Silk Road forums
Discussion => Security => Topic started by: endorfin on May 30, 2012, 05:17 pm
-
Your security measures should reflect your activities on SR. You don't really need Fort Knox to protect the $500 you keep in the mattress.
Where do you fit in on SR? You bought some weed once, You buy a gram of coke occasionally on SR, you buy 8-balls every week on SR, you are a small time weed seller on SR, you move large amounts of product on SR such as Heroin, Meth, and lots of pills. How much security is appropriate for you?
This forum speaks of security but for the nubie it does not distinguish between mini buyers and major sellers. No wonder I see all this nubie anxiety about security and good for you, it means you realize you are stepping into a potentially dangerous neighborhood and should protect yourself. Is a knife enough or should I carry a gun, or how about an RPG? With Tor, GPG message encryption, TrueCrypt drive encryption, and alternate options for any of these and more, you have to ask: What is reasonable for me and my presence here on SR?
This posting is intended to get you to ask this question of yourself: What is reasonable security for me?
THIS THREAD IS ABOUT: WHAT IS A REASONABLE PERSONAL SECURITY PERSPECTIVE
I am hoping forum members will help define this question for the rest of us. This is about security [how much] not [security how to]. I am hoping our Global Moderator will PIN this thread at the top level.
endorfin
-
If you can't be bothered to learn GPG and make a TrueCrypt hidden container for your drug related files, then you shouldn't be buying drugs online, keys or grams.
-
If you can't be bothered to learn GPG and make a TrueCrypt hidden container for your drug related files, then you shouldn't be buying drugs online, keys or grams.
Why would a buyer need a TrueCrypt hidden container to keep his drug related files in?
Why would you need to keep drug related files in the first place?
In fact forget keeping files, why would you have a drug related file in the first place?
Are you keeping recipts or something?
-
Does Tor related files sound better ?
-
I assume you are using the tor package form https://www.torproject.org/
It dosent cache anything that could be deemed incriminating to begin with.
Having access to the tor network is not illegal in any country, as far as I am aware.
Browsing SR again is not a crime.
The standard package does not cache anything that could be used to prove a transaction.
So as a small buyer, there is nothing to worry about.
Thats the point of this thread.
-
Tor browser, GPG software and keyrings.
Browsing SR and having a package with illegal drugs intercepted is nothing to worry about ? Good luck in court with that.
I don't see what's the point of not hiding things ? Why play games about what police can or can't prove.
-
The police will not be doing any kind of controlled drop for the kind of quantities most people buy.
So if a package is intercepted, what will most likely happen is that I will receive a letter or a phone call asking me to attend a police station to give a statement. There will be no warrants, searches etc.
As the parcel will not have arrived, I will never have been in possession of anything and therefore will face no charges.
If you have any idea of how much court cases and police operations cost then you will realize ho ridiculous the idea of a controlled drop for 2g of weed sounds.
What keeps me safe is that I buy such small amounts that LE is simply not interested.
-
I don't think that LE is going to to put the money and the man power into making a bust on a buyer.
LE doesn't call in the swat team if you are a buyer. Most drug busts for buyers is during
routine traffic stops. Sellers, different story.
-
Almost everyones opinions consist of pure speculation because interceptions are very rare. There are some facts. People buying small amounts of non scheduled research chemicals in the USA are never raided. Some have been visited knock and talk style by feds of various sort including but not limited to postal inspectors, but I have not heard of charges being pressed. Even bulk importers of non scheduled research chemicals have had shipments inspected by customs and sent on their way after they tested negative for anything illegal. Non scheduled research chemicals are safe to buy, and although you should still use security measures to obtain them, it so far has not been very important.
People who sell research chemicals have more to worry about, even if they are not scheduled. There have been several RC vendors arrested and charged under the analog act, and some have received life sentences. It seems like law enforcement only target the blatant RC vendors, who have web shops with advertisements all over the place, or people organizing huge group buys / importing for completely public forums. This may be because law enforcement only cares about blatant RC dealers, or it could be because law enforcement are not very skilled at doing internet investigations against low key RC vendors. In all cases the busted RC vendors were using shit security. In at least some cases bulk research chemical interceptions did not lead to immediate arrest but rather led to the importer being put under surveillance and then arrested later on unrelated drug trafficking charges that were related to being put under surveillance for importing research chemicals, but not for importing research chemicals.
