Silk Road forums
Discussion => Security => Topic started by: wdsnk on March 31, 2013, 03:49 pm
-
I am a newb, getting ready for first bud buy, personal quan. Transferred BTC from my registered/verified Mt Gx acnt to a recently created Blockchain wallet. I had sent 1 other trans from my personal bitcoin-qt wallet, (possibly not being logged into VPN) to this Blockchain wallet. Sent BTC to initial SR address and a new one (both from the same blockchain wallet address), after resetting PW.
Was doing some exploring on SR site, checking offers / vendors, considering shipping options (locations) - never ordered. However, I did order a few things from regular ecom sites. Tracking info showed the driver left it at front door on Thursday afternoon - I was not home when "delivered" and had forgotten about the order until Sat morning. I share the address (single family home) with other efficiency residents and they didn't see the package either. This is the first time I've had any difficulty with any delivery here in 5 years; also, I did receive another package via USPS on Friday. Reported missing package to vendor and UPS. Sunday morning, I find the box outside my door and regular piece of mail addressed to me in the mailbox (not there on Sat either). Even more interesting, the box had been opened from one side; however, the contents were intact and the containers were sealed.
Any ideas?
Should I consider shipping SR order to:
a) new private mailbox address (m/b a UPS store mailbox?), not USPS office, perhaps in Co name
b) former address (yrs ago) where I still receive mail and family member still lives
c) my address but use a former residents name (where they still receive some mail)
d) just do the recommended - my name & address (perhaps wait until I move - is an apartment building better for deliveries?)
e) order more stuff from other regular / consumer ecom sites, for testing of irregularities
f) OR forget the whole thing - assume I'm hot? (I am using my regular Win 8 OS, m/b my system is compromised (Super ANTI Spyware n Avast AV))
Do I have any options?
I am also wondering if I should withdraw those funds sent to SR and start over with another wallet & fogger service, perhaps even a new SR acnt.
Any and all feedback, questions n/or tips would really be appreciated
Thanks,
WdSnk
-
The initial method you used to get coins in SR is trivial to trace. Next time, Mt.Gox to Blockchain, then Blockchain *Shared Send* to Instawallet, and Instawallet to SR (get a new SR address every time). It takes a while but it's bulletproof. You could substitute Blockchain's shared send with Bitcoin Fog (http://fogcore5n3ov3tui.onion/) but you'll lose more Bitcoins in the process.
As for your "flagged" address, I'm still not convinced the disorganized US government could or has implemented such a system, but I suppose it never hurts to assume it has. I am confused about your question. Have you placed an actual order on SR? Or were the packages that somehow arrived strangely legitimate, legal goods?
Try reading up on shipping in the Shipping forum section, there's a lot of good info.
Also, when you order, make sure your bud is sent in a moisture barrier bag, vacuum sealing it ten times won't do any good if it's in the mail longer than a day. Also, start small with new vendors to ensure their packaging is sufficient.
lelmeriodici
-
Hey!
Sorry about your issue. I had a similar one about a year ago.
I had ordered an exotic NBOME just because I was able to source it. I at one point collected chems like one collects cards or cars :D
When the package I arrived it was obviously opened at some point. I was pissed because now my product was compromised and I couldn't be % sure what was in the vial. Plus it raised red flags that it was opened in the first place. I stopped ordering anything even remotely grey area for about 6 months after that. I assume that this package was a legitimate item and not one that you ordered from the Road? I wasn't sure exactly what type of package you were talking about
The mail may have been delivered to the wrong address and the other address may have opened your package. Having the other mail attached to it makes this a possibility imo. Being that if it was flagged why would they take a regular letter as well?! And the post office doesn't even work on Sundays.
You can do several things IMO. They have scented/dummy packages available here at the SR. So if you think this maybe a fluke order one of those and see how it turns out and then make your next step based on the outcome. That way you don't burn your current address without having full certainty that something is amiss. Bud is one of the more easily flagged postal items because of the smell. Just a fair warning.
I wouldn't recommend using a different name on your package! It has a lot of unintended consequences. You wouldn't want to be caught opening someone else' mail... its a federal offense you know... plus it kills your chances for plausible deniability should it come to that.
IMO you should be having a lot of regular ecom stuff coming to your address anyway. Not only is it fun getting stuff in the mail, it helps train the postman. That way your SR purchases are just another bird in the flock. So order stuff from abroad occasionally as well if you plan on doing international business. Good vendors go through a lot of hoops to get good stealth and product to your door step. I personally feel I need to invest a little time in effort to making it easier for them and myself, not just sit there and let them do all the hard work.While it costs more it removes you from being the low lying fruit that can easily get picked. Just look at it as a business relationship, being professional is quite enriching.
If you have a trusted friend/family member you may want to just see if you can drop ship it to them. But I would do everything in your power to make sure your address isn't compromised.
