Silk Road forums
Discussion => Silk Road discussion => Topic started by: InnocentBystander on July 14, 2012, 11:34 am
-
Is anyone else bothered that SR is storing a complete record of buyer's purchase histories? You can clearly see that this is happening by going to 'Account' > 'Feedback' where there is a list of everything you've purchased since opening your account. I imagine that by now there would be some accounts tied to hundreds of illicit purchases.
If the DB was ever compromised this is potentially highly incriminating data and it just seems completely unnecessary to store it longer than a month or so. The feedback itself doesn't need to expire, just be disassociated from the account that left it.
Obviously this is not a risk unless an account could be tied to an individual, but it would be a pretty major fail-safe if SR could put some limits on the amount of purchase history that it stores.
-
Yes!!! I thought the exact same thing
-
As you said...
Obviously this is not a risk unless an account could be tied to an individual
-
I agree 100%, this info could be very incriminating! Glad to see this has been brought up.
-
Fuck that, buyer stats, stops the kiddie new buyers doing 20 ebook transactions at 0.03 btc each. I think it should be one buyer, one feedback instead of per item. And they should have a vendor recommended flag on buyers, or vendor feedback on the transaction. I'm pissed off cos new buyers and scammers are pushing the prices up and everyones going into stealth mode so u cant find what u want.
-
Do moderators have permissions to move threads on here? If so I think this is a matter that needs to be moved to security/feature requests.
-
How is anyone linking you (as a real-life person) to your SR account?
Yes, they can hack SR and say "BonesJones made X purchases for all these drugs, let's arrest him... Wait, who the fuck is BonesJones?"
-
I think they have plans implemented for such attacks. My main concern is people getting busted while on SR. Recently as some of you might know a customs officer was arrested for meth, and while being charged he divulged that he used SR, and handed over the account to the police. I`m guessing more charges were added after their discovery of his transactions through his accounts.
-
I think they have plans implemented for such attacks. My main concern is people getting busted while on SR. Recently as some of you might know a customs officer was arrested for meth, and while being charged he divulged that he used SR, and handed over the account to the police. I`m guessing more charges were added after their discovery of his transactions through his accounts.
But that was his own fault though - he shouldn't have given his account. That was stupid.
Haha a customs officer arrested for importing drugs - that's ironic! ;D
-
Yeah it was that guy recently from NZ I thought that was hilarious. He didn't just willingly give them the information they found it and he didn't deny it.
A lot of good points in this thread. I like the practice of a new account, bitcoin deposits in another zip code and every so often new account and new zip code to deposit bitoins.
The problem I have is the need of 10 or 15+ transactions to not have to finalize or for some sort of refund security. That's the only issue for me.
If I could get away with it I'd make a new account for each purchase and make every incident as isolated as possible. That's my security, the problem of course is while that is ideal for me as a consumer, the vendor is constantly at higher risk for fraud. There must be a balance of security and I feel we aren't too far from it. If you have more than 15 purchases what if you have a good relationship with a vendor and he becomes informed by you that you transferred to a new account and accepts it and applies warranties based on this history.
Imagine making 100g+ orders and having to have 10 orders which seems to be common on here before you get more refund security would suck.
-
But that was his own fault though - he shouldn't have given his account. That was stupid.
Haha a customs officer arrested for importing drugs - that's ironic! ;D
Yeah, he shouldn`t have given up his sources. Then again fear deep enough would drive any sane person mad. My point is people should be worrying about their encryption and access to tor rather than the possibility of governments hacking into the SR DB. They can`t do much, they can barely take DDOS attacks from a group of anon supporters.
Yeah it was that guy recently from NZ I thought that was hilarious. He didn't just willingly give them the information they found it and he didn't deny it.
A lot of good points in this thread. I like the practice of a new account, bitcoin deposits in another zip code and every so often new account and new zip code to deposit bitoins.
The problem I have is the need of 10 or 15+ transactions to not have to finalize or for some sort of refund security. That's the only issue for me.
If I could get away with it I'd make a new account for each purchase and make every incident as isolated as possible. That's my security, the problem of course is while that is ideal for me as a consumer, the vendor is constantly at higher risk for fraud. There must be a balance of security and I feel we aren't too far from it. If you have more than 15 purchases what if you have a good relationship with a vendor and he becomes informed by you that you transferred to a new account and accepts it and applies warranties based on this history.
Imagine making 100g+ orders and having to have 10 orders which seems to be common on here before you get more refund security would suck.
Well thats the gamble, and for what you get it seems like something you can manage. You`ll just have to keep an eye open out for yourself, the rest is up to the team.
-
I don't see how it would matter if LE got into the SR database, unless you have been PM'ing your name and address unencrypted. Otherwise, as long as you purchased your Bitcoins anonymously, how could they possibly connect your account with you in real life? But then again, what do I know. I'm more worried about packages being intercepted in the mail which does have your name and address, then bam game over you're dead.