Buyers who have small orders of lowly scheduled drugs such as Xanax intercepted almost always only receive a love letter warning them that if they keep ordering scheduled drugs they may be charged and arrested. Some times people receive multiple letters like this and still nothing happens, but it is likely that if you get enough love letters something will come of it. You shouldn't reuse a box after you get a love letter because it could be flagged, but in practice people have continued to get shipments, including illegal ones, after having previously been sent love letter(s) to the same address. Intercepted non-specifically scheduled research chemicals have also resulted in love letters, so have marijuana seeds. People saying small personal use orders of cocaine or oxy will result in love letters are almost certainly just speculating, I would like to hear from an established person on any forum who obtained a love letter for schedule one substances of any amount because no case of this ever happening comes to mind. I can't even think of any truly personal use interceptions ever happening though.
In Australia a person had a not quite personal use order of several schedule one drugs intercepted. If I remember correctly it contained MDMA, ketamine and LSD, a few grams for the former two items and half a sheet or so of LSD. This resulted in an armed dawn raid. The person received probation as it was their first offense, but they could have received a prison sentence.
I have heard of ounce orders of marijuana being intercepted leading to knock and talk by postal inspectors and eventual charges being filed, I believe people usually receive probation and mandatory drug rehab for this, but if it was a few eight balls of coke it is more likely jail or prison time would be involved imo.
several people on DZF were arrested for drug orders, it is not clear if the vendors they were working with were LE to begin with or were turned by LE. That forum was an FBI run honeypot. Several of the vendors on it were raided and arrested by FBI and sent to prison, and although I know several of their customers were arrested as well I am not certain the details of the size of orders they were placing or if they were also vendors. I can try to find out more about this, but I was never a part of DZF and only know a few people who were.
operation raw deal targeted the online steroid trafficking scene. They are very similar to the online recreational drug trafficking scene and there is a slight but significant membership overlap. A targeted international operation against them led to hundreds of arrests, but I believe they focused far more on producers and distributors than customers. I am not certain how many, if any , customers were arrested, although law enforcement did say in a press release that they had huge lists of customers and were considering pressing charges. I don't think they ever did against customers though. Someone from the steroid scene can probably go into more detail about the fall out of raw deal.
Obviously TFM is the most recent drug forum bust. Over a dozen vendors were arrested as well a handful of customers, although I think they were large customers. This is only what we know about though, nobody is certain how many other arrests are tied to TFM that were not part of main indictment. At least a few were though. I would imagine if LE really cared about customers a lot they could have busted more customers, and would have been more likely to do an internationally coordinated take down of the entire forum. When CP forums get busted it is common for interpol coordinated task forces around the world to carry out simultaneous raids against thousands of members, the fact that this did not happen for TFM leads me to think that either A. law enforcement was not interested in busting the majority of participants or B. Law enforcement had trouble to target the majority of participants for some reason, for one they couldn't get a vending account apparently (TFM was highly screened for vendors) and for two at least some of them were using GPG (le could only intercept communications that were not GPG encrypted). Of course they could have covertly bugged all of the targets laptops, followed them around recording the addresses on mail they were sending etc, and apparently they did not do this since only a dozen or so vendors are confirmed as busted and even fewer customers. Also, it is entirely possible that we just are unaware of the number of customers who were compromised.
Vendors clearly have much more to worry about, customer arrests are almost always from interceptions but vendors have targeted investigations against them that use technical, human intelligence, and surveillance attacks. So far the technical attacks have not been in the slightest bit impressive and in two cases consisted of Hushmail being a total fraud fed honeypot. The human intelligence attacks and surveillance attacks would also have been entirely preventable if the vendors had been using the proper security protocols.
