Silk Road forums
Discussion => Security => Topic started by: RootZero on July 27, 2012, 09:38 pm
-
This is about Intersango paranoia, say no more! ;)
When I send coins to fund my SR account, I normally just generate a new address on SR and send it to there when I order coins on Intersango.
I'm no expert, but are SR bitcoin wallet addresses traceable?
Hope that makes sense?
-
Hey man I have been wondering the same thing ever since I read that article recently about the aussie cops saying something to the effect of "you better not trust how anonymous bitcoins are on the SL" but I also wanted to know how safe the cash to bitcoin method which kind of sketches me out but then again what doesn't sketch me out around here.
-
Hey man I have been wondering the same thing ever since I read that article recently about the aussie cops saying something to the effect of "you better not trust how anonymous bitcoins are on the SL" but I also wanted to know how safe the cash to bitcoin method which kind of sketches me out but then again what doesn't sketch me out around here.
I doubt they cracked Tor or traced BTC (unless the person didn't use any mixing or tumbling). More likely that they just intercepted a package and found the SR/Tor/BTC connection after that and then used the press release to spread FUD. The police press release was shared with the Australian Customs department too.
-
I have never used a tumbler, I just sent straight to the address on my SR account page from Intersango.
I was under the impression SR used a tumbler with its incoming coins.
What I'm now wondering is how secure a tumbler actually is, there was some talk I saw about a coin 'mixer' but my understanding of btc is very limited.
There are litterally 1 or 2 posts on the whole forum talking about this subject and whether you should be using a service like Bitcoinfog between exchanges and SR. I've never felt safe using external services with my coins, was told not to do this.
However safe the SR sytem is, there have probably been other 'dodgy' people accepting coins without tumblers etc. So its obvious to me that this is the cause of the whole Intersango incident. The UK LE will have taken control of the accounts at Metro Bank, and I doubt even Intersango know what is going on.
I think its fairly safe to say the future of btc exchanges is very uncertain. Even using cash in the post to someone, they will still have to get that cash into and exchange somehow. While you might feel 'safer' sending cash in the post to someone, that is not a good idea ever if you value your cash.
Everyone knows there are very few 'legitimate' uses for btc, you could suggest you were gambling.
The future of btc itself is limited, eventually inflation will overtake the cost of mining I think 2020 was the suggestion, but I see the inflation rate to GBP and USD is a lot higher than people might suggest, its very difficult to chart this sort of thing. Without there being any solid capital behind btc it is a very strange idea.
-
I have never used a tumbler, I just sent straight to the address on my SR account page from Intersango.
I was under the impression SR used a tumbler with its incoming coins.
What I'm now wondering is how secure a tumbler actually is, there was some talk I saw about a coin 'mixer' but my understanding of btc is very limited.
There are litterally 1 or 2 posts on the whole forum talking about this subject and whether you should be using a service like Bitcoinfog between exchanges and SR. I've never felt safe using external services with my coins, was told not to do this.
However safe the SR sytem is, there have probably been other 'dodgy' people accepting coins without tumblers etc. So its obvious to me that this is the cause of the whole Intersango incident. The UK LE will have taken control of the accounts at Metro Bank, and I doubt even Intersango know what is going on.
I think its fairly safe to say the future of btc exchanges is very uncertain. Even using cash in the post to someone, they will still have to get that cash into and exchange somehow. While you might feel 'safer' sending cash in the post to someone, that is not a good idea ever if you value your cash.
Everyone knows there are very few 'legitimate' uses for btc, you could suggest you were gambling.
The future of btc itself is limited, eventually inflation will overtake the cost of mining I think 2020 was the suggestion, but I see the inflation rate to GBP and USD is a lot higher than people might suggest, its very difficult to chart this sort of thing. Without there being any solid capital behind btc it is a very strange idea.
Hi RootZero,
I very much agree with you that the days of exchanges may well be numbered. I think that they will be allowed to continue legally but they will probably be asked to perform AML checks on their customers, asking for ID, proof of address and so on.
As I explained in my previous post cash in the mail is safe for the client for two reasons :
- Firstly (at least in my case) I have found a way to use the exchanges safely, it would be virtually impossible to trace the wire transfers I use to obtain Bitcoins from exchanges - also this would tell LEO nothing about my clients, only reveal I had bought them myself.
- Secondly, there are many other ways to obtain Bitcoins! I mentioned before I buy large amounts from vendors for cash in the mail myself (someone else sends the cash for me!) - also I invest in mining pools, play the Bitcoin Stock Exchange and run my own investment program. As I mentioned above, this is simply better for me - there is no risk of my clients being identified if they send cash in the mail, it's just easier for me to rely on the exchanges less because I agree with you in that this is the start of a trend.
You're right about SR - coins are tumbled when they are withdrawn from an SR account, not when they are deposited. If you are nervous about this then feel free to set up a secondary SR account to have your coins sent to before sending them on to your main account but bear in mind the coins will be tumbled instantly all in one go.
