Silk Road forums
Discussion => Security => Topic started by: numbferret on November 25, 2012, 03:04 am
-
Hi, guys
I'm pretty new to SR and the whole security aspect of everything, but I'd like to know whether there is something else I should add to my "security setup". Here is what I have so far:
Everything below is stored on a non-system TrueCrypt-encrypted disk where applicable.
* PortablePGP with a strong password
* Tor Browser Bundle for any and all browsing needs where I need to be anonymous
* KeePass for any login information, with strong passwords
* TorMail
* BitCoin wallets with strong passwords
Any ideas what I could do to improve my security?
-
Hi, guys
I'm pretty new to SR and the whole security aspect of everything, but I'd like to know whether there is something else I should add to my "security setup". Here is what I have so far:
Everything below is stored on a non-system TrueCrypt-encrypted disk where applicable.
* PortablePGP with a strong password
* Tor Browser Bundle for any and all browsing needs where I need to be anonymous
* KeePass for any login information, with strong passwords
* TorMail
* BitCoin wallets with strong passwords
Any ideas what I could do to improve my security?
What do you mean non system encrypted disk?
Everything should be encrypted
-
Hi, guys
I'm pretty new to SR and the whole security aspect of everything, but I'd like to know whether there is something else I should add to my "security setup". Here is what I have so far:
Everything below is stored on a non-system TrueCrypt-encrypted disk where applicable.
* PortablePGP with a strong password
* Tor Browser Bundle for any and all browsing needs where I need to be anonymous
* KeePass for any login information, with strong passwords
* TorMail
* BitCoin wallets with strong passwords
Any ideas what I could do to improve my security?
What do you mean non system encrypted disk?
Everything should be encrypted
What I mean is that the system disk is not encrypted. Why should the system disk be encrypted if I don't store any illicit information on it?
EDIT: To clarify, by system disk I mean the OS disk. I have several disks.
-
Because your o/s does stuff like backing up everything to system restore, swap, memory other things. Windows paging files, you name it, it stores it regardless if you keep it on a separate disk
Encrypt everything, if not use a live CD and keep everything on an encrypted drive for retrieval through the CD who's sole function is storing data (no o/s)
-
Because your o/s does stuff like backing up everything to system restore, swap, memory other things. Windows paging files, you name it, it stores it regardless if you keep it on a separate disk
Encrypt everything, if not use a live CD and keep everything on an encrypted drive for retrieval through the CD who's sole function is storing data (no o/s)
I use an SSD for the OS, which is why I'm reluctant to encrypting it. I guess I'll have to go for a USB with Linux on it. Cheers, mate.
-
The bitcoin-qt client should allow you to use a SOCKS proxy (tor) to connect to the bitcoin network. I believe the network (or at least blockchain.info) keeps track of the IP addresses that transactions were propagated from. Anyone who sends bitcoins will have their IP logged.
Keepass is a fine tool for password management and I use it wherever possible (even with usernames :P).
-
I've been thinking about a maximum paranoia situation for a while. For a completely secure OS you'd need to make sure that even if an attacker did get into your system they couldn't figure out anything about you (like get access to WiFi), so Linux on a read-only filesystem inside a virtual machine would be a good idea. However, you'd really want your OS to be up-to-date or running a shit browser with minimal moving parts. There must be some compromise here, not sure what the answer is.
Also you don't want your system to ever write the machine's disk, so even your VM needs to run on a machine with no swap. You wouldn't want any evidence that your system even exists and you'd want it to be hidden. The smallest devices are flash memory, but deniable encryption isn't secure on flash memory because of wear-levelling, plus TrueCrypt doesn't support a Linux hidden operating system.
So I guess the best option at present is to have a micro-sd card with, say, Damn Small Linux, KeePass, TOR, KVM, Bitcoin, no swap and /tmp in RAM. Then create a VM with a read-only filesystem containing nothing but a secure browser, which you then access via ssh -X or (more awkwardly but less surface area) X over VNC. For bonus security you could recompile the host OS's kernel so it can't access any local drives other than the SD card!
In this case LE would have to catch you with the micro SD card to prove you were even on TOR, and force you to hand over your KeePass keys to get access to anything to do with The Silk Road. A remote hacker would have to break out of both the browser and the VM while you were logged in.
If anyone can improve on this I'm all ears!
-
Just curious, what are the dangers in using Tor or GPA on Windows rather than keeping it on a liveUSB or LiveCD?
As a buyer, virtually none. Unless you're buying so much they mistake you for a seller, they won't care enough to pay a serious forensic consultant to rip your hard disk apart looking for information.
As a seller, it's probably best to assume they will do that if they get you. Unless they catch you with your stash and lots of little bags, or you plead guilty, they'll probably want the extra nail in your coffin for court evidence.
If your question is "what can they get," well... everything. Operating systems are massive, massive programs. They do all kinds of stuff that even the people who write them forget about sometimes. There's tons of places they could get information from. Swap space can store some or all of what's in the computer's main memory, depending on what's happening on your computer at the time. Anything you see on your screen is or was in the main memory. That right there could be awfully bad.
-
Well, if I'm using Tor to browse. Bitcoins thru zipzap. Trusted vendors. I even have peerblock installed if that helps security wise at all. and GPA encryption, I should be safe right? I fear that receiving too many packages from "drug sourced" areas could lead me to trouble. Although all have arrived safe and sound so far. Just a paranoid newbie. Thank you SelfSovereignty for the reply!
Total transactions: 19
Total spent: $3926.21
Refund rate: 0%
Auto-finalize rate: 0%
Member for: 4 months
It still would be best to either A) encrypt the living crap out of your primary drive or B) (the most recomended) use a live cd off of a laptop with the HD removed. This way no matter the feds through at you, your set.
-
Well, sure, it would be "best" to encrypt fucking everything. It would be best to never ever talk to anybody around here and just make your orders, too, but... I dunno, c'mon. It gets kinda lonely sometimes, ya know? :P
The lowest possible estimate of how many packages make it through to their destination w/o any trouble or interception is 96.1%. The remaining percentage is made up of interceptions and scams (vendor never sent, or buyer claims he never received) in unknown proportions. So it's entirely possible that 99% of all packages get through to their destination.
You're fine man. Just stick to reputable vendors who stealth their stuff, and it's all good. Always be careful though: I once had a package arrive ripped wide open with the contents in a plastic "we're sorry this accident happened, we try very hard at USPS, blah-blah-blah..." bag. If the vendor hadn't stealthed his stuff, I'd be in jail for possession of methamphetamine. That's why stealth is important. If a cop himself couldn't open the package and see nothing to bust me for immediately, I do not order from that vendor. But that's just me.