Silk Road forums

Discussion => Security => Topic started by: SOCIAUX on June 26, 2012, 04:45 pm

Title: Some questions for the veterans out there...
Post by: SOCIAUX on June 26, 2012, 04:45 pm
Hello all!
I've been lurking on SR for QUITE some time now, gathering up all the information I could get my hands on. I have recently decided to make the jump into my first transaction and/or making a sellers account. I believe I have a pretty good idea of how things work around here, just from lurking... However, nothing speaks louder than experience. So, I have a few questions for the veterans out there:

1. I know how PGP works, but what about etiquette? Is it normal to encrypt every message?

2. Bitcoins. I have yet to find a reliable and safe way to get them into my SR wallet. Services like Mt. Gox require a legitimate bank account... Should I buy from them, send coins through multiple wallets (possibly Bitcoin Fog?) and THEN into SR? It all seems very sketch to me...  :o

3. Also regarding Bitcoins. If I decide to start selling things here, how do I safely get the bitcoins OUT of my SR wallet and back into real currency? It seems to me that the dangerous parts are the entry and exit points, as this is where people usually get pinched... Once you're in the system, you're generally safe.

That's about it! Thanks in advance to anyone who responds to this  :) This is also my first post, so I wanted to say that SR is the most LEGIT thing I have ever seen! You guys keep doing what you're doing  ;D

Peace.
-SOCIAUX
Title: Re: Some questions for the veterans out there...
Post by: vlad1m1r on June 26, 2012, 08:23 pm

1. I know how PGP works, but what about etiquette? Is it normal to encrypt every message?

Hi Sociaux! Welcome to SR!

For details of PGP etiquette please see : http://dkn255hz262ypmii.onion/index.php?topic=1048

Quote
2. Bitcoins. I have yet to find a reliable and safe way to get them into my SR wallet. Services like Mt. Gox require a legitimate bank account... Should I buy from them, send coins through multiple wallets (possibly Bitcoin Fog?) and THEN into SR? It all seems very sketch to me...  :o

If you do use an exchange then you should definitely use Bitcoinfog. You are right in saying this isn't safe by any means. I run a service selling Bitcoins to people in the UK and Europe in exchange for cash in the mail. If you live in the US the vendor BlueSkyTraders can sell you them for MoneyPaks which is a quick and reliable method.

In a nutshell the ONLY ways to obtain Bitcoins safely are buying them with cash or selling products/services for them. Please feel free to ask around!

Quote
3. Also regarding Bitcoins. If I decide to start selling things here, how do I safely get the bitcoins OUT of my SR wallet and back into real currency? It seems to me that the dangerous parts are the entry and exit points, as this is where people usually get pinched... Once you're in the system, you're generally safe.

That is the question! For large amounts you would need to hire a consultant. Fortunately one of our moderators Limetless works in banking as I do and has experience with this sort of thing. You're absolutely right in saying that the most dangerous points in tbe Bitcoin blockchain are the entry and exit points which is why if you obtain Bitcoins through sales/cash then your original purchase cannot be readily traced.

There are vendors (myself included) who can send you cash in the mail in exchange for Bitcoins. There's also the website CoinaBul which sells you precious metals like gold bullion in exchange for BTC.

Any more questions please let me know.

V.

Title: Re: Some questions for the veterans out there...
Post by: SOCIAUX on June 26, 2012, 10:27 pm
Thanks so much V. I really appreciate the wealth of information :D
Quote
If you live in the US the vendor BlueSkyTraders can sell you them for MoneyPaks which is a quick and reliable method.
Indeed, I do live the the States and this seems like a good alternative. However, I've heard horror stories about people being scammed via MoneyPaks, Western Union, etc. How do I know that this "BlueSkyTraders" is legitimate? I suppose I'll just try and contact him, if I choose to take that route :P

Is there any way to know the chances of being traced if I decide to go through a company such as Mt. Gox? Even if I use Bitcoin Fog? I'm sure there's no way to know, but is it worth the effort to seek other means in order to remain completely anonymous?
Once again, thank you for the advice. This is all news to me :)
Title: Re: Some questions for the veterans out there...
Post by: vlad1m1r on June 26, 2012, 10:48 pm
Is there any way to know the chances of being traced if I decide to go through a company such as Mt. Gox? Even if I use Bitcoin Fog?
first question - no, second question - only bitcoin fog's operator can try to deanonymize you

I should qualify Shannon's answer and say that there's a difference between proving you bought a specific amount of Bitcoins and then linking it to a specific transaction.

