Silk Road forums
Discussion => Security => Topic started by: godspeedsnowden on August 12, 2013, 08:57 pm
-
I was wondering how I should go about moving my BTC to SR after getting them through coinbase. Should I set up a few wallets and tumble them through?
-
if your identity is tied to the purchase, that is the minimum of what you should do.
-
Yeah SR has a tumbler built in and even though nobody knows the exact specifics except for DPR himself it is supposed to prevent there being a direct link between the buyer and the seller of drugs. Like say I buy drugs for 1 bitcoin. The seller will receive one bitcoin, but it won't be MY bitcoin. Therefore no proof of what I bought. However some have said that it can be seen by others that you transfered bitcoins to SR just by following the blockchain trail. I'm not sure how this is done, but there could be a direct link from your bank account on coinbase used to buy the bitcoins directly to a transfer to SR. I think this is pretty much speculation though from what I've read. If it was so easy to track down SR buyers and sellers wouldn't that have been done a long time ago? I have a feeling the SR tumbler and what happens behind the curtain is very secure.
-
Anytime I buy BitCoin from CoinBase, it goes:
from CoinBase to a new wallet address on Electrum Wallet (on TAILS).
from Electrum Wallet to a new address on Silk Road.
If you want to follow the BTC confirmation trail, just plug the wallet address into the search box on www.blockchain.info. As I see it, the only way anyone could know that you sent BTC to SR is by knowing your target wallet address AND knowing that the address is associated with Silk Road.
Even then, you can see that I don't send my coins directly from the provider to SR. The powers that be are cleverer than myself and know many things that I do not... so I have at least one wallet inbetween the transaction.
-
Anytime I buy BitCoin from CoinBase, it goes:
from CoinBase to a new wallet address on Electrum Wallet (on TAILS).
from Electrum Wallet to a new address on Silk Road.
If you want to follow the BTC confirmation trail, just plug the wallet address into the search box on www.blockchain.info. As I see it, the only way anyone could know that you sent BTC to SR is by knowing your target wallet address AND knowing that the address is associated with Silk Road.
Well, here's the issue: you send directly from address A to address B to address C. A in this example being coinbase, B being the mid-way address, and C being silk road. There's a clear link from C back to A -- with, again, A being an address that can 100% ID you because Coinbase has your bank account -- provided they know C.
How would they know C? Well, hopefully the SR tumbler wasn't written like this, but a naive and easy way to implement a tumbler would be to just randomly pick addresses that you know you own. SR owns every generated address that's associated with an SR account. So you send some coins to an account, then send some more, and more, and more... a ton of micro transactions, right. Then you just follow the trail as they bounce all over, and every address they hit you now know is owned by SR.
It isn't quite as easy as all that, and as I said I hope the SR tumbler doesn't (and never did) work that way... but that's the basic idea, and one address in between probably isn't gonna help you too much. I've never tested though.
-
Well, here's the issue: you send directly from address A to address B to address C. A in this example being coinbase, B being the mid-way address, and C being silk road. There's a clear link from C back to A -- with, again, A being an address that can 100% ID you because Coinbase has your bank account -- provided they know C.
...and provided they not only know B, but can associate it with me. I send my BTC to my Electrum Wallet that I have installed on an encrypted TAILS persistent volume. Without the acquisition of this essential link, it becomes rather difficult to associate A with C, does it not?
I understand that this isn't maximum security, but if SR was compromised and all the generated BTC wallet addresses became known, then sending to a B wallet would be much safer than sending directly to SR, right?
Edit: Wait, I see now. Provider sends to my B wallet, so has record of that address. Then that address ends to SR, so if SR address is known the trail is short, simple, and sweet. Dammit. Gotta do better than that.
-
Well, here's the issue: you send directly from address A to address B to address C. A in this example being coinbase, B being the mid-way address, and C being silk road. There's a clear link from C back to A -- with, again, A being an address that can 100% ID you because Coinbase has your bank account -- provided they know C.
...and provided they not only know B, but can associate it with me. I send my BTC to my Electrum Wallet that I have installed on an encrypted TAILS persistent volume. Without the acquisition of this essential link, it becomes rather difficult to associate A with C, does it not?
I understand that this isn't maximum security, but if SR was compromised and all the generated BTC wallet addresses became known, then sending to a B wallet would be much safer than sending directly to SR, right?
