Silk Road forums
Discussion => Security => Topic started by: Olwyn on January 12, 2013, 03:22 am
-
Using a service such as moneygram/zipzap would be difficult for me. Because of this, I've been researching buying BTC using a direct bank account transfer. Using a service, such as coinbase, you can directly link your bank account and transfer funds from it to your coinbase wallet - while this is convenient, it obviously has the negative of your name being directly associated with the purchase of those coins - HOWEVER, purchasing coins is not illegal, and does not itself set off any red flags.
So my question is, is how risky is this? On the topic of Bitcoins, there seems to be a lot of misinformation and conflicting advice. If I purchase using my real name and bank account information, should I worry about my coins not being anonymous? And should I take precautions to make them anonymous? If I were to send the coins through several wallet services before submitting to my SR wallet, would that be enough?
-
To make a long story short: the coins can be traced. But bear in mind that in order for that to even matter, their ultimate destination has to first be directly proven to be "of interest." I mean the guy you give the coins to for drugs is going to cash out at some point, and how he does that is neither here nor there (infact I don't even know what the usual way is, frankly). But the coins will keep on circulating or just sit around in some speculator's wallet while the price goes up.
Either way, it's unlikely that as a buyer you need to worry about this. But your answer is that yes, your name and bank account are pretty much forever traceable.
-
Buying coins isn't illegal. Buying coins itself won't make you the target of an investigation.
If you are targeted for investigation, it won't be because they have analyzed the blockchain and discovered illicit transactions. Before they ever start looking at bitcoins, they will have a substantial case against you already.
-
Taking the two above posts into consideration, it sounds like going through the trouble of paying via cash deposit at a bank/walmart/cvs etc would just be extra work for a false sense of security then? Your coins may be 99% anonymous ( assuming you filled out the cash deposit with a false identity ), but in what situation would that even be beneficial? If you're under investigation, then it won't be due to your coins not being anonymous, and at the end of the day, why would they even care how you paid for it?
I'm going to hold off purchasing coins via direct account transfer for a bit longer just to see if any other advice rolls in. Right now, it's sounding like it would not be much of an issue for someone just looking to buy personal amounts of substances.
-
Exactly right. A lot of people use SR as their source and then resell locally though (which to me kind of seems like the backward thing to do... it's safer here, but whatever -- their life's their own). So if you only bother to measure your orders in kilos or pounds, and you really are somebody that's "of that level of interest," I'm sure it's just one more loose end that you don't need around. But I only buy personal amounts and don't sell -- still, that's how I see it anyway.
-
You guys are missing the fundamental linkability problem with addresses in the block chain. Consider this.
All LE has to do is create a buyer account and transfer 0.1 BTC to their address. Then they watch the block chain as the BTC are moved (always in 2 transactions, if you've ever watched it) to some other addresses, and then some others. Now they've identified addresses in the tumbler, which allows them to identify many more. Some of those addresses will be used to tumble coins from other SR accounts.
Theoretically, they could follow the trail backwards from coins entering the tumbler to the point of sale. That's why you want to anonymize your coins. Is it a real threat? No. I bet there are lots of people who never take the time to read these forums and improve their security, who transfer directly from an exchange to their SR address, and to my knowledge nobody has been busted. LE apparently doesn't have the time, resources, or inclination to go after low level buyers.
But keep in mind that those transactions are stored in the block chain forever, and you never know when LE might get the time, resources or inclination to follow the bitcoin trail back to an exchange that has your info.
-
How about Bitcoinfog? (http://fogcore5n3ov3tui.onion)
According to them:
Your Bitcoins are mixed in our internal pool with other users' Bitcoins and then get paid back to your new address or multiple addresses in a number of randomized amounts at randomized times, thus making it highly unlikely to trace the origin of your bitcoins and definitely making it impossible to prove.
We make your bitcoins truly anonymous!
The service currently only takes between 1% and 3% fee on all deposits. The fee is randomized for each deposit to further obscure linking money going into and out of the Fog.
Ive personally used them after making three seperate cash deposits at a bank into three separate accounts generated by Bitcoinfog, which then sends them in randomised, time-separated transactions at random intervals/amounts to whichever account(s) you choose.
Thoughts?
-Diddle
-
..
keep in mind that those transactions are stored in the block chain forever, and you never know when LE might get the time, resources or inclination to follow the bitcoin trail back to an exchange that has your info.
Worst case scenario, assuming this were to ever happen, what exactly do they gain? I assume they would be able to trail your coins to your SR wallet. Would they be able to see what you purchased, or would they simply see you transferred coins to SR? I'm under the impression that once coins are at SR, they're juggled around so that it's theoretically impossible to see which coins were used to purchase what. Even if they were to see that you purchased illegal substances, addresses are encrypted via PGP, so they wouldn't be able to pin them to a specific address unless someone messed up by saving the order information somewhere along the way.
Long story short: From what I gather, they would only be able to see that you transferred coins to SR, not what you purchased. Correct me if I'm wrong.
-
Worst case scenario, assuming this were to ever happen, what exactly do they gain? I assume they would be able to trail your coins to your SR wallet. Would they be able to see what you purchased, or would they simply see you transferred coins to SR? I'm under the impression that once coins are at SR, they're juggled around so that it's theoretically impossible to see which coins were used to purchase what. Even if they were to see that you purchased illegal substances, addresses are encrypted via PGP, so they wouldn't be able to pin them to a specific address unless someone messed up by saving the order information somewhere along the way.
Long story short: From what I gather, they would only be able to see that you transferred coins to SR, not what you purchased. Correct me if I'm wrong.
That's correct. However, there are two theoretical attacks.
