Paranoia and updating OpSec

So.... Crazy week, huh everybody? Ag is looking a bit sketchy, seems like we have a sudden influx of scammers capitalizing on the order flooding from Agoras "Up 4 days a week" operating policy. And then these controlled buys going on with Colorado and Australia... Man... Got a dude watching the street for an hour after checking the mail.

But in all seriousness, it reminds me that I need to start taking my OpSec a little more seriously. Getting comfortable makes you complacent. Thought I'd bounce a few things off of you guys and get some input:

1) Scrubbing your trail. I used to use a VM that ran Kali to use Tor. But after I got a VPN I had a hard time getting it configured on Kali, so instead of using a different build, I just got lazy and ran Tor on my desktop through my VPN. I've also been fucked up and forgot to turn off my VPN before logging onto personal accounts.

In terms of security, how exposed am I really? My VPN claims that they don't log and will shut down before handing anything over, but come on, lets be real. And as far as tracing data back to me from using Tor, how do they go about doing that. Isn't it just your IP registering as using Tor?

And lets say for arguments sake that I want to wipe my trail. Do I need to go for a full on drive wipe, or are there just specific directories I can target?

2) Cleaning house:

My place is not spic and span by any means. I really have to get my place tightened up. Scales need to get the fuck gone when I have stuff in the mail, I know that. I also have other things that would be pretty serious, and they need to go as well.

But what about my not so serious stuff?

Pot is still Schedule I, but there is never more than 1oz in the house at any point in time. Is there any way they could trump that up from a misdemeanor possession? And how about the paraphernalia? Is it time to sell the bong and switch to papers? All of my stuff is glass, so does cleaning it save my ass on a technicality?

Oh and bootlegs. How much worry do I have with that? I can get the hard drives out of the house but I'm not sure if thats going too far...

3) Customs and controlled buys.

So my only experience with ordering anything from Canada has been seeds, back before DNMs. I never had any problems with getting them, and the only stories I ever heard about were people getting letters saying that customs seized their stuff. Never heard of anyone getting a knock on the door over some seeds. But what if its something other than seeds?

If they find a small amount of a controlled substance do they do the same thing or do they set up a CD?

I'm probably just being over-paranoid, I am so small time I probably don't even register. But I rely a little too much on the idea that the cost-benefit of coming after me isn't worth it. Gotta tighten up. Thanks if you made it this far

(PS. No meth, just know that someone, somewhere is after me.)


Comments


[7 Points] yesidoes:

Just FE and you'll be fine


[6 Points] BrodhiRoundhouseKick:

This is why I use an x/386 166mhz Gateway over dialup....


[3 Points] dnmthrowaway55:

I noticed that nobody actually responded to you so I figured I'd throw my 2 cents into the hat FWIW.

These are merely my opinions and suspicions, you should at no point take them as fact or gospel. Do your own research to confirm. I encourage people to pick apart this post.

1) IDK why youre on kali instead of TAILS (other than maybe security-through-obscurity, ie if someone was making an attack vector, torbrowser on tails is probably the most lucrative but even then) but there's a few things in play here. For those who arent aware, there is no such thing as perfect security. We are not living in a black and white world of secure vs insecure. Instead we live in the real world where we deal with statistical likelihoods, and what our level of "acceptable risk" is.

But chances are, if you buy infrequently/personally use amounts, you are probably not being watched. So using a VM is likely an acceptable risk.

Just to be sure, IF YOU ARE SELLING OR BUYING LARGE QUANTITIES/CONSISTENTLY, I HIGHLY ADVISE USING ONLY A DISK/USB WITH A BURNER LAPTOP (potentially with a default OS that has inane usage on it)

If your VPN provider DOES keep logs (I'm really curious how accurate "we don't keep logs" is because SO many aspects of servers log, and if you want decent uptime, you need logs of some sort to resolve them)/will give them up, at best they can see you are a tor user, probably whatever OS you use based on VPN logs (I'm guessing here) which could be decent evidence, if you're being watched.

I can't really comment on it from a total perspective. There's trade offs. On once hand its a layer of security in that you are not using your default IP, and the law has to go through the trouble of subpoenaing the VPN provider or datacenter. On the other hand, now all of your metadata is potentially archived on some VPN/data centers computers. I'll let you decide on this, and I'll let other people who are more informed on VPN OPSEC comment.

2) This is once again down to your level of risk. In the case of a CD or similar, the more clean you are, the better your chances. If you are 100% clean in your house, a personal amount of drugs is a lot easier to deny, and in terms of plea deals, you'll probably have a lot easier time.

You are right that times have changed and MJ is sched 1 but generally not prioritized by many states anymore for prosecution, esp under an ounce or 2. Same with paraphernalia. But if the laws are on the books, they WILL trump up as many charges as possible in order to scare you into accepting a shitty plea deal. Also if they see paraphernalia but don't have a warrant to search you, that can be probable cause, as is the case of someone who posted on DNM lately.

Your bootlegs are probably fine. (unless you're obviously running some sort of bootleg business)

3) Customs- I'm no expert but I have heard a lot about customs basically seizing packages and sending you a letter that will allow you to claim the package at your own risk essentially. This is likely the case for personal use amounts. They could probably set up a CD if they felt like it though especially for large amounts of controlled substances. For domestic, I don't think a letter is as common? but I don't know for sure.

TO SUM IT UP: everything carries risk, how much are you willing to risk? And don't say no risk because if you are willing to buy controlled substances for anonymous individuals online, you already have a risk profile higher than your average person. Consider also the inconvenience vs increased risk. Is it that bad to run live linux off a CD instead of a VM? How much time/effort do you really save? How much you are willing to risk should also be proportional to your role, ie are you getting personal use? Are you getting enough to deal local? Are you getting enough to be a local distributor? Are you a dealer? Are you running a DNM? (I hope nobody who runs a DNM needs to look towards this for advice). Also consider the risk of vendors, ie are there reports of package profiling? is the package coming from a high risk state/country?

*Once again nobody should take my opinions and suspicions as gospel, but rather should debate them. *

If this seems really verbose/full of risks/scary, good, you should be concerned. If you are not ready to understand your risks and accept them, you are not ready to commit felonies.


[2 Points] want2vape:

Relax hombre


[1 Points] None:

dude... don't get mail sent to a house you're dealing out of...


[1 Points] mooger_fooger:

This is a good reminder not to get complacent. I've been trying to clean up my opsec lately too and appreciate reading someone else's perspective.


[1 Points] None:

I've had feds (in canada though) go all through my laptop :/ shit tons of bootleg software and pirated music. they didnt say one word....after 4 hours...

I honestly doubt the feds are going to look for your bootlegs.