Silk Road forums
Discussion => Security => Topic started by: homersimpson on May 15, 2012, 12:02 am
-
I'm sorry if this question is asked a lot but does anyone know of anyone that has gotten in trouble for buying from silk road?
I want to order 5 white speakers but I'm just worried of getting in @@@@ with the police really..
I know that some orders get taken by customs but I can't workout why they wouldn't take any action if it has someones address on a parcel they confiscate? I know I'm going to do it anyway because the pills where I live are terrible.
Also is there even a high chance in your order getting intercepted? I'm ordering from netherlands to the UK
Thanks
-
I'm sorry if this question is asked a lot but does anyone know of anyone that has gotten in trouble for buying from silk road?
I want to order 5 white speakers but I'm just worried of getting in @@@@ with the police really..
I know that some orders get taken by customs but I can't workout why they wouldn't take any action if it has someones address on a parcel they confiscate? I know I'm going to do it anyway because the pills where I live are terrible.
Also is there even a high chance in your order getting intercepted? I'm ordering from netherlands to the UK
Thanks
It's very unlikely mate. I wouldn't worry.
-
A parcel with your name on it is not sufficient evidence to tie the contents to you. For bigger packages, LE might attempt a "controlled delivery", which is basically getting cops to deliver the drugs to you, then busting you shortly afterwards, but I would imagine this would be too costly to bother with for small orders.
If you have quite a few packages seized, you may eventually get a "knock and talk" or something, but other than that, you should be fine.
-
Thanks a lot for the reassurance! Looks like I'll be rolling in a week or two time then ;)
-
I'm sure this is a noob question, but it seems to be that when ordering off SR (as a buyer only), infrequently and only spending small amounts of money (like under $100), that using tor, storing sensitive information on a flash drive, encrypting it with truecrypt (or both), and using GPG is enough to stay secure.
Also, going the bank deposit to mtgox (or other) via bitinstant (or similar method), then transferring bitcoins around to several instawallets before sending to SR is enough to avoid attracting too much attention, especially when the dollar amounts are very low.
It just doesn't seem like LE would come busting my door down over an 8th of weed or a few pills.
I have read through the polyfont page but much of that information seems excessive for a small time buyer.
Please correct me if I'm wrong and offer suggestions
-
I'm with you Sharp! Are LE really going after the small time dabblers like us??
-
No, not yet anyway, that I've heard of. But I don't jump from there to thinking it's legal. It's not legal. Real question--to me--is 'do they *want* to?' And 'are they *trying* to?' And no one's been able to successfully answer those in any credible way...we do beaucoup speculation tho... :)
-
People have got on the forums and made claims, but they've never as far as I've seen, been able to substantiate them.
The anonymity afforded to people in the forum lends itself to some total nonsense being flung about!
-
How would we know if anyone got convicted? Silk Road hasn't been around long enough for anyone with a serious sentence to have been released yet and tell us all about it.
-
^^Reasonable point, though they could get on before sentencing, if they we're totally ballsy and had the wherewithall!
-
If your smart and read the forums and security the chances of getting caught ate next to none because anyone could send drugs in your name to your address. They have to prove you did it which is very hard if your smart with your security.
1. Always use your real name and don't use vacant homes the post office knows when a house Has not gotten mail for months then all of a sudden mail comes with a different name. They also know who gets mail where. So always use a real name and address. You still have plausible deniability, anyone could of sent that.
2. Always use GPG learn it use it love it, use never know what could happen if silkroad servers are taken or accessed you want your address and name unreadable.
3.one use truecrypt to encrypt your hard drive, then Never that hard drive or windows for silkroad if you already have delect everything silkroad related and use a free file shredder to DoD wipe the free space. Second use tails or liberte it's a secure operating system that uses ram then erases ram leaving no trace behind. Three buy bitcoins anonymously ( try the venders on silkroad under money). Also try and keep any data off any os including liberte, if you can keep it on a back up site in say Switzerland. Last but not least try to use someone else's network like hack into next doors or use a open network. Be smart if you go to Starbucks back sure your not on camera.
4. Never talk to cops and don't even say I don't know what your taking about. The only thing out of your mouth sould be lawyer
-
I would think if someone got busted it would make it back to the forums through family, friends, possibly news agencies, or LE high fiving each other and bragging about the bust/s.
-
Frankly buddy I just had a quick look at the Polyfont page during my lunch break and I thought the very simple layout and lucid explanations was ideal for people new to Tor & GPG.
Having said that a flash drive encrypted with Truecrypt is an excellent place to store your Tor Browser and GPG software.
One suggestion to increase your security a little more would be to use Truecrypt to encrypt your entire hard drive too using a different password to your USB key - you can then use it to generate a "keyfile" to be used in conjunction with a password to access your USB drive.
This sounds a bit involved but is actually extremely easy and massively increases your security if you lose the USB stick and/or your computer. Feel free to ask if you need help setting this up.
Re: sending Bitcoins, although sending coins to multiple wallets does slightly increase your security, in the nature of things coins must be sent from the same address at which they're received. As such, it's possible to trace purchases of coins throughout the block chain.
