Show Posts

This section allows you to view all posts made by this member. Note that you can only see posts made in areas you currently have access to.

Messages - Dread Pirate Roberts

Pages: 1 ... 10 11 [12] 13 14 ... 18
Bug Reports / Re: An Error Has Occurred!
« on: October 30, 2013, 05:56:41 pm »
As a hidden service all connections come from the local IP address assigned. Simple Machines Forum however is not designed to handle 3,000 users posting from the same IP address and 50-100 users posting from the same IP on different accounts at the same time so some errors do occur. We will go about making these minor fixes once we've released the market.

Silk Road Discussion / Re: DPR quotes
« on: October 30, 2013, 05:47:35 pm »
The "until then there will always be a Dread Pirate Roberts" part must be from somewhere else, maybe even from Quote 1?

I stand corrected, that was on the end yes.

Silk Road Discussion / Re: DPR quotes
« on: October 30, 2013, 05:16:26 pm »
Freedom is my buttercup and when I can have her again, I will take off my mask. Until then, there will always be a Dread Pirate Roberts.

Silk Road Discussion / Re: Introduction...
« on: October 29, 2013, 07:07:00 pm »
4: $xxx,xxx in initial outlay, $xx,xxx weekly salaries and $xxx,xxx as the initial bitcoin float. That is what PBF didn't have - and that is why they failed.

Security / Re: Needle in a Haystack
« on: October 28, 2013, 05:53:44 pm »
Credits go to astor who originally posted the guide at: http://dkn255hz262ypmii.onion/index.php?topic=202510.0

Since people expressed interest in running relays, I've written a guide that can get you set up. There are many ways to run a relay, so for the sake of simplicity, I will focus on virtual private servers running Ubuntu 12.04. Feedback is definitely welcome.

This guide includes instructions for Windows users. I will write Linux instructions in a separate post, and if someone would like to add Mac instructions, I'd greatly appreciate it.

Finding a Hosting Provider

In order to run a relay, you will need a dedicated server or a virtual private server. There are two features you should look for:

1. Geographical location
2. Bandwidth

Other specs like RAM and CPU tend not to matter until the bandwidth gets really high, like on an unmetered server. Most of the time, your bandwidth limits will keep the Tor client well below your RAM and CPU limits.

There is no minimum amount that you need to spend on a server. You can lease a VPS for under $10 a month or a dedicated server for hundreds of dollars. I think every little bit helps, especially if the servers are geographically diverse. For this guide, I'm going to assume you don't want to drop hundreds of dollars on your first server, so we'll focus on setting up a small to medium sized VPS. The price range I'm thinking is $10 - $50 a month, which should give you 512 MB to 1 GB of RAM and 200 GB to 1 TB of bandwidth.

I'm not going to make specific recommendations for hosting providers, for obvious reasons, but most relays are in North America and Europe. It would be nice if we had more relays in South America, Asia and Africa. The infrastructure in Africa is the most underdeveloped, so you may want to focus on finding providers in South America and Asia. They will be more expensive than providers in North America and Europe. If you can't find providers in your price range, it's OK to run a relay in North America and Europe. As I said, every little bit helps.

Another thing to consider when searching for a VPS is that there are different virtualization technologies. These include OpenVZ, Xen, VMWare, Virtuozzo, and KVM. For this guide, I'm going to recommend running your relay in an OpenVZ container, because it is one of the most popular virtualization technologies, it is generally cheaper than the others for the same specs, your operating system will be installed for you by the hosting provider, and the OpenVZ connection limits aren't really a problem with low bandwidth relays. If you want your relay to push more than 1 TB of traffic a month, you should switch to something like Xen or KVM, or a dedicated server.

It's a good idea to read reviews of the hosting provider before ordering, but this can be tricky. There are a lot of fake web sites with shill reviews. In general, well-known forums with large communities (like are a better place to look for reviews than random web sites.

When you find a provider that you like, look for their Acceptable Use Policy (AUP), which will sometimes be part of their Terms of Service (TOS). Most hosting providers have links to these documents on their main page. Read through them to find out if they ban proxies. If there is no mention of Tor, "proxies" or "open proxies" almost always include Tor. Some hosting providers specifically ban Tor. Some only ban exit nodes. The latter case is OK, because we will be setting up non-exit relays. You don't want to waste time setting up a relay that will be shut down a week later because it violates your hosting provider's AUP.