The distinction is important as if, for example, you were to receive a package in the mail containing something illegal and it was intercepted, you could try to claim you weren't aware of its contents. Your case is not going to be helped if it can be proved you used your bank account to buy Bitcoins - a digital currency widely used by people dealing in narcotics. Even if you then used a coin mixer like Bitcoinfog this will simply make it much more difficult to link to you a specific purchase.

It's for this reason I say the only reason to obtain them safely is by selling goods like Moneypaks or buy using cash- obviously you're based in the US so I have no financial motive for saying this but by all means do your homework on the vendors out there and find one with good feedback! Any further questions please ask.

V.



Title: Re: Some questions for the veterans out there...
Post by: SOCIAUX on June 26, 2012, 11:06 pm
I see...
So I really don't need to worry about individual transactions, rather, I should worry about people digging through my financial records and finding Bitcoin transactions. Which makes a great deal of sense!

I never would have thought about it like that. I guess it's always good to have a second opinion :) I will heed your advice.

I've done a great deal to conceal my identity so far, I suppose I shouldn't get sloppy now and fuck everything up >.< And indeed, I will do my homework, V. I like to thoroughly research everything before I make any decisions. It's an odd habit of mine, haha ;D
Title: Re: Some questions for the veterans out there...
Post by: vlad1m1r on June 27, 2012, 05:03 pm
I see...
So I really don't need to worry about individual transactions, rather, I should worry about people digging through my financial records and finding Bitcoin transactions. Which makes a great deal of sense!

I never would have thought about it like that. I guess it's always good to have a second opinion :) I will heed your advice.

I've done a great deal to conceal my identity so far, I suppose I shouldn't get sloppy now and fuck everything up >.< And indeed, I will do my homework, V. I like to thoroughly research everything before I make any decisions. It's an odd habit of mine, haha ;D

Good stuff Sociaux - probably the best thing you can do to increase your safety beyond using cash to buy your Bitcoins is securing your machine against being seized through using encryption, as well as setting up your own private bridge to conceal the fact you're using Tor in the first place. If you need help with this, feel free to ask.

V.

Title: Re: Some questions for the veterans out there...
Post by: SOCIAUX on June 29, 2012, 01:08 am
Quote
as well as setting up your own private bridge to conceal the fact you're using Tor in the first place
Could you elaborate on this?
Or just give me the readers digest version, if it's not too much trouble ^^ I've actually never heard that before...
Title: Re: Some questions for the veterans out there...
Post by: vlad1m1r on June 29, 2012, 05:08 pm
Quote
as well as setting up your own private bridge to conceal the fact you're using Tor in the first place
Could you elaborate on this?
Or just give me the readers digest version, if it's not too much trouble ^^ I've actually never heard that before...

I would like to Sociaux, believe me I would but several forum users who are gifted at IT jumped down my throat last time I started offering people a way to have a Private Bridge (in fairness this was using my own server rather than setting up your own which apparently is the best way). I am however in the process of writing a guide on how to set up your own private bridge.

My understanding is that this will not allow anyone who is monitoring your internet traffic to know you're accessing Tor hidden services in the first place. I frankly admit I am still trying to master the fundamentals of private bridges but will let you know as soon as I do.

All the best,

V.
Title: Re: Some questions for the veterans out there...
Post by: LouisCyphre on June 29, 2012, 05:56 pm
Quote
as well as setting up your own private bridge to conceal the fact you're using Tor in the first place
Could you elaborate on this?
Or just give me the readers digest version, if it's not too much trouble ^^ I've actually never heard that before...

I would like to Sociaux, believe me I would but several forum users who are gifted at IT jumped down my throat last time I started offering people a way to have a Private Bridge (in fairness this was using my own server rather than setting up your own which apparently is the best way). I am however in the process of writing a guide on how to set up your own private bridge.

My understanding is that this will not allow anyone who is monitoring your internet traffic to know you're accessing Tor hidden services in the first place. I frankly admit I am still trying to master the fundamentals of private bridges but will let you know as soon as I do.

If you're going to go to the effort of setting up your own remote server(s) then you may as well go the whole hog and run your own VPN.  The only reason to use a bridge instead of a VPN is if you live somewhere that bans such communication (e.g. Iran, China, North Korea, etc.).  VPN traffic will blend into the background since there are so many corporate VPNs, government VPNs and people using them just to bypass geolocation filters.

To go the VPN route all that is needed is a VPS running the OS of your choice and OpenVPN.  There are even Android and iOS clients for it.
Title: Re: Some questions for the veterans out there...
Post by: SOCIAUX on June 29, 2012, 06:45 pm
Yeah, thanks a ton Vlad :D
I'll do some research of my own on this VPN/bridging concept. It seems vaguely familiar... I think I've used VPN for something else before. I can't remember what it was though >.< haha
Title: Re: Some questions for the veterans out there...
Post by: vlad1m1r on June 30, 2012, 02:11 am
Just wanted to say thanks Vlad, all your posts are oozing with useful info, definitely doesn't go unappreciated.