Of course a detailed analysis of the block chain would show the same amount of Bitcoins being transferred to another address at the same time you withdrew yours. A mixer like Bitcoinfog will allow you to mix your coins and withdraw them at random intervals over a period of days making them much harder to trace.
Of course this isn't an issue if you paid cash to obtain your coins in the first place!
V.
-
Let them perform anti-money laundering checks (not that they all will, the world is a huge place and there are pretty close to zero globally applied laws), that is what mixing is for. They can know Alice and a thousand other people bought bitcoins and then all of the trails go dead at the blind mix, and they are left trying to find correlations at best.
The laws of men will never trump the laws of math.
-
You're right about SR - coins are tumbled when they are withdrawn from an SR account, not when they are deposited. If you are nervous about this then feel free to set up a secondary SR account to have your coins sent to before sending them on to your main account but bear in mind the coins will be tumbled instantly all in one go.
So a deposit from an exchange to your SR wallet is instantly traceable on the blockchain?
Why aren't LE or the exchanges on to this?
I'm a buyer so never withdraw from SR, but my paranoia levels are getting to me after recent events.
-
You're right about SR - coins are tumbled when they are withdrawn from an SR account, not when they are deposited. If you are nervous about this then feel free to set up a secondary SR account to have your coins sent to before sending them on to your main account but bear in mind the coins will be tumbled instantly all in one go.
So a deposit from an exchange to your SR wallet is instantly traceable on the blockchain?
Why aren't LE or the exchanges on to this?
I'm a buyer so never withdraw from SR, but my paranoia levels are getting to me after recent events.
It's not a simple Yes/No question.
Any fool who can view the block chain e.g by visiting blockchain.info could see that the coins had been sent from one address to another. There's no immediate way to tell that the address you withdrew to from the block chain is an SR wallet in particular but if a wallet address can be linked to your identity (as it can be if you wire money to an exchange using your bank account for instance), then every subsequent transfer can be traced.
The best way to illustrate this as I mentioned in my post above is to put your own wallet address into the search bar on blockchain.info and you will see the address of every wallet that ever sent coins to it.
This is not a problem if you obtained your coins in an anonymous way e.g through using cash, selling goods/services and so on but if you placed an order for a certain amount and this could be correlated by someone with access to the SR site then in theory this could be traced back to you.
In practice there are a number of obstacles to this being accomplished, not in the least how LE are going to know you've placed an order for a particular product - it's also not very practical to search the home of everyone who buys Bitcoins nevertheless I contend you can do without that kind of attention!
In addition, if you were caught signing for a package that contained contraband and then tried to claim you had no idea there was anything illegal inside, it wouldn't exactly help your case if it could be proven you'd bought some of the top currency for trafficking in illicit goods. Of course I tell myself my customers want their BTC for buying T-Shirts and posters but it's stretching credibility to expect twelve of your hard headed fellow countrymen on the jury to believe that.
You can reduce the risk of the kind of correlative analysis I've mentioned taking place by using a mixer like Bitcoinfog. You can eliminate the risk of being traced in this way altogether by using a cash in the mail service like mine.
V.
-
Thanks Vlad, that mainly made sense to me. Kinda confirms my fears, essentially that my transactions going to SR are traceable back to me since I've used UK bank transfers instead of cash deposits.
I think this is something more people should be aware of, could potentially cause problems for the average SR user.
While I doubt anything will come of it for me, the volume of coins I've bought are relatively small. And LE would be wasting their time searching my address if they even managed to get their heads round btc tracing, I don't keep large quantities of contraband here. It still worries me for the average SR user who isn't the most tech savy.
I'll definitely be investigating something like bitcoinfog for the future or at least doing cash deposits.
http://fogcore5n3ov3tui.onion/ and http://www.bitcoinfog.com/ (for those interested).
They do take a 1-3% fee too, which is an added pain in the ass and looks to be a lengthy process.
I'm wondering if there's another simpler option somewhere?
Would creating a wallet using the bitcoin client running through tor, then transfering to a second wallet and deleting the first wallet work?
Having a second SR account sounds like a good idea, then at least the coins are tumbled between them. But this still doesn't get round the original transaction tracing as going to SR so kinda defeats the idea.
It wouldn't take much for LE to check all Intersango withdrawals and correlate which are going to SR. Although they wouldn't know what I was buying on SR. They could then potentially get a warrant for a search I guess?...
I'm fairly confident that my security is top notch here should any of my equipment get confiscated and analysed. I'd have a hard time putting all my btc activity down to mining, gambling and speculating.
I have no idea how SR generates its wallet addresses but I'm surprised to discover this info and that SR doesn't do anything to anonymise incoming btc for buyers. Seems a perfect way for LE to trace people using SR. :o
I might start another thread with a better title, I think this is something everyone should be aware of.