Silk Road forums
Discussion => Security => Topic started by: Voracious on July 19, 2013, 12:32 am
-
Hello all!
I have been browsing SR for about two months now, lurking on the forums to soak up whatever information I could before I hopped into this whole world. I still have a lot of gaps though in my understanding of the process. If you do know the answers to some of my questions, or have some links handy, I would greatly appreciate it.
So, here are a few questions I have:
1. After purchasing BTC from a website, such as localbitcoins, what should be my next action to be sure my BTC are not taken from me? Should I leave them in an online wallet? I have downloaded a program called Bitcoin (which is STILL syncing!), but I am still unclear about how it operates.
2. How can I effectively buy BTC, while remaining *under the radar*? I have seen vendors who sell BTC, but they typically require a number of transactions on your SR account, or a certain dollar amount. I have neither of those. I have a hard time trusting websites, even ones who are reputable in the community, because I would imagine reputable BTC traders are primary targets for whatever agency wants BTC trading regulated.
3. Is MtGox a good website to purchase from if I "tumble" the BTC? In your opinion, is it a good price index?
4. What is the best process for leaving feedback for a vendor? I know there are 'blacklists' and etc, so I definitely want to keep my image in good graces around here.
I am sure the answers are in a forum post somewhere, but I have not found a clear process being described. I am mainly looking for someone to tell me, "THIS is how it should be done," and not to give me 10 options to choose from, because I do not yet understand the mechanics of the process yet.
Thanks for reading, and thanks again if you have some answers!
-Voracious
-
i'm a newbie and still at the fred flintstone stage of this, but basically am one step ahead of you
on the scale of paranoid, rank me way up there - mt gox, as a number of online transferors are, is going to require identification verification, ie a scan of your driver's license and a utility bill, and even then they may deny you an account, asking for a third item (phone bill etc). So for me they were out of the question.
from what i've gathered, localbitcoins.com gives you the opportunity to remain anonymous - i just completed my first purchase, i was lucky i found a seller who would do a face-to-face, cash transaction. It was a 5 mile trip to meet at a mcdonald's (where they had wifi) or I could have used my android phone to watch my blockchain acct, which is where i set up an anonymous wallet to receive my coins. I had sent him the wallet address or ID (blockchain provided that) via localbitcoin msg svc, so he'd have it on his iPhone. We met, and after he showed me he had the coins to transfer and we confirmed he had my address correctly in the "send" box, over coffee i gave him the cash and he hit the send button. A minute later it showed up in my acct at blockchain that someone had sent me coins - he waited until 2 confirmations showed up - when you receive coins, the system will start confirming the coin is legit as in, isn't a computer cloned image - it keeps confirming, apparently up to 51 confirmations (so far) but after a couple of confirmations a checkmark showed up next to my block chain wallet, indicating it was good to spend.
on the next purchase, i'm going to try the cash deposit at BOA (Bank of America) - from what i undderstand, the seller on localbitcoins has to be willing to go BOA cash deposit - that also allows you to remain anonymous as you are simply depositing cash into his acct. The purchase, being made thru localbitcoins, the coins you agree to buy are deposited into localbitcoins escrow acct and are held there for 90 minutes, that gives you the time to go to the local BOA and make the deposit.
now, going thru localbitcoins adds something to the mt gox rate - for one thing, localbitcoins is charging the seller 1% for the escrow svc. I felt happy that i paid about 5% over mt gox rate, happy as traders like blue sky traders, when they're up, charge 15% and others charge lesser but similiarly high commissions.
btw, everytime you move the coins to another wallet, the wallet (or btc miner) charges .0005%) of the value, so one coin transferred in, results in a balance of .9995 coins available to spend.
