Silk Road forums
Discussion => Newbie discussion => Topic started by: MissCannabliss on April 29, 2013, 10:30 pm
-
Hello everyone,
Some people are more paranoid about security then others. I thought I'd start a thread asking users here how they access the Silk Road. Just Tor? Tor over VPN? Tails? Do you use the same machine that you do all your personal computing on or do you use a dedicated machine for Silk Road/ Darknets access? What would you consider the most secure method for accessing the Silk Road?
We here at MissCannabliss are committed to security. We use a read-only Tails Live USB w/ an encrypted persistent volume for PGP encryption/decryption on a dedicated machine which itself has full disk encryption on it. We use the virtual keyboard for all password inputs. All images uploaded are cleaned of ID tags using the Tails Metadata Anonymisation Toolkit. Deposited and withdrawn BTC are sent through a mixer to ensure anonymity. We insist that all clients send personal information using PGP encryption, although that is of course their own personal choice. Packaging is done wearing 2 layers of gloves, hats, a facemask, and a full jumpsuit in a partitioned physical space dedicated to order fulfillment. Alcohol wipes are used throughout several stages of the packaging process to neutralize latent prints and smells. The packaging materials themselves are never handled with bare hands. This may seem extreme, but what is really extreme is the possibility of spending many years in Federal prison for mailing dried flowers to someone. What do you do to stay safe on the Road?
-
I simply use TOR over a VPN with PGP encryption using my secondary machine but after reading your methods, I can see that I have much more to do if I want to ensure my security. Thanks :)
-
TBB on Debian is what I currently use. I did try Liberte, but I'm still uncertain whether it is actually any safer than TBB on Debian, it probably is, but I am not sure to what degree and does it make any sense to bother with Liberte.
Anyone care to enlighten me on this matter? I've been asking this question for days now, and no concrete answers yet.
Much obliged,
-
I have 8 alias accounts and three vendor accounts. Stay invisible in the shadows. Make it too expensive to chase you and they will move on to easier targets.
You don't need to get personal and chummy here. Any old name will do for posting. I rotate vendor accounts and even compete with myself in the listings. I'm sure many vendors are the same person too. Give people a choice, and remain a moving target. You won't get famous and well known this way, but it doesn't matter because your gear should speak for itself with quality so sales aren't an issue.
I honk here vendors here getting very bold. Posting on the clear net, reddit and everything. As if. Thank god for idiot vendors. They will be the alarm that will tip off the rest of us to safety.
There will be a big takedown. Someday. I want to be as hard to find as possible on that ugly day.
Hope you are far too. :-)
-
Thank god for idiot vendors. They will be the alarm that will tip off the rest of us to safety.
You gotta keep a few canaries in the coal mine.
-
Good responses, multiple accounts is definitely a great way to separate different contextual identities and remain a constantly moving target.
I'm not sure that it makes a difference whether using TBB on Debian or Liberte. They're both decent Linux distros.
Hope everyone is well while we wait for the storm to blow over ;D
-
Wow MissCannabliss, you really go all out on security, which is a good thing. I won't disclose everything that I do but I can safely say that it's less exhaustive than you, but then again I'm a small target for LE. I only buy very small quantities. If I were a vendor I'd be much more careful.
There's always a tradeoff of convenience vs security, that's for sure.
-
it would be interesting to see a breakdown of each layer of possible security and the protection it offers, as well as how it increases the difficulty for LE to track you down.
-
it would be interesting to see a breakdown of each layer of possible security and the protection it offers, as well as how it increases the difficulty for LE to track you down.
There for.... Giving the LE our secrets....... lol
-
Very interesting! Learned a lot.
Besides TOR, we also use mobile connections (WIFI, 3g, 4g) associated with fake ID's or real ID's from people that do this for me, for money, not friends.
I think this is a very good additional layer of protection. And is relatively easy in my country.
-
There for.... Giving the LE our secrets....... lol
Security through obscurity is no security at all
-
I stripped an old laptop down and swapped out every part that could ID my laptop, with random parts, run Liberte off a CD, and use TOR through a relay, at random wifi hotspots. Still working on learning GPG with a practice laptop and making that bullet-proof.
-
Very interesting! Learned a lot.
Besides TOR, we also use mobile connections (WIFI, 3g, 4g) associated with fake ID's or real ID's from people that do this for me, for money, not friends.
I think this is a very good additional layer of protection. And is relatively easy in my country.
Thought about doing this (I have a phone with a Fake ID + 3g). Does the phone need any type of TOR software running on it or will a fake ID + tether do the trick?
-
Great thread! Appreciate the info.
-
Hey, good stuff guys. I just made a forum account but have been buying on SR for about 6 months.
Cannabliss sounds like you've got a pretty good set up going on there. I'm using a Tails Live disc and utilizing PGP at the moment but am looking into improving my online security.
Its also important to remember that security on the receiving end is just as important, if not more. Keep in mind that every aspect of the BTC and SR process is legal up until you submit an actual order to a vendor for an illegal listing. There is much more exposure to LE for us in receiving packages than placing them.
DENIABILITY is key! Use a fake name. Never sign(unless you expect to... be careful!). Don't send it to the house you're keeping it in, one with shit inside.
Happy SRing to all!
-
I like alot of the stuff in this thread, but I disagree with the fake name/address stuff. That draws attention and it would be real hard to deny you ordered something to your house in a fake name that you opened...plus I believe fake names could alert authorities before you get your package just based on that. Just fit in with regular mail and you're fine.
If you connect to Tor from your own place (I think this is OK) have another reason why you use tor in the event you are busted.
always keep your PC secure. full disk encryption, and don't leave it on/logged in. Have a disk/pc only for SR. Don't do anything else with it.
-
I like alot of the stuff in this thread, but I disagree with the fake name/address stuff. That draws attention and it would be real hard to deny you ordered something to your house in a fake name that you opened...plus I believe fake names could alert authorities before you get your package just based on that. Just fit in with regular mail and you're fine.
If you connect to Tor from your own place (I think this is OK) have another reason why you use tor in the event you are busted.
always keep your PC secure. full disk encryption, and don't leave it on/logged in. Have a disk/pc only for SR. Don't do anything else with it.
Fake Names have always worked for me. I live in an apartment complex and just use the name of the last tenant that recently moved out. And I don't sign for **** that isn't in my real name. Why anyone uses their real name is beyond me.
-
Not sure if I am naive, but I have found nothing but success with the current security outlay of both SR and TOR. Although I finally setup a forum account I have been on the road for over 2 years, since the beginning, and have never ever (knock on wood) had any difficulty using the basic security measures already provided by DPR and crew. Fake names I would not recommend, however I do use a drop location, which is probably why I have never had any difficulty. For those not able to pay rent on their home and drop locations, I understand the difficulty in this, but when you constantly buy, paying a few hundred bucks a month to have a safe/secure drop spot is in my opinion the safest option.
Long live the road, peace and be good! Trust as always in DPR and crew ;)
-
That draws attention and it would be real hard to deny you ordered something to your house in a fake name that you opened
I think its very unlikely to raise flags in a post office. With good stealth, a SR package should be sorted just like any other piece of mail and I doubt even a significant portion are analyzed for address/adressee connection. Think how much time that would take! Most mailmen don't look that closely either. But then again I don't have my name in my mailbox or a personal relationship with the mailman, so maybe that is a factor for some.
If you're worried about denying a package write "Wrong address" on the envelope and don't open for a few days. There are some threads on controlled delivery in the Security board you might want to check out. Drox address is really the safest way to go tho IMO