And a big part of what makes SR work so well, IS your purchase and selling history. That way, reputations and relationships can grow and strengthen, which is good for everyone. I would think if everyone switched to new accounts all the time, then sellers and buyers would always have doubts about who they are dealing with and that WOULD make everyone less secure because people could start claiming they are someone else, maybe a scammer or maybe LE posing as a trusted seller.
I don't know. I really liked the idea of having the same account build a reputation over time.
-
I don't see how it would matter if LE got into the SR database, unless you have been PM'ing your name and address unencrypted. Otherwise, as long as you purchased your Bitcoins anonymously, how could they possibly connect your account with you in real life? But then again, what do I know. I'm more worried about packages being intercepted in the mail which does have your name and address, then bam game over you're dead.
And a big part of what makes SR work so well, IS your purchase and selling history. That way, reputations and relationships can grow and strengthen, which is good for everyone. I would think if everyone switched to new accounts all the time, then sellers and buyers would always have doubts about who they are dealing with and that WOULD make everyone less secure because people could start claiming they are someone else, maybe a scammer or maybe LE posing as a trusted seller.
I don't know. I really liked the idea of having the same account build a reputation over time.
Did you know Mitt Romney is in favor of shooting all Silk Road users twice and then throwing thier bodies in thier oceans. He is super anti drug. I find it hilarious that your name is "MittDogOnRoofRomney" I dont see what kind of Silk Road user would support that guy.
-
Did you know Mitt Romney is in favor of shooting all Silk Road users twice and then throwing thier bodies in thier oceans. He is super anti drug. I find it hilarious that your name is "MittDogOnRoofRomney" I dont see what kind of Silk Road user would support that guy.
I'm confused. Do you think I support Mitt Romney? Or are you being facetious? I thought my username would make plainly obvious how I felt about him. How could that be possibly be interpreted as being supportive of him?
Just to clear up any confusion, I hereby declare that I think Mitt Romney is a full of shit, narrow minded, fake, lying, cruel, out of touch, clueless, greedy rich cunt. In other words, I do NOT support Mitt Romney.
-
Did you know Mitt Romney is in favor of shooting all Silk Road users twice and then throwing thier bodies in thier oceans. He is super anti drug. I find it hilarious that your name is "MittDogOnRoofRomney" I dont see what kind of Silk Road user would support that guy.
I'm confused. Do you think I support Mitt Romney? Or are you being facetious? I thought my username would make plainly obvious how I felt about him. How could that be possibly be interpreted as being supportive of him?
Just to clear up any confusion, I hereby declare that I think Mitt Romney is a full of shit, narrow minded, fake, lying, cruel, out of touch, clueless, greedy rich cunt. In other words, I do NOT support Mitt Romney.
Hahaha, I can`t believe International took the bait. Since when did 'dogonroof' become a term of praise.::)
-
Since when did 'dogonroof' become a term of praise.::)
lol ikr
-
ive wondered too about the history ... sure it might be hard to link your SR acct to you IRL but if it is done somehow then your list of purchases is right there for LE.
-
I don't see how it would matter if LE got into the SR database, unless you have been PM'ing your name and address unencrypted. Otherwise, as long as you purchased your Bitcoins anonymously, how could they possibly connect your account with you in real life? But then again, what do I know. I'm more worried about packages being intercepted in the mail which does have your name and address, then bam game over you're dead.
And a big part of what makes SR work so well, IS your purchase and selling history. That way, reputations and relationships can grow and strengthen, which is good for everyone. I would think if everyone switched to new accounts all the time, then sellers and buyers would always have doubts about who they are dealing with and that WOULD make everyone less secure because people could start claiming they are someone else, maybe a scammer or maybe LE posing as a trusted seller.
I don't know. I really liked the idea of having the same account build a reputation over time.
Firstly I am not particularly concerned for those that have religiously used encryption and have always purchased BTC anonymously. The point is that there is clearly a large proportion of the SR community that don't fit in to this category. Currently these people are highly exposed should LE gain access to the DB.
If a limited transaction history was implemented there would be a 2nd layer of obfuscation (non-dependent on user compliance) that would provide a significant degree of protection to ALL sr users.
I just want to make it very clear that adding this feature does not imply any other changes to the site behavior. Vendors could still get the same summary data showing total number of purchases, total $ spent, membership length, etc. Feedback could also remain exactly as it is now. The ONLY change it implies is that a purchaser would only be able to see/edit their most recent transactions/feedback.
I haven't personally advocated 'switching accounts frequently' because I don't think it is an adequate solution. I also agree it could be somewhat negative to the SR community. However I can totally understand why some are considering this. If you yourself were in the not-fully-compliant category and had a few hundred purchases tied to your account, wouldn't you be a little worried?
-
feedback is removed after 3 months. too long?
-
I'd say 2 or 3 months
-
My issue is really about purchase history rather than feedback. On the 'acccount' > 'feedback' page I can see transactions going back significantly longer than 3 months. I can see what I think is my first purchase and I've been around quite a while.