All that said, it is technical possible for a small time customer to be royally ass fucked by law enforcement. You break a dozen different federal laws by ordering a single gram of weed here and they could try to hit you with a life sentence over it if they really wanted to. You are entirely at their mercy in this aspect. Money laundering, conspiracy, using telecommunications for drug deals, using the postal system illegally, participating in a continuing criminal enterprise, trafficking drugs across state or international lines, obstruction of justice, all of these are things that you are technically doing when you order your gram of weed here. The charges you could have put against you for ordering a gram of weed here are far more severe than you could have put against you for ordering it on the corner. But it is also extremely unlikely for such charges to be filed against you over ordering a gram of weed, and it is extremely unlikely that a domestic package will be intercepted.
At the end of the day, of course vendors have the most to worry about, and more the bigger they are. Customers have the least to worry about, and the smaller they are the less they have to worry about. I think that everyone should at a minimum be using Tor and GPG, plus mixing their bitcoins or obtaining them anonymously. Significant vendors should be using more security than that. And using more security is not going to get you busted, there is no such thing as being too secure but you can certainly not be secure enough.
-
in this life everything is allowed or done under the cover of some form of government sanction. Don't be too fooled by things, the U.S. government may not totally run every organization illegal drugs, but you can likely assume they are at the top of most all.
-
Tor browser, GPG software and keyrings.
Browsing SR and having a package with illegal drugs intercepted is nothing to worry about ? Good luck in court with that.
I don't see what's the point of not hiding things ? Why play games about what police can or can't prove.
I feel like spamming the next 70 or so posts so I can +1 you. One of the few people with common sense on this whole forum.
Fuck I miss OVDB.
-
What I hoped would come from this post was clarification on the degree of security that is reasonable for various member activities on SR.
For example, and I'll refer to my experience on SR;
For the first four months on SR, I only used TorBrowser. When I placed an order, I provided the seller my name and address unencrypted and I never had any problems. Then I decided it was time to learn about encryption and now I provide my personal information using GPG. At this point I feel fairly secure however I recently began reading about TrueCrypt.
My point is; security is layered like an onion and a nubie can't pick up all of these security concepts and tools right away. For me, I was proud of myself just for getting Tor running and finding SR. On the forum I learned what security SR provides and discovered an ocean of stuff I've never heard of before.
So please allow me to ask that, for this thread, we attempt to identify what constitutes a reasonable level of security for a nubie, a regular buyer, small seller, and medium and major sellers. Once a member identifies how they fit into the SR community they can then at least understand what their minimum reasonable security efforts should include and attempt to meet that standard.
Please share your opinions as to what constitutes reasonable security for activities on SR.
Thank you
endorfin
-
GPG and Tor are the bare requirements. Truecrypt FDE is also nice, but it is less important, if they can never pinpoint you they can not physically steal your non-encrypted drive. Truecrypt GPG Tor and bitcoin mixing is pretty solid (you should certainly be taking SOME measure to anonymize your bitcoins, be it mixing or obtaining them anonymously, preferably both). If you want to step your game up use isolation of some sort to make it harder for hackers to get your IP address. If you want to step it up a bit more get a security oriented OS and make sure your hardware supports all of its security functionality.
If you want to take it to the extreme, use a three computer setup, one that runs Tor and connects to the internet, one that runs Firefox, and one that stores GPG private keys and carries out encryption and decryption operations and never connects to the internet or anything that ever will. Copy ciphertexts and public keys from the Firefox machine to the GPG machine via *single use and then destroy* media (such as a burned CD), and your outgoing ciphertexts and public keys from the GPG machine to the Firefox machine by hand. Configure the firefox machine to route its traffic to Tor on the Tor machine and assign it an internal IP address only. Put Tor in a virtual machine on the Tor machine behind NAT and use firewall rules on the host to block connections to any IP address other than your entry guards. Additionally isolate the virtual machine with mandatory access controls. Make sure to use a wired connection from the Firefox machine to the tor machine so if firefox is pwnt you can not be geopositioned with WPS from a wireless network adapter. Use a security oriented OS and make sure your hardware supports all of the OS features fully, for example you will need a 64 bit processor to get a security benefit from ASLR, you will need NX bit flag on the CPU etc. Make sure to harden everything blah blah. Nobody actually does all of this because even though it is secure as a motherfucker the feds are like fifty steps behind it and NSA doesn't give a fuck
I also suggest using an in state fake ID to obtain a PMB that is not tied to you. Everyone who deals with significant weight does this. It might be less of a benefit and an additional charge for someone dealing with very small orders. I know for a fact it has saved the day many times before though. Not just from feds but also from scammers leaking peoples addresses publicly. If we ever have interception detection chips it will give us the opportunity to be nearly fully protected from all attacks other than downward (from vendor to customer) human intelligence, but so far not much progress has been made on getting those realized unfortunately.
