving you access to drugs you never had before. A lot of new buyers are new drug users or new to certain drugs.
1. If you're not sure of the source, test the drugs. It's cheap.
2. Dose low.. always dose low first. Work your way up slowly. Be careful of redosing dynamics.
3. Research - check erowid - read about the bad stuff as well as the good stuff.
4. Be prepared, water, setting, bedding, toilet, warmth .. whatever you think you need in case things go wrong.
5. If possible, have a drug buddy.
6. Be wary of new vendors and special deals.
7. Be conscious of addiction over time. Know your weaknesses and recognize them early.
There are more but I just had to blurt something out before we all focus on the law.
-
Good thinkin DrugBuddy. All good points especially no. 7. Being a recovering addict myself, I hate seeing recreational users develop addictions because they don't know exactly what they are getting into. Stay away from heroin! Its a beautiful sexy thing one day, then before you know it, that ugly bitch is ripping your heart out with her bare hands. Just my $0.02.
-
I want to address a few issues that have come up with several vendors after the recent surge of new buyers. SR isn't a game. You need to keep yourselves safe. Unfortunately, a lot of new buyers have a false sense of security because of the reputation SR has for being "anonymous." It is only as anonymous as you make it. Anonymity is not automatic here. Everytime you make a transaction on the road you are, very briefly, giving up your anonymity.
If you have gone to all the trouble to figure out how to get to SR, read through the forums and figured out how to make a transaction, why would you throw all that out the window by skipping a few very obvious and highly recommended steps?
DO NOT CUT CORNERS. YOUR FREEDOM AND SAFETY IS AT RISK.
A huge number of new buyers skip a few very basic steps to protect themselves and their vendors. I have outlined a few things below that you really MUST do to keep yourselves safe.
1. When you choose your SR username, pick something random and unrelated to you that will return many pages of results if googled. For christ's sake, PLEASE do not choose a username that is a derivative of your real name!
EXAMPLE:
If your name is Mark Smith, do not use Msmith90 or anything else with your real name in it.
Use a movie or book title, a character from a film, anything, it isn't that hard to think of something that isn't your real name. The more unique your SR username, the easier it is to tie your real life name to your SR persona. You do not want unique, you want generic.
2. PLEASE FOR THE LOVE OF GOD LEARN HOW TO USE PGP!!!
You have figured out TOR, you have figured out SR, you have even figured out Bitcoin...but PGP is too hard? Give me a break. It isn't hard. It's done with software. The software isn't hard to use. Many top vendors (myself included) require PGP for communication, and get tired of hearing buyers whine about how hard it is.
PGP protects you and your vendor. LE does not have the ability to break PGP encrypted messges. It has been noted numerous times in the forums that LE hates PGP for this reason. If you use PGP THEY CAN'T READ YOUR MESSAGES.
Let me say that again. IF YOU USE PGP LE CAN'T READ YOUR MESSAGES.
You will find an excellent, easy to follow PGP tutorial here that was written by a highly respected forum member:
http://32yehzkk7jflf6r2.onion/gpg4usb/
Now go buy yourself a cheap USB drive and learn how to use the software.
"But aren't our messages on SR safe because we are using TOR?"
NO!
Last summer DPR addressed this issue in the forums.
Private messages are stored on the SR server for four months, even when you use the DELETE option. This is done for technical reasons (he explained it very well, I'm not going to rehash it here. Use the search function to find the post). FOUR MONTHS. That means that if the servers fell into the wrong hands all the unencrypted, incriminating messages that msmith90 sent his weed dealer for the last four months are now exposed to whoever is controlling the server.
"Do I really need to encrypt my address since we're using TOR?"
YES!
The shipping info you put in the box IS deleted from the server when the order is confirmed. If the servers are ever compromised, who do you think LE is going to go after first? THE PEOPLE WHO HAVE THEIR MAILING ADDRESSES UNENCRYPTED AND ATTACHED TO A DRUG ORDER THAT HASN'T BEEN CONFIRMED BY THE VENDOR YET!