If all purchase records were completely dissociated/deleted from an account after 3 months that would be great. I don't think this is happening though.
-
feedback is removed after 3 months. too long?
Its not the feedback, but more of the transaction history in our accounts. Lets say for some reason we were caught, if they get their hands on the account they could link the purchases to an individual and use it as evidence/charge them.
-
<removed>
-
feedback is removed after 3 months. too long?
Not particularly feedback, but maybe cut any connections between who posted the feedback and don't allow the user to further edit it. For this I'd say a month tops to be fair.
All bitcoin transactions should also be removed after a month, any record of them in our accounts removed and I'd recommend SR use Gutman method to remove it all securely to avoid forensics if the server is ever busted. As for the addresses being removed, yes they should be removed as soon as possible, but is there no way for vendors to enter their key and SR automatically encrypts it? That'd protect users who don't use it at least to an extra layer - kind of an auto-encryption. We just want to dissociate transactions of all kinds from every account as soon as is viable.
Agreed!
+1
-
feedback is removed after 3 months. too long?
between 1 - 3 months is good.
Can you check your inbox I PM'd you buddy.
Bud
-
How is anyone linking you (as a real-life person) to your SR account?
Yes, they can hack SR and say "BonesJones made X purchases for all these drugs, let's arrest him... Wait, who the fuck is BonesJones?"
Yeah exactly! Seriously, for a bunch of druggies y'all are way too agitated. CHILL THE FUCK OUT!!! When the "Special Drug enforcement agencies" that spend huge resources trying to "gain access to the databases" they will go after the sellers, not the buyers.
I think people on here are way too paranoid, Silkroad is a GLOBAL site, it doesn't exist in any particular country, there is no "internet police" because internet doesn't exist in any particular country, it's everywhere!
My point: Being too paranoid is just going to make using this site more complicated and a bigger hassle.
-
<removed>
-
Firstly I am not particularly concerned for those that have religiously used encryption and have always purchased BTC anonymously. The point is that there is clearly a large proportion of the SR community that don't fit in to this category. Currently these people are highly exposed should LE gain access to the DB.
You think there is a large proportion of people on SR not using encryption when providing their info? How large and how do you know? I'm not disagreeing because I don't know, just asking. But god if that's true, they need to be educated asap. Man I would take every step very slowly, examining every weak link in my anonymity and security, and learn up before diving in. The importance (at least IMO) of using encryption should be in red flashing bold letters on the front page of SR and the forums. Seriously, why go to all of the trouble of getting product in the mail, but not take every step you can to protect yourself from the oppressive tyrannical stormtroopers who get hard-ons busting pot heads.
-
I think it's a dangerous game to play "they could never link me", "it's not necessary That", etc. I hate the feedback. I think it should be there but I think it should be coded in a way so that products and prices are not seen. maybe just a ticketed number. Serial killers thought there was no way they could ever get caught, then DNA evidence came out. All of a sudden these supposed articulate mass serial killers looked pretty damn sloppy and get charged.
This is an 'arms race', we have to keep evolving to stay ahead and it's kind of stupid to sit around and say 'don't worry about it, there can never be a link', because it suggest that we are contempt, it suggest that we are not thinking ahead, and it suggest that we as humans are perfect. Security measures are absolutely perfect, and there is not reason to worry, because we know for a fact no links or proof will or could ever be found. Why use PGP when the site is already encrypted? Why use it when we know the SR will never go down? Very very dangerous ways of thinking.
The game is ever changing, this is an ARMS RACE do not get contempt and no human is perfect. A link now, a link in a year, a link in 5, a link because humans aren't perfect. If only just to say there is more security with it just not being in existence, which is fact, is all worth it to me. No buyer likes these stats, none except the fool.
-
I was originally less sketched out by SR when I knew that finalizing your order would remove its traces. Never really thought about (or figured out til after the first couple orders) your ratings always being there. I would really love to see some updates to remove that personal information after a few weeks. Keep the review, great, but honestly it's a bitch to think that someone could go in and see everything I've bought.
Showing the amount of cash spent isn't as big of a deal, you could say it was all BTC or legal purchases, who could possibly contest that reasonably in court unless they can show reviews listed?
-
feedback is removed after 3 months. too long?
It depends, DPR. I presume the only reason for keeping feedback associated to the buyer for 3 months is to give the buyer an opportunity to change it. Can't think of any other reason, but maybe I'm missing something. So, if that's the case, perhaps you could take a look at the distribution of times of feedback changes that have been made historically. You could then set the time limit at the 99th or so percentile of that distribution. In other words, if 1% of feedback changes historically have been made after 45 days, then maybe set the time limit to 45 days. Basically you'd be setting it based on historical data such that you only keep it as long as you really need to for 99% or 99.9% or whatever percent you decide.