-
Hi endorfin,
Thanks for starting this thread - as you can see this is quite an active topic.
I have had quite a strained discussion about using Truecrypt with another user last week.
In my opinion it's a good idea to use the program as it will make it incredibly difficult to perform any data recovery on your drives if they're seized.
Truecrypt is extremely easy to set up and has an excellent step by step guide to encrypting your whole operating system, creating an encrypted file container into which you can place programs like GPG or your Tor browser or even encrypting an entire USB stick.
I would say that you should definitely store your Tor browser, wallet software and your GPG program (my personal favourite is GPG4USB as it's very easy to set up and use) in an encrypted volume.
I think probably the easiest set up for newcomers is to encrypt a USB stick using Truecrypt as I said and install your software there. I have been considering offering ready made USB sticks for this purpose but of course if I did it for you, you wouldn't learn anything!
What you will find though is that there are differing opinions on this matter. Some users for example think you should use a "Live CD" like TAILS Linux which you can burn to a DVD and run from your computer so that theoretically every time you shut down your machine any data produced by your Tor browser for instance will disappear (in practice it takes around fifteen minutes to degrade altogether, a fact which Law Enforcement have used to their advantage in the past).
In my opinion, encrypting the volumes where you store your data, Torifying all your connections including that for your wallet software and using a strong GPG key to communicate via Tormail are your bare minimum. If you need any help getting set up with this, please feel free to ask.
V.
What I hoped would come from this post was clarification on the degree of security that is reasonable for various member activities on SR.
For example, and I'll refer to my experience on SR;
For the first four months on SR, I only used TorBrowser. When I placed an order, I provided the seller my name and address unencrypted and I never had any problems. Then I decided it was time to learn about encryption and now I provide my personal information using GPG. At this point I feel fairly secure however I recently began reading about TrueCrypt.
My point is; security is layered like an onion and a nubie can't pick up all of these security concepts and tools right away. For me, I was proud of myself just for getting Tor running and finding SR. On the forum I learned what security SR provides and discovered an ocean of stuff I've never heard of before.
So please allow me to ask that, for this thread, we attempt to identify what constitutes a reasonable level of security for a nubie, a regular buyer, small seller, and medium and major sellers. Once a member identifies how they fit into the SR community they can then at least understand what their minimum reasonable security efforts should include and attempt to meet that standard.
Please share your opinions as to what constitutes reasonable security for activities on SR.
Thank you
endorfin
-
Thanks vlad1m1r, I am wading through TrueCrypt now and I think a hidden volume would work for me. I see personal safety (security) as an art and each individual should explore that path as far as they feel is reasonable, but I do think there are milestones along that road that need to be identified and presented to the membership. These milestones relate directly to one's activities on SR. I hope there are others out there willing to help identify those security milestones. My security profile has improved in the nine months I've been here and I'm sure it will continue to improve as I continue to learn.
-
There are a few Linux distributions which offer good security. Best to install some Linux, maybe Tails, to a USB stick.
If vending I would go further and not use my internet to do any business.
I would also look into what software can print labels and leave no trace. In Windows, Microsoft Word is often used to print labels but its insecure.
A USB stick at 4 GB is enough - cost less than 1 BTC. You can use Linux live USB creator to set it up.
http://www.linuxliveusb.com/
This allows you to boot from your USB stick. You leave no trace on your PC hard drive.
-
OK, so as a noobie, I have been learning an incredible amount about all of the topics covered in this post so far, like Tor, GPG, bitcoins, etc...
But when it comes down to it, in the end, I, personally, will never become a vendor. I'm so busy IRL that I don't think I could conceive of starting any type of SR dealership (although it would probably be fun)!
So I'm probably going to just be a small time buyer, at most ordering an 8ball of fish scale or a gram or so of Molly.
