Silk Road forums

Discussion => Security => Topic started by: GaltRR on October 24, 2011, 11:01 pm

Title: Encrypted messages are incriminating evidence
Post by: GaltRR on October 24, 2011, 11:01 pm
     Here is why. So a LE buys from you and sends you the info encrypted to your key. To read this message you would have had to know the password to that key. Once they get the product they know you have the password because they decrypted the message for the address.

     They can then make several orders to determine the town its being shipped out of and make another order and have a few cameras on those blue drop boxes. You drop off a package they scan it find out whats inside then come arrest you. Having your pgp key on your computer could be pretty good evidence against you, or am I wrong?

     I might just be being incredibly paranoid, but I dont think im going to use encrypted messages at all.
Title: Re: Encrypted messages are incriminating evidence
Post by: yjQ0ESOiM on October 24, 2011, 11:31 pm
I wouldn't worry about that.

You can always encrypt your hard drive using TrueCrypt. If they find encrypted messages, that looks suspicious, but if they find unencrypted messages, it's more obvious what your doing to LEOs in case the customer isn't a LEO but LEOs somehow see it. If the customer is a LEO, then it doesn't matter whether messages are encrypted, so you might as well encrypt them.

If the seller uses return addresses from people nearby, police could figure out where the mail was coming from, but then the dealer could wear a disguise (e.g., sunglasses, hat, dyed hair, etc.). Police still won't know who dropped it off. If you're really worried, you can always use return addresses from some place farther away (e.g., a few hundred miles).

In either case, dealing on Silk Road is less risky than street dealing.
Title: Re: Encrypted messages are incriminating evidence
Post by: captainjojo on October 25, 2011, 12:44 am
Quote
I might just be being incredibly paranoid

Hmm?  Yup, I'd go with incredibly paranoid.  I am positive this has been mentioned in numerous posts on the forum before, but it can't hurt to say it again.

Encrypt, encrypt, encrypt.  Encrypt your address, encrypt anything were personal information might be found.

If LE where to in fact actually get a warrant and invade your domicile, then anything they find could be incriminating.  Whether you are a buyer or seller.

But lets be realistic here.  Incriminating doesn't mean squat if they haven't caught you with the goods.

If LE actually bothered to try and catch a buyer, they would more than likely do a controlled delivery, it's that simple.  And then, yes, they might even  get a warrant to search your place, looking for more product and probably seizing your computers and any media they can find, CD's, thumb drives, that sort of thing.  And they would look for an electronic paper trail.  So lets say they find encrypted information.  Yes, it looks bad.  They of course will ask for the password.  And if you have been smart you will have done what 'yjQ' has said and created a TrueCrypt drive that contains a hidden TrueCrypt drive.  You give them the password to the outer container and everything looks fine, you keep some financial docs in the outer container and that gives you a perfect reason for the encryption.  Your PGP key should be in the hidden container.

But as I said, lets get real here.  That is a lot of time and expense for LE to go through to get a buyer for basically personal amounts.

So lets look at it based on your scenario.  LE is buying from an SR vendor to try and get enough information to narrow down who they are and where they are sending from.  Unless this vendor lives in a little town with a population of a couple of thousand people, there is no way it would be financially feasible to monitor dozens if not hundreds of postal drop boxes.  So they monitor the boxes, what are they supposed to do now?  They cannot just open up every box under surveillance and see if there are drugs in any of the packages, they would need a warrant for that.  So they wait till the mail gets to the post office for sorting, then what?  And let's not forget that I imagine a number of vendors don't even use the postal boxes in their area, instead going out of their way to use ones outside it, while never using the same ones two days in a row, that sort of thing.

The number of events and forks in trying to trace the packages in even a few postal drop boxes would be ridiculous.  LE has better things to do with it's time.

Now, its possible that if you had a particularly dumb vendor, and said vendor was using Priority, and actually took the packages himself into the post office building, where they have cameras, and posted the stuff him/herself and one of those packages was to be found out some how, and they were able to trace it to the post office, and had the date and time, they might be able to check the camera to find a picture of the person posting it.  Then they might leave an LE agent there for a period of time, hoping to catch the vendor posting something again, then follow the vendor home and put him under surveillance, hoping to possibly catch a reasonably well stocked dealer.  If that happens and you bought from this guy, what would you rather have.  Your address sitting in a plain text file or your address sitting in a text file, encrypted with his key (dumb vendor remember, didn't erase the address data after sending the package).  But, once again a lot of expense to catch someone they don't even know how much he or she may be holding. And I would hazard to 99% of the vendors on SR have more smarts then that.

Now, all of these scenarios are costly on LE's part.    I think you are more likely to get caught carrying your package from your safe drop point to where you plan on using the product then you are to be caught in an actual LE sting.  If your stuff goes through customs, you are more likely to get a customs love letter than a controlled delivery (unless you think ordering a kilo of coke in the mail is a good idea).

Based on the odds that the last scenario is the more likely scenario, encrypting your data and following some of the other advice you will find in the shipping/receiving section seems like good advice and ignoring it due to paranoia is a bad idea in my opinion.

But in the end you have to follow your own muse, so do what you feel best and be careful out there.  :)

Title: Re: Encrypted messages are incriminating evidence
Post by: phubaiblues on October 25, 2011, 02:36 am
Yep...there's a point where it get ridiculous...they might like to bring this whole joint down, but as far as focusing expensive LE assets on one smalltime buyer, I doubt it.  Who would do it?  What country?  Every once in a while some idiot will just do something so lame that he'll get cracked, but most people, show a little common sense and caution, and you'll be fine.  Other than that, we just don't know.  Someday, we'll probably all have 'hindsight' and be able to say 'if only'...but we are in new territory.  The internet in all it's manifestations is still relatively new, and we're out into areas that are tough to govern.  The berlin wall is coming down...