Silk Road forums
Discussion => Security => Topic started by: zenvoboy on November 20, 2012, 07:19 am
-
Hey everyone. I'm hoping to carry out my first attempt at acquiring some gear from SR quite soon. I've been doing some reading and THINK I've got the general gist, but I'd still like some thoughts from more experienced members.
Here is my original plan:
1) Choose a seller on localbitcoins.com
2) Buy some bitcoins via Online Bank Transfer
------ i) I know it would be much more anonymous to do a bank cash deposit, but some of the people on localbitcoins.com are saying they prefer online bank transfers, as would I, unless this is an ABSOLUTE MUST NOT; then I will reconsider.
3) Have the seller deposit the BTC into an Instawallet account
------ i) Or perhaps, if possible, have the seller deposit the BTC into a few different Instawallet accounts
4) After waiting some time (~1-2 hours), send the BTC from Instawallet to a Bitcoin Fog account
------ i) Probably sending the BTC in multiple transfers to different addresses associated with the same Bitcoin Fog account
5) Send the BTC from Bitcoin Fog to my SR account, in multiple transactions, in different amounts to those that were deposited into Bitcoin Fog, to newly generated SR addresses for each transfer, each spaced out over a certain amount of time (6-96 hours)
6) Order gear on SR
------ i) Using encrypted messages to communicate with the seller
7) Delete Bitcoin Fog & Localbitcoins accounts, unless this isn't necessary.
Short version:
Localbitcoins.com (Online Bank Transfer) => Instawallet => Bitcoin Fog => Silk Road
I'm a little worried about the link between my bank account and the BTC transfer from the random sellers account.
Sending some money via online banking would surely just look like I'm sending a mate some money that I owe? - A mate who also happens to have an account with BTC stored, unrelated to me, which "I have absolutely no knowledge of", of which he decides to send some BTC to a random Instawallet address on the same day I paid him back the money I owed. Haha.
Would you say this is a reasonably safe plan? Or am I set to see cops on my doorstep if I carry this out?
Any comments would be really appreciated.
-
God damn I love seeing smart newbies. Welcome!
This is a good plan. Yes, paranoid as hell, but not bad.
(1) No reason not to go with localbitcoins.com. No real reason to either, there are other methods.
(2) It's not illegal to purchase coin, you don't need to worry about the source so much. We're going to obfuscate the source and destination anyway.
(3) Don't use web-based wallets. I doubt that Instawallet is going to rip you off (rather, I doubt they will just rip _you_ off) but why use an address not under your control if you don't have to?
(3) (i) Asking someone to send coin to multiple accounts is equivalent to them sending the coin to one account and then you sending that same coin to multiple accounts. Don't ask to have your transaction stand out.
(4) You do realize that they can steal your coin whenever they decide they have enough for it to be worth it, right? (Do a quick search on TORWallet.) (To be clear, I've used bitcoinfog also. Just make sure you understand the risk.)
(5) Definitely agree on the "use a different address for each transfer" bit.
Really, not a bad plan. I guess the only thing I would add (whatever, we're already bat-shit paranoid) is to use more than one laundry service. In case bitcoinfog is nothing but LE (and, frankly, if I were LE, that is the first "service" I would offer*) then all you've done by using that laundry is to advertise the fact that you want to anonymize the source and destination of these funds. Which is obviously worse than just sending the coins straight to SR.
Instead, use two laundries. Use the blockchain.info mixer first, then send your coins to bitcoinfog. As long as both aren't compromised, you've disassociated the source and destination completely.
*: Fuck the police.
-
Ouch. LE-owned laundry isn't something I had considered as another newb figuring out their first bitcoin transaction chain.
If you have a completely anon cash-to-bitcoin initial exchange, do you need a laundry, or just a secure wallet (strong coin, block chain, etc) between the exchange and SR (so that the exchange doesn't see where the coin is going)?
-
Excellent. Thanks for the reply :)
I was keen on Instawallet because there isn't any need for registering an account, and seems to have decent feedback (as long as you make sure you don't lose your unique address/url).
Blockchain's wallet sounds good too though, in the fact that they state that they themselves can't see the balance of your wallet (unless that's one massive lie to entice users and then steal their money, haha). They seem to have good feedback too.
But the Bitcoin-Qt desktop client does sound safest. Essentially keeping my own wallet in my own pocket. You can create as many new addresses as you like with that too, for every time you receive BTC.
So I think my revised plan will be:
Localbitcoins (online bank transfer) => Bitcoin-Qt Desktop Client Wallet => Blockchain Mixing Service => Bitcoin Fog => Silk Road
The most worrying thing really is that at the start of the process, I'll be using my own personal bank account that I've been using for years for all my everyday needs.
But, I don't plan on buying much at a time from SR, and with all the deals going down every day, and probably on occasion for HUGE amounts of gear, I can't imagine the police would ever go to the level of effort it would require to PROVE that my initial (legal) purchase of Bitcoins was directly linked to that SPECIFIC (small) order on SR
The second most worrying thing is the risk of my Bitcoins getting lost somewhere along the way, either by scammers or hackers or police seizures of websites etc. - But I don't plan on storing my money on any of these services for very long at all, and will only be purchasing the amount of BTC from localbitcoins that I need for whatever specific order I choose I want to make on SR (plus a little extra for the Blockchain/Fog fees of course).