If you must use traceable methods like MtGox to purchase your coins, I'd suggest you run them through a mixing service like Bitcoinfog.
The only two safe ways to obtain Bitcoins are buying the anonymously for cash or exchanging them for goods/services e.g by selling via SR.
V.
I'm sure this is a noob question, but it seems to be that when ordering off SR (as a buyer only), infrequently and only spending small amounts of money (like under $100), that using tor, storing sensitive information on a flash drive, encrypting it with truecrypt (or both), and using GPG is enough to stay secure.
Also, going the bank deposit to mtgox (or other) via bitinstant (or similar method), then transferring bitcoins around to several instawallets before sending to SR is enough to avoid attracting too much attention, especially when the dollar amounts are very low.
It just doesn't seem like LE would come busting my door down over an 8th of weed or a few pills.
I have read through the polyfont page but much of that information seems excessive for a small time buyer.
Please correct me if I'm wrong and offer suggestions
-
By the way to the people say "TrueCrypt your entire hard drive"...I personally know people who have served the mandatory 1 year in prison (in the UK) for not revealing their Truecrypt password to the police. Two of my friends now and it's becoming more common. Better make a hidden TrueCrypted operating system (hidden partition), or TrueCrypt a memory stick and keep your TOR on there.
-
@vlad1m1r Could you point to where we could learn how to encypt an entire drive? Everything I"ve read about truecrypt just talks about encrypting specific folders. Also, there doesnt seem to be a reliable way to DoD wipe unused space without wiping entire drives. I see people mention this all the time on the forums, but when actually digging into it every tutorial just explains how to wipe entire drives.
-
By the way to the people say "TrueCrypt your entire hard drive"...I personally know people who have served the mandatory 1 year in prison (in the UK) for not revealing their Truecrypt password to the police. Two of my friends now and it's becoming more common. Better make a hidden TrueCrypted operating system (hidden partition), or TrueCrypt a memory stick and keep your TOR on there.
Yup. This is sort of the reason I'm getting a new laptop as well. Going to use one for legit/fun shit which will be the old one and I'm going to have the hard drive reformatted and I'm getting a Maccy Pro to use for my shady shit.
Partition your life like you do your OS. :)
-
@vlad1m1r Could you point to where we could learn how to encypt an entire drive? Everything I"ve read about truecrypt just talks about encrypting specific folders. Also, there doesnt seem to be a reliable way to DoD wipe unused space without wiping entire drives. I see people mention this all the time on the forums, but when actually digging into it every tutorial just explains how to wipe entire drives.
As I said above you don't want to TrueCrypt your entire drive. It's too obvious and can get you into trouble anyway, especially with new terrorism laws forcing you to hand over the key:
http://yro.slashdot.org/story/12/01/24/024233/us-judge-rules-defendant-can-be-forced-to-decrypt-hard-drive
What you want to do is TrueCrypt a small partition, which you install your 'naughty' operating system on, and then produce two keys. One key loads the partition normally for you, the other key loads a clean operating system and wipes the naughty one (3 pass eraze) which you can give to the police during interrogation. By the time they realize what's happened it's too late. You've not broken any laws, you've given them a legit key, and they have no evidence. BINGO 8)
-
It is true that you can be forced to hand over a decryption key to a machine in the UK through RIPA legislation. Nevertheless, I was suggesting this step as an additional layer of security to protect the contents of a USB on an otherwise clean operating system.
I think it's important to be clear that while it's a worthy idea to install a hidden operating system using Truecrypt, doing so on a separate partition rather defeats the point of plausible deniability in encryption. You can (and should!) install a hidden OS to your main system partition while using full disk encryption. You can of course give the "safe" password to the authorities with no fear of recrimination.
Update : I have just remembered from my heady days dabbling with computer forensics that the software Autopsy and its ilk will have you create an image of the suspect hard drive when analysing it, so even if you could construct a boot loader which could wipe the "hidden" partition I'm not sure if it would do much good. - Better encrypt the whole OS with Truecrypt and have a dual OS if that's the way you want things.
V.
@vlad1m1r Could you point to where we could learn how to encypt an entire drive? Everything I"ve read about truecrypt just talks about encrypting specific folders. Also, there doesnt seem to be a reliable way to DoD wipe unused space without wiping entire drives. I see people mention this all the time on the forums, but when actually digging into it every tutorial just explains how to wipe entire drives.
As I said above you don't want to TrueCrypt your entire drive. It's too obvious and can get you into trouble anyway, especially with new terrorism laws forcing you to hand over the key:
http://yro.slashdot.org/story/12/01/24/024233/us-judge-rules-defendant-can-be-forced-to-decrypt-hard-drive
What you want to do is TrueCrypt a small partition, which you install your 'naughty' operating system on, and then produce two keys. One key loads the partition normally for you, the other key loads a clean operating system and wipes the naughty one (3 pass eraze) which you can give to the police during interrogation. By the time they realize what's happened it's too late. You've not broken any laws, you've given them a legit key, and they have no evidence. BINGO 8)
-
What the fuck is this RIPA legislation V1lad? I have never heard of this. Did Labour bring it in one of their attempts to curtail our freedom or is this a Coalition thing?