there's a thread here on this forum about setting up Tails on a USB flash drive and creating your own wallet to store your coins in
hope that helps some - if i see the links to the Tails thread, and a 2nd one "installing Electrum on Tails", i'll come back and post them
installing tails on usb http://dkn255hz262ypmii.onion/index.php?topic=114141.0
installing Electrum (wallet) on tails usb http://dkn255hz262ypmii.onion/index.php?topic=94939.0
and another one that might be helpful on localbitcoins.com http://dkn255hz262ypmii.onion/index.php?PHPSESSID=7b9ehr8pj7kscacoccv04u6ii6&topic=179396.msg1321784#msg1321784
-
1. After purchasing BTC from a website, such as localbitcoins, what should be my next action to be sure my BTC are not taken from me? Should I leave them in an online wallet? I have downloaded a program called Bitcoin (which is STILL syncing!), but I am still unclear about how it operates.
In terms of best practices, you shouldn't use an online wallet for long term savings because you're relying on a third party - sort of counter to the entire philosophy of bitcoin which is to eliminate counterparty risk. Really though, an online wallet is probably fine for most people assuming you use a strong password (that you don't lose!), especially if you're just using it to transfer to SR account.
The Bitcoin-qt client works, but you have to download the entire blockchain which is getting to be huge. There are lightweight options that don't require you to download the blockchain - such as electrum or Armory. Electrum is great because you can easily install it in Tails (live OS) using the guide in the forum. Oh yeah, it's a good idea to use Tails or another live OS so as to not leave traces of SR activity on your computer.
2. How can I effectively buy BTC, while remaining *under the radar*? I have seen vendors who sell BTC, but they typically require a number of transactions on your SR account, or a certain dollar amount. I have neither of those. I have a hard time trusting websites, even ones who are reputable in the community, because I would imagine reputable BTC traders are primary targets for whatever agency wants BTC trading regulated.
Bitcoins are not illegal. You can buy them under your real name. You won't attract attention unless you're doing many large and frequent transactions that raise red flags for money laundering or tax evasion. That said, there are options for buying them with cash without ID. Of course, if you're using bitcoin for SR, it is prudent to tumble any bitcoins purchased under your real name before transfer to SR. SR automatically tumbles deposits, but adding an extra layer doesn't hurt.
3. Is MtGox a good website to purchase from if I "tumble" the BTC? In your opinion, is it a good price index?
Sure. I prefer other companies but they are legit and the price index is fair - in fact their price is what many others use. Definitely tumble them if purchased under your real name.
4. What is the best process for leaving feedback for a vendor? I know there are 'blacklists' and etc, so I definitely want to keep my image in good graces around here.
Feedback should be honest. That said, it's bad form to leave less than 5/5 if you haven't given the vendor sufficient opportunity to fix any problems. You will likely get blacklisted if you leave 4/5 without first contacting the vendor to complain about a legitimate issue you have. I won't lie though, if you're a new user and complaining to a vendor that something went wrong, they might think you're trying to scam/blackmail them. After all, just look at it from their perspective.
I am sure the answers are in a forum post somewhere, but I have not found a clear process being described. I am mainly looking for someone to tell me, "THIS is how it should be done," and not to give me 10 options to choose from, because I do not yet understand the mechanics of the process yet.
Well, there is no one "THIS is how it should be done" way. There are many that work. Hell, you could be buying under bitcoin under your real name, not tumbling, using your real computer and taking no effort to conceal your identity, and you'd probably be OK. It would just be stupid to do that when you can be more careful with little effort. I think it's wise to keep your SR activity 100% segregated from your real identity. This means two separate computers (unless you use a live OS that leaves no trace) for SR and real life. I have not so much as even Googled "silk road" on my real computer - I have never done anything on that computer even remotely related to SR, except for reading articles/forums about bitcoin. But as I said, bitcoin is not illegal.
-
Awesome guys, thanks for the feedback! I am totally surprised to see that 4 people are selling BTC for cash within 45 miles of me, considering I didn't think anyone in my area would have them. Any guidelines to be safe? I don't have a smart phone, so maybe bring a friend along so I can verify the funds were received?
wiggum - I use Tails, so I feel OK about most things. Just ordering personals for friends and myself really.
