Silk Road forums
Discussion => Newbie discussion => Topic started by: troublet on March 30, 2013, 10:53 am
-
The summary of what I've learned as a techie-illiterate, only-semi-security-conscious SR newbie in my first month on SR using my MacBook Pro, a.k.a. Getting up and Running ASAP with Few Headaches, even if you're electronically-challenged.
I've wanted to do this post for awhile now, but had no time because I was busy having so much fun on SR! If I got something wrong, it's probably because I learned that piece a month ago! Please note that I've borrowed liberally from the Forum, YouTube, and other sources. I can't give proper due because I just cut and pasted what I felt to be important into an email for myself from various sources as I found them.
Important Note: I probably did the minimum to get up and running and be relatively secure with my transactions; to be super secure, review everything in the forum, especially the security sub-folder in the security discussion.
▪ Start here: http://dkn255hz262ypmii.onion/index.php?topic=15383.0
▪ Or begin at the beginning: http://dkn255hz262ypmii.onion/index.php?topic=42094.0
Okay, with all that, let's begin.
1) Please read all the instructions below before taking any action, especially the warnings and the notes, etc. (of course, it would be better if you read every posting in the Forum on these topics, but that's impossible).
2) Install Tor Browser to be invisible and leave no trace while on the net; install Tor using torproject.org
3) Log into Tor from now on before you set up any new accounts, use email communications, and for SR transactions of course.
3) Set up Tormail email using only tormail.org (never tormail.net)
4) Open a Bitfloor account and buy Bitcoin:
▪ Open an account at bitfloor.com using your tormail email address; From reading the Forum along with other sources, it doesn't seem wise to open a Mt. Gox account, even though there is a lot of conflicting advice about this in the forum. There have also been various problems with other traders according to the forum information, but Bitfloor has seemed to stay out of all that. Plus I've had a great personal experience using Bitfloor.
▪ If you choose to set up a Bitfloor account, log into your new account and go to the withdrawal tab in your bit floor account and fill in the dollar amount you'll be depositing. If you want $50 in your SR account, input $50. The Bitfloor system will then compute the total amount you need to deposit, including the fee.
▪ You'll receive an email in your Tormail account with complete instructions like these (e.g. to deposit $500 into your account):
LocalTill checkout
To complete your payment to Bitfloor, Inc. deposit the following amount:
$515.09
Please visit one of our supported bank branches and make your deposit by
Deposit the EXACT amount shown above ($515.09) to complete your payment to Bitfloor.
How To Deposit?
1. Visit any Bank of America branch and pick up a paper deposit slip for out of state deposits.
2. Fill out the deposit slip using the provided information below.
3. Make sure to double check your cash deposit amount. It should match the number at the top of this page.
4. Hand the teller your deposit slip and cash.
5. Double check the deposit amount on the deposit receipt. Keep the deposit receipt.
6. The merchant will be notified of your completed payment within 30 minutes.
Account name: LocalTill, LLC
Account number: xxxxxxxxxxxxxx
Address: New York, NY 10023
Cash Amount: $515.09
▪ So, head out to your nearest BofA where they will greet you like a long lost friend and happily hand you a stack of out of state deposit slips when you ask. Everyone's buying bit coin and many many businesses, including brick and mortar businesses, are accepting payment in bit coin. I've been to BofA many times over the past month. I've never been asked about what I'm doing (in the forum, I read a lot of concern over being on camera in a bank, asking what you're doing & what it's for when you fill out the deposit slip, etc. However, I don't think this happens. It could be it used to, but now it isn't, at least in my town. BofA just wants the business. The Occupy (98%) movement really hurt big guys like BofA.
▪ I take a picture with my phone of the deposit slip as the receipt they give you only gives the last bit of the account number. Just be careful writing in the account number and you won't have any need for a picture.
▪ You will receive an email in your Tormail account when the deposit has been made.
▪ Sign into your new Bitfloor account, go into the Trade screen of bit floor, and buy whatever dollar increment you want of bit coin. Most people who trade bit coin (or any securities for that matter) use market orders, which have the risk of a price jump that leaves you with less bit coin than you expected. You can read about market orders as compared to limit orders on Bitfloor.
▪ Warning: be careful when placing trades in your new account; Bitfloor is great at placing trades, executing trades, and settling trades. However, Bitfloor is not so great at letting you know that the trade has been placed. There is also usually a long delay before you can really tell that your purchase has been made, and at what execution price. If you want $100 worth of bit coin, click the $100 key once, then wait. Change screens a few times to verify that you actually placed an order.
5) Install, Set Up, and Send a Note to your Vendor using GPG Tools for Mac Users:
▪ Install GPGTools found here: http://www.gpgtools.org/installer/index.html
Note: in your typical SR transaction, making a purchase, you won't need all the GPG features. Keep it simple and it will be simple. You need to install GPGTools, create your key, and learn how to use a vendors key to encrypt your instructions that must be input when you place your order.
Here are the GPGTools basics you'll need in order to place an order and remain somewhat mysterious.