-
Feedback remains in the database indefinitely. It may not be diplayed on certain pages after 3 months, but it definitely is still in the Database. As is your the entire purchase history linking you to everyone of your transactions since day dot.
Please tell me I'm wrong DPR?
-
Firstly I am not particularly concerned for those that have religiously used encryption and have always purchased BTC anonymously. The point is that there is clearly a large proportion of the SR community that don't fit in to this category. Currently these people are highly exposed should LE gain access to the DB.
You think there is a large proportion of people on SR not using encryption when providing their info? How large and how do you know? I'm not disagreeing because I don't know, just asking. But god if that's true, they need to be educated asap. Man I would take every step very slowly, examining every weak link in my anonymity and security, and learn up before diving in. The importance (at least IMO) of using encryption should be in red flashing bold letters on the front page of SR and the forums. Seriously, why go to all of the trouble of getting product in the mail, but not take every step you can to protect yourself from the oppressive tyrannical stormtroopers who get hard-ons busting pot heads.
MittDogOnRoofRomney: Are you for or against or just sitting on the fence? I know you aren't at particular risk, but perhaps you'd support the idea out of concern for others who weren't/aren't so educated? If you've still got any issues with it then get them out on the table.
I have no facts, sorry. I'm also not in the mood for games (hmm maybe one more).
But I'm going to give some opinions
-
On MittDogOnRoofRomney question- Yes I do strongly believe that there is a large number of accounts that have at least once sent unencrypted identifying info and or at least once acquired Btc without adequate anonymity.
75% of all buyer accounts (min 3 shipped transactions)!
To show I'm serious I'm putting 2 bits on it. So who's going to bet against the crazy guy?
The bet has been loosened up a bit
I'm now betting that at least 75% of all buyer accounts (min 3 shipped transactions) have at least once sent unencrypted data where you would normally send your address details
DPR got 2 bitcs to spare?
-
On MittDogOnRoofRomney question- Yes I do strongly believe that there is a large number of accounts that have at least once sent unencrypted identifying info and or at least once acquired Btc without adequate anonymity.
75% of all buyer accounts (min 3 shipped transactions)!
To show I'm serious I'm putting 2 bits on it. So who's going to bet against the crazy guy?
The bet has been loosened up a bit
I'm now betting that at least 75% all buyer accounts (min 3 shipped transactions) that have at least once sent unencrypted identiying
DPR got 2 bitcs to spare?
You do know that you can modify your posts by clicking the 'modify' tab instead on posting them consecutively right? ::)
-
Yeah but who said I liked doing things the easy way. Besides I think I look quite good in a frame.
Got any predictions for when/if we'll get an 'acknowledged - looking in to it' 8)from SR
-
A Short List of Hypothetical Reasons Why a User May Not Use PGP
* A Vendor posted in SR Discussion around 2 days ago that his cipher/plain ratio was 50/50 (Attempt1: Not found)
* Compliance is 100% optional .
* Compliance should negatively correlate with confidence in SR's ability to securely store sensitive data
* Compliance will depend on how well user understands the risk reduction
* It relies totally upon user compliance
* User compliance varies greatly depending on the specifics of the compliance scenario (US seat belt: 49% 1990)
* Avoidance - People tend to avoid doing things they don't like doing. (Do you like to GPG?)
* Avoidance - People tend to avoid doing things they do not have to do.
* Ignorance - Why would I bother with that
* When running late, humans will generally not prioritize optional talks
* Never learned how to operate GPG (for whatever reason)
* Previous Failure- 'I tried doing it that way before and it didn't work'
* First Purchase - 'Nah you don't need that shit man, that's why it says optional.'
* First purchase - 'GPG is for serious shit, I'm just buying couple of benzoes'
* First purchase - 'should I just click buy now or go and learn about all that GPG stuff? '
* First purchase - 'Skip the GPG, that's just if you're paranoid'
* Frustration - 'Fuck this I'll just send it plain.'
* First purchase - 'You don't need TOR SR and GPG that's too much encryption'
* First purchase - 'you don't need GPG because it's only going through the SR Server.'
You're almost encouraging people to not use PGP It was up to me I'd lock it down immediately.
-
Just checked and there is barely a mention of GPG anywhere on your site. Not even in your buyers guide! (it is in the WIKI but that's a wiki)
If I were to follow the buyers guide letter buy letter, I would end up sending my personal details to you in plain-text. (just reread the buyers guide and it does briefly mention GPG as an alternative
On the checkout page: it just says "enter your address!". No mention of encryption at all.
WTF is this SR? Do you actually endorse GPG or just condone it?
Do you acknowledge the possibility that your server could be compromised? Do you care about the risk to the thousands of users who make this site great?
I am absolutely shocked at your total disregard for your users welfare, It almost seems you are that you want access to their personal information.
Considering the amount of user transaction data SR is currently retaining, I am very very scared.
I don't think I like SR anymore :(
-
feedback is removed after 3 months. too long?