Tony Blair just don't care
Gordon Brown let me down
David Cameron is making me morally barren.
Nick Clegg? Well nobody cares enough about people who can only get a semi-on to make witty rhymes about them.
-
RIPA - The Regulation of Investigatory Powers Act (2000) was something the Labour party sneaked through to make us all feel 'safer' as if investigatory powers were being limited, however made a whole new raft of things possible. Ranging from forcing you to hand over your encryption keys to the police (which by the way if you refuse means you can go to prison WITHOUT a trial infront of a jury, the 1 year thing I mentioned earlier) to the fact that every citizen is now supposed to be a police informant and infact if you now witness a crime and fail to inform the police you are infact guilty of committing a criminal act.
People don't realise but this is actually used, as I mentioned above friends of mine are in prison for trying to hide torrents (games, films) etc from police by not telling them their TrueCrypt passwords to their laptops etc. It's ludicrous really.
Personally I hide all secret data in the 'cloud' now, only accessed using various proxy's of which TOR is one and is fully Encrypted, stored on servers in countries that don't have any legal arrangements with UK or US authorities.
-
RIPA - The Regulation of Investigatory Powers Act (2000) was something the Labour party sneaked through to make us all feel 'safer' as if investigatory powers were being limited, however made a whole new raft of things possible. Ranging from forcing you to hand over your encryption keys to the police (which by the way if you refuse means you can go to prison WITHOUT a trial infront of a jury, the 1 year thing I mentioned earlier) to the fact that every citizen is now supposed to be a police informant and infact if you now witness a crime and fail to inform the police you are infact guilty of committing a criminal act.
People don't realise but this is actually used, as I mentioned above friends of mine are in prison for trying to hide torrents (games, films) etc from police by not telling them their TrueCrypt passwords to their laptops etc. It's ludicrous really.
Personally I hide all secret data in the 'cloud' now, only accessed using various proxy's of which TOR is one and is fully Encrypted, stored on servers in countries that don't have any legal arrangements with UK or US authorities.
What the fuck!?!?!?! As an IRL/Online drug dealer and financial adviser that does NOT me feel "safer". Can't believe I hadn't heard of this before tbh.
Tony Blair didn't care about what I thought when he brought this in and then Gordon Brown let me down by not getting rid of it and now David Cameron is morally barren by following suit.
Slags.
-
Of course you can get around this issue by using Plausible deniability in your encryption - I think so far three people have been sent to prison for refusing to hand their encryption keys to Police - more scarily still it's not just the pigs- any Home Office approved body can request them e.g the Probation Service, Social Services although so far none have.
Further reading:
http://www.homeoffice.gov.uk/counter-terrorism/regulation-investigatory-powers/
and
https://blog.ironkey.com/?p=842
V.
RIPA - The Regulation of Investigatory Powers Act (2000) was something the Labour party sneaked through to make us all feel 'safer' as if investigatory powers were being limited, however made a whole new raft of things possible. Ranging from forcing you to hand over your encryption keys to the police (which by the way if you refuse means you can go to prison WITHOUT a trial infront of a jury, the 1 year thing I mentioned earlier) to the fact that every citizen is now supposed to be a police informant and infact if you now witness a crime and fail to inform the police you are infact guilty of committing a criminal act.
People don't realise but this is actually used, as I mentioned above friends of mine are in prison for trying to hide torrents (games, films) etc from police by not telling them their TrueCrypt passwords to their laptops etc. It's ludicrous really.
Personally I hide all secret data in the 'cloud' now, only accessed using various proxy's of which TOR is one and is fully Encrypted, stored on servers in countries that don't have any legal arrangements with UK or US authorities.
What the fuck!?!?!?! As an IRL/Online drug dealer and financial adviser that does NOT me feel "safer". Can't believe I hadn't heard of this before tbh.
Tony Blair didn't care about what I thought when he brought this in and then Gordon Brown let me down by not getting rid of it and now David Cameron is morally barren by following suit.
Slags.
-
Same basic security question I've faced from jump street:
Do I try to hide from LE, and thereby look *more* suspicious if I get caught (or go to trial.)
Or do I operate in plain view: nothing I"m doing here is illegal, why hide...
(now I threw away a little netbook a while ago, and these hippies and druggies who live around here, fuck I sure hope none of them found it....they live about 20 to a van, and wardrive the fuck out of here...I've been meaning to put a password on my wifi but don't know how!)
-
I think so far three people have been sent to prison for refusing to hand their encryption keys to Police
Well personally I know two people, and they know others so believe me it's not just 3 people. I would estimate several hundred at the least.
I should mention in their cases they were both given a second chance to hand over the encryption keys to a judge before sentencing but both refused.
-
I found a good tutorial on YouTube for truecrypt.
http://m.youtube.com/watch?v=_ttbtGTlOTA
Hopefully that should point you in the right direction to encrypting the hard drive. Also you might want to create. A hidden container incase law enforcement make you give up the password.