▪ Create your key in GPG and set it up so you can easily right-click and encrypt.
▪ Open GPG Keychain Access and click "New". Enter your username and your Tormail email address. After you click "Generate Key", immediately type random characters as you wait. This will help GPG create a long key for you, which is what you want. When the key has been generated, GPG will prompt you for a passphrase. Again, as is true throughout your dealings with SR and bit coin, the longer and more complex the passcode, password, or pin number, the better.
▪ Open System Preferences->Keyboard->Services. Scroll down to "Text" and check off all the OpenPGP options. (I missed this part at first and it really threw me -- I couldn't figure out how to encrypt any other way, so when I finally figured out how to set up PGP to allow me to simply do a right click and choose the Encrypt option, it all became so simple.
▪ Import Seller's Key:
Scoop out the seller's entire GPG public key from their vendor page: Start your highlighting with "-----BEGIN PGP PUBLIC KEY BLOCK-----" … include all the letters in the middle through " -----END PGP PUBLIC KEY BLOCK-----." Be sure to include everything from the very first dash to the very last dash. Paste the seller's public key into a new TextEdit window. Select Format->Make Plain Text. Then save the doc to your desktop. I usually save as "SR_import_sellerinitials.txt" Open GPG Keychain Access and click "Import", then select the doc. The key should now appear in the list.
▪ Type your note to the seller, the primary part of the note being the address you're going to use to receive your order. Read the forum for more on that. There's a lot of guidance on what addresses to use, what you should and shouldn't do with addresses, etc. Highlight text, right click, run down the list to Open PGP: Encrypt Text, click, and GPG Services will open with all your public key addresses. Click the box to the left of your vendor, unclick "Add to recipients," and your text should convert immediately to gobbledygook that the seller will understand when he decrypts it using his key.
▪ Scoop out all the gobbledygook from the "-----BEGIN PGP MESSAGE----- through the -----END PGP MESSAGE-----" and copy it into your order space.
Warning: keep close track of any account numbers you set up, the email address you use to set it up, and the pass codes, passwords, pin numbers, and any other types of access codes you need. I put mine into a notebook, and then also printed on a few sheets of paper that I folded up and hid elsewhere. Remember, if your car burns up with your notebook in it, you'll need a backup somewhere else or you lose everything. This isn't like having a bank account at, say, Bank of America. The same's true of your house, office, school, storage locker, gym locker, etc. There could be a fire, so create a backup of your info and stash it somewhere.
Security Choices - to Risk or Not to Risk:
▪ Even though there are a lot of recommendations to go to the library or get onto a computer that doesn't have a link to your real name to open a bit coin account (among other things), this is very difficult logistically for some people; when deciding where and how to set up a way for you to buy bit coins, , and you have to balance your ability to go find "secure" access with the risk if you don't. My view is that opening a bit coin account is legal, using bit coin is legal, and trading bit coin is legal. I opened my account on my home computer using Tor after having difficulties on the local library's system, and then realizing that I had used my library card to book a computer there anyway (not advisable). Ha Ha!
▪ Many SRers also set up a few different instawallet accounts, then transfer their bit coin from purchase point to wallet, then along from wallet to wallet until they feel secure that the origin of their bit coin has been obscured.
▪ It's also been quoted as advisable to change your password and pin on your SR account when you're transferring new money into it. Again, it's up to you as a buyer to balance your security with your risk.
▪ One piece of advise I found cumbersome and even pointless was to create "fake" email addresses for certain accounts or transactions. For example, one posting advised setting up your forum account with one of these fake emails. However, if you run into a problem with access or end up having posting problems, you often need to use your real email to solve the problem. This is another piece of advice I ignored.
Special Note: make all your pass phrases, passwords, etc. really long, random, and include numbers and capital letters.
Note Regarding Addresses: use your nine-digit extended zip; this can take a full day or more off your delivery time.
For more detailed info: I got a lot of my info from more experienced SR'ers, namely, the Forum:
http://dkn255hz262ypmii.onion/index.php?topic=15383.0
If I've missed anything, or, more accurately, for everything I've missed, please comment on this post with the correct and/or new information.
Thank you for your kind attention, and Happy Trails to you as you travel along the Silk Road.
Tt
-
tl;dr
Nah only joking. That all sounds good to me.
-
Good topic.
Personally I put everything SR related (Tor Browser/PGP stuff/passwords/etc) into a hidden Truecrypt container.
Worth reading up on plausible deniability, etc...
-
Hadn't thought of the full 9 zip code before, learned something new.
-
Hadn't thought of the full 9 zip code before, learned something new.
Bump.
Personally, my passwords come from randoms novels put into PGP.
-
After copy-n-pasting any sensitive info you should copy a few random characters to overwrite the clipboard.
-
After copy-n-pasting any sensitive info you should copy a few random characters to overwrite the clipboard.
And remove the human error by doing the monthly formatting.... don't wait for Spring Cleaning, because Spring will never come if you get locked up.