Thanks Moksha,

I don't claim to be any kind of expert on these matters but in a way I think that helps as when I (finally!) learn something I can explain it to other people in simple terms. I first discovered this when a friend asked me to help her son and daughter to prepare for a Mathematics exam (she assumed because I work in a bank I do sums every day... not necessarily true as you know!) - I found the kids were confused by exactly the same things I had been when I was at school, so knew how to set things right - there's really something in this, we'll have to a pen a paper on it sometime.

Anyway enough of my rambling, in the mean time feel free to take a look at :

https://www.torproject.org/docs/bridges

This has a helpful video on how to access "public" Tor bridges. Primarily these are used for two reasons:

- To use Tor when your ISP automatically blocks access to Tor relays and/or
- You live in a country where accessing known Tor relays is blocked automatically (e.g the Great Firewall of China :-) )

You can get the addresses of the three latest "public" bridges from:

https://bridges.torproject.org/

I got into trouble as I mentioned before last time I spoke about this (http://dkn255hz262ypmii.onion/index.php?topic=27050.0;topicseen) but in simplest terms using a public bridge makes it easier for you to bypass censorship as all Tor entry/exit nodes are publicly listed and it would otherwise be feasible for an Orwellian government/ISP to block access to them, hence the creation of "bridges" which are not publicly listed and are therefore harder to block.

As Shannon rightly says in another thread even without using bridges, it's still not possible to prove that you visited a specific Tor hidden service but I don't like the idea of being singled out for any kind of monitoring, and I understand that Tor data packets are pretty easy to spot, even if the contents can't be decrypted.

The advantages of using a Private bridge with what is known as a "protocol obfuscator" is that you can both hide your original IP when connecting to the Tor network and mask the fact you're using Tor at all. In my naivete I was going to offer to run a Private Bridge of my own from a server I had set up but as I stated above the more technically minded users persuaded me that this is something you really do need to set up on your own for maximum privacy - I am trying to write a layman's guide to this.

I can tell you for nothing you'll need a tool known as obfsproxy which protects you by transforming the Tor traffic between your client and the bridge. (unlike when using a Public bridge). This way, censors, who usually monitor traffic between the client and the bridge, will see innocent-looking transformed traffic instead of the actual Tor traffic.

I will be posting the guide for review when it's ready. I have a couple of irons in the fire but it should be available in the next week or so.

See also : https://blog.torproject.org/blog/different-ways-use-bridge

V.

















Title: Re: Some questions for the veterans out there...
Post by: Nikodym on June 30, 2012, 05:31 am
Personally I think a lot of the BTC buying paranoia is overblown. Drugs have been going through the mail for 100s of years, most of the time it has nothing to do with SR, unless your package was intercepted via a profiling operation linked to a SR vendor I highly highly doubt any LE would even ask you if it had anything to do with SR or look for BTC transactions in your financial records. Even then, what are they really going to do about it? Criminal charge means the burden of proof is on them, and even if you bought straight from Mt. Gox to SR wallet to vendor, they're going to have a terribly difficult time trying to prove that unless you fuck up horribly and incriminate yourself. Cash is used to by drugs way more often than BTC but who actually feels guilty when they have a couple $100s in their pocket?? Not me... There's plenty of legit purposes for BTC anyway.

This isn't to say it's not something to err on the side of caution with, and I don't buy coins that way myself, but the risk is fairly minimal IMO.   
Title: Re: Some questions for the veterans out there...
Post by: vlad1m1r on June 30, 2012, 05:53 am
Personally I think a lot of the BTC buying paranoia is overblown. Drugs have been going through the mail for 100s of years, most of the time it has nothing to do with SR, unless your package was intercepted via a profiling operation linked to a SR vendor I highly highly doubt any LE would even ask you if it had anything to do with SR or look for BTC transactions in your financial records. Even then, what are they really going to do about it? Criminal charge means the burden of proof is on them, and even if you bought straight from Mt. Gox to SR wallet to vendor, they're going to have a terribly difficult time trying to prove that unless you fuck up horribly and incriminate yourself. Cash is used to by drugs way more often than BTC but who actually feels guilty when they have a couple $100s in their pocket?? Not me... There's plenty of legit purposes for BTC anyway.

This isn't to say it's not something to err on the side of caution with, and I don't buy coins that way myself, but the risk is fairly minimal IMO.