Do you really want to be the dude/dudette that got busted because you were too lazy to spend 15 minutes learning to use encryption? Is it worth going to prison over? Because that is the position you are putting yourself in. Prison. Because you didn't want to bother with PGP.
ENCRYPTION, PEOPLE--USE IT!
3. Now that you have learned how to use PGP, here are some tips:
-Do not use your real name or real life email address in the key. Use your SR username and a fake email address.
-If you set up your PGP key under a name OTHER THAN your SR username, make sure to let your vendor know this when you send them your PGP key.
EXAMPLE:
"Hi, here's my public key, it's listed under the name Hunter S. Thompson"
-When you give out your key, ONLY give out the PUBLIC key. The PRIVATE key stays on your computer. The software requires BOTH KEYS to decrypt messages. That is why PGP foils LE. NEVER SEND OUT YOUR PRIVATE KEY. EVER. If someone has both keys it is possible to hack your messages.
Repeat after me: I WILL NEVER GIVE OUT MY PRIVATE KEY.
To sum up:
1. Be anonymous
2. Learn PGP
3. Use PGP
4. Use PGP
5. Use PGP
Be safe, folks.
B.
THIS ^^^^^^ x 10000000000!!!!!
PGP ALWAYS FOR IDENTIFIABLE INFO
-
thanks dmtrip. I hope you are ok.. especially here! Guessing you stay away from the H and dabble in a bit of the lighter stuff. Good that you can place those boundaries on your usage. It can run away easily.. especially with the SR grocery store.
-
great post!
-
thanks dmtrip. I hope you are ok.. especially here! Guessing you stay away from the H and dabble in a bit of the lighter stuff. Good that you can place those boundaries on your usage. It can run away easily.. especially with the SR grocery store.
Thank you. I've recently gotten things under control. On a strict suboxone program, so seeing all the opiates on here doesn't effect me like it would have previously. Which i am very happy about. I am now trying to stick to my second love when it comes to drugs. Psychedelics. :D Time to expand my mind instead of isolating it like i was doing when i was putting the needle in my arm.
-
thanks dmtrip. I hope you are ok.. especially here! Guessing you stay away from the H and dabble in a bit of the lighter stuff. Good that you can place those boundaries on your usage. It can run away easily.. especially with the SR grocery store.
Thank you. I've recently gotten things under control. On a strict suboxone program, so seeing all the opiates on here doesn't effect me like it would have previously. Which i am very happy about. I am now trying to stick to my second love when it comes to drugs. Psychedelics. :D Time to expand my mind instead of isolating it like i was doing when i was putting the needle in my arm.
Major props to you, stick with it.
I don't know how to put this... but I've personally known many H addicts/straight out junkies. (my town is full of the stuff) And I've seen what that stuff will devolve people to... prostitution, burglary, you name it. I think many dabbling with it don't understand the ugly side it will take them to; it's a shame. And the only one that can help them, is themselves... people like me trying to help only become enablers (I accept this as fact now). So whenever I hear of an addict turning around and getting clean like you, It's a really nice thing to hear.
Anyways, have you heard of Ibogaine?... ever try it? Looks very very promising for opiate addiction. If you haven't, just do a youtube search. I tried getting my addict friends to commit to trying it, but all in vain. They all were scared of an 18 hour trip, that and they never really wanted to quit. Sounds like you'd be more open minded to it.
-
@NickNack:
Thanks so much. Its been a hard, rocky road to recovery but I'm trying my damnedest. I know exactly what you're saying about the H turning people into something they never thought they'd be. My town is also in peril at this point. Every couple months they round up 15-20 dealers in drug busts, then the next round jump up and take over. But anywho, yes i have heard of ibogaine. And i'm very interested in trying it. I've done quite a bit of research and although it does sound quite unpleasant, if it really could cure my opiate addiction, i'm down for it. Absolutely.