Here's a link for that
http://www.afterdawn.com/guides/archive/create_hidden_encrypted_volume_within_a_file_using_truecrypt.cfm
And for a secure DoD wipe you can use file shredder (free download from download.com) google it
Hope that helps, alpine
-
Who's to say I haven't hypnotized myself so whenever I hear my miranda rights read to me I forget my encryption key?
Hell, who's to say under pressure you don't remember the bitch anyway?
I guess my real question is:
In the cases that you have stated, is there a specific difference between not telling and not knowing the encryption key?
-
Good work Alpine, +1 to you.
If you live in a jurisdiction where you can be compelled to surrender your password, by all means use the hidden container.
V.
I found a good tutorial on YouTube for truecrypt.
http://m.youtube.com/watch?v=_ttbtGTlOTA
Hopefully that should point you in the right direction to encrypting the hard drive. Also you might want to create. A hidden container incase law enforcement make you give up the password.
Here's a link for that
http://www.afterdawn.com/guides/archive/create_hidden_encrypted_volume_within_a_file_using_truecrypt.cfm
And for a secure DoD wipe you can use file shredder (free download from download.com) google it
Hope that helps, alpine
-
If you weren't here then, I really suggest all newbies start at the beginning of the 'Security' thread and go thru it: I did, and you can skim pretty quickly in a couple hrs. A lot of great suggestions which I'd followed I learn so much, how to use Virtual Machine's correctly, and other stuff, I'd look into the Privatix threads, and well, last several months have been quite an education for me. I find there is help available to, if you are willing to do the study suggested. I've ended up pretty much right where I started, with Tails as my main OS and then all else is kept well stashed in the cloud. But privatix or it's cousins if I were vending, and had to have more info stashed at hand...
-
By the way to the people say "TrueCrypt your entire hard drive"...I personally know people who have served the mandatory 1 year in prison (in the UK) for not revealing their Truecrypt password to the police. Two of my friends now and it's becoming more common. Better make a hidden TrueCrypted operating system (hidden partition), or TrueCrypt a memory stick and keep your TOR on there.
Jesus, I thought the USA had some pretty fucked up laws, but a year in jail for not divulging an encrypted hd? I guess one would have to weigh what's so damaging on the hd vs a year in jail. I imagine it would have to be a big time seller with records of buyers. What else would one be so scared of?? Their SR password?? For a year in jail they can have mine, but what can they do with it??
Well, with your SR password they can see all your messages and your transactions, if you weren't careful maybe an address or incriminating information.
-
Well said PlaneMode,
As I said you can install your apps like Tor browser and GPG to a hidden container in your Truecrypt volume and this needn't be a worry. An analysis of the container itself will not reveal a hidden volume. Hidden OS on the other hand can leak information on certain versions of Windows. (Further reading : http://static.usenix.org/event/hotsec08/tech/full_papers/czeskis/czeskis_html/)
V.
By the way to the people say "TrueCrypt your entire hard drive"...I personally know people who have served the mandatory 1 year in prison (in the UK) for not revealing their Truecrypt password to the police. Two of my friends now and it's becoming more common. Better make a hidden TrueCrypted operating system (hidden partition), or TrueCrypt a memory stick and keep your TOR on there.
Jesus, I thought the USA had some pretty fucked up laws, but a year in jail for not divulging an encrypted hd? I guess one would have to weigh what's so damaging on the hd vs a year in jail. I imagine it would have to be a big time seller with records of buyers. What else would one be so scared of?? Their SR password?? For a year in jail they can have mine, but what can they do with it??
Well, with your SR password they can see all your messages and your transactions, if you weren't careful maybe an address or incriminating information.
-
Many thanks once again to the Guru for watching my back, rest assured I haven't forgotten you!
An excellent summary of FDE via Truecrypt, if I may just pick up on a question PermanentlySpun ask.
Heidi's Eraser (http://eraser.heidi.ie/) does allow you to wipe the free space on a magnetic hard drive to DoD standards (I think it's 3 or 7 passes perhaps someone can confirm?) There is also the Gutmann method which overwrites deleted data no less than 35 times.
As Guru says however, Truecrypt can encrypt your Operating System in place. Any free space on your hard drive would be filled with random "chaff" data which is indistinguishable from the encrypted data when the drive isn't mounted. As such using data erasure tools is something of a moot point when your whole OS is encrypted.
Some posters have also asked if they need to erase the free space on their HDD before encrypting their operating system using Truecrypt. It won't do any harm but there's no need. Whatever fragments of deleted files are left will be written over - I have only dabbled in digital forensics but have yet to hear of deleted files being covered post FDE in this way - perhaps once again our more technically minded users can confirm?
If you have one of the newer Solid State Drives (as I do!) you'll find most traditional erasure methods won't work and full disk encryption if not set up properly can reduce the life of the drive, but I have an excellent tutorial on how to lessen this problem, feel free to send me a message.
All the best,
V.
@vlad1m1r Could you point to where we could learn how to encypt an entire drive? Everything I"ve read about truecrypt just talks about encrypting specific folders. Also, there doesnt seem to be a reliable way to DoD wipe unused space without wiping entire drives. I see people mention this all the time on the forums, but when actually digging into it every tutorial just explains how to wipe entire drives.