Well it's certainly true that possession is in itself the crime and if you accept contraband into your home you'll be as guilty if you bought drugs on Silk Road as if you bought them from your long lost Uncle in Colombia.

Having said this, if you do receive a package and later claim you were innocent possession i.e it was unsolicited, it's not going to help your defence if it can be proven from examining your bank records that you bought Bitcoins and/or have been using Tor. Of course Bitcoins have legal uses but try and put yourself in the position of a juror whose just heard that you've bought  a digital currency, the main purpose for which is to deal in contraband - would you "buy" it as Americans say? :-)

This is the reason why I advocate using cash to buy BTC (aside from the fact I'm a Bitcoin trader!) as you can frankly do without that kind of hassle. I doubt very much that you would be put under surveillance just for buying BTC but once again I believe prevention is better than cure.

V.
Title: Re: Some questions for the veterans out there...
Post by: Nikodym on June 30, 2012, 08:53 am
Well it's certainly true that possession is in itself the crime and if you accept contraband into your home you'll be as guilty if you bought drugs on Silk Road as if you bought them from your long lost Uncle in Colombia.

Having said this, if you do receive a package and later claim you were innocent possession i.e it was unsolicited, it's not going to help your defence if it can be proven from examining your bank records that you bought Bitcoins and/or have been using Tor. Of course Bitcoins have legal uses but try and put yourself in the position of a juror whose just heard that you've bought  a digital currency, the main purpose for which is to deal in contraband - would you "buy" it as Americans say? :-)

I actually disagree. Buying bitcoins and using Tor are NOT evidence of ANYTHING unless the bitcoins could be traced from your wallet or exchange account to the SR vendor you purchased from, which given the tumbler here seems extremely unlikely to me. If there's no direct link, it can't be presented as evidence against you and subsequently juries aren't supposed to consider it in their determination of guilt. It would be no different than trying to use the fact that you'd visited an ATM as evidence that you'd bought drugs that were found in your car during a traffic stop, for instance. Any competent lawyer would make short work of dismissing Tor/BTC as evidence unless there was some clear link somewhere. There's a thousand reasons you could use either of them; the burden of proof is on the prosecution in criminal trials and the standards of evidence are actually fairly high in the Western legal system.

Quote
This is the reason why I advocate using cash to buy BTC (aside from the fact I'm a Bitcoin trader!) as you can frankly do without that kind of hassle. I doubt very much that you would be put under surveillance just for buying BTC but once again I believe prevention is better than cure.

I'm not sure what kind of system you have setup but this seems extremely risky to me. Your cash is showing up somewhere and somebody has to pick it up. Don't kid yourself, SR is a 'continuing criminal enterprise' or whatever they call it nowadays ('terrorist hideout' probably). Being involved with such a thing is a big no-no, even if you're not actually selling drugs yourself. You -- or whoever is picking up that cash -- is making themself an easy target, unless you have some totally super secret ninja setup for getting the cash. But hey what do I know. Stay frosty buddy.
Title: Re: Some questions for the veterans out there...
Post by: vlad1m1r on June 30, 2012, 11:05 am
Well it's certainly true that possession is in itself the crime and if you accept contraband into your home you'll be as guilty if you bought drugs on Silk Road as if you bought them from your long lost Uncle in Colombia.

Having said this, if you do receive a package and later claim you were innocent possession i.e it was unsolicited, it's not going to help your defence if it can be proven from examining your bank records that you bought Bitcoins and/or have been using Tor. Of course Bitcoins have legal uses but try and put yourself in the position of a juror whose just heard that you've bought  a digital currency, the main purpose for which is to deal in contraband - would you "buy" it as Americans say? :-)

I actually disagree. Buying bitcoins and using Tor are NOT evidence of ANYTHING unless the bitcoins could be traced from your wallet or exchange account to the SR vendor you purchased from, which given the tumbler here seems extremely unlikely to me. If there's no direct link, it can't be presented as evidence against you and subsequently juries aren't supposed to consider it in their determination of guilt. It would be no different than trying to use the fact that you'd visited an ATM as evidence that you'd bought drugs that were found in your car during a traffic stop, for instance. Any competent lawyer would make short work of dismissing Tor/BTC as evidence unless there was some clear link somewhere. There's a thousand reasons you could use either of them; the burden of proof is on the prosecution in criminal trials and the standards of evidence are actually fairly high in the Western legal system.

Quote
This is the reason why I advocate using cash to buy BTC (aside from the fact I'm a Bitcoin trader!) as you can frankly do without that kind of hassle. I doubt very much that you would be put under surveillance just for buying BTC but once again I believe prevention is better than cure.