All of the scenarios you listed have their pros and cons btw. But being that you took the time to actually think it out. I would make an educated guess that you could probably deduce your best scenario with a little thought and due diligence.
---edit
p.s.
See if there are locals who sell BTC for cash. Finding a trusted local who can provide you bitcoins can save u a lot of hassle trying to make your btc less traceble. Always connect/update your BTC client over the ToR network ( while over a VPN if you have one ; )
-
The initial method you used to get coins in SR is trivial to trace. Next time, Mt.Gox to Blockchain, then Blockchain *Shared Send* to Instawallet, and Instawallet to SR (get a new SR address every time). It takes a while but it's bulletproof. You could substitute Blockchain's shared send with Bitcoin Fog (http://fogcore5n3ov3tui.onion/) but you'll lose more Bitcoins in the process.
As for your "flagged" address, I'm still not convinced the disorganized US government could or has implemented such a system, but I suppose it never hurts to assume it has. I am confused about your question. Have you placed an actual order on SR? Or were the packages that somehow arrived strangely legitimate, legal goods?
Try reading up on shipping in the Shipping forum section, there's a lot of good info.
Also, when you order, make sure your bud is sent in a moisture barrier bag, vacuum sealing it ten times won't do any good if it's in the mail longer than a day. Also, start small with new vendors to ensure their packaging is sufficient.
lelmeriodici
Hi lelmeriodici,
No, I haven't ordered from SR, was on Sunday, Monday lookin around - loaded some in cart, but didn't actually submit order or address. Yes, the packages were strangely legitimate, legal goods - 1 UPS box (tampered), 1 USPS letter (looked normal) - both appeared on Sunday morning. I've never had any issues with any packages delivered here, ever; before this. Coincidence?
So, should I withdraw the current funds in SR & redo using MG =>BC; BC(SS)=>IW; IW=>SR or is the damage (if so) already done? What about the SR account?
Do vendors tend to use moisture-barrier bags, or should I look for that detail from each vendor (as a selling point)? Is it worth even asking them if they don't mention it (considering each may have their own opinion of what is)?
I have been reading more in Shipping forum too.
thanks for the FB, much appreciated.
-
Hey!
Sorry about your issue. I had a similar one about a year ago.
I had ordered an exotic NBOME just because I was able to source it. I at one point collected chems like one collects cards or cars :D
When the package I arrived it was obviously opened at some point. I was pissed because now my product was compromised and I couldn't be % sure what was in the vial. Plus it raised red flags that it was opened in the first place. I stopped ordering anything even remotely grey area for about 6 months after that. I assume that this package was a legitimate item and not one that you ordered from the Road? I wasn't sure exactly what type of package you were talking about *shrugs*
The mail may have been delivered to the wrong address and the other address may have opened your package. Having the other mail attached to it makes this a possibility imo. Being that if it was flagged why would they take a regular letter as well?! And the post office doesn't even work on Sundays.
You can do several things IMO. They have scented/dummy packages available here at the SR. So if you think this maybe a fluke order one of those and see how it turns out and then make your next step based on the outcome. That way you don't burn your current address without having full certainty that something is amiss. Bud is one of the more easily flagged postal items because of the smell. Just a fair warning.
I wouldn't recommend using a different name on your package! It has a lot of un-intended consequences. You wouldn't want to be caught opening someone else' mail... its a federal offense you know... plus it kills your chances for plausible deniability should it come to that.
IMO you should be having a lot of regular ecom stuff coming to your address anyway. Not only is it fun getting stuff in the mail, it helps train the postman. That way your SR purchases are just another bird in the flock. So order stuff from abroad occasionally as well if you plan on doing international business. Good vendors go through a lot of hoops to get good stealth and product to your door step. I personally feel I need to invest a little time in effort to making it easier for them and myself, not just sit there and let them do all the hard work.While it costs more it removes you from being the low lying fruit that can easily get picked. Just look at it as a business relationship, being professional is quite enriching.
If you have a trusted friend/family member you may want to just see if you can drop ship it to them. But I would do everything in your power to make sure your address isn't compromised.
All of the scenarios you listed have their pros and cons btw. But being that you took the time to actually think it out. I would make an educated guess that you could probably deduce your best scenario with a little thought and due diligence.
---edit
p.s.
See if there are locals who sell BTC for cash. Finding a trusted local who can provide you bitcoins can save u a lot of hassle trying to make your btc less traceble. Always connect/update your BTC client over the ToR network ( while over a VPN if you have one ; )
Thanks for the FB. I feel for what you went thru with ur ordeal.
mail delivered wrong address: but missing 3 days? and the open box was UPS. Appeared on a Sunday - is that more of an indicator of a neighbor or (I know UPS/USPS dont work on Sunday, but could they have both left a piece at the same wrong address - esp when they both properly addressed). Actually, come to think of it...it might make sense if the neighbor was not home for a few days? Your thoughts.