Could we please get an official response to this thread? I don't think the above counts.
-
<removed>
-
feedback is removed after 3 months. too long?
Not particularly feedback, but maybe cut any connections between who posted the feedback and don't allow the user to further edit it. For this I'd say a month tops to be fair.
All bitcoin transactions should also be removed after a month, any record of them in our accounts removed and I'd recommend SR use Gutman method to remove it all securely to avoid forensics if the server is ever busted. As for the addresses being removed, yes they should be removed as soon as possible, but is there no way for vendors to enter their key and SR automatically encrypts it? That'd protect users who don't use it at least to an extra layer - kind of an auto-encryption. We just want to dissociate transactions of all kinds from every account as soon as is viable.
I think the Gutman method is a bit overkill.
A 3 time wipe ( Department of Defence standard) should be easily sufficient.
-
I really feel like a lot of this Topics ideas are really really reliable ideas..
but I mean seriously. LE is all over this shit.. you really want to just keep giving them more info and more info?
We are making it SO EASY for them to figure everything out. Why do we pay them with our TAXES just to let them get paid for doing nothing... (like they already do.)
Ranting.. but it is the truth. Someone posted earlier about how to compromise Forums... Forum Sliding, etc..
Come on, now LE gets on here and reads it, boom. They find someone who is capable of doing it, boom.
I mean... do we want SR to flourish or fail?
-
I really feel like a lot of this Topics ideas are really really reliable ideas..
but I mean seriously. LE is all over this shit.. you really want to just keep giving them more info and more info?
If you're referring to specific ideas of deleting data or disassociating it after X months, if anything that tells LE it's not an easy target and it's not going to be handed over to you in a nice binder of permanent records from every order. Maybe knowing that there is less juice, it won't be worth the squeeze.
-
I personally like juice... and I really love the squeeze.
Play or be played.
Haha. Maybe I was just referring more to the Forum thread, specifically..
Whale, hell. Either way, I feel like some ideas on this forum are just given to LE instead of them having to actually work to figure out different things.
-
Either way, I feel like some ideas on this forum are just given to LE instead of them having to actually work to figure out different things.
Fair point but really how long would it take them to figure it after they get the motivation to do it? I'm sure LE is often times lots of non-technical people, so maybe it'll do some good if the couple nerds in the back are making it clear to them that even if they DO go in and bust things up, they're not going to get this absolute victory they think they might.
Probably not true, but I'd hope LE would spend their resources on sources of drugs that are producing violence and crime, whereas the joy of buying it over the internet is not having to deal with all the sketchiness and risk factors of showing up in person.
-
I am positive they would rather us go out on the streets and risk our small little lives!
BUTT FUCK THAT... (:P)
I prefer this place. Way easier.. and way danker stuff than the scrubs around here try to pro-push.
Long live the Road!
-
Maannn... I love the Road. <3
-
Just checked and there is barely a mention of GPG anywhere on your site. Not even in your buyers guide! (it is in the WIKI but that's a wiki)
If I were to follow the buyers guide letter buy letter, I would end up sending my personal details to you in plain-text. (just reread the buyers guide and it does briefly mention GPG as an alternative
On the checkout page: it just says "enter your address!". No mention of encryption at all.
WTF is this SR? Do you actually endorse GPG or just condone it?
Do you acknowledge the possibility that your server could be compromised? Do you care about the risk to the thousands of users who make this site great?
I am absolutely shocked at your total disregard for your users welfare, It almost seems you are that you want access to their personal information.
Considering the amount of user transaction data SR is currently retaining, I am very very scared.
I don't think I like SR anymore :(
Then go elsewhere...... *Common sense moment*
SR apparently deletes shipping info once the vendor no longer has use for it (ie, when it has been shipped). Whilst we are taking their word for it, I am sure they do follow through with this.
As for PGP, of course it is best to use it, but it is also a personal decision. If somebody can't be bothered, they are only risking their own security and anyone buying drugs who hasn't given a thought about security simply deserves it if they get caught.
Also, note that Silk Road is providing a service in the form of a marketplace, that is all it ever has claimed to be, not a bulletproof secure environment to do illegal activity. Adding security and help is completely optional for them. Now how about you stop vexing the forum and take some responsibility for yourself. If you're not happy with what SR has to offer, then get out of here and moan to people who will put up with you. This community doesn't spoon feed everyone who comes through and nobody spoon fed me - when I wasn't sure what PGP was, I googled it like anybody else with some sense would on the basis it increase our personal security.
You remind me of my old school teacher. He was a cunt.
StExo FFS I'd been banging my head against a brick wall for a long time before that frustrated/paranoid post came out. This thread is about a design flaw not about me. Unnecessarily keeping 8+ MONTHS OF POTENTIALLY INCRIMINATING DATA IS A FUCKING BAD IDEA. If I have to jump around like a dick, get called a cunt or whatever else to get SR to realize this, so be it.
