Silk Road forums
Discussion => Security => Topic started by: floryflory on February 08, 2012, 09:35 pm
-
.
-
First, start off by removing that quote in OP
And the link
It could easily be traced back to you, due to the face that bitcointalk.org isnt running on tor
-
.
-
It seems to me that tumbling (EDIT I mean mixing/pooling - let's get the terminology right!) isn't necessary for a small time user of bitcoins. Now I should preface this by saying I am not a great expert myself, but I believe it is fine to create a bitcoin wallet on an encrypted USB stick, and only ever connecting to the bitcoin network and downloading the blockchain through TOR.
You can then use this wallet as a step between your source of bitcoins and SR.
Once the coins are in SR, you securely wipe the USB stick to remove all traces of the wallet.
You are then able to deny that you sent your coins to SR, because all that can be proven is you sent your coins *somewhere*, and that *somewhere* cannot be linked to you, either by IP address for the downloading of the blockchain, or by physically examining your system or USB stick. Where they went after that *somewhere* is not something that can be attributed to you in any way, as far as I can tell.
If you're only buying a few times a year, then actually you could create several wallets as described above, and then hop your bitcoins across them all before they go to SR, splitting them up perhaps before they come to SR using different SR addresses.
Then nuke them all, and create new ones the next time you want to do another deal.
The truth is we don't really know what can or cannot be proven in court in a case like this - the whole bitcoin economy plus the security of TOR and SR itself makes everything so complex and opaque, and of course there's no precedent I know of.
I say your steps you've outlined are more than adequate as far as the technology goes. The real risk is in the security of packaging and delivery. I personally do not use a false name - your deniability here comes not from the name on the envelope, but from the fact that anyone can send anyone anything in the post. In some respects a false name could be worse. At least with your own name you can claim malicious intent - i.e., someone trying to implicate you. With a false name it is simply a package coming to your address with no reasonable explanation.
These are my opinions and should not be taken as fact!
To the second poster - I assume that the quotation was someone else, not the OP in this thread.
-
.
-
The advantage of buying anonymously is simply that it is an extra layer of protection. Like using PGP to encrypt your address when ordering. Not strictly necessary but why cut corners when risks are involved?
The more layers you have the patience to build in, the better! I personally purchase coins by bank transfer. They are totally tracable to me, but I believe my method of passing BTC across wallets before going into SR breaks the chain of ownership because although the chain of *transactions* can be traced from SR through some wallets to my source (i.e., the coins themselves can be followed from my source to SR), the wallets through which they travelled could have been owned by anyone and as long as there is no trace of the wallets on my computer or at my ISP, it cannot be proven that I owned those wallets.
This is not the same as using coin pools though - the chain of ownership is broken in these systems by putting the BTC you purchased into a mix of lots of BTC, then withdrawing other coins. If you access the pool anonymously AND the pool doesn't keep records of whose coins were swapped with whose, then you're good to go too.
It's all about the level of risk you are prepared to take my friend. I am sure there will be those on here who think I am lax in my security arrangements, but I live in a country where purchase or possession of personal amounts of drugs are not normally prosecuted criminally.
-
Also don't forget that my method requires you to download the entire blockchain through TOR, and preferably more than once too.
And then once the coins have passed through those wallets, you kill them off straightaway.
It takes a long time (days) to d/l the blockchain through TOR. So it is a cumbersome method which is not suitable for people who wish to buy frequently.
You say that like me, you won't be purchasing often, so it is a viable option for you.
-
Maybe I've been lax then. I only buy weed, too, 1/8ths and 1/4 ozs. mostly. But, after doing my first few transactions more cautiously I've since streamlined my process. I set up an account at Mt. Gox with a false name that's tied to a tormail address. And while I can't access Mt. Gox through Tor I do open a private/incognito window in my browser, usually Chrome but Firefox and Safari have them, too.
Then I go to BitInstant.com (they charge between 4.49% and 4.99%, depending on the $ amount) and set up a cash deposit through an entity called CashTrust. The CashTrust browser tab opens up automatically after you fill in all of the appropriate info - none of which can identify me - on BitInstant and you pick a bank branch anywhere you want that's listed there. You then have 3 days to go to that exact branch and pay the exact amount on the provided invoice. At no time do you have to sign anything and the only vulnerability is the security cameras that are at any bank which I think is no big deal for what you're doing, especially if it's not near where you live. By the time you get home (usually within the hour) your money is at your fake account at Mt. Gox.
I do the whole US$ to Bitcoin exchange thing then send my BC straight on to SR, though you can always do the additional wallet thing first if you want. Since I made a cash deposit to a false account I don't.. Done deed and totally anonymous. Maybe I should be worried about LE seizing my laptop but I don't.
Place your order with your real name and wait for the delivery. In an apartment complex like yours I wouldn't worry too much about someone watching you get your mail but you can always look confused when you get your package!
I hope that helps.
-
thankfully someone has a similar thread. Im in the UK, ive found an exchanger - intersango.com - i believe i can fund my account here by sending my account number to the exchanger, but the question is what then?
Pretty noob question i know. I saw that you can send to a user but also read there is a 6.75% fee for escrow - how to set up escrow?
is it set up automatically when i send my coins?
If i am right about the above i seem good to go, obviously i need to order the goods through my cart first.
-
^ Really hoping someone can help me with the above points. If im right im good to order asap!
-
thankfully someone has a similar thread. Im in the UK, ive found an exchanger - intersango.com - i believe i can fund my account here by sending my account number to the exchanger, but the question is what then?
You send a bank transfer to their bank account with your personal reference number to link it to your account. They'll then credit your account when they get around to processing it, usually a few times a day.
I saw that you can send to a user but also read there is a 6.75% fee for escrow - how to set up escrow?
Escrow is what it's happens when you make a purchase and the money leaves your account. It's then held by SR in escrow until you finalise your purchase and it's sent to the buyer.