So, LE won't have (or open) a suspicious package until the carrier has verified the contents are illegal...I thought perhaps it was intercepted by some LE somehow (for reason unknown to me), and when they saw it was legit, had some type of "courier/runner" drop the package in the middle of the night.
Totally legit package, from mass etailer (labelled as such).
How will I know if they checked the dummy pac? (Does anybody ship with some sort of safety or security tape) Does it smell more than bud; b/c if so, wouldn't them discovering a dummy work against me (assuming they know it's a dummy pac)? btw, where/how do i find the dummy pac on SR?
I dont plan on intl orders but I have had a decent amount of stuff coming in, sporadically. Is it best to order from SR to coincide with a lot of other regular ecom orders?
Is it true that one must configure BTC client with (Options -> Main -> Check "Connect through SOCKS4 proxy: 127.0.0.1 9050") or is it sufficient to have VPN & Tor running?
Also, is receiving buds by mail in a legal state, illegal; due to federal/shipping laws?
Again, thanks for everything.
wdsnk
-
I think you might be just be nervous over placing an order. It's understandable and up to a point good to be hyper aware of things.
By any chance were the legit packages from amazon or eBay. Lots of people selling on sites like that make use of used boxes and shipping materials to defray shipping costs.
-
I think you might be just be nervous over placing an order. It's understandable and up to a point good to be hyper aware of things.
By any chance were the legit packages from amazon or eBay. Lots of people selling on sites like that make use of used boxes and shipping materials to defray shipping costs.
Sometimes I wonder the same - but it was the timing plus the fact that nothing like that's ever happened before (here)
Yes, fulfillment by Amazon (not Amazon itself)...sounds possible, just weird the way it was opened on the smallest side; and, again, never happened before...
Thanks for a sound of reason and logic, much appreciated!
wdsnk
-
Hi lelmeriodici,
No, I haven't ordered from SR, was on Sunday, Monday lookin around - loaded some in cart, but didn't actually submit order or address. Yes, the packages were strangely legitimate, legal goods - 1 UPS box (tampered), 1 USPS letter (looked normal) - both appeared on Sunday morning. I've never had any issues with any packages delivered here, ever; before this. Coincidence?
So, should I withdraw the current funds in SR & redo using MG =>BC; BC(SS)=>IW; IW=>SR or is the damage (if so) already done? What about the SR account?
Do vendors tend to use moisture-barrier bags, or should I look for that detail from each vendor (as a selling point)? Is it worth even asking them if they don't mention it (considering each may have their own opinion of what is)?
I have been reading more in Shipping forum too.
thanks for the FB, much appreciated.
No, don't withdraw the funds. The damage is done, but it's really nothing. Use my method going forward, and, if you're really paranoid, get a new Blockchain wallet and try to delete the old one.
The SR account is fine, click "New Address" before you deposit next time (and every time after that).
MBBs are a selling point, it should be stated on the product or vendor page, but I never buy weed, so I'm not entirely sure. You can always message the vendor and ask about the (internal) packaging they use. Then compare it to the advice here http://dkn255hz262ypmii.onion/index.php?topic=119458.0 . It's always good to ask a few questions to a new vendor to gauge how responsive and helpful they are.
----------
As to your questions in response to davidthegnome's post, here's my 2 cents:
If you never placed an order on SR and never even sent your address (hopefully PGP encrypted) to another party, you have NOTHING to worry about (so long as you haven't ordered illicit goods elsewhere recently).
I would advise against buying a cannabis scented package. Some people here believe addresses can be "flagged," and if you want yours to be, ordering a box that reeks of bud in the mail and hoping it gets seized and searched (I guess that's the point) only to find it's empty will certainly get you flagged. Not to mention law enforcement isn't dumb enough to think an empty box (or one with a few magazines or bottles of shampoo) that smells like pot is not big deal. I'm sure they understand the concept of a decoy package. Just keep a low profile, order from reputable vendors with good stealth, and don't do stupid things like ordering a fucking cannabis-scented package.
I wouldn't run a Bitcoin client on my desktop, I'd use online wallets. I'm not knowledgeable about using the desktop client through Tor...
In a legal state, hmmm, I'd think the USPS, being part of the Federal government, would still get their panties in a bunch, but the ramifications for you as an individual could be less. I'll have to ask around on that one.
So, find a reputable vendor with MBBs and make a small order. Then you'll gain confidence and realize how fun it is to get drugs delivered to your doorstep. Before you know it, you'll have your mailman delivering keys of coke to you. :D
Good luck and never get too comfortable,
lelmeriodici
-
Sounds like solid advice. Thanks for the follow-up, very much appreciated!
PS just saw ur post on the other thread; I had posted the same Q in a few places (not sure if it was a shipping or security - actually, it's both)
wdsnk