See: http://www.truecrypt.org/docs/?s=system-encryption
System Encryption
TrueCrypt can on-the-fly encrypt a system partition or entire system drive, i.e. a partition or drive where Windows is installed and from which it boots.
System encryption provides the highest level of security and privacy, because all files, including any temporary files that Windows and applications create on the system partition (typically, without your knowledge or consent), hibernation files, swap files, etc., are always permanently encrypted (even when power supply is suddenly interrupted). Windows also records large amounts of potentially sensitive data, such as the names and locations of files you open, applications you run, etc. All such log files and registry entries are always permanently encrypted too.
System encryption involves pre-boot authentication, which means that anyone who wants to gain access and use the encrypted system, read and write files stored on the system drive, etc., will need to enter the correct password each time before Windows boots (starts). Pre-boot authentication is handled by the TrueCrypt Boot Loader, which resides in the first track of the boot drive and on the TrueCrypt Rescue Disk.
Note that TrueCrypt can encrypt an existing unencrypted system partition/drive in-place while the operating system is running (while the system is being encrypted, you can use your computer as usual without any restrictions). Likewise, a TrueCrypt-encrypted system partition/drive can be decrypted in-place while the operating system is running. You can interrupt the process of encryption or decryption anytime, leave the partition/drive partially unencrypted, restart or shut down the computer, and then resume the process, which will continue from the point it was stopped.
To encrypt a system partition or entire system drive, select System > Encrypt System Partition/Drive and then follow the instructions in the wizard. To decrypt a system partition/drive, select System > Permanently Decrypt System Partition/Drive.
The mode of operation used for system encryption is XTS (see the section Modes of Operation). For further technical details of system encryption, see the section Encryption Scheme in the chapter Technical Details.
Note: By default, Windows 7 and later boot from a special small partition. The partition contains files that are required to boot the system. Windows allows only applications that have administrator privileges to write to the partition (when the system is running). TrueCrypt encrypts the partition only if you choose to encrypt the whole system drive (as opposed to choosing to encrypt only the partition where Windows is installed).
Guru
-
...in that case in the UK at least your case would go before a Tribunal made up of three Judges where you would have to convince them that you had indeed forgotten it - it's not an automatic defence but obviously if it's a secondary PC gathering dust in your garage you've got a much better chance of convincing them - use plausible denial and it's not an issue!
V.
I think so far three people have been sent to prison for refusing to hand their encryption keys to Police
Well personally I know two people, and they know others so believe me it's not just 3 people. I would estimate several hundred at the least.
I should mention in their cases they were both given a second chance to hand over the encryption keys to a judge before sentencing but both refused.
I just thought of something else--something that happened to me today. I fired up my secondary unix pc, and I couldn't remember its pass phrase. Not a big deal as I don't ever use it, but this brings up a point: honestly forget your password and go to jail?? Somehow, this doesn't seem right...
-
Just to point out an alternative to everyone, You can use tinycore linux to build a Credit card sized CD that is a bootable full gui install of linux with GPG, TOR, and bitcoin installed.
Then use the dev mapper crypto stuff to encrypt a pen drive. With out the CD it will look like it is full of garbage. Your PC can be windows when running normal, then pop in the CD and boot the system into a secure TOR system with a fully encrypted home space on a pen drive.
But it is just an idea.
-
I'm 100% sure atleast a few have, and I'm not fucking around because I nearly escaped myself.
Obviously I'm not stupid enough to give too many details but lets just say I won't order internationally anymore after my visit with ice. I'm not stupid enough to fall for what police officers call a knock and talk - but its a common tactic because it works, so I'm sure someone got fucked. Like someone said we wouldn't likely know since they could not tell us from jail.
My recommendation: Learn how to talk to police officers, just in case.
-
I'm 100% sure atleast a few have, and I'm not fucking around because I nearly escaped myself.
Obviously I'm not stupid enough to give too many details but lets just say I won't order internationally anymore after my visit with ice. I'm not stupid enough to fall for what police officers call a knock and talk - but its a common tactic because it works, so I'm sure someone got fucked. Like someone said we wouldn't likely know since they could not tell us from jail.
My recommendation: Learn how to talk to police officers, just in case.
(sung to the tune of camptown races)
What's the colour of a 1 cent piece?
Copper! Copper!
What's the colour of a 1 cent piece?
ALL Coppers are cunts!
-
By the way to the people say "TrueCrypt your entire hard drive"...I personally know people who have served the mandatory 1 year in prison (in the UK) for not revealing their Truecrypt password to the police. Two of my friends now and it's becoming more common. Better make a hidden TrueCrypted operating system (hidden partition), or TrueCrypt a memory stick and keep your TOR on there.
Are you sure that you can actually be convicted for not revealing your truecrypt password? Could you not just claim that it isn't even your computer to begin with?
-
An excellent point Kappacino,
You can be encrypted provided that it can be demonstrated that your hard drive is indeed encrypted. This would be fairly easy for a forensic analyst if you use FDE as the Truecrypt bootloader* is installed to the same partition. You could of course encrypt the whole HDD and use a Live CD or bootable USD to access it. That way you could plausibly say your HDD has been wiped by overwriting it with random data and no one could tell the difference.
