Silk Road forums
Discussion => Security => Topic started by: TalkingHead on February 29, 2012, 03:32 pm
-
Since you can't sign on to Mt. Gox through Tor without potentially having your account frozen I was wondering if you were at a Starbucks or someplace like that wouldn't that keep your personal ip safe? My bc buying method has become cash deposit through Bitinstant/CashTrust at a local (but not too local) bank, entering the Mt. Gox code then directly transferring to SR, where I change my bc address fairly frequently.
The two weak spots here are 1.) security cameras at the bank, although I doubt if just making a deposit is risky and
2.) using my computer through a non-Tor browser to access Mt. Gox to buy and transfer bc.
So I'm asking any of you computer wizards would a public wi-fi be more safer and more anonymous, leaving out the slim possibility of someone sniffing and hacking me?
Thanks all.
-
Buying and selling bitcoins isn't illegal.
-
Yes, I know that. I was referring more to the transfer from Mt. Gox to SR.
-
You'd be better off sending them from your exchange to Instawallet or your own Bitcoin wallet before sending them to SR. Personally, I wouldn't send bitcoins directly from my exchange to SR.
-
I understand what you're saying. I was wondering if I was on a public wi-fi, instead of at home, does that mean my IP would be more anonymous when moving bc around, either straight to SR or through different wallets. Please correct me if I'm wrong but with a Mt. Gox account that's not linked to me transferring straight to SR could only be traced to me through my laptop's IP but if I wasn't home would it still be traceable?
-
Since you can't sign on to Mt. Gox through Tor without potentially having your account frozen I was wondering if you were at a Starbucks or ...
...
The two weak spots here are 1.) security cameras at the bank, although I doubt if just making a deposit is risky and
2.) using my computer through a non-Tor browser to access Mt. Gox to buy and transfer bc.
So I'm asking any of you computer wizards would a public wi-fi be more safer and more anonymous, leaving out the slim possibility of someone sniffing and hacking me?
- sure, not your connection, advise still to take the precautions of changing your wifi card's mac address before connecting so dont make the
mistake of connecting then change it and reconnect (obviously)...
- i dont know if starbucks are very switched on when it comes to security, but bare in mind starbucks franchises do get some stuff from hq, and
there is a chance they may block certain access or block a list of anonymous sites.....just be careful...never assume all is safe...
;)
-
Granted I do not work at Starbucks nor AT&T, but I do know a bit about Wifi Security, Authentication, Authorization, and Accounting. I state that I don't work for AT&T in this convo because Starbucks WiFi service is managed by AT&T and is a part of the AT&T Hotspost plan. Someone with a bit more knowledge of AT&Ts internal policies would be able to accurately describe what records are kept, but MAC, IP, ToD, etc are kept if not for security purposes; then for technical purposes. This way they can track and resolve issues. The records that are kept for technical reason can be kept for months if not longer. This is for trending purposes. IF your purpose is to connect to mtgox anonymously I suggest using a proxy or VPN service. It is straight forward and there aren't so many unknowns.
Edit --
also, you can find the nearest apartment building. Even now I find at several APs unsecured where ever I go. Albeit its not like the good ole days, but the unprotected WiFi networks still exist.
-
Granted I do not work at Starbucks nor AT&T, but I do know a bit about Wifi Security, Authentication, Authorization, and Accounting. I state that I don't work for AT&T in this convo because Starbucks WiFi service is managed by AT&T and is a part of the AT&T Hotspost plan. Someone with a bit more knowledge of AT&Ts internal policies would be able to accurately describe what records are kept, but MAC, IP, ToD, etc are kept if not for security purposes; then for technical purposes. This way they can track and resolve issues. The records that are kept for technical reason can be kept for months if not longer. This is for trending purposes. IF your purpose is to connect to mtgox anonymously I suggest using a proxy or VPN service. It is straight forward and there aren't so many unknowns.
Edit --
also, you can find the nearest apartment building. Even now I find at several APs unsecured where ever I go. Albeit its not like the good ole days, but the unprotected WiFi networks still exist.
- i'd advice changing your mac regardless, i don't work in a starbucks never have don't know if someone routinely looks at a connection
screen as they do in internet cafes -its about the immediate risk not about trawling thru logs weeks after you've had your coffee left and gone
home....
- you would have received a 'starbucks' ipaddress based on your mac address long before you d/click the vpn icon !!
:o
-
starbucks doesnt check em. I bounce around diff starbucks in my city. I am using starbucks now actually.
-
starbucks doesnt check em. I bounce around diff starbucks in my city. I am using starbucks now actually.
..hard to belive ..well ok then, if they don't care who uses their dsl and bandwidth...i certainly don't ...