Edit: Wait, I see now. Provider sends to my B wallet, so has record of that address. Then that address ends to SR, so if SR address is known the trail is short, simple, and sweet. Dammit. Gotta do better than that.
If you can bear the wait for Coinbase, you can definitely bear 6 hours of properly tumbling coins.
The people at bitcoinfog have existed before SR and have become (hopefully) experts on taint analysis. I find their tumbling to be pretty efficient, as I can never find an easy means of taint discovery.
It's so easy to use as well. Why not give it a try? 6 hours can so greatly 'fog' up any real trace back to yourself.
http://fogcore5n3ov3tui.onion/
Deposit 4-5 amounts randomly. Then withdraw to SR.
Basically: Coinbase-->Wallet-->BitCoinFog->SR
The wallet isn't even necessary, but at least coinbase won't see the coins going to a TOR IP.
-
Use 2 - 3 anonymous, torified wallets between clearnet & Silk Road--EasyWallet, for instance--and don't forget to get a new SR BTC address before & after deposits, withdrawals, purchases, etc.
-
There's a lot of differing opinions, it seems. From what I've read I've been thinking bitcoins aren't individually identifiable, it's just the transactions in the blockchain that are permanent and easily tracked/monitored. Tumblers, therefore, aren't there to give you random coins, but to obfuscate the progress of your coins from destination A to destination B. Can anyone clarify, please?
-
There's a lot of differing opinions, it seems. From what I've read I've been thinking bitcoins aren't individually identifiable, it's just the transactions in the blockchain that are permanent and easily tracked/monitored. Tumblers, therefore, aren't there to give you random coins, but to obfuscate the progress of your coins from destination A to destination B. Can anyone clarify, please?
You've got the idea: all transactions are public knowledge, but we don't have any really identifiable information associated with them except our BTC addresses. It's kind of like a credit card I guess, except nobody knows who owns which number (without some further information, such as what Coinbase or other companies can provide about their users). Bear in mind that the blockchain isn't so much a record of transactions, it's literally the transaction ledger that the world goes by.
In fact, there aren't actually any bitcoins in your wallet -- or anybody's for that matter. They don't even exist in the way we all think about them. It's basically nothing more than a record of coins having been sent to that address, and not having been sent anywhere else yet, so when you broadcast a transaction the network accepts it. :) It may seem like a pointless bit of trivia, but what I'm getting at is that the blockchain pretty much *is* the transaction, not just a record of it.
-
There's a lot of differing opinions, it seems. From what I've read I've been thinking bitcoins aren't individually identifiable, it's just the transactions in the blockchain that are permanent and easily tracked/monitored. Tumblers, therefore, aren't there to give you random coins, but to obfuscate the progress of your coins from destination A to destination B. Can anyone clarify, please?
You've got the idea: all transactions are public knowledge, but we don't have any really identifiable information associated with them except our BTC addresses. It's kind of like a credit card I guess, except nobody knows who owns which number (without some further information, such as what Coinbase or other companies can provide about their users). Bear in mind that the blockchain isn't so much a record of transactions, it's literally the transaction ledger that the world goes by.
In fact, there aren't actually any bitcoins in your wallet -- or anybody's for that matter. They don't even exist in the way we all think about them. It's basically nothing more than a record of coins having been sent to that address, and not having been sent anywhere else yet, so when you broadcast a transaction the network accepts it. :) It may seem like a pointless bit of trivia, but what I'm getting at is that the blockchain pretty much *is* the transaction, not just a record of it.
Nicely put SS, I like it :) Not pointless, I think a lot of users underestimate the ease with which activity on the blockchain can be monitored. Many users are attempting to keep their btc activity safe by thinking of the individual coins as trackable, like fiat currency.
-
Didn't someone recently say that SR uses a certain set of BTC addresses and shuffles them? It would be a problem if someone knew those addresses because then all people sending from an identity-linked address to an SR one would immediately become suspicious to SR.
Has anyone ever been able to hunt down all BTC addresses that SR uses?
-
I don't think SR re-uses wallet addresses. There's little point as they're very simple to generate. It is, however, pretty easy to demonstrate that a particular wallet is being hosted on a .onion server, from what I've read. Although not directly linkable to SR, it's another little bit of inferential evidence leo could use to build a case if possible to be linked to you.