Ordering a Server

Once you find a hosting provider, you can create an account and order the VPS. I don't see a problem with leasing a VPS with your real identity. There are 4300 relays at the moment. You will be lost in a big crowd. However, you shouldn't mention that you set up a relay in this thread or anywhere else on the forum! You shouldn't use information (like a username) that links you to your Silk Road identity! If you really want anonymity, at the end of this guide there's a section that offers some suggestions, but keep in mind that takes a lot more work.

During the ordering process, you will be asked to choose an operating system. Select Ubuntu Server 12.04, so we can simplify things. Every VPS provider should have an OpenVZ image for that OS. If the VPS has 512 MB of RAM or less, use the 32 bit version. If it has 1 GB or more, use the 64 bit version.

A common box that you have to fill out is the "domain name". You don't need a domain name to order a VPS. You can fill in anything, like For the server name, put anything you want, it will become the hostname. If it asks for DNS information, just put ns1 and ns2, it doesn't matter.

Also, lease the VPS on a monthly basis for the first few months, even if there are discounts for longer terms. Your VPS may turn out to have crappy networking or frequent reboots, so you don't want to pay for a year of hosting and be forced to abandon the VPS after a month.

After ordering, you'll get an email with the IP address and login details of your VPS.

Configuring the Relay

The first thing we need to do is figure out the RelayBandwidthRate based on the monthly bandwidth limit of the VPS. Keep in mind that most hosting providers count both incoming and outgoing bandwidth, so Tor relay traffic gets counted twice. A VPS that pushes 1 TB of traffic from the perspective of the hosting provider, actually pushes 500 GB of traffic from the perspective of the Tor network (it's the same data, coming and going).

Let's say your VPS is allowed 1 TB of traffic per month. That's 1,000,000 MB. So the rate (per second) that you would use in your Tor configuration is:

1,000,000 / 30 / 24 / 60 / 60 / 2 = 0.192 MB or 192 KB

This is a good place to start. In practice, most relays don't max out their bandwidth. In fact, many relays only use 30-50% of their max bandwidth rate. You can watch the bandwidth of your relay for a few weeks and increase it if you are using much less than your limit. For example, if in the first two weeks it uses 250 GB (and could have used 500 GB, because that's half of your 1 TB per month), then you can double the RelayBandwidthRate. It can take a few weeks of adjusting to find the right balance.

After you get the login information, download PuTTy from the web site:

This program lets you connect over a protocol called SSH, or Secure Shell, which creates an encrypted connection to a command prompt on the server. Run PuTTy and fill out the following information:

Host name (or IP address): <your VPS IP address>
Port: 22
Connection type: SSH

Before we go any further, click on the words "Default Settings" under "Saved Sessions" and click the Save button to the right of it. That way you don't have to enter the IP address each time.

Then click Open. You'll see a prompt to accept the server's host key, click Yes. You only have do this the first time.

login as: root
password: <what you were given>

Note that you can resize the window if it's too small.

The first thing you should do after logging in is change the root password, especially since it was emailed to you in plaintext. Do that with the following command:

Code: [Select]

And enter the password twice.

BTW, for all of these commands, you can copy them from this guide and paste them into PuTTy by right-clicking in the command prompt window.

Now type

Code: [Select]
nano /etc/apt/sources.list

Add this line at the end of the file:

Code: [Select]
deb precise main

Enter the following sequence to save the file and exit: ctrl+x, y, enter

Enter the following lines into the command prompt to install Tor and the relay monitor ARM:

Code: [Select]
apt-get update
apt-get install
apt-get update
apt-get install tor tor-arm

Hit Y[enter] whenever it asks you to confirm an action. The first install command will give you a warning because you haven't imported the PGP key for that software repository yet, which is what you're doing with that command.

Now we'll edit the configuration file to turn our Tor client into a relay. First, backup the original configuration file:

Code: [Select]
cp /etc/tor/torrc /etc/tor/torrc.backup

If you screw something up, you can restore Tor to its default state with the following commands:

Code: [Select]
cp /etc/tor/torrc.backup /etc/tor/torrc
service tor restart

Let's edit the configuration file:

Code: [Select]
nano /etc/tor/torrc

Find the following lines and remove the # at the beginning. Anything that follows a # is treated as a comment instead of an instruction to Tor, so we are adding these instructions.