;)
-
TravellingWithoutMoving - Not disagreeing with you about changing mac address any tweaks you can make to hide your identity definitely helps. just letting people know that records are kept of when and where you connected and to which sites. Someone looking hard enough will could match up the connection logs with security cameras, etc. Starbucks really isn't the place to try to stay anonymous whether your worried about an immediate risk or trolling through logs. This day and age data mining isn't that difficult.
At least with a VPN I can login to a local server and exit through a server in London, for example. All traffic is tunneled and preferably encrypted from my client station to the exit server in London.
-Cheers!
-
...become lax with something make 1 mistake may cost you later thats my point. As much as users here are working with technology regular
people out there and the companies they work for are getting smarter as technology and security become common place..
never assume you're not being watched !
;)
-
never assume you're not being watched !
;)
Favourite quote:
"It is only very very stupid people who think the law is stupid"
- "Layer Cake" 2004.
-
To avoid cameras, forget starbucks. There are plenty of places to use wifi from the privacy of your car instead. As someone said apartment complexes are good, especially in college areas. Also some cities are doing a wireless initiative where the whole downtown is a hotspot. Might want to see if any towns near you are doing anything like that.
Make sure you dont have any software on your laptop that may "phone home" to any personal accounts of yours (instant messengers, dropbox, browser plugins that may auto-login to your facebook, email, etc). If your traffic ever did catch the man's attention, you dont want them going through their logs and seeing that your session also logged in to dropbox with YourEmail@blah.com
For this reason, I created a whole new windows user profile on my laptop that I only use in a public hotspot. And I use a copy of Chrome Portable that has never been anywhere near any personal accounts of mine.
-
Favourite quote:
"It is only very very stupid people who think the law is stupid"
- "Layer Cake" 2004.
The law is stupid, but that doesn't mean we should act stupidly.
-
My thought on anonymity is…
We have to be on our shit 100% of the time to stay anonymous and free. The other side (thousands of bureaucrats, LEs, busybodies, and people with nothing better to do) only need to get lucky once, then you are on their radar. To use a clichéd metaphor “A broken watch is right twice a day”.
Mad props to those in this small community, that have gotten us this far, and have put a serious thorn in the other side's ass! They are much smarter than I could hope to be, and have made it possible for me to remain anonymous and free. I try to do what I can on my side to stay vigilant.
So if a situation seems questionable, then trust your gut and stay away.
-
Buy a netbook. only use it for this sort of stuff. there ya go.
-
Buy coins from gox, transfer to your desktop wallet. Generate a new address, transfer again to another address you own. Transfer to SR. When you're done and 0 coins left put wallet.dat in a Truecrypt container with a random huge password and then delete it. The next time you restart the bitcoin client it will generate a new wallet. Repeat.
If (unlikely) SR is compromised and they can get a list of addresses, and magically convince MtGox.com to allow them unfettered access to their previous transfer history (also unlikely) they will then not show you directly paying any SR generated addresses from Gox, thus glove doesn't fit must aquit. The extra address is completely unknown and filled with plausible deniability. You could've easily sold the coins to somebody else on #bitcoin-otc who then transferred it to here. A million different scenarios.
No need to sit in Starbucks wearing some ridiculous disguise while transferring bitcoins.
-
If (unlikely) SR is compromised and they can get a list of addresses, and magically convince MtGox.com to allow them unfettered access to their previous transfer history (also unlikely)
I'm sure Gox would give up the info to someone who wrote a strongly worded letter on LEO letterhead (let alone a court order), they are trying to build a legitimate business and have been really cracking down on their Anti money laundering stuff lately.
I'm not really arguing that it is or isn't a big deal, but thinking gox will go through any grief at all to protect you is silly.
-
If (unlikely) SR is compromised and they can get a list of addresses, and magically convince MtGox.com to allow them unfettered access to their previous transfer history (also unlikely)
I'm sure Gox would give up the info to someone who wrote a strongly worded letter on LEO letterhead (let alone a court order), they are trying to build a legitimate business and have been really cracking down on their Anti money laundering stuff lately.
I'm not really arguing that it is or isn't a big deal, but thinking gox will go through any grief at all to protect you is silly.
Yes, this is 100% true.
You can fake a fax or letterhead and get any information you want. Just pretend to be a cop and get personal details of somebody easily. This is why proper anonymity is so important. Just because you assume your ISP, email account, or bank requires a "court order" doesn't mean somebody like me can't easily fake one and get that information. Must be anonymous from square one, building anonymity upon anonymity.
Usually a cop will just phone or fax a bank or payment system and get any information they need. Protip: register "police.co.uk" or something, they won't think twice about sending you that personal information.
Yet another example why it's very difficult and downright dangerous to be a democracy activist. China does the whole fake LEO letterhead all the time to get at their accounts if they can't side channel or guess the password.