And as such, my level of paranoia is significantly lower than it would be if I was vending. I got all the bases covered at this point, so there is little chance of getting a visit...
I purchased a few rare plantes and seeds from a guy in Peru last year, and unfortunately the guy was initially inexperienced with various shipping methods and stealth. So my purchases were intercepted by CBP (customs and border patrol) and they sent a love letter enclosed within the box. After cleaning out my pants, I calmed down a bit and realized that it was only an incredibly small weight of "unidentified plant material" and I just wrote it off to experience.
Anyways, point is I'm such a small time buyer out there that the odds of having anything more than a letter arrive are waaay small compared to the opportunity to be able to buy drugs online. AWESOME!
Hope that helps!
Omega Rushmore
-
Full Disk Encryption pay for PRETTYGOODprotection also known as PGP.
-
I assume you are using the tor package form https://www.torproject.org/
It dosent cache anything that could be deemed incriminating to begin with.
Having access to the tor network is not illegal in any country, as far as I am aware.
Browsing SR again is not a crime.
The standard package does not cache anything that could be used to prove a transaction.
So as a small buyer, there is nothing to worry about.
Thats the point of this thread.
I'm not sure if I can be as relaxed as you about this Duckman.
I got into a rather heated argument with a user on another thread about this. In theory the Tor Browser Bundle (TBB) doesn't leave any fingerprints but I managed to find a number of bugs to show under certain circumstances it did leave cookies which could reveal more about your browser activity.
Of course proving you'd accessed SR for instance on its own wouldn't be a crime but if for example you'd been caught with drugs in your possession and were trying to plead ignorance then it would hardly help your case to have the TBB with a book mark to this site on it for instance.
Speaking from a digital forensics perspective and I do confess I have only a small amount of experience with DEFT Linux and the Autopsy browser which are commonly used tools, it will be always be possible to recover some deleted data from an unencrypted partition unless you overwrite the data a number of times - something which as far as I'm aware the TBB doesn't do.
Of course you could avoid this problem entirely by using the TBB on a Live CD like tails but the lack of persistence begs the question where you'd keep your wallet and GPG software. My own opinion for what it's worth is that you should always encrypt the partition on which your browser is installed to reduce the chance of any data being recovered in this way - you should be doing this anyway to keep your GPG private key safe.
I do not have my ego mixed up in this and freely admit I am not an IT Professional but I do know enough about supposedly unrecoverable data to keep my TBB inside an encrypted partition, anyone who disagrees please do speak up, I am more than happy to be proven wrong!
V.
-
I assume you are using the tor package form https://www.torproject.org/
It dosent cache anything that could be deemed incriminating to begin with.
Having access to the tor network is not illegal in any country, as far as I am aware.
Browsing SR again is not a crime.
The standard package does not cache anything that could be used to prove a transaction.
So as a small buyer, there is nothing to worry about.
Thats the point of this thread.
I'm not sure if I can be as relaxed as you about this Duckman.
I got into a rather heated argument with a user on another thread about this. In theory the Tor Browser Bundle (TBB) doesn't leave any fingerprints but I managed to find a number of bugs to show under certain circumstances it did leave cookies which could reveal more about your browser activity.
Of course proving you'd accessed SR for instance on its own wouldn't be a crime but if for example you'd been caught with drugs in your possession and were trying to plead ignorance then it would hardly help your case to have the TBB with a book mark to this site on it for instance.
Speaking from a digital forensics perspective and I do confess I have only a small amount of experience with DEFT Linux and the Autopsy browser which are commonly used tools, it will be always be possible to recover some deleted data from an unencrypted partition unless you overwrite the data a number of times - something which as far as I'm aware the TBB doesn't do.
Of course you could avoid this problem entirely by using the TBB on a Live CD like tails but the lack of persistence begs the question where you'd keep your wallet and GPG software. My own opinion for what it's worth is that you should always encrypt the partition on which your browser is installed to reduce the chance of any data being recovered in this way - you should be doing this anyway to keep your GPG private key safe.
I do not have my ego mixed up in this and freely admit I am not an IT Professional but I do know enough about supposedly unrecoverable data to keep my TBB inside an encrypted partition, anyone who disagrees please do speak up, I am more than happy to be proven wrong!