Code: [Select]
ControlPort 9051              # This is a comment that Tor ignores, but everything before the hash is an instruction that Tor reads
CookieAuthentication 1

ORPort 9001                   # Change this to ORPort 443  !!!!

Nickname ididnteditheconfig   # Change ididnteditheconfig to whatever nickname you want, no spaces, nothing drug or SR related

RelayBandwidthRate 100 KB     # Change 100 KB to whatever you calculated for your server earlier
RelayBandwidthBurst 200 KB    # Make this double the value above. If you server is using too much bandwidth, make this the same as the line above

ContactInfo Random Person <nobody AT example dot com>  # Create a throwaway email address and put it here

ExitPolicy reject *:*         # This line makes your relay a non-exit

Then type: ctrl+x, y, enter

Code: [Select]
service tor reload

Congratulations, you're running a relay!

The RelayBandwidthRate and RelayBandwidthBurst are what you will probably want to adjust after a few weeks of watching your relay's bandwidth.

A note about the contact info. You don't need to enter a name. Remove the "Random Person" part entirely. However, you should enter a real email address. The purpose of providing an email address is if your relay is misconfigured, the Tor people can contact you and tell you about it. On the other hand, this email address will appear in your relay's descriptor, which is public, so use an alternate address from any of your main ones.

There is a program called ARM (Anonymous Relay Monitor) that lets you monitor your relay. To run it, type:

Code: [Select]

You can click the left and right arrow keys to see the different panels of info. To exit arm, type: q, q

Another way to view info about your relay is to search for it on

Finally, to exit the SSH session, type:

Code: [Select]

Securing Your Server

The following is not necessary, but it's an extremely good idea.

A better way to log in to your server is to create a regular user account, disable root logins, create an SSH key for your regular user, and disable password logins. That makes it virtually impossible for someone to break into your server (people try to hack into servers through SSH all day long).

To create a regular user account, enter this command:

Code: [Select]
adduser <username>

Change <username> to any one-word username you want.

Enter the password for that user twice, and make it different from root's password. Leave the rest of the prompts (like Full Name) blank by hitting enter through them, then hit y at the end.

You can test out your new user. Exit the SH session and launch PuTTy again. Now that you have a regular user, you can add it to the PuTTy configuration so you don't have to type it in every time.

In the configuration window that you get when PuTTy launches, go to Connection -> Data

Auto-login username: <the regular user you created>

Go back to the Session section, highlight "Default Settings", and click Save again. Connect to your server. You should only have to enter the password this time, and of course it will be your regular user's password.

When you login as the regular user, you can't do much outside of your home folder. You can't install or remove software. This is a security feature. You have to become root. In order to do that, type:

Code: [Select]

And enter root's password.

To exit being root, type exit, and to completely exit the SSH session, type exit again.

Let's make this even more secure by adding an SSH key.

Download this program and run it:

Next to "Generate a public/private key pair", click Generate. This will take a few minutes. Click around randomly to create entropy and speed it up.

When it's done, it'll say "Public key for pasting into OpenSSH authorized_keys file". Copy the entire thing in the box. Log into your server as the regular user and type this:

Code: [Select]
mkdir .ssh
nano .ssh/authorized_keys

Paste that public key in (by right-clicking once, as before). Then hit ctrl+x, y, enter.

Back in PuTTyGen, enter a key pass phrase and confirm it, then click "Save private key" and save it somewhere on your computer. The pass phrase protects your private key just like with PGP. At this point you can exit out of PuTTyGen.

Now launch PuTTy again, and in the configuration window, go to Connection -> SSH -> Auth.

Find the field that says Private key file for authentication, click Browse and select your private key.

Go back to Session, highlight "Default Settings" and Save.

Connect to your server again. This time it will ask you for the pass phrase to your private key, not the password to the regular user.

If you login successfully, great! You can disable root and password logins. Type:

Code: [Select]
nano /etc/ssh/sshd_config

Find these lines:

Code: [Select]
PermitRootLogin yes             # Change it to no

#PasswordAuthentication yes     # Remove the # at the beginning and change it to no

Save and exit with ctrl+x, y, enter.