-
Great advice here thanks for the tutorial, I recently learned PGP and can now send encrypted info its seemed confusing at first, but i just practiced encrypting and sending, then opening and i finally got the hang of it 8) and thanks to the others here offering other related advice!
-
@NickNack:
Thanks so much. Its been a hard, rocky road to recovery but I'm trying my damnedest. I know exactly what you're saying about the H turning people into something they never thought they'd be. My town is also in peril at this point. Every couple months they round up 15-20 dealers in drug busts, then the next round jump up and take over. But anywho, yes i have heard of ibogaine. And i'm very interested in trying it. I've done quite a bit of research and although it does sound quite unpleasant, if it really could cure my opiate addiction, i'm down for it. Absolutely.
If you ever do try the Ibogaine, I hope you post a thread afterwards... I'm sure many others could possibly benefit form reading it. I'm not even an H addict, and I was just thinking of trying it just to try it. I'll post a thread if I ever get around to doing it... sounds like it'd straighten out my life a bit.
Stay strong, man.
-
I will most def post a thread afterwards if I try the ibogaine. Thanks again for the support bro.
-
I am a new buyer on the road. And did find PGP a bit confusing at first but after a good bit of research got the hang of it and have used it ever since my first purchase.
I also use TOR from a live CD. Which would make it very hard for any scripts on the dark net to affect as there is no where for it to write to.
You have said something on this thread which has made me think.... my username (although not related to my real name) is very similar to the username i use on the normal internet. And I'm thinking it might be a good idea to start again with a new username. Obviously I will make no mention that my new one is connected to this one or that would defeat the purpose.
I would however like some advise on the best way to cover my tracks with bit coins. Say for example i use the Blochain pingit method to get my bitcoins what is the best way for me to get them to silkroad with out leaving a trail that connects them to me? I currently pass them between many blockchain wallets and then eventually i send them to bitfog where i go straight from there to silk road. Is this safe enough or is there a better way i can do it?
-
As a newbie, I really appreciate this post. Learning PGP will be an essential early step.
-
Good job on this guide. PGP is always a must when it comes to sensitive information on the deep web.
Before accessing the deep web I always set my VPN to a different country, and then use TOR on top of that/
-
Thanks to the other posters for the great additional input...keep it coming so this thread stays easy to find for other newbies.
-
NEVER FE!!!!
-
I have a question about the cops and PGP...what's to say they can't learn to use the software and then use other 'legalities' to get you to reveal your keys, etc.? Just wondering. I use it myself but was just curious.
Also, I think I am missing an obvious point when asking this question.
-
Don't save TOR or PGP on your computer :)
-
PGP is very easy to use - if I'm using a PC. All of the user-friendly PGP software is written for Windows. I'm running a MacBook, obviously using Apple's OS, and it's very difficult to set up PGP on this thing. I can figure out how to encrypt messages, but can only decrypt text if it's sent to me as an ASC file, which is the only format I'm able to encrypt information to. One time I successfully decrypted a message, but I have not been able to replicate those efforts on that message or any other. I can't find anything with a clipboard program that would make it easy to import keys and decrypt messages. If anyone can make this easy for me, it'd be greatly appreciated.
-
I have a question about the cops and PGP...what's to say they can't learn to use the software and then use other 'legalities' to get you to reveal your keys, etc.? Just wondering. I use it myself but was just curious.
Also, I think I am missing an obvious point when asking this question.
********I AM NOT A LAWYER********
However, my understanding is that they can force you to turn over your pw, etc., with a subpoena or court order. They need both keys as well as your passphrase to decrypt the messages. If you are using PGP software on a removable drive they can only decrypt your messages if they have access to that drive and your password AS LONG AS YOU HAVE NOT GIVEN OUT YOUR PRIVATE KEY.