A third worrying thing is, of course, after all of that... Royal Mail intercepting my package or screwing up the delivery. But I guess that's the risk we have to take, and more often than not it seems to be paying off.
But what I plan on buying (at first) wouldn't smell to human noses through packaging, and I highly doubt they have sniffer dogs checking every package that comes through.
I'm a little worried about having my name put on the package though. If I don't, I have a greater level of denial ("We intercepted a package with illegal substances inside, which was on it's way to your door with YOUR name on it" - "...uuuuhhhmm").
But also if I don't, I'm not the only one living where I live, and a package arriving with no name/a fake name on it might get opened by somebody else. I'd be on edge waiting to hear the letterbox/door knock and rush to it without looking suspicious before anybody else, haha.
I could just spell my name slightly wrong.
But overall, awesome! I'm excited. Any other comments would still be appreciated if anybody has anything they'd like to add.
-
Quit worrying so much :) Your better leaving your name as it is IMO, remember anybody can send anything to anybody in the post. It all comes down to plausible denial in my book. But everyone has a different level of paranoia about these things, and it is always the first purchase that is the most worrying. You can always modify your tactics as you learn more. Yeah go for it :)
-
Yeah I'm sure it'll be fine. It's just that it all seems too good to be true, haha. Order stuff like this off the internet, and have it posted right through my letterbox by my regular postman?! ...Crazy.
But yeah, seems like my plan is solid enough for now at least. Thanks for reading/commenting :)
-
One other piece of advice (and you must have seen it already) - do not finalize early! I know it is not always possible as a newbie, so buy a few e-books (very cheap) etc, although vendors are wise to that and sometimes specify a minimum amount you must have spent already. It depends on what you want to purchase, but if you must FE, then make sure you do your research, read the Rumor Mill etc, and only buy what you can afford to loose. Don't just accept the feedback on the vendors site, they may have falsified it by setting up fake accounts.
-
The vendor I was planning on buying from actually says "please do not finalise early" - and they seem to be one of most respected/reliable/active vendors on the site. Hopefully they won't have too many issues with selling to a first time buyer, but I guess they'll mention something if they do, or I could send them a quick email first. I will keep that all in mind though if I do decide to buy other things from different dealers.
-
Welcome zenvoboy.
I like this btc model because it saves you from having to make a cash deposit in person but I too would be nervous about using my personal bank account. The first thought that came to my mind was, "what if the guy selling is a big SR vendor trying to get rid of tainted coins?" Would tumbling them after the fact take care of this association? I'm still trying to wrap my head around the whole concept of BTC.
Here's a question: I know bitinstant (and maybe other sites) allow you to purchase coins via sms. Would it be possible to use a prepaid cell to buy BTC?
-
I think using my personal bank account, while obviously erasing the anonymity at this stage, will still be a safe enough option.
1) I'm only transferring money from one bank account to another; a perfectly normal, everyday activity - like paying back a mate that you owed some money via online banking.
2) I'm not transferring money from my bank directly into a sellers eWallet, from which the BTC will be sent out to me. Really, there shouldn't be an obvious link between the sellers bank account and whatever Wallet they're using, and even if there was, you couldn't prove that him sending out X amount of BTC was directly influenced by me giving him Y amount of GBP.
3) Buying BTC is legal. As long the tumbling is effective, the link back from SR to me buying BTC off somebody using the money in my bank should be virtually unprovable; or at least not worth the effort/time/resources.
I would've thought tumbling them would disassociate you from a complete batch of tainted coins, yeah. Someone else might know more about this...
Good question. You can probably find that out just by snooping around different websites and seeing what they offer. I'm in the UK though, not sure if bitinstant is very useful for us Brits.
-
These are super solid Paranoid plans.. Listen make it easy for yourself go to bitinstant.com choose to send to address option and have them sent to your SR wallet. SR Fogs and tumbles the coins coming in somewhat anyway.. But Great plan if u feel the need for all the xtra hassle..
-
Here is my experience doing this Bitcoin.
Do Not use http://www.btkoin.com I bought one Bitcoin to test it out, Nothing arrived.
So I'm glad I did not try to buy more...
-
(4) You do realize that they can steal your coin whenever they decide they have enough for it to be worth it, right? (Do a quick search on TORWallet.) (To be clear, I've used bitcoinfog also. Just make sure you understand the risk.)
Although many people don't want to think about it or disagree because they know DPR so well..lmao. The exact same can be said about SR
To OP i realize people have already said it but it literally can't be said too much on this site. DO NOT FE! 8) Also Keep reading, i always come here to try to find new and better ways to get BTC or think of your own when you're familiar enough.
-
I'm in the UK; all the bitinstant 'pay from' options are weird coupons that I'm not really fussed about looking into.
The only thing I'm really deciding now is; shall I bother using 2 mixing services before SR? As the dude above said, if one is compromised then it reduces a bit of risk, but then I have to pay even more in fees! (haha... like, £0.50 worth... but hey I'm a tight ass!)
And anyway, if the 2nd one I use is the one that's compromised (which I'd be using to send straight to SR)... that kinda defeats the point anyway doesn't it?
I have a nooby question: Could LE, if they had taken control of a website, analyse a Bitcoin sending address and be able to find where that money is being sent to?
E.g. - I am using Btc Fog. I try to send ___BTC to the address "xxxxxxx". Could LE do some kind of test and track the destination of where that money is being sent? Could they even send some BTC of their own to the same address and "follow" where it goes?