1) Once they have identified you as a person transferring coins to SR, they could blacklist your address and watch for packages coming to it. Of course, this assumes you used an address linked to your identity. Some people are too smart/cautious to do that, but tons of SR buyers use their home addresses, so it makes the attack worthwhile as a cheap fishing expedition. LE is guaranteed to bust some people.
2) IF the SR server is compromised, then they already have the bitcoin info and buyer information, now they can link it directly to purchases.
-
You guys are missing the fundamental linkability problem with addresses in the block chain. Consider this.
All LE has to do is create a buyer account and transfer 0.1 BTC to their address. Then they watch the block chain as the BTC are moved (always in 2 transactions, if you've ever watched it) to some other addresses, and then some others. Now they've identified addresses in the tumbler, which allows them to identify many more. Some of those addresses will be used to tumble coins from other SR accounts.
Theoretically, they could follow the trail backwards from coins entering the tumbler to the point of sale. That's why you want to anonymize your coins. Is it a real threat? No. I bet there are lots of people who never take the time to read these forums and improve their security, who transfer directly from an exchange to their SR address, and to my knowledge nobody has been busted. LE apparently doesn't have the time, resources, or inclination to go after low level buyers.
But keep in mind that those transactions are stored in the block chain forever, and you never know when LE might get the time, resources or inclination to follow the bitcoin trail back to an exchange that has your info.
Precisely why I said the name and bank account are pretty much forever traceable. If you feel I falsely represented the level of risk, then I did a disservice to the OP; I don't think I was misleading, but then, I'm in my head -- I know what it's *supposed* to say there on the screen, not necessarily what it *does* say :)
Worst case scenario, assuming this were to ever happen, what exactly do they gain? I assume they would be able to trail your coins to your SR wallet. Would they be able to see what you purchased, or would they simply see you transferred coins to SR? I'm under the impression that once coins are at SR, they're juggled around so that it's theoretically impossible to see which coins were used to purchase what. Even if they were to see that you purchased illegal substances, addresses are encrypted via PGP, so they wouldn't be able to pin them to a specific address unless someone messed up by saving the order information somewhere along the way.
Long story short: From what I gather, they would only be able to see that you transferred coins to SR, not what you purchased. Correct me if I'm wrong.
That's correct. However, there are two theoretical attacks.
1) Once they have identified you as a person transferring coins to SR, they could blacklist your address and watch for packages coming to it. Of course, this assumes you used an address linked to your identity. Some people are too smart/cautious to do that, but tons of SR buyers use their home addresses, so it makes the attack worthwhile as a cheap fishing expedition. LE is guaranteed to bust some people.
2) IF the SR server is compromised, then they already have the bitcoin info and buyer information, now they can link it directly to purchases.
Those coins can't be linked to a purchase; only the SR database can link your purchase back to you -- those coins hit a bitcoin address and bounced right off to another one (SR tumbler). Also, they can watch packages all they want come and go whenever they please -- and we all know sometimes they bend the rules (or outright break them) -- but that does them no good. Without a warrant they can't open the package, and not *every* judge just goes "sure, fine, whatever, go away now."
-
How about Bitcoinfog? (http://fogcore5n3ov3tui.onion)
Ive personally used them after making three seperate cash deposits at a bank into three separate accounts generated by Bitcoinfog, which then sends them in randomised, time-separated transactions at random intervals/amounts to whichever account(s) you choose.
Here's the deal with mixing services. Yes, Bitcoin Fog uses independent wallets and addresses with zero taint between them. But they have to keep a separate database of accounting details to link the two. You transfer 10 BTC into your account and expect to get 10 BTC back (minus the fee). That transition between addresses is not stored in the block chain, which is good, but it is stored in some separate database under Bitcoin Fog's control. You're essentially putting your trust in Bitcoin Fog that they aren't LE, they are not working for LE, and they delete those database entries after the transactions are done. Maybe they do, but we can't be sure.
Blockchain.info also has an anonymization service and they claim to delete the database entries after 6 confirmations. Again, maybe they do, but we can't be sure.
The safest option is to transfer through multiple mixing services. The chances that all of them are operated by LE, or are working for LE, or that they save their logs, are much lower that way.
That's for the uber-paranoid. Keep in mind that no SR buyer has been busted through an analysis of bitcoin transactions, and a lot of people are doing direct transfers. Realistically, this is a minor threat, for now.
-
Those coins can't be linked to a purchase; only the SR database can link your purchase back to you -- those coins hit a bitcoin address and bounced right off to another one (SR tumbler).
2) IF the SR server is compromised, then they already have the bitcoin info and buyer information, now they can link it directly to purchases.
-
Those coins can't be linked to a purchase; only the SR database can link your purchase back to you -- those coins hit a bitcoin address and bounced right off to another one (SR tumbler).
2) IF the SR server is compromised, then they already have the bitcoin info and buyer information, now they can link it directly to purchases.
Oh, you're thinking about transferring into the account AFTER it was compromised. Yes, I agree with you. I was talking about if it's compromised AFTER a deposit to your SR account.
-
Have to admit,its been a challenge trying to buy bitcoins, and I thought PGP was going to be the hard part lol.I finally went through blue sky traders.I just made a cash deposit with no I.D required,than got my coins to sent to my address in about in hour.Very good way to buy bitcoins anonymously.
-
Have to admit,its been a challenge trying to buy bitcoins, and I thought PGP was going to be the hard part lol.I finally went through blue sky traders.I just made a cash deposit with no I.D required,than got my coins to sent to my address in about in hour.Very good way to buy bitcoins anonymously.
Personally, I still think of the security cameras inside the bank :P
-
well of course there are lol,but I think that's better than having the money transferred directly from your account.If you are really paranoid,just pay someone you know/trust to make the deposit.