In order to decrypt your messages, your PUBLIC key, your PRIVATE key and your PASSPHRASE is needed. If they don't have the drive, or they only have two of the three, they can't decrypt even if you do give them the pw, and they know it.
When in doubt destroy the drive. AND NEVER GIVE OUT YOUR PRIVATE KEY.
*******************************************************************************************
Someone please correct me if I am wrong about this ^^^^^
-
Your post pretty much summed up my experience.
Stumbled on to Silk Road
Got Tor working
Got the bitcoin thing square
Did not feel like jumping the PGP hurdle
I even saw one vendor that said they were no longer using PGP and I though about just buying from him.
I am glad I poked around on the forums a bit more.
Now I have PGP covered as well.
Thanks for the thread the title caught this noob
-
looks like im going to learn P2P.. hope i get it thanks btw
-
I have a question about the cops and PGP...what's to say they can't learn to use the software and then use other 'legalities' to get you to reveal your keys, etc.? Just wondering. I use it myself but was just curious.
Also, I think I am missing an obvious point when asking this question.
Do not save anything on your computer unless you encrypt it. If you want to keep stuff on your computer download trucrypt and create an encrypted partition on your hard drive with an outer and hidden inner partition. Then if you are 'forced' to give up a password you can give up the password to the outer volume, you need to make sure you save some innocuous stuff in the outer when you create it though, adding files later can corrupt the hidden inner partition.
I run TOR from a USB that I never leave in my house, I also run an encrypted linux window for extra security that needs to be mounted via trucrypt.
ENCRYPTION IS YOUR FRIEND!! LEARN ABOUT IT!!!
-
ENCRYPTION IS YOUR FRIEND!! LEARN ABOUT IT!!!
YES. Thank you.
-
don't get scammed
-
I would however like some advise on the best way to cover my tracks with bit coins. Say for example i use the Blochain pingit method to get my bitcoins what is the best way for me to get them to silkroad with out leaving a trail that connects them to me? I currently pass them between many blockchain wallets and then eventually i send them to bitfog where i go straight from there to silk road. Is this safe enough or is there a better way i can do it?
use a tumbling service, there are a few mentioned in the Security forum. Also, I believe Blockchain offers an anonymous transfer method for a small fee that does the same thing.
-
and don't get arrested
-
I'm sorry brutusk
-
Would you advise getting a P.O. Box? Is there even a point since you have to show 2 forms of ID to get one.
-
Great info for new buyers. There are a lot of questions in this section that are answered here already. Maybe help topics should be pinned?
-
Would you advise getting a P.O. Box? Is there even a point since you have to show 2 forms of ID to get one.
That's up to you, do you feel safe having packages delivered to your house? If not get a PO box or PMB
-
I have a question about the cops and PGP...what's to say they can't learn to use the software and then use other 'legalities' to get you to reveal your keys, etc.? Just wondering. I use it myself but was just curious.
Also, I think I am missing an obvious point when asking this question.
********I AM NOT A LAWYER********
However, my understanding is that they can force you to turn over your pw, etc., with a subpoena or court order. They need both keys as well as your passphrase to decrypt the messages. If you are using PGP software on a removable drive they can only decrypt your messages if they have access to that drive and your password AS LONG AS YOU HAVE NOT GIVEN OUT YOUR PRIVATE KEY.
In order to decrypt your messages, your PUBLIC key, your PRIVATE key and your PASSPHRASE is needed. If they don't have the drive, or they only have two of the three, they can't decrypt even if you do give them the pw, and they know it.
When in doubt destroy the drive. AND NEVER GIVE OUT YOUR PRIVATE KEY.
*******************************************************************************************
Someone please correct me if I am wrong about this ^^^^^
Hey thanks for answering my question, that makes sense and clarifies. I too am running PGP on a mac, I delete any and all keys after communication is done and since I don't have an external drive yet, I will just delete the program (AppCleaner) if I feel the least bit suspicious.
-
I'm sorry brutusk
don't worry about it
-
Private key is passphrase or the fingerprind and other info?
