Silk Road forums

Discussion => Newbie discussion => Topic started by: orangetide on January 20, 2013, 02:10 pm

Title: UK newbie paranoid about safety
Post by: orangetide on January 20, 2013, 02:10 pm
Hiya,

I've been reading up and down the wiki and forums and I'm still unsure exactly what precautions i need to take. There seems to be lots of different advice about whether to use your real name or not and PGP isn't mentioned in the buyers guide but is everywhere else. What should PGP be used for anyway, is it just for addresses? Also can I store my PGP configuration on my computer or will that show I've been doing things on Silk Road?

At what point should you start worrying about these things, like does it really matter when it's only a few grams of whatever?
Title: Re: UK newbie paranoid about safety
Post by: PotatoMind on January 20, 2013, 02:28 pm
There seems to be lots of different advice about whether to use your real name or not
1. Use your real name and your real address when buying your items. This will lower the possibilities of it getting lost in transit, or it being delivered someone else.

What should PGP be used for anyway,
2.Your adress  should always be PGP encrypted. What else you want to encrypt is up to you.

Also can I store my PGP configuration on my computer or will that show I've been doing things on Silk Road?
3.I just use an encrypted MicroSD card with portablePGP and TOR browserbundle. Even if you can find the MicroSD card, reading it is impossible.


At what point should you start worrying about these things, like does it really matter when it's only a few grams of whatever?
4.I don't know how it's in the UK, but you can make it as safe or unsafe as much as you'd like. It's your own decision. Taking precautions is never a bad thing and I fully recommend using PGP.
Title: Re: UK newbie paranoid about safety
Post by: bluephishin on January 20, 2013, 02:32 pm
use real name, use pgp, dont use a name on here you use elsewhere
Title: Re: UK newbie paranoid about safety
Post by: kssr on January 20, 2013, 02:35 pm
If your overly worried stick to domestic orders.

PGP
Semi-Anon way of buying bitcoins
Domestic

= ideal set up!

Or don't be a pussy, plaintext your address, x1000 order of some fine dutch E.

Joking ofcourse  ;)
Title: Re: UK newbie paranoid about safety
Post by: HeatFireFlame on January 20, 2013, 02:53 pm
Hiya,

I've been reading up and down the wiki and forums and I'm still unsure exactly what precautions i need to take. There seems to be lots of different advice about whether to use your real name or not and PGP isn't mentioned in the buyers guide but is everywhere else. What should PGP be used for anyway, is it just for addresses? Also can I store my PGP configuration on my computer or will that show I've been doing things on Silk Road?

At what point should you start worrying about these things, like does it really matter when it's only a few grams of whatever?



Hi mate, new to this myself but the one piece of advice i can give you is dont jump into buying things because you see great deals everywhere, Those great deals wont be any good at all if you get caught ordering them. iv been lurking and asking for a help for a week, might seem like ages and ages but there is no way in hell im ordering shit without taking precautions, I dont know how paranoid or safety conscious you are but seriously does it sound smart to send your real address and name over SR to someone you have never met for illegal substances? Fuck no. especially i the UK. LE will be kicking in your door lol.
PGP is basically a program that encrypts and decrypts messages, which is a must do for sending information especially on sensitive info.

heres a really good tutorial on PGP encryption,

http://32yehzkk7jflf6r2.onion/gpg4usb/

if you stay safe, take as many precautions as you can, you'l be safe and when you do actually get the hang of it, You actually get a sense of accomplishment,

hope this helps all the best
Title: Re: UK newbie paranoid about safety
Post by: AgentLee on January 20, 2013, 03:05 pm
I never use my real name. PGP is a good idea for entering your address. There is a pgp club here on the boards to instruct you in a how-to.

I use Kleopatra. Use a strong passphrase and you should be good. If you are ultra careful, transfer all your naughties to a bootable USB.
Title: Re: UK newbie paranoid about safety
Post by: orangetide on January 20, 2013, 03:36 pm
Thanks for all the advice, I've learned how to use PGP so I'll be doing it for all my new orders. I did one before but it was only a small one and the seller didn't provide their PGP. Rather than using an SD card i think I'll store it all in an encrypted folder, I think that should be just as safe as long as they don't take my laptop while it is still logged on.

As for bitcoins I've tried bitbargin and it seems pretty good, only problem is I have to do a bank transfer to the seller, is this safe? I'm guessing it's fine since bitcoins can be used for all sorts of things.