I'm not sure what kind of system you have setup but this seems extremely risky to me. Your cash is showing up somewhere and somebody has to pick it up. Don't kid yourself, SR is a 'continuing criminal enterprise' or whatever they call it nowadays ('terrorist hideout' probably). Being involved with such a thing is a big no-no, even if you're not actually selling drugs yourself. You -- or whoever is picking up that cash -- is making themself an easy target, unless you have some totally super secret ninja setup for getting the cash. But hey what do I know. Stay frosty buddy.

I always like to congratulate someone on being amusing even if it's inadvertent.

Firstly you say that use of Tor or proof that someone has purchased Bitcoins wouldn't amount to evidence and then you say that my venture is risky.

In the first instance I appreciate your concern but without going into details I work in Finance and have the help of someone who has been in the industry for decades I have found ways to conceal both the purchases and sales of Bitcoins. The reason I don't need to worry too much is firstly that the person who receives the cash is not me and doesn't know my personal details and secondly a raid of my home premises would not reveal anything illegal.

I'm not a lawyer but I think if you were in the situation I described where you were attempting to claim some drugs had been sent to your home unsolicited, I can't see the fact that you bought Bitcoins, being dismissed altogether, even if they can't be linked to a specific transaction.

You use the analogy of going to an ATM but it simply isn't the same thing - the Bitcoin is specifically designed as a decentralised pseudonymous currency, the main purpose for which is trafficking in illegal goods. The fact that it can also be used to trade in legal goods might be a viable defence but it's not grounds to have the evidence thrown out altogether.

I have said before and I repeat the ONLY safe ways of obtaining Bitcoins are by buying them with cash and/or selling products/services - anything else you are creating a paper trail. The risk might be small, but it's very real.

V.
Title: Re: Some questions for the veterans out there...
Post by: vlad1m1r on June 30, 2012, 11:19 am
Haven't read the last few post so I apologize if I step on any toes, just wanted to make an argument for keeping your bitcoin purchases anonymous.
If you're in the U.S. you've probably heard of a lot of people being charged with "conspiracy to possess\distribute" instead of the straight possession etc. charges, it's much easier for them to get a conviction for this and in some cases the penalties are actually more severe for having to prove less.

Not definitive either way, but I wouldn't be surprised to see evidence of using tor and buying bitcoins used against you in court to prove (at least) conspiracy charges. And keep in mind that while we're quite privy to how all of this works that most people in the judicial system are not, and will have a difficult time getting their head around it all, and even more so in believing that you're using all this technology that *can* be used to buy drugs on the internet for innocent reasons.

Thanks Moksha,

I think it's important that we also have an idea what we're up against.

Certainly in the UK (and I assume in the US too) Judges are frequently middle aged and not too au fait with technology. A quick Google will show that the main advantage of Bitcoins is to criminals and frankly you can do without the publicity.

From a Prosecutor's perspective in the UK, by itself it probably wouldn't be enough to convict someone with conspiracy to supply a drug but I understand US law is much more open to interpretation.

I suppose a good analogy might be the kind of plausible denial you can have with encryption. Use of the Bitcoin network can be used to form a case against you that you were trying to hide your financial activities. You could indeed have a number of laudable and legal reasons to do this - my own business selling Bitcoins is perfectly legal for instance but that's not going to be much good to you if :

a) Frequent Bitcoin purchases are reported to the authorities by your bank (as far as I know my bank in the UK is not doing this at the moment) and a Judge decides this is sufficient grounds for  a Search warrant of your home.

b) You receive contraband in the mail and try to claim it was unsolicited.

The reverse is also true - only a vendor who's a complete fool would cash out large amounts from an exchange right into their bank account although admittedly the amounts are appreciably larger.

I appreciate that the above contains a lot of What If's - I exchange e-mails about this topic often with people who think it would be easier to buy Bitcoins via an exchange than pay my commission on cash they send for BTC - the way I frame is I ask them to imagine that the chance of their purchase being flagged by the bank is 2% - meaning there's a 98% chance it will be lost in the ether, or the Police will notice and not care, or they're not monitoring people's bank accounts in the first place, or they do notice but can't get a warrant to seize your mail etc. etc.

Also let's say you buy Bitcoins at the end of each month with your salary and use them to purchase enough drugs for the next four weeks.

Every month you're taking this 2% chance - if we do the maths, this will mean that your probability of getting caught escalates to near 100% within four years (http://en.wikipedia.org/wiki/Probability_distribution#Delta-function_representation) - of course the chance is still 2% each time but it's a little like tossing a coin fifty times and expecting it to land heads ten times in a row...

V.