Restart the SSH server:

Code: [Select]
service ssh restart

Exit completely out and log back in as the regular user. You should login just fine. To test your settings, you can change PuTTy to login as root and it should deny you.

Now think about what an attacker has to do to get into your server. First he has to guess your regular username. Then he has to steal your private key or brute force one that works with your public key. That's like having a 2048 bit password! Then he has to guess root's password. Your server is very secure.

Server Maintenance

You should login in to your server every once in a while and update the software. Login as the regular user, change to root (su), and issue these commands:

Code: [Select]
apt-get update
apt-get dist-upgrade

Purchasing a Server Anonymously

As I said before, I don't think it's necessary, but if you want to get a server anonymously, here are some ideas that may or may not work. Suggestions are definitely welcome. :)

The first thing you need to realize is that the vast majority of hosting providers use fraud detection services, because hackers and spammers love leasing servers anonymously or with stolen credit cards. You almost certainly can't sign up with a hosting provider from a Tor exit node. A popular fraud detection service called MaxMind claims to block VPNs and open proxies too:

If you really want to be anonymous, I don't think you should be using a VPN anyway, because you're trusting their word that they don't log, or that LE won't compel them to log in the future. The best way to find a "clean" IP address is to point Tor browser at a web proxy. There are web sites that list thousands of them, but for obvious reasons I won't list them here. You may have try many web proxies before you find one that isn't blocked.

The other issue is payment method. There are a few dozen hosting providers that accept bitcoins, which you could use by anonymizing them your normal way, but all of the ones that I know about are in North America and Europe, which doesn't help the diversity of the Tor network. Again, if you really want to be anonymous, that's fine because a relay in NA or EU is better than no relay.

Other than bitcoins, there are a few potentially anonymous payment methods with fiat currency.

1. Prepaid debit cards
2. e-currency and precious metals exchanges, like Pecunix
3. an anonymous PayPal account

MaxMind claims to block prepaid debit cards:

So I don't know if that will work.

As far as e-currency exchanges go, Liberty Reserve is gone, so I don't know what else exists other than Pecunix, but by routing money through several exchanges, you can potentially anonymize it. You'll have to find a hosting provider that takes these payment methods, or cash out to a different payment method.

Also, you might be able to register a PayPal account by pointing Tor Browser at a web proxy, and use fake info that is geographically close to that proxy, then go to Freenode #bitcoin-otc or and sell BTC for PayPal credit that gets deposited to your account, then use that to pay for the server.

All of these methods involve some work and a high chance of failure, but you're welcome to try them.

Security / Needle in a Haystack
« on: October 28, 2013, 05:53:19 pm »
Lots of you have kindly messaged me recently offering your assistance and some have offered bitcoins to donate to the project and as many of you know I have not accepted funding, I feel others having a financial stake in Silk Road is not beneficial but I digress.

One of the greatest risks we face which we cannot solve as operators is that of network traffic analysis, that is monitoring the traffic through the tor network and over time this will increase the statistical probability of being able to positively identify hidden services and users. Most of the time spent on our security issues is hardening the servers, reducing single points of failure and preventing front-end exploits and these are not usually announced or discussed publicly as to minimize what law enforcement may know of our technical set up, capabilities and staff. To reduce this threat however - we need YOUR help.

The problem of network/traffic analysis is that it cannot be simply "fixed" as a bug would be and our best measure to counteract it is to make the task more difficult, take longer and be more expensive for our adversaries, hopefully dissuading them from the task as spending vast sums of money and man power even for law enforcement is not feasible if it is not considered a reasonably cost-effective operation. This was first put to me as the old problem of finding a needle in a haystack: there is finite space within the network and as you analyze more of it you are reducing the space you know it will definitely be and so you can focus your attentions. With enough time and data, identifying our servers would actually be a trivial task for the NSA which is not an admission I make lightly. As far as threats from law enforcement is concerned we know they are the only organization along with GCHQ capable of mounting an effective assault.

I would like to add that despite all of this what will seem to many as a very dangerous threat against them, it is very unlikely they will undertake such a task against one individual unless your pseudonym is Dread Pirate Roberts. However, for those who ask why does it concern them, it is because if this tactic could possibly unmask people, it can certainly unmask the servers and thus any data you have stored there.

So how can you help?