Thanks guys! If anyone else has input, I would love to know it. Otherwise, I think I have enough information here to get me started in the proper direction :)
-Voracious
-
You could just have a friend waiting at a computer to call you when funds are received. Or, get a prepaid hotspot (or meet at a location with wifi) to use your computer to verify.
-
This thread might as well be titled "Hi, LEO here. Can you tell me exactly how you buy your illegal drugs online so I can put you in jail? Thanks."
-
1: Buying BTC
This part is easy because buying bitcoin is not illegal. It's somewhat difficult to do anonymously however, since some exchanges (Mt Gox in particular) require your ID before they will sell you BTC. Other exchanges like Bitinstant only require a name/address (which you can fabricate). You will need a wallet address to have the BTC sent to, and for this I recommend a lightweight client like Electrum. I wouldn't bother trying to install/use the full version bitcoin wallet that requires you to download the entire blockchain, since this will likely take several days to synchronize and is way to much of a hassle if you only need a wallet address to receive coins. Some people don't bother installing anything and just use blockchain.info wallet, and others even have the exchange they purchased the BTC from send them directly to the wallet address provided with your SR account (that's a little too cavalier for me though).
2. Send the BTC to your SR account.
For best security, you should use a mixing service like bitcoinfog on the BTC before sending it to your SR account. It may be unnecessary, but better safe than sorry. Once you've sent the BTC, give it a few hours to be credited to your SR account. Don't obsessively check blockchain.info, just wait a few hours (at most) and they will show up in your account (they always do). Once the BTC are shown on your SR account balance, you're good to go!
3. Download GPG so that you can encrypt your address when the time comes to order.
Don't worry about creating your own key-pair or anything like that, unless for some reason you foresee needing the vendor to contact you with sensitive information (unlikely). All you need to do is use the vendor's public key to encrypt your mailing address. Check elsewhere in the Security forum for instructions on how to use GPG / OpenPGP encryption.
4. Choose a vendor to buy from.
This is the most important part. You should look at the vendor's SR page for the seller rating and the feedback given - and make sure he/she uses PGP as well. What you want to see it's LOTS of positive feedback saying orders are being delivered safe and secure. You must also check these forums under the "Rumor Mill" for that vendor's thread and read through them. Also do a forum search on the vendor's name to see what is said about him/her in any other threads. Remember, this is the person you're going to trust - anonymously - with some sensitive personal information (your mailing address) and your money. Choose wisely.
5. Place your order.
This part really requires no explanation, except to remember to obtain the vendor's public key from the vendor page and double/triple check that the mailing address you type is 100% correct before encrypting in, then copy/paste the resulting OpenPGP message into the address box. I usually send the vendor a quick little "howdy" PM after placing an order.
Ok that's it. Now sit back and wait for the mailman to bring you your drugs. :D
EDIT: oh I almost forgot...
6. Finalize order and leave feedback!!!
I do this within an hour of picking up the package - without exception! As soon as you have your goods, finalize that order! The vendor has come through for you so release his justly earned BTC from escrow. After you've finalized you can leave feedback, or you can wait for the feedback portion until after you've sampled the product (either way, finalize ASAP upon receipt). Personally, I like reading feedback from people who give an opinion on the product itself.
-
Thanks everyone for the feedback. I ended up buying 1.9BTC from someone local, but can't seem to find anyone else that will actually come through for me. I guess I'll try to get the rest online.
@AbuNazir
And I doubt the information in my thread would help LEO anymore than they likely already know. Even then, this is for simple transactions. Hell, this is the process of buying ANYTHING, including legal items on SR. Do you think it would be logical for LEO to utilize this thread as rock-solid information, instead of trying to get suppliers/vendors? Get real.
@SorryMario
Thanks man, exactly the layout I was looking for. I'll definitely remember to pay this information forward ;)