While SR has been particularly hopeless at deleting anything, let's say they are not persisting shipping records. That still leaves the fact that BTC addresses are permanently tied to the account and therefore a single unsafe BTC transaction is able to full connect an individual to their entire purchasing history.
I think the user compliance issues are, for some people, obscuring what are major DESIGN FLAWS and OVERSIGHTS. Ones that have always been there but are becoming more and more apparent with the growth of the site.
Also, not just aimed at you Steno, I really don't like this attitude that ignorance deserves to be punished. I'm not talking about the people who have never bothered to learn GPG or recklessly continue to acquire BTC without anonymity. It is about those who've done it ONCE (perhaps a handful max), likely when they just started on SR, and didn't think it would be a big deal (FFS who would have assumed that SR would keep our transaction logs for so long). These people have likely contributed much to SR and I believe SR should be trying to protect them with every resource they have (ahem site-makeover ahem).
SR definitely isn't responsible for Little Johnny using non-anon btc, but SR sure as hell didn't tell little Johnny that his records would be stored permanently and that single non-anon btc could have a severe impact on his liberty.
Although I do regret much of my post you referred to, would it really be such a big deal to postfix the "Enter your address" message with "Although optional it is highly recommended that all personally identifiable information be encrypted"? Possibly a few other similar suggestions in critical places?
The buyers guide does a good job of keeping things as simple as possible for a beginner to make a purchase, but skips over (likely by design) the critical security steps required for fulll anonymity.
[speculation]
To me this is all tying together in that there seems to have always been the assumption that accounts would only be tied to purchases/deposits/etc. for a very short amount of time. Early mistakes would be inevitable but unimportant as they would likely involves small quantities and would be wiped after a month or so. As the user gained experience they'd hopefully become more security aware and better able to protect themselves.
Somehow this didn't happen. The early mistakes are hanging around (along with everything else) and creating potential for identification of accounts that may me tied to hundreds (soon thousands?) of purchases.
[/speculation]
P.S. I was specifically linking to your succinct and comprehensive implementation proposal from a few pages back, when I was messaging SR and the admins yesterday. We've obviously got a similar agenda so could we please hold of on the infighting right now? I've got nothing against you, and fully apologies for all offense.
-
My feedback has been updated to just the last 2 months which is good news.
As long as it is completely deleted from our accounts then it keeps everyone safer I think!
REM, there's no way they could have costed/implemented/tested the changes that were proposed in that time frame. The simply changed what is visible on that page.
To not make any form of statement about there data retention policies, but silently close off our ability to see the evidence that created this hoo haa in the first place.
I am extremely angry that they would treat there customers this way. Do you still think this is good news?
SR WHY DO YOU HAVE 9+ MONTHS OF DETAILED TRANSACTION HISTORY ON EVERY ONE OF US? HOW COULD THIS POSSIBLY BE IN YOUR INTEREST?
-
feedback is removed after 3 months. too long?
Not particularly feedback, but maybe cut any connections between who posted the feedback and don't allow the user to further edit it. For this I'd say a month tops to be fair.
All bitcoin transactions should also be removed after a month, any record of them in our accounts removed and I'd recommend SR use Gutman method to remove it all securely to avoid forensics if the server is ever busted. As for the addresses being removed, yes they should be removed as soon as possible, but is there no way for vendors to enter their key and SR automatically encrypts it? That'd protect users who don't use it at least to an extra layer - kind of an auto-encryption. We just want to dissociate transactions of all kinds from every account as soon as is viable.
I think the Gutman method is a bit overkill.
A 3 time wipe ( Department of Defence standard) should be easily sufficient.
Hey ccxv01,
What about a 3 time SR wipe? Would that meet DoD standard?
UPDATE SendToAddress SET IsDeleted=1 WHERE ReadByVendor=1
UPDATE SendToAddress SET IsDeleted=1 WHERE ReadByVendor=1
UPDATE SendToAddress SET IsDeleted=1 WHERE ReadByVendor=1
[Back to the top we go... Oh is that you SR? Sorry to be a bother sir, but I could I remind you of our request for a rundown of you data retention policies? Too busy? No I understand sir. Your a very busy man sir. Thats perfectly fine sir. Well you'll know where to find us when your ready. Ta ta.
-
I really feel like a lot of this Topics ideas are really really reliable ideas..
but I mean seriously. LE is all over this shit.. you really want to just keep giving them more info and more info?
We are making it SO EASY for them to figure everything out. Why do we pay them with our TAXES just to let them get paid for doing nothing... (like they already do.)
Ranting.. but it is the truth. Someone posted earlier about how to compromise Forums... Forum Sliding, etc..
Come on, now LE gets on here and reads it, boom. They find someone who is capable of doing it, boom.
I mean... do we want SR to flourish or fail?