HeatFireFlame, I'm a bit confused since the seller has to get your address anyway, I thought PGP is just to stop the SR staff peeking or something? Can't see a way round that. I could use a friend's address but then they'll have the same problem.
Title: Re: UK newbie paranoid about safety
Post by: awhiteknight on January 20, 2013, 04:35 pm
Here's a computing setup that's working for me at present:

Main operating system is Ubuntu Linux, this may not be your bag but I prefer it to Windows. My laptop has plenty of RAM.

Download KVM and virtual machine manager through the software center. Download Tails ISO from the web. Buy the smallest SD reader you can get hold of (if your machine doesn't have an SD card slot) and two micro SD cards.

Plug in one of your SD cards and open the Virtual Machine Manager app, create a new virtual machine which has no hard disk and its CD/DVD drive is the ISO you downloaded. Choose advanced setup and "add hardware", choose storage and write the path to your SD card (usually /dev/mmcblk01 but Ubuntu's "Disks" app will tell you) as an existing device rather than making a virtual hard disk, make it a USB one not IDE.

Before powering on your virtual machine, go to a console and type "sudo swapoff -a" which will ensure that none of the virtual machine's memory is ever written to your local hard disk. Do this every time before you boot it up. Once it's booted up, open the disk utility in Tails and encrypt your SD card with a super long password. Power off the VM and insert the second SD card, encrypt with a simple password and stick some porn, a few pictures of your gf's tits, a ranting text about why your boss is a cunt, your Internet Banking logon details and password etc.

The strategy here is that Tails forgets everything when it is rebooted, all your shit will be lost unless you save it to your SD disk. You pop out the SD card and swap it for your dummy one whenever you're not using it. The SD card is so small you can hide it in plain sight and nobody will find it, you can switch between Silk Road and Facebook at the push of a button instead of having to reboot and mess with conspicuous USB drives and stuff.

The down-sides: If you're ever busted then the law can see that you've got Tails on your system, since the ISO and virtual machine are there. Inserting the SD card may leave a trace in your logs, so the law may be able to prove that an SD card exists. If your machine ever gets hacked, your VM and passwords and all your shit are then insecure. I can't think of a good way to get Bitcoin working in this system, since it needs so much fucking space. My bitcoin client is outside my VM, which isn't ideal.
Title: Re: UK newbie paranoid about safety
Post by: orangetide on January 20, 2013, 05:02 pm
Thanks awhiteknight. I'm using Arch linux so i'm quite familiar with this sort of thing. Perhaps I'm not that paranoid in the end but I think encryption should be enough for me. I've read that with today's technology it would take years to crack a strong password. They would need to lock me up and force me to give it to them to get in. My main worry is giving out my name and address to the sellers, how do i know they wont inform the police?

Anyway I'm feeling quite a bit happier now I've set that up.
Title: Re: UK newbie paranoid about safety
Post by: HeatFireFlame on January 20, 2013, 05:06 pm
Well you see PGP encrypts messages, So it's an especially good idea to use it for sending your name and address, i personally would use it for normal messages also.
The seller can see your real address and name, But even if LE got his computer they would need his pass to read your encrypted messages. hence your name and address is safe. even more so if hes got it on a usb which gets snapped/flushed as soon as shit goes down.
Title: Re: UK newbie paranoid about safety
Post by: peeweed on January 20, 2013, 07:09 pm
I personally run Tor and PGP (good guide and simple pgp app http://32yehzkk7jflf6r2.onion/gpg4usb/) from a USB drive which is encrypted via Trucrypt.  Encrypted folder is slightly less secure in the fact the files are on the computer all the time vs hiding USB stick.

Granted security measures required is based on your intended use (small customer, big customer, dealer, type of product etc).

My basic advice is:

1. Create a new TOR identity, used only via TOR for your black/grey market interactions.  Get a matching Tormail account and PGP key pair.  Many people use proper tormail address in their PGP key just in case SR goes down and they want to communicate with trusted members.  Many people use bogus emails in PGP keys, it is up to you.  As long as you use PGP encryption in your tormail, you should be ok using a real address.

2. Real vs Fake name/address.  Personally I use real, I figure I am lazy and too small of fish.  General consensus is that fake names can give you reasonable deny-ability but could also arouse more suspicion from your local mail delivery folks and could also cause mailing errors.  My opinion... if you are worried about real name usage, go the full mile... get a fake id and then a PO box of some sort and just use that "real" name lol.  Also if you are about to get busted, a fake name probably won't save your bacon anymore then just not opening the package.

3. Use PGP for any identity sensitive data, most vendors frown on using PGP for simple questions/communications.  They receive a lot of messages so encrypting/decrypting can become a chore also considering how slow SR is on TOR.  Obviously if SR goes down or if you are using alternative communications then PGP more.