The same applies if you encrypt an entire external hard drive / USB key. In theory Truecrypt containers i.e TC files created on an otherwise unencrypted hard drive aren't identifiable but in practice they have "perfect" block symmetry so it's hard to pass them off as random data.
It is a good point however and it actually might be worth your while to let the matter run the whole nine yards and let it come to court before revealing a password - the burden of proof is still upon the Police to show that the volume is encrypted and hasn't been wiped.
V.
*The bit which loads up when you first switch on your computer and asks for your password in order to access the encrypted drive. In the nature of things this can't be encrypted too.
By the way to the people say "TrueCrypt your entire hard drive"...I personally know people who have served the mandatory 1 year in prison (in the UK) for not revealing their Truecrypt password to the police. Two of my friends now and it's becoming more common. Better make a hidden TrueCrypted operating system (hidden partition), or TrueCrypt a memory stick and keep your TOR on there.
Are you sure that you can actually be convicted for not revealing your truecrypt password? Could you not just claim that it isn't even your computer to begin with?
-
I'm sorry if this question is asked a lot but does anyone know of anyone that has gotten in trouble for buying from silk road?
i wouldnt worry, just make it not worth anyone's trouble, and the LEOs will go after the vendors, like they are supposed to.
i'd be paranoid only if you are a vendor.
normal customers are not worth the LEO's time, generally speaking.
-
If I only make small-ish purchases on SR, and have my Tormail/SR information memorized and not written down anywhere, on paper, or on my computer, there's no reason for me to encrypt any files or drives is there?
The only incriminating evidence against me would be in the form of an unreadable PGP key in my SR message box...
-
It's still not particularly safe buddy. A forensic analyst may be able to detect traces of your browsing activity if they analysed your hard drive. Also if you use PGP your private key, even though it's encrypted itself, it could be subjected to brute force attacks.
Have a look at the Truecrypt website and you'll see it's very, very easy to set up an encrypted hard drive or usb drive. Any questions, please feel free to asl.
V.
If I only make small-ish purchases on SR, and have my Tormail/SR information memorized and not written down anywhere, on paper, or on my computer, there's no reason for me to encrypt any files or drives is there?
The only incriminating evidence against me would be in the form of an unreadable PGP key in my SR message box...
-
What you want to do is TrueCrypt a small partition, which you install your 'naughty' operating system on, and then produce two keys. One key loads the partition normally for you, the other key loads a clean operating system and wipes the naughty one (3 pass eraze) which you can give to the police during interrogation. By the time they realize what's happened it's too late. You've not broken any laws, you've given them a legit key, and they have no evidence. BINGO 8)
Woah woah woah... there are keys that will start to wipe a hidden volume? With truecrypt? Is that built in or some custom shit?
-
Here's the deal. Don't think that you're immune, because there is an element of risk, but for small amounts they tend to just seize the package and send a love letter. If the shipment is domestic than the odds of being caught are extremely low as long as the seller doesn't ship a package with odors or suspicious packaging, but it could put you at risk for a controlled delivery.
If a controlled delivery does happen, typically the cops are will try to prove that you knew the package's contents, and they've been known to use the fact that you opened the package as "proof" you ordered it. It's always a good idea when receiving your package to write "RETURN TO SENDER" on it after picking it up and to avoid opening it for a day. That will give you some ammo for your defense. Also keep your home clear of other contraband if possible, and keep your hard drive encrypted. Give them your name and then invoke your right to remain silent. Do not admit guilt, and don't give them your PC's password, even if threatened by the police (police are legally allowed to lie to procure a confession). Demand an attorney and discuss the details with him.
-
So I am a buyer and that is it. Pretty small amounts. I understand my rights as a citizen of my country. But it seems if I have not already encrypted my hard drive and used PGP key with all my purchases I am already screwed if the heat came down correct?
From what I read Dwolla and mtgox might as well be the DEAs playground and information will be easily given up.
-
Just remember, while SR is on the radar, it's not THE ONLY means of obtaining illicits, IRL or OTW!
If we're following proper procedures we shouldn't have anything to worry about.
Just my opinion, but I think the newer/younger users should just slow down a little bit, read more past threads, have patience with their deliveries and build an inbuilt bullshit radar, so they can better decipher what's cool and what's crap!
Best of luck!!!
-
Just remember, while SR is on the radar, it's not THE ONLY means of obtaining illicits, IRL or OTW!
If we're following proper procedures we shouldn't have anything to worry about.
Just my opinion, but I think the newer/younger users should just slow down a little bit, read more past threads, have patience with their deliveries and build an inbuilt bullshit radar, so they can better decipher what's cool and what's crap!
Best of luck!!!
Well said: I always recommend newer users just take a couple of hours and go thru all the 'Security' thread. There is a wealth of information there: I learned more about Tails and privatix and vm's ...it was interesting, and has taught me the different ways of taking care of my stuff...I still prefer Tails, because it keeps me honest, and just stash passwords and keys in the cloud, there are many sites where you keep everything u need....that way I don't have to worry much about what I have here...nice to have a kind of 'throwaway' netbook too, and trot somewhere else to do orders and whatnot...