If we return to the analogy of the needle in the haystack, one could argue to reduce the size of the needle which is a valid point but is a pessimistic view of the situation - I would propose we simply increase the size of the haystack. To increase the size of the network means adding more relays, exits nodes, users, hidden services and bandwidth. By doing this, we are giving law enforcement and our adversaries considerably more work and analysis to do in order to unmask us and I uphold we will never be totally safe from the NSA, but we can certainly put them off by making it far less cost-effective. There are 3 ways anyone can help and also I will clarify Silk Road's position on how we are helping to address the matter ourselves too.

[Home Relays]

In an ideal world, everyone using Tor would act as a relay, but we understand not everybody can. Being a relay or exit node (exit nodes are less suitable on home connections) is as simple as enabling the relaying option on the Vidalia control panel but you may not see much traffic if your relay is not maintained or kept online. Users with small home servers would be ideally placed to host a home relay as it may run 24/7 and provide a highly distributed network.

[VPS/Dedicated Server Relays]

In the old forums astor composed a great guide to setting up your own relay which I will re-post below, but you can find the original post here:

Remember - hosting a relay is not illegal and you have no legal liabilities for Tor content in almost every country although I would still advise asking a lawyer if unsure, therefore you do not actually need to register these anonymously although there are still options mentioned in the guide for anonymous servers or ones which accept bitcoin. Setting a relay on a VPS or dedicated servers allows greater availability, uptime and you don't need to worry over the hardware maintenance. For how little a VPS costs (a few bucks a month) you are making massive contributions to the network. The average user on this forum would only consume a small amount of megabytes per hour they browse so even if you can only provide 10Gb worth of bandwidth a month (less than 5kb/s), you would be a net contributor on the network, although for latency purposes I would recommend relaying only if you can provide 40kb/s+, even just for 1 day.

[Donate to non-profit entities]

Of all 3 - this is least secure way of going about improving the network but for many it is the only realistic option due to lack of technical expertise or legal problems such as a vendor not wanting to have a tor relay tied to his or her name. Some non-profit organizations currently taking bitcoin donations and turning them into more bandwidth are NoiseTor ( and TorServers ( If you cannot do either of the above, I would absolutely recommend donating any spare bitcoins to one of these organizations, even if it is just a few cents ($1 = approx 16Gb of bandwidth on typical hosts).

The concern of only donating or relying on a handful of organizations to control a vast amount of the network is that if they become compromised or are complicit with law enforcement, this actually can increase the risk of traffic analysis since they have more data to work from. So, only use this option if the first two are not realistic in your circumstances and you still want to help.

How Silk Road is addressing this matter

Within our new bounties section, it has attracted a lot of attention of my recent post outlining our search for a relay operator who can manage high-bandwidth relays and exit nodes for us. To make this understood, these relays have no connection to the servers which host our forums or the ones which are hosting the market.

What we have taken to is leading by example in this problem though. Although the figures presented by the FBI were heavily distorted (see OzFreelancer's blog:, there is no question running Silk Road is an extremely profitable avenue and I think investing a fair sized portion of those profits is a fair way to give back to the community and the network. As a result on the day the market launches (not long now) I will be establishing a Relay Fund to cover the costs of running a cluster of new relays, with $5,000 set aside for the first month which will grow as the market does. This amount I hope will transfer at least several hundred terabytes of data.

Pending further investigation, we are also penning several reimbursement programs and incentives (such as donation matching), both for our own causes (ie Tor relays) and other general charities (Erowid, Lifeboat Association, etc).

I hope you all can take the time to join the fight and help me help you for a faster, safer and more diverse network.

Silk Road Discussion / Re: Is the new road going to be decentralized?
« on: October 28, 2013, 04:58:40 pm »
The market will not be decentralized as the method and technology to do so has not yet been developed to my knowledge to the standard required to be safely utilized. We will however be using the proceeds of Silk Road to pursue such developments and fund other projects in the interests of freedom and liberty, some of those will be made public.

Silk Road Discussion / Project Black Flag Warning
« on: October 28, 2013, 04:50:26 am »
I would like to make you all aware that Project Black Flag is currently experiencing "trouble with the escrow" and some vendors in the roundtable have reported having their accounts emptied. Until the smoke is cleared on this situation I recommend everyone to keep their bitcoins, details and business away from there. We had sadly seen this problem before with Atlantis who then ran off with the money of vendors and customers so as usual, play it safe, take no chances and keep as little on the market as you can and depositing only when you intend to purchase an item.