When you export your key, you have the option of exporting the public key, or both the public and private keys (verbiage varies depending on the software you are using). If you want to give out your key so someone can send you encrypted messages, you only export the public key.
The passphrase is what you enter at the time you decrypt the message. It simply unlocks the code, so to speak. It is separate from the keys.
-
great post!
-
I want to address a few issues that have come up with several vendors after the recent surge of new buyers. SR isn't a game. You need to keep yourselves safe. Unfortunately, a lot of new buyers have a false sense of security because of the reputation SR has for being "anonymous." It is only as anonymous as you make it. Anonymity is not automatic here. Everytime you make a transaction on the road you are, very briefly, giving up your anonymity.
If you have gone to all the trouble to figure out how to get to SR, read through the forums and figured out how to make a transaction, why would you throw all that out the window by skipping a few very obvious and highly recommended steps?
DO NOT CUT CORNERS. YOUR FREEDOM AND SAFETY IS AT RISK.
A huge number of new buyers skip a few very basic steps to protect themselves and their vendors. I have outlined a few things below that you really MUST do to keep yourselves safe.
1. When you choose your SR username, pick something random and unrelated to you that will return many pages of results if googled. For christ's sake, PLEASE do not choose a username that is a derivative of your real name!
EXAMPLE:
If your name is Mark Smith, do not use Msmith90 or anything else with your real name in it.
Use a movie or book title, a character from a film, anything, it isn't that hard to think of something that isn't your real name. The more unique your SR username, the easier it is to tie your real life name to your SR persona. You do not want unique, you want generic.
2. PLEASE FOR THE LOVE OF GOD LEARN HOW TO USE PGP!!!
You have figured out TOR, you have figured out SR, you have even figured out Bitcoin...but PGP is too hard? Give me a break. It isn't hard. It's done with software. The software isn't hard to use. Many top vendors (myself included) require PGP for communication, and get tired of hearing buyers whine about how hard it is.
PGP protects you and your vendor. LE does not have the ability to break PGP encrypted messges. It has been noted numerous times in the forums that LE hates PGP for this reason. If you use PGP THEY CAN'T READ YOUR MESSAGES.
Let me say that again. IF YOU USE PGP LE CAN'T READ YOUR MESSAGES.
You will find an excellent, easy to follow PGP tutorial here that was written by a highly respected forum member:
http://32yehzkk7jflf6r2.onion/gpg4usb/
Now go buy yourself a cheap USB drive and learn how to use the software.
"But aren't our messages on SR safe because we are using TOR?"
NO!
Last summer DPR addressed this issue in the forums.
Private messages are stored on the SR server for four months, even when you use the DELETE option. This is done for technical reasons (he explained it very well, I'm not going to rehash it here. Use the search function to find the post). FOUR MONTHS. That means that if the servers fell into the wrong hands all the unencrypted, incriminating messages that msmith90 sent his weed dealer for the last four months are now exposed to whoever is controlling the server.
"Do I really need to encrypt my address since we're using TOR?"
YES!
The shipping info you put in the box IS deleted from the server when the order is confirmed. If the servers are ever compromised, who do you think LE is going to go after first? THE PEOPLE WHO HAVE THEIR MAILING ADDRESSES UNENCRYPTED AND ATTACHED TO A DRUG ORDER THAT HASN'T BEEN CONFIRMED BY THE VENDOR YET!
Do you really want to be the dude/dudette that got busted because you were too lazy to spend 15 minutes learning to use encryption? Is it worth going to prison over? Because that is the position you are putting yourself in. Prison. Because you didn't want to bother with PGP.
ENCRYPTION, PEOPLE--USE IT!
3. Now that you have learned how to use PGP, here are some tips:
-Do not use your real name or real life email address in the key. Use your SR username and a fake email address.
-If you set up your PGP key under a name OTHER THAN your SR username, make sure to let your vendor know this when you send them your PGP key.