V.
2 questions. Why is it important to have your Bitcoin wallet physically present on your own hard drive? What is the negative in performing all bitcoin transactions online, going through tumblers and multiple wallets before sending it to SR. Obviously I understand it takes time and money to do this, but why is it less safe than physically holding on to your own wallet on USB or hard drive?
And as far as GPG encryption goes, it is absolutely necessary to have the program installed in order to encrypt and decrypt messages, correct?
-
As a fan of the liveCD school of thought I would like to mention that Tails as a debian release comes with GPG preinstalled, keeping track of the keys
between reboots is a little trickier....
Currently I am still watching but the plan is to buy something at some point. I would reiterate that TOR,GPG and liveCD/encrypted drive are the minimum. I
personally like to use ssh tunneling with plans to add a bridge along with a 2nd ssh hop though how much of that is necessary I dont know, however you
can't put a price on a good night's sleep.
Assuming you have a package intecepted while running the minimum security - surely all they have to go on is your internet records from the isp? That reveals
nothing except you were using tor, the use of the SR doesn't even come into it. All they know is you use tor and have some GPG keys on your computer, none
of that is even slightly incriminating, the onus would be on them to prove intent no? Sounds like a tough sell for the prosecution.
I guess keeping the bitcoin wallet on the computer means the service can't dissapear with your BC as well as being more user friendly? Its really an
individual choice.
And yes gpg is required for all encryption and decryption (you could also us PGP if you want to pay for it)
-
I'm keeping an eye on this one. Plenty of research underway.
-
I'm new here, but I'll try to give my perspective on it being a new user. In the beginning, things are very difficult, especially if you are not a very tech oriented person. I'd be very curious to know how many people daily turn away from SilkRoad simply because they can't understand how to access it through Tor, much less getting Bitcoins, sending encrypted messages, getting a secure linux distro, etc.
However, I think that all persons should take their security extremely seriously. If you are not willing to take at least a small risk of being apprehended by the authorities, you should not be using SilkRoad. If this kind of thing would destroy your life, then you should absolutely not do it, because there will always be holes in the system.
But much has been made in this thread regarding small-time buyers, and why they don't need to take serious security measures. Why would you not take every measure available in order to guarantee your own security? I can't imagine a country in the world where getting caught buying or selling drugs would not cause someone major problems. I understand that people get really excited when they come to SilkRoad, and immediately want to dive into it, but I just think that in a few weeks, people can learn pretty much everything they need to about how to run a totally airtight ship that gets your chances of being caught as close to zero as possible. Why would you not take the extra time in order to become informed about your own security? It just seems like the totally logical choice to me. Even if LE doesn't target small-time buyers, you never know when they might stumble across something they can use to get a conviction in the process of targeting bigger fish or even just doing routine work.
In closing, I would say that human beings are really poor at assessing future negative risk and its potential impact on one's livelihood. (Read Taleb's Black Swan for a great account). In light of that way of thinking, I will constantly be working to make my security as strong as possible and continue to improve my chances of not being caught. To do otherwise is to risk EVERYTHING, including one's ability to return to SR for everything it offers.
-
how is this thread going now?
-
GPG and Tor are the bare requirements. Truecrypt FDE is also nice, but it is less important, if they can never pinpoint you they can not physically steal your non-encrypted drive. Truecrypt GPG Tor and bitcoin mixing is pretty solid (you should certainly be taking SOME measure to anonymize your bitcoins, be it mixing or obtaining them anonymously, preferably both). If you want to step your game up use isolation of some sort to make it harder for hackers to get your IP address. If you want to step it up a bit more get a security oriented OS and make sure your hardware supports all of its security functionality.
