Silk Road forums

Discussion => Security => Topic started by: Euphoric on August 04, 2013, 01:48 pm

Title: TOR Secure Messaging System
Post by: Euphoric on August 04, 2013, 01:48 pm
http://sms4tor3vcr2geip.onion/

This seems like a much better alternative to privnote.com to me. Ultimately everyone should just use PGP/GPG but for those who use privnote this seems like a more secure and encrypted alternative....
Title: Re: TOR Secure Messaging System
Post by: comsec on August 04, 2013, 10:50 pm
I thought this was a federal honeypot then checked the bitcoin donation address, whoever runs this is gambling donations away playing Satoshi Dice so I guess not fed agents.

I wouldn't trust this or any other cloud service. Remember Hushmail also claimed they could never read your emails too. If you haven't PGP encrypted before sending assume everybody can read it.
Title: Re: TOR Secure Messaging System
Post by: Euphoric on August 24, 2013, 10:57 pm
I thought this was a federal honeypot then checked the bitcoin donation address, whoever runs this is gambling donations away playing Satoshi Dice so I guess not fed agents.

I wouldn't trust this or any other cloud service. Remember Hushmail also claimed they could never read your emails too. If you haven't PGP encrypted before sending assume everybody can read it.

Agreed, but I just thought it was better than Privnote. People should be using PGP anyways....
Title: Re: TOR Secure Messaging System
Post by: Euphoric on August 24, 2013, 11:17 pm
I disagree quite strongly on this, we have no idea who runs it. At least with privnote, they have a Europrise certified version (certified.privnote.com), but this site is completely unknown so even if it looks and feels legit, until we can have somebody take a proper look at this, it shouldn't be used to handle anything sensitive.

i just posted this on a different thread:

Quote
I don't trust privnote.com even though it says the note is destroyed after its read that doesn't mean that the data is physically deleted from the server. It's just like when you delete a file on a computer, the operating system simply no longer shows the file, and it becomes free space. With data recovery software it is still possible to recover that file until it is written over. You have to securely delete a file to actually delete it. Which writes over the space where the file was written on the hard drive. With the tools the government has even a secure deletion isn't even sufficient. I'd day you need to write over the file at least 7 times for it to be un-recoverable. The air force does a 35 pass or writes over their hard drives with random data 35 times.

I've also heard that some three letter agencies say they physically shred their hard drives AFTER doing a 35-pass secure deletion.

So my point is, even though privnote.com claims the note is "destroyed" after its read, the data is still on the server and could easily be recovered!

http://dkn255hz262ypmii.onion/index.php?topic=203553.0

I'm about to start requiring all customers to use PGP for all addresses, even if it causes me to lose business. I'm going to be writing up several complete step-by-step guides on how to use PGP on all operating systems including Windows, Mac OS X, Linux, iOS, and Android.

But in my opinion no one should use Windows for SR. Use Linux, because none of the FreedomHosting iFrame/Javascript hacks that the NSA setup worked on Linux...only Windows users. Thats all they go after is Windows users.
Title: Re: TOR Secure Messaging System
Post by: Kiwikiikii on August 24, 2013, 11:58 pm
I disagree quite strongly on this, we have no idea who runs it. At least with privnote, they have a Europrise certified version (certified.privnote.com), but this site is completely unknown so even if it looks and feels legit, until we can have somebody take a proper look at this, it shouldn't be used to handle anything sensitive.

i just posted this on a different thread:

Quote
I don't trust privnote.com even though it says the note is destroyed after its read that doesn't mean that the data is physically deleted from the server. It's just like when you delete a file on a computer, the operating system simply no longer shows the file, and it becomes free space. With data recovery software it is still possible to recover that file until it is written over. You have to securely delete a file to actually delete it. Which writes over the space where the file was written on the hard drive. With the tools the government has even a secure deletion isn't even sufficient. I'd day you need to write over the file at least 7 times for it to be un-recoverable. The air force does a 35 pass or writes over their hard drives with random data 35 times.

I've also heard that some three letter agencies say they physically shred their hard drives AFTER doing a 35-pass secure deletion.

So my point is, even though privnote.com claims the note is "destroyed" after its read, the data is still on the server and could easily be recovered!

http://dkn255hz262ypmii.onion/index.php?topic=203553.0

I'm about to start requiring all customers to use PGP for all addresses, even if it causes me to lose business. I'm going to be writing up several complete step-by-step guides on how to use PGP on all operating systems including Windows, Mac OS X, Linux, iOS, and Android.

But in my opinion no one should use Windows for SR. Use Linux, because none of the FreedomHosting iFrame/Javascript hacks that the NSA setup worked on Linux...only Windows users. Thats all they go after is Windows users.

if u dont trust SR staff then why are you on here. go home.
Title: Re: TOR Secure Messaging System
Post by: Euphoric on August 25, 2013, 04:08 am
I trust SR staff, I think you read my message wrong. My issues were with privnote, freedom hosting, and tormail. I SUGGESTED using SR for all communications, but to use PGP as anyone would agree.
Title: Re: TOR Secure Messaging System
Post by: Psyche on August 25, 2013, 05:05 am
I trust SR staff, I think you read my message wrong. My issues were with privnote, freedom hosting, and tormail. I SUGGESTED using SR for all communications, but to use PGP as anyone would agree.
You should disallow sales to any vendors who do not have "Signed with PGP for unix"(I'm paraphrasing).