EXAMPLE:
"Hi, here's my public key, it's listed under the name Hunter S. Thompson"
-When you give out your key, ONLY give out the PUBLIC key. The PRIVATE key stays on your computer. The software requires BOTH KEYS to decrypt messages. That is why PGP foils LE. NEVER SEND OUT YOUR PRIVATE KEY. EVER. If someone has both keys it is possible to hack your messages.
Repeat after me: I WILL NEVER GIVE OUT MY PRIVATE KEY.
To sum up:
1. Be anonymous
2. Learn PGP
3. Use PGP
4. Use PGP
5. Use PGP
Be safe, folks.
B.
Motherfucking AMEN!
Posts like this one are so refreshing, & so inexplicably important.
I mean, come on, guys, this is your freedom we're talking about... Do you really want to half-ass anything that could very realistically potentially land you jail time?
As a seller, I know that the majority of buyers do NOT encrypt their mailing address, or even use privnote.com. I'm just... eternally speechless over that.
Oh, yeah, &, one more tip for new buyers I think is worthy of mention here: DO NOT GO OUTSIDE ESCROW; DO NOT FINALIZE EARLY.
-
Great thread, very informative. Thanks.
-
I want to address a few issues that have come up with several vendors after the recent surge of new buyers. SR isn't a game. You need to keep yourselves safe. Unfortunately, a lot of new buyers have a false sense of security because of the reputation SR has for being "anonymous." It is only as anonymous as you make it. Anonymity is not automatic here. Everytime you make a transaction on the road you are, very briefly, giving up your anonymity.
If you have gone to all the trouble to figure out how to get to SR, read through the forums and figured out how to make a transaction, why would you throw all that out the window by skipping a few very obvious and highly recommended steps?
DO NOT CUT CORNERS. YOUR FREEDOM AND SAFETY IS AT RISK.
A huge number of new buyers skip a few very basic steps to protect themselves and their vendors. I have outlined a few things below that you really MUST do to keep yourselves safe.
1. When you choose your SR username, pick something random and unrelated to you that will return many pages of results if googled. For christ's sake, PLEASE do not choose a username that is a derivative of your real name!
EXAMPLE:
If your name is Mark Smith, do not use Msmith90 or anything else with your real name in it.
Use a movie or book title, a character from a film, anything, it isn't that hard to think of something that isn't your real name. The more unique your SR username, the easier it is to tie your real life name to your SR persona. You do not want unique, you want generic.
2. PLEASE FOR THE LOVE OF GOD LEARN HOW TO USE PGP!!!
You have figured out TOR, you have figured out SR, you have even figured out Bitcoin...but PGP is too hard? Give me a break. It isn't hard. It's done with software. The software isn't hard to use. Many top vendors (myself included) require PGP for communication, and get tired of hearing buyers whine about how hard it is.
PGP protects you and your vendor. LE does not have the ability to break PGP encrypted messges. It has been noted numerous times in the forums that LE hates PGP for this reason. If you use PGP THEY CAN'T READ YOUR MESSAGES.
Let me say that again. IF YOU USE PGP LE CAN'T READ YOUR MESSAGES.
You will find an excellent, easy to follow PGP tutorial here that was written by a highly respected forum member:
http://32yehzkk7jflf6r2.onion/gpg4usb/
Now go buy yourself a cheap USB drive and learn how to use the software.
"But aren't our messages on SR safe because we are using TOR?"
NO!
Last summer DPR addressed this issue in the forums.
Private messages are stored on the SR server for four months, even when you use the DELETE option. This is done for technical reasons (he explained it very well, I'm not going to rehash it here. Use the search function to find the post). FOUR MONTHS. That means that if the servers fell into the wrong hands all the unencrypted, incriminating messages that msmith90 sent his weed dealer for the last four months are now exposed to whoever is controlling the server.
"Do I really need to encrypt my address since we're using TOR?"