Thats what I'm trying to understand. If you were SR why would you have over 10 months of complete transaction data stored about your buyers/vendors. It it was me I would have deleted everything a week after each finalized transaction, That way there would only ever be a bare minimum of incriminating data that LE could ever get me for. Why on earth would a clandestine e-market be collecting intel on his own customers? What a topsy turvey world! The Incredible Genius of DPR must have something planned that's beyond the comprehension of normal individuals and I can't wait to see what it is!.
-
Even if LE found "transactions" on your account its still very hard for them to bust you because that isnt "proof beyond a reasonable doubt" that you did infact recieve drugs. Maybe your just circulating coins with a vendor to leave positive feedback on their page...and in return they send you the btc you gave them as cash in the mail plus some profit added for the service. See what im getting at? If they dont have you in posession of the drugs or intercept the drugs coming to you then it makes it very difficult for them to stick charges just based on account stats. What kind of charges could they throw at you...not possesion, maybe intent to purchase or some type of conspiracy to commit illegal activity...i dunno??
-
Even if LE found "transactions" on your account its still very hard for them to bust you because that isnt "proof beyond a reasonable doubt" that you did infact recieve drugs. Maybe your just circulating coins with a vendor to leave positive feedback on their page...and in return they send you the btc you gave them as cash in the mail plus some profit added for the service. See what im getting at? If they dont have you in posession of the drugs or intercept the drugs coming to you then it makes it very difficult for them to stick charges just based on account stats. What kind of charges could they throw at you...not possesion, maybe intent to purchase or some type of conspiracy to commit illegal activity...i dunno??
This is the kind of thing that I think about. Obviously no one here wants to have ANYTHING to do with LE, EVER. Unless it's an inside informant that you can trust ;). But realistically, if SR got busted, and your account information was made available, could they really PROVE in court you are guilty of anything, on that information alone? Highly doubtful. You might be forced into a plea deal, anyway, but it would probably not be that bad at all. Basically, if they come up with transaction histories, and the like, I don't think it's that useful. They need that information AND some hard evidence (drugs in their evidence room) to have a really strong case against someone.
-moxycotton
-
Even if LE found "transactions" on your account its still very hard for them to bust you because that isnt "proof beyond a reasonable doubt" that you did infact recieve drugs. Maybe your just circulating coins with a vendor to leave positive feedback on their page...and in return they send you the btc you gave them as cash in the mail plus some profit added for the service. See what im getting at? If they dont have you in posession of the drugs or intercept the drugs coming to you then it makes it very difficult for them to stick charges just based on account stats. What kind of charges could they throw at you...not possesion, maybe intent to purchase or some type of conspiracy to commit illegal activity...i dunno??
This is the kind of thing that I think about. Obviously no one here wants to have ANYTHING to do with LE, EVER. Unless it's an inside informant that you can trust ;). But realistically, if SR got busted, and your account information was made available, could they really PROVE in court you are guilty of anything, on that information alone? Highly doubtful. You might be forced into a plea deal, anyway, but it would probably not be that bad at all. Basically, if they come up with transaction histories, and the like, I don't think it's that useful. They need that information AND some hard evidence (drugs in their evidence room) to have a really strong case against someone.
-moxycotton
People have bigger problems than you two. Go and enjoy life :)
-
Okay...
Law Enforcement, and the Criminal Penalties associated with whatever crime is being committed on here (product being puchased because they're only interested in the illegal things, obviously) is different in every country.
You cannot generalise by saying "they need proof" or whatever because in some countries they may not need proof at all. Although this is not likely to be the case - why does any individual have to put up with the stress (or any added pressure) of potentially dealing with that problem.
The easiest solution is to ensure the problem cannot arise in the first place. Eradication of the source is generally a good way to start.
So... First thing's first. Notices. It's already been pointed out, but in an attempt to open as many people's eyes as possible, for those who have them shut, there needs to be a notice on the Shopping Cart, about Purchasing security (PGP, privnote, whatever) and this needs to be replicated on as many relevant pages as possible.
Some vendors will state it as part of T&C, but how about having a footer on every product page with a brief mention about how to most efficiently avoid any potential problem.
That way, before someone has even added an item to their cart, they can look into PGP.
I agree that the 'overall' responsibility lies with the individual (buyer or seller) as they themselves should take as many possible avenues to ensure protection. However, s*** always rolls downhill, so Silk Road need to be 'perfect', per se, in order to offer their customers the best service possible.
And remember, we are all customers of Silk Road. Not just customers of vendors, because SR like to take a percentage. As a result of that, immediate and precise attention should be given, especially when it's a security note.
/Aside: Off topic now, but considering 'security' - how about that Jet2 failure at Manchester Airport?
-
After the upgrade it seems our order history has been limited. I can only see 3 months back now.
I actually kind of liked to see my complete order history.
How exactly would LEO know its you? They don't have your password either... I know you guys are worrying about nothing.