Title: Re: UK newbie paranoid about safety
Post by: HeatFireFlame on January 20, 2013, 07:26 pm
I personally run Tor and PGP (good guide and simple pgp app http://32yehzkk7jflf6r2.onion/gpg4usb/) from a USB drive which is encrypted via Trucrypt.  Encrypted folder is slightly less secure in the fact the files are on the computer all the time vs hiding USB stick.

Granted security measures required is based on your intended use (small customer, big customer, dealer, type of product etc).

My basic advice is:

1. Create a new TOR identity, used only via TOR for your black/grey market interactions.  Get a matching Tormail account and PGP key pair.  Many people use proper tormail address in their PGP key just in case SR goes down and they want to communicate with trusted members.  Many people use bogus emails in PGP keys, it is up to you.  As long as you use PGP encryption in your tormail, you should be ok using a real address.

2. Real vs Fake name/address.  Personally I use real, I figure I am lazy and too small of fish.  General consensus is that fake names can give you reasonable deny-ability but could also arouse more suspicion from your local mail delivery folks and could also cause mailing errors.  My opinion... if you are worried about real name usage, go the full mile... get a fake id and then a PO box of some sort and just use that "real" name lol.  Also if you are about to get busted, a fake name probably won't save your bacon anymore then just not opening the package.

3. Use PGP for any identity sensitive data, most vendors frown on using PGP for simple questions/communications.  They receive a lot of messages so encrypting/decrypting can become a chore also considering how slow SR is on TOR.  Obviously if SR goes down or if you are using alternative communications then PGP more.


On your PGP you dont need to put anything bar a name,but of course you set a strong password but you dont need to provide an email, in my opinion less is better,apart from security.
Title: Re: UK newbie paranoid about safety
Post by: awhiteknight on January 20, 2013, 07:28 pm
Thanks awhiteknight. I'm using Arch linux so i'm quite familiar with this sort of thing. Perhaps I'm not that paranoid in the end but I think encryption should be enough for me. I've read that with today's technology it would take years to crack a strong password. They would need to lock me up and force me to give it to them to get in. My main worry is giving out my name and address to the sellers, how do i know they wont inform the police?

Anyway I'm feeling quite a bit happier now I've set that up.

If you're in the UK then deniability is far more important than encryption. Under RIPA you could get 2 years in prison for not handing over decryption keys as part of a police investigation, if you "forget" your password and they don't believe you they can throw the book at you. So you'll hand over those keys because that caution for drugs is way less severe than the world of pain you'll face over encrypted files. That's why the SD card method is the best for us Brits, they have to not only prove that it exists but have it in their hand before they can strongarm us into releasing the keys. Good luck with that!

As for getting busted, it's not illegal for you to be in receipt of illegal substances without your knowledge. Just use the name of someone who used to live at your address, and don't open the package until a couple of days after it has been delivered. Hell, even write "not at this address" on the envelope before you open it. If you get busted then don't admit to anything, play dumb and don't ever order drugs to that address again.
Title: Re: UK newbie paranoid about safety
Post by: peeweed on January 20, 2013, 07:36 pm
As for getting busted, it's not illegal for you to be in receipt of illegal substances without your knowledge. Just use the name of someone who used to live at your address, and don't open the package until a couple of days after it has been delivered. Hell, even write "not at this address" on the envelope before you open it. If you get busted then don't admit to anything, play dumb and don't ever order drugs to that address again.

Using a previous name can have pitfalls, there are reports that people have gotten their shipments forwarded to the previous owners new address due to using their name.   At least in the US, from what I understand the postal service will forward some mail and not others (like advertisement/junk mail).   I would at least suggest a few sample mailings with the fake name to make sure it gets through.
Title: Re: UK newbie paranoid about safety
Post by: peeweed on January 20, 2013, 07:43 pm
On your PGP you dont need to put anything bar a name,but of course you set a strong password but you dont need to provide an email, in my opinion less is better,apart from security.

Did not know that, thanks.  You are right, less is always more in these cases but I figure the extra security risk is extremely small as long as you use a separate and semi-secure email via Tor only.  I would suggest to only use it when required since SR has built in messaging etc.
Title: Re: UK newbie paranoid about safety
Post by: HeatFireFlame on January 27, 2013, 11:10 pm
It is, And the risk is minimal, but it is incriminating evidence to be in contact with someone talking about purchasing illegal drugs and "conspiring" to smuggle them internationally. so even when talking about making an order i would send it PGP encrypted.
Chances are they would try and bust the seller but they might just decide they want the buyer as well. There's plenty of noobs making orders and not encrypting things, so i suppose that'l be food for Le for a while, but you need to be careful, you dont wanna get caught out.