YES!
The shipping info you put in the box IS deleted from the server when the order is confirmed. If the servers are ever compromised, who do you think LE is going to go after first? THE PEOPLE WHO HAVE THEIR MAILING ADDRESSES UNENCRYPTED AND ATTACHED TO A DRUG ORDER THAT HASN'T BEEN CONFIRMED BY THE VENDOR YET!
Do you really want to be the dude/dudette that got busted because you were too lazy to spend 15 minutes learning to use encryption? Is it worth going to prison over? Because that is the position you are putting yourself in. Prison. Because you didn't want to bother with PGP.
ENCRYPTION, PEOPLE--USE IT!
3. Now that you have learned how to use PGP, here are some tips:
-Do not use your real name or real life email address in the key. Use your SR username and a fake email address.
-If you set up your PGP key under a name OTHER THAN your SR username, make sure to let your vendor know this when you send them your PGP key.
EXAMPLE:
"Hi, here's my public key, it's listed under the name Hunter S. Thompson"
-When you give out your key, ONLY give out the PUBLIC key. The PRIVATE key stays on your computer. The software requires BOTH KEYS to decrypt messages. That is why PGP foils LE. NEVER SEND OUT YOUR PRIVATE KEY. EVER. If someone has both keys it is possible to hack your messages.
Repeat after me: I WILL NEVER GIVE OUT MY PRIVATE KEY.
To sum up:
1. Be anonymous
2. Learn PGP
3. Use PGP
4. Use PGP
5. Use PGP
Be safe, folks.
B.
Brutusk, do you need an actual fake email to put in, or can you just make one up?
Thank you for your post, I really appreciate it. Should be stickied or added to sticky info. I don't think a lot of new buyers realize this I am learning to use PGP but I didn't understand how unsecure the SR messaging system is. Will be making all my orders here on out through PGP.
-
thankns
-
I use Tails along with a persistent volume that has a .txt file of everything I need to operate on the SR, my BTC wallet access, and PGP keys.
This persistent volume is protected by what I believe is a strong password.
Is there a point for using TrueCrypt to encrypt my persistent volume even further? Or is this as safe as I am going to get? (Besides keeping my Tails OS on one USB key and my 'password' USB key on a TrueCrypt USB.
-
never FE, ever
-
Brutusk, do you need an actual fake email to put in, or can you just make one up?
You can just make something up, fake@fakeemail.com works just fine
-
^^giving this thread a bump so it doesn't get lost ;)
-
Damn straight- doing things casually, sloppily, carelessly will come back n bite you in the ass.
the name thing i think might be alittle overboard, it isnt going to matter what you call yourself , if your busted, your busted. doesnt matter if you call yourself Obama or Osama at that point.
-
I have a question or maybe a few.
Okay, so I've been reading up on the PGP and have properly created my key, but have not yet used it. I fully agree, there is no excuse not to use PGP and I think its crucial to our individual protection. On any purchase from here on out I will be using it.
However, does anyone link the mail app or thunderbird to an e-mail address and use PGP? I'm under the impression that is not a good idea because it compromises your anonymity. Furthermore, the best way to obtain other users' keys is to copy and paste them from the SR correct? Do not import via server because again, you compromise anonymity.
So how exactly do you send a message to someone without using an e-mail client? I hope this question makes sense. To me, reading these guides online you're using your e-mail client as the 'vessel' to type the message. Then once you click the PGP and Signature option it sends the encrypted message to the recipient and you're done. If you're not using an e-mail client as your vessel, what do you use? There must be something I'm missing.
I understand that you can type a message and send it to anyone on the SR. A lot of the guides out there are more windows based and I've sort of avoided them. Maybe they can offer me some help though too.
ohm
-
ohholyme, all your questions can be answered by going on youtube and searching "Pgp encryption", the very first video is a guide on how to order off the silk road using pgp encryption. It is an extremely helpful video.
-
Thank You!