If you want to take it to the extreme, use a three computer setup, one that runs Tor and connects to the internet, one that runs Firefox, and one that stores GPG private keys and carries out encryption and decryption operations and never connects to the internet or anything that ever will. Copy ciphertexts and public keys from the Firefox machine to the GPG machine via *single use and then destroy* media (such as a burned CD), and your outgoing ciphertexts and public keys from the GPG machine to the Firefox machine by hand. Configure the firefox machine to route its traffic to Tor on the Tor machine and assign it an internal IP address only. Put Tor in a virtual machine on the Tor machine behind NAT and use firewall rules on the host to block connections to any IP address other than your entry guards. Additionally isolate the virtual machine with mandatory access controls. Make sure to use a wired connection from the Firefox machine to the tor machine so if firefox is pwnt you can not be geopositioned with WPS from a wireless network adapter. Use a security oriented OS and make sure your hardware supports all of the OS features fully, for example you will need a 64 bit processor to get a security benefit from ASLR, you will need NX bit flag on the CPU etc. Make sure to harden everything blah blah. Nobody actually does all of this because even though it is secure as a motherfucker the feds are like fifty steps behind it and NSA doesn't give a fuck
I also suggest using an in state fake ID to obtain a PMB that is not tied to you. Everyone who deals with significant weight does this. It might be less of a benefit and an additional charge for someone dealing with very small orders. I know for a fact it has saved the day many times before though. Not just from feds but also from scammers leaking peoples addresses publicly. If we ever have interception detection chips it will give us the opportunity to be nearly fully protected from all attacks other than downward (from vendor to customer) human intelligence, but so far not much progress has been made on getting those realized unfortunately.
I've toyed with the idea of getting a po box with fake ID a lot but as an RC vendor it seems like it just adds risk. Many post offices now scan your ID so your picture is directly tied to the po box. If the package is intercepted then you are still going to get busted and willnow have another felony on your hands for the fake ID. Especially with RCs where the legality is questionable and could be defended in court it seems like a fake ID doesnt aid in security. Would love to hear your thoughts on it though.
I'd also love to see a interception detection device.I dont see why they do not already exist, it would involve standard technology surely if made reusable they could fetch a pretty penny.
-
I assume you are using the tor package form https://www.torproject.org/
It dosent cache anything that could be deemed incriminating to begin with.
Having access to the tor network is not illegal in any country, as far as I am aware.
Browsing SR again is not a crime.
The standard package does not cache anything that could be used to prove a transaction.
So as a small buyer, there is nothing to worry about.
Thats the point of this thread.
I'm not sure if I can be as relaxed as you about this Duckman.
I got into a rather heated argument with a user on another thread about this. In theory the Tor Browser Bundle (TBB) doesn't leave any fingerprints but I managed to find a number of bugs to show under certain circumstances it did leave cookies which could reveal more about your browser activity.
Of course proving you'd accessed SR for instance on its own wouldn't be a crime but if for example you'd been caught with drugs in your possession and were trying to plead ignorance then it would hardly help your case to have the TBB with a book mark to this site on it for instance.
Speaking from a digital forensics perspective and I do confess I have only a small amount of experience with DEFT Linux and the Autopsy browser which are commonly used tools, it will be always be possible to recover some deleted data from an unencrypted partition unless you overwrite the data a number of times - something which as far as I'm aware the TBB doesn't do.
Of course you could avoid this problem entirely by using the TBB on a Live CD like tails but the lack of persistence begs the question where you'd keep your wallet and GPG software. My own opinion for what it's worth is that you should always encrypt the partition on which your browser is installed to reduce the chance of any data being recovered in this way - you should be doing this anyway to keep your GPG private key safe.
I do not have my ego mixed up in this and freely admit I am not an IT Professional but I do know enough about supposedly unrecoverable data to keep my TBB inside an encrypted partition, anyone who disagrees please do speak up, I am more than happy to be proven wrong!
V.
Another poster brought up the fact you can use online wallets without ever having to install wallet software. TAILS (and Liberte) both come with GPG software preinstalled. You can also install a program like Keepass and store your public/private keypair as an entry in the database. Save that database and upload it as an attachment to an email you send yourself. The database is protected with AES-256 if I recall correctly.
Boom, you can now access your keypair anywhere you can run keepass.
-
im a buyer representing a group of friends buying cannabis
so larger amounts and somewhat often, the whole "lets all chip in for this oz" thing
personally ive only used tor and GPA and have had no problems
but i've never really had the risk either
my packages are all delivered to a clean house, and are all sent from top domestic vendors
so pretty much unless SR exists for 20+ years i probably won't have a package seized ever