I agree with the point on hand, I should give a part of the proceeds of Silk Road to the development of the network but I would like to ask you understand the nature of donations. Just as in politics, an organization which attracts controversy must be careful who it accepts donations from so it is not seen as having an interest in particular groups donating to them. So for example, if Tor Project were to accept donations from Silk Road I have no doubt that they would be scrutinized and it would not be long before the media create another sensationalist headline stating Tor Project is supported by child pornographers and drug dealers.

Tor Project does not accept bitcoin donations for this reason - so they cannot be seen as linked to illegal organizations such as this and this makes donating to them more difficult if done on a larger scale. I would also highlight Tor Project would be better suited to smaller individual donations by many people, one larger funding source like the US Govt risks their future as they understand that funding can be cut at any time whereas streams of smaller donations are usually more stable.

I do have plans to help the Tor network, the staff and I did not plan on releasing this early but in a few days I will actually be posting on this very issue of how to help the network overall and increase the security of users from what is to be our biggest threat for the next 2-3 years.

Silk Road Discussion / Re: Security Considerations
« on: October 27, 2013, 10:58:03 pm »
Um i dont know what the hell he edited but if it was any identifying information LEO now have it. They probably crawl this forum and harvest any and every change. People need to stop protecting insecure practices, especially from the guy whose running the site.

And you DPR, if you care so much about peoples security in light of all the info LEO now have from the old site, why are you letting old vendors reuse their ID's even though LEO now have a list of every bitcoin addressed they used in their account? All it takes is one straight no-mix cashout to be located and flipped. Im started to have doubts about the competency of our leadership.

Once vendors are verified, they have an option to completely get a new identity so that not even staff will know who they are - only I will. If a vendor wants to start fresh and pay the bond to avoid even me knowing they can also do that.

Product Offers / Vendor Accounts
« on: October 27, 2013, 02:51:51 pm »
Hash: SHA1

With the upcoming launch of the market, we will now be enforcing the rules in this section to the full extent - that being no product must be offered for sale without a vendor account. Asking if there is an interest to a product does not require a vendor account, but if there is a hint to contact you privately or anything which we believe is an attempt to make sales we will immediately delete the post. Repeat offenders will also have their account deleted and all contact details of them will be added to the site-wide blacklist.

Existing topics will be deleted within 24 hours so if you plan on opening a vendor account I would advise you to back it up locally or message it to yourself so you may restore it when the market goes live. Vendor accounts will initially be available on a $200 refundable bond and we will raise the price over time in response to incidences of scamming.


Security / Re: Are you Paralyzed by PGP? Fear no more! Join PGP Club :)
« on: October 27, 2013, 02:30:41 pm »
Keep up the good work guys. Thread has been stickied.

Silk Road Discussion / Re: NEW SR !!! FEES AND CHARGES??
« on: October 27, 2013, 01:10:18 pm »
Vendors are already aware of the fees charged but I have instructed them to keep it within the roundtable until the public release of the site since they could still be changed. The overall response to the fee structure has been positive from what I gather.

Bounties / [Variable] Hidden Service Programmers [OPEN]
« on: October 27, 2013, 08:26:20 am »
Reports to: Dread Pirate Roberts

Remuneration: Variable (Project Based)

We are seeking to bring on a small team of highly skilled programmers who can help design new, secure hidden services as part of our wider network development. At no point will you have privileged access to Silk Road or the servers it is hosted on for security. You will be involved in a series of projects and should be capable of designing entire services on your own although you will often form part of a team. Payment and time commitments are free to be chosen on a per-project basis although it is recommended you leave at least 2-3 hours per day before joining the group as payment is on result of privately posted bounties as opposed to regular salaries.

Apply to: Dread Pirate Roberts. Please include all of your competencies and experience. You must speak fluent English. Please also submit any ideas you already have of new services/websites that you believe should be made available as hidden services as well as any other areas of interest you would like us to consider (such as what type of project you would prefer to work on).

ID Check: No

Time Demands: Variable

Closing Application Date: Ongoing

Silk Road Discussion / Re: Forum Changes
« on: October 26, 2013, 08:21:15 pm »
Color has now been enabled too.

Pages: 1 ... 10 11 [12] 13 14 ... 18