But yeah, so far, so good, going into one year SR, so it'll be funny to see how we are doing in a year or so...hard to believe :)
-
You'd need a customised version of the program to do that.
V.
What you want to do is TrueCrypt a small partition, which you install your 'naughty' operating system on, and then produce two keys. One key loads the partition normally for you, the other key loads a clean operating system and wipes the naughty one (3 pass eraze) which you can give to the police during interrogation. By the time they realize what's happened it's too late. You've not broken any laws, you've given them a legit key, and they have no evidence. BINGO 8)
Woah woah woah... there are keys that will start to wipe a hidden volume? With truecrypt? Is that built in or some custom shit?
-
Any questions, please feel free to asl.
V.
Hi V (or anyone else who can answer): I run the Tor browser bundle from a TrueCrypt container, but I created my PGP key using GPG4Win which had to be installed and of course leaves a bunch of files all over my unencrypted OS. Should I find a different PGP program that runs from a folder like the Tor bundle, so I can run it from my TrueCrypt container? I'm also concerned that GPG4Win demands permission through ZoneAlarm, though I watched it and it doesn't seem to be connecting to any remote address. Or does none of that matter? Thanks!
-
Hi Spicelover,
Try GPG4USB (http://gpg4usb.cpunk.de/) - just extract it inside the Truecrypt container. It won't need internet access to operate but it can sync with keyservers which serve as directories for Public Keys if you wish.
Your private key is encrypted but you should also keep it in either your encrypted home folder if you're a linux user and/or an encrypted container.
All the best,
V.
Any questions, please feel free to asl.
V.
Hi V (or anyone else who can answer): I run the Tor browser bundle from a TrueCrypt container, but I created my PGP key using GPG4Win which had to be installed and of course leaves a bunch of files all over my unencrypted OS. Should I find a different PGP program that runs from a folder like the Tor bundle, so I can run it from my TrueCrypt container? I'm also concerned that GPG4Win demands permission through ZoneAlarm, though I watched it and it doesn't seem to be connecting to any remote address. Or does none of that matter? Thanks!
-
Using a neighbors wifi is probably not very helpful for anonymity but the chances of being raided or even talked to by police for it are extremely remote. There are very very very very few cases of people being bothered for stealing wifi and in all of the cases I have found they were working on a laptop while parked in front of the house that they were taking wifi from. Not many people have the technical skill to determine that someone unauthorized is using their wifi, even though it is often as simple as checking the routers interface and seeing the MAC address of all connected devices. Even the people who know what a MAC address is and know how to check logs from their router are not likely to do so unless they notice their internet is going slow as shit. People with open wifi or WEP are even less likely to know how to detect people stealing their wifi, if they knew this much they would probably know to not use WEP in the first place.
Even if the person who owns the wifi AP you are using does determine that someone unauthorized is using their internet, they will not be able to determine who is doing it unless they know how to trace a wireless signal. If they call the police over it they might know how to trace it back to you though, so in theory you could get in shit for it. This never happens though.
-
Hi Spicelover,
Try GPG4USB (http://gpg4usb.cpunk.de/) - just extract it inside the Truecrypt container. It won't need internet access to operate but it can sync with keyservers which serve as directories for Public Keys if you wish.
Your private key is encrypted but you should also keep it in either your encrypted home folder if you're a linux user and/or an encrypted container.
All the best,
V.
Thanks vlad1m1r, I much prefer that program.
-
You'd need a customised version of the program to do that.
V.
What you want to do is TrueCrypt a small partition, which you install your 'naughty' operating system on, and then produce two keys. One key loads the partition normally for you, the other key loads a clean operating system and wipes the naughty one (3 pass eraze) which you can give to the police during interrogation. By the time they realize what's happened it's too late. You've not broken any laws, you've given them a legit key, and they have no evidence. BINGO 8)
Woah woah woah... there are keys that will start to wipe a hidden volume? With truecrypt? Is that built in or some custom shit?
It would be a waste of a custom program too, considering the first thing forensics people do with data storage devices is make perfect copies of their contents
-
You'd need a customised version of the program to do that.
V.
What you want to do is TrueCrypt a small partition, which you install your 'naughty' operating system on, and then produce two keys. One key loads the partition normally for you, the other key loads a clean operating system and wipes the naughty one (3 pass eraze) which you can give to the police during interrogation. By the time they realize what's happened it's too late. You've not broken any laws, you've given them a legit key, and they have no evidence. BINGO 8)
Woah woah woah... there are keys that will start to wipe a hidden volume? With truecrypt? Is that built in or some custom shit?
It would be a waste of a custom program too, considering the first thing forensics people do with data storage devices is make perfect copies of their contents
One of the most instructive ways to spend your time is to download a copy of the Autopsy forensic tools CD and probe some of the test images of disk drives they have available on the website.
V.
-
I got a love-letter from US customs from ordering a commonly abused SchIII drug from a reputable vendor. Nothing else happened.
-
The reason they don't go after every single drug they find in the mail is because they still need to build a case proving that you ordered it. Which they usually wont bother doing unless it is a LARGE amount, like LBs+.