-
Spinbox1: I think that was my fault. I was actually pushing for deletion but we ended up with obfuscation:)
Can I just add to bill417s post: First timers are the most vulnerable to making mistakes and they would benefit from some special instruction if that was at all possible. Now that it is clear that everything gets tied to a transaction and [persisted for some time] just 1 non encrypted address or a bitcoin aquired without sufficient anonymity will compromise the identity their account. Thanks.
-
My feedback has been updated to just the last 2 months which is good news.
As long as it is completely deleted from our accounts then it keeps everyone safer I think!
REM, there's no way they could have costed/implemented/tested the changes that were proposed in that time frame. The simply changed what is visible on that page.
To not make any form of statement about there data retention policies, but silently close off our ability to see the evidence that created this hoo haa in the first place.
I am extremely angry that they would treat there customers this way. Do you still think this is good news?
SR WHY DO YOU HAVE 9+ MONTHS OF DETAILED TRANSACTION HISTORY ON EVERY ONE OF US? HOW COULD THIS POSSIBLY BE IN YOUR INTEREST?
I think DPR would listen if people have concerns and I imagine he is looking into it - it would make everyone safer if previous bitcoin and purchases were deleted completely after say 2 months. Normally all the changes DPR makes are for the benefit of everyone on here.
I don't know much about technical computer stuff so I have to believe that my feedback is gone completely. I don't understand why SR would keep the data for any longer than is necessary?
FFS your feedback remains. There are probably backups currently stored at 13 geographically separate locations.
I can pretty much guarantee that the data various people were worried about is well and truly beyond our control now. everyone is just going to have to deal with the consequences of that.
-
My feedback has been updated to just the last 2 months which is good news.
As long as it is completely deleted from our accounts then it keeps everyone safer I think!
REM, there's no way they could have costed/implemented/tested the changes that were proposed in that time frame. The simply changed what is visible on that page.
To not make any form of statement about there data retention policies, but silently close off our ability to see the evidence that created this hoo haa in the first place.
I am extremely angry that they would treat there customers this way. Do you still think this is good news?
SR WHY DO YOU HAVE 9+ MONTHS OF DETAILED TRANSACTION HISTORY ON EVERY ONE OF US? HOW COULD THIS POSSIBLY BE IN YOUR INTEREST?
I think DPR would listen if people have concerns and I imagine he is looking into it - it would make everyone safer if previous bitcoin and purchases were deleted completely after say 2 months. Normally all the changes DPR makes are for the benefit of everyone on here.
I don't know much about technical computer stuff so I have to believe that my feedback is gone completely. I don't understand why SR would keep the data for any longer than is necessary?
-
The scenario I think is very possible:
LE busts a SR vendor not by intercepting a package, but due to someone they deal to in real life (you know they must also do this) giving them up, or maybe a supplier (they all have them), or someone else they know hands them to LE for a plea. They bust in with a no-knock warrant and catch the vendor in the middle of filling orders. The vendor has packages addressed and ready to go. He/she is still logged into SR. DEA takes over. They get all the info they can from past sales, including any addresses they can find. They send word to postal inspectors to flag all mail going to these addresses. They let enough stuff get through to you (cause you're still ordering from other vendors, right?) until it's worth it to bust you. You're caught unawares when they bust down your door, so you've got some product still in the house. If any of these poor busted people are ALSO vendors, just repeat!
Just sayin'! I don't think LE should ever be underestimated in their abilities or willingness to pursue crimes.
-
Okay...
Law Enforcement, and the Criminal Penalties associated with whatever crime is being committed on here (product being puchased because they're only interested in the illegal things, obviously) is different in every country.
You cannot generalise by saying "they need proof" or whatever because in some countries they may not need proof at all. Although this is not likely to be the case - why does any individual have to put up with the stress (or any added pressure) of potentially dealing with that problem.
The easiest solution is to ensure the problem cannot arise in the first place. Eradication of the source is generally a good way to start.
So... First thing's first. Notices. It's already been pointed out, but in an attempt to open as many people's eyes as possible, for those who have them shut, there needs to be a notice on the Shopping Cart, about Purchasing security (PGP, privnote, whatever) and this needs to be replicated on as many relevant pages as possible.
Some vendors will state it as part of T&C, but how about having a footer on every product page with a brief mention about how to most efficiently avoid any potential problem.
That way, before someone has even added an item to their cart, they can look into PGP.
I agree that the 'overall' responsibility lies with the individual (buyer or seller) as they themselves should take as many possible avenues to ensure protection. However, s*** always rolls downhill, so Silk Road need to be 'perfect', per se, in order to offer their customers the best service possible.
And remember, we are all customers of Silk Road. Not just customers of vendors, because SR like to take a percentage. As a result of that, immediate and precise attention should be given, especially when it's a security note.
/Aside: Off topic now, but considering 'security' - how about that Jet2 failure at Manchester Airport?
Didn't fully read this before but I agree strongly with a lot of what you've said. A notice on the shopping cart about purchasing security would also be a nice 'act of good faith' on SR's behalf.