Educate them on tails an linux. More important than encryption IMO.
Title: Re: TOR Secure Messaging System
Post by: Nightcrawler on August 28, 2013, 12:50 pm
I trust SR staff, I think you read my message wrong. My issues were with privnote, freedom hosting, and tormail. I SUGGESTED using SR for all communications, but to use PGP as anyone would agree.
You should disallow sales to any vendors who do not have "Signed with PGP for unix"(I'm paraphrasing).

DPR has the last word on policy here, and it is DPR's stated policy that while PGP is recommended, it is NOT required. Unless and until DPR changes their mind, this is not going to change. 

Educate them on tails an linux. More important than encryption IMO.

Anonymity is the primary defense mechanism here, everything else is secondary. The best way to think of PGP/GPG is as an insurance policy -- it is there to protect you, when the shit hits the fan. About a year ago, there was a user by the name of Winters86. He claimed to come from a family of LEOs, and he claims to have seen an internal document/report that talks about Silk Road. Here is what he had to say:

Quote
4
Security / Australian LE Report on BC/SR
« on: August 26, 2012, 01:11 am »

Hello all,

I come from a family of LEO's, Not just uniformed officers, but upper echelon personnel in multiple agencies both state and federal. I can't be more specific than that unfortunately. Recently, I gained access to an internal confidential report distributed to several Australia LE agencies and a few international anti-narcotic bodies regarding possible methods of combating illegal activities involving BC. Of course SR was a main feature of said report.

I was told not to share any of the information, however I feel this report should be made available to the SR community because it contained methods through which LEO intend to begin to infiltrate and if possible start serious interdiction of the quote 'blatant and continually growing narcotic trade SR supports'. Now I can't post the report openly for everyone, because It could lead to serious consequences for myself and members of my family, I will however share the relevant points made and share an altered version of the report with a few members of the community whom I have already discussed this with and who have agreed to help get the information out there, because I know this one post won't be enough.

So here are the nuts and bolts of the report, spread the information as far and wide as possible friends:

1. PGP is terrifying them, every new user who learns it and helps others learn, closes a possible loophole they where planning to exploit.
2. User ignorance of the technology being used (Tor, PGP etc) is the their single best hope for any kind of serious action against the SR community.
3. Narcotic trade historically involves exploitation and violence. Users working together as a community for a greater good and towards the same goals has made all previous interdiction training basically obsolete. In other words, every user who helps newcomers learn how to be safe and secure especially through the use of PGP for all transactions and communication is a nail in LEO's coffin.
4. A total lack of violence and exploitation is very much working in our favor. So in other words, the idea of a community working together to protect the new and vulnerable has been identified as a huge obstacle for any kind of serious attempt to stop SR.
5. Their morale regarding fighting SR and BC is very low at the moment, mainly because very few LEO have the capacity to comprehend how the whole system works, but unfortunately, recent media coverage demands some kind of action, so they are going to have to show the public they are doing SOMETHING to combat SR, they just aren't sure what yet.

So there you have it my friends, Think of it like we are involved in an Insurrection and they are trying to pacify our homeland. History dictates that a determined and unified local populace will always defeat an invading enemy, regardless of strength through slowly sapping that enemies very will to continue the fight. We have the upper hand, there are just a few things we need to do to win the war and if you have read this post, you will see what those things are.

Go forth and educate yourself and anyone who needs it. Lean PGP, use it, teach others, encourage the spirit of community and helping others and victory shall be ours.
Be safe and smart friends.

http://dkn255hz262ypmii.onion/index.php?topic=38319.msg431562#msg431562

Note especially points 1 & 2. PGP is terrifying them, and every user who uses Tor/PGP closes a loophole they were trying to exploit.

Encryption makes their jobs harder, thus their fear of it.  I well remember the Crypto Wars back in the 1990s... every police agency you could name was warning about the dangers of non-backdoored crypto. Their worst nightmare (then, and now) would be to have mass adoption of PGP -- then-FBI Director Louis Freeh was quoted as saying that this would bring online investigations to a halt.

The two biggest assets that law enforcement have are user ignorance followed by user apathy.

Nightcrawler
4096R/BBF7433B 2012-09-22 Nightcrawler <Nightcrawler@SR>
PGP Key: http://pgp.mit.edu:11371/pks/lookup?op=get&search=0xB8F1D88EBBF7433B      (MIT clearnet keyserver)
PGP Key: https://keys.indymedia.org/pks/lookup?op=get&search=0xB8F1D88EBBF7433B    (IndyMedia https: clearnet keyserver)
PGP Key: http://qtt2yl5jocgrk7nu.onion/pks/lookup?op=get&search=0xB8F1D88EBBF7433B (IndyMedia .onion keyserver)
PGP Key: http://dkn255hz262ypmii.onion/index.php?topic=174.msg633090#msg633090     (Silk Road Forums PGP Key Link)
PGP Key Fingerprint = 83F8 CAF8 7B73 C3C7 8D07  B66B AFC8 CE71 D9AF D2F0