Just today, a vendors QP package got caught being send to a buyer, and the bud was just removed from the package and a stamp on the outside of the box claiming the contents have been removed. Nothing else happened supposedly. That's 4 ounces of weed coming out of California that they didn't bust the buyer for.
-
You'd need a customised version of the program to do that.
V.
No you don't. A normal version of TrueCrypt can do it, although it's not easy to do and very time consuming.
-
My residence recieve's mail daily in previous tenants names, would this be a wise move to use their names to make it that extra bit safer?
-
My residence recieve's mail daily in previous tenants names, would this be a wise move to use their names to make it that extra bit safer?
less safe, more stupid.
imagine what happens if this mail gets forwarded.
work with trusted vendors and your package should arrive like normal mail.
-
My residence recieve's mail daily in previous tenants names, would this be a wise move to use their names to make it that extra bit safer?
imagine what happens if this mail gets forwarded.
If it was getting forwarded, it wouldn't be in my mailbox.
-
My residence recieve's mail daily in previous tenants names, would this be a wise move to use their names to make it that extra bit safer?
imagine what happens if this mail gets forwarded.
If it was getting forwarded, it wouldn't be in my mailbox.
You don't know that some of the mail is getting forwarded and some is landing in your mailbox.
-
My residence recieve's mail daily in previous tenants names, would this be a wise move to use their names to make it that extra bit safer?
imagine what happens if this mail gets forwarded.
If it was getting forwarded, it wouldn't be in my mailbox.
You also don't know if the previous tenet will realize he/she didn't set up mail forwarding yet and do it while your package is in transition.
-
what if you boot up tails from a usb does the usb need to be encrypted or only the partition on if you have one?
-
You'd need a customised version of the program to do that.
V.
No you don't. A normal version of TrueCrypt can do it, although it's not easy to do and very time consuming.
it is a complete waste of time and Truecrypt has no feature that supports this
-
what if you boot up tails from a usb does the usb need to be encrypted or only the partition on if you have one?
Hi Herpaderp,
I've only started playing around with TAILS as I use a different OS but my understanding is that you can have a live USB of TAILS both with and without an encrypted partition - personally I would prefer the "with" option as you'd have somewhere safe to store your Private GPG key, Bitcoin software and so on but there is a school of thought that says this is a security risk - though goodness knows where such people keep their own private keys!
There's no need for the partition on the host system to be encrypted if you're not using it for anything personal. Of course you may want to encrypt the hard disk anyway as a decoy.
Something else of note is that TAILS like many flavours of Linux natively supports encrypting USB keys - https://tails.boum.org/doc/encryption_and_privacy/encrypted_volumes/index.en.html so you could use a Live DVD in combination with an encrypted USB stick to store your GPG key ring etc.
V.
-
do what i do. get a SD/micro sd USB adapter and truecrypt that little SD card. that way you can break the card or flush it down the drain if needs be. pretty fucking tough to destroy those USB drives, but microSD cards can probly be cut in half with scissors.
-
do what i do. get a SD/micro sd USB adapter and truecrypt that little SD card. that way you can break the card or flush it down the drain if needs be. pretty fucking tough to destroy those USB drives, but microSD cards can probly be cut in half with scissors.
An excellent suggestion rise_against many thanks - one of my investors keeps all his personal data on an SD card and has a safe with a slot at the top to deposit money. The first sign of trouble he says he'll simply put his SD card in there... personally I think he should invest in a shredder but that's just me! :-D
V.
-
I'm overwhelmed at the attention this post has!!
Yesterday I created a linux memory stick yesterday but then read this thread today and thought, I would like it to be encrypted.
I formatted my memory stick and went through the whole partitioning and creating the hidden part etc.
I extracted and ran liberte in the hidden part and it ran the bat file (assuming that operating system was up and running now)
I restarted thinking it would go through the whole process but a black screen appeared telling me to remove the usb and press any key to restart.
Anyone know why this isn't working? It should run the setup then once the operating system is running prompt me for the password, right?
Thanks everyone
-
I think that when I boot up with the USB it only sees that there is a file on it that it can't open. I need it to be able to bypass that file to let it run the operating system. What am I doing wrong?
-
great thread very informative and helpful!
I
-
homer simpson if you look for another post on here recently about doing all this with a mac, I dont know what you are using but in that thread someone suggested downloading rEFit which supposedly allows the usb to boot which it wouldnt normally
-
I don't know what the story is in different parts of the world but where I come from it is the duty of the postal service to deliver to the address not the name - the name is irrelevant. So the package will be delivered. I don't usually sign for packages (unless permitted to by the po - even then i make a note 'signing on behalf of so and so); then again it's human nature/curiosity to sign for a mystery package. I use a fictitious name with my real home address when ordering so-called 'illegal' drugs (in the eyes of a bunch of self-important power mongers called the government, LE, FIB, etc). The worse that can happen is your order gets confiscated and you don't get arrested because you have no idea who sent it or who the name on the package is .... a practical joke, maybe a spurned lover, you have no idea, etc, wink, wink, end of story.