Silk Road forums
Discussion => Security => Topic started by: Budpuckett on April 05, 2012, 10:22 pm
-
Hey guys i've gone through a few of the steps in getting bitcoins but before i go any further i wanted to ask some noob questions so that the process can be more secure.
so far i have created a cryptoxchange account using a fake name and gotten my usd on there through bitinstant (deposited at local bank didnt show ID or anything but cameras probably saw me)
the biggest issue is that im connecting to tor from my personal laptop (windows xp), not using a bridge but my ISP hasn't shut me down yet so i guess i am safe for now. i've done the obvious things like not having any programs that might connect to the internet, not using any accounts that could be linked to me through tor, and shutting down all traffic in and out of my computer via firewall (except tor). i am connected to the router via ethernet cable but the router is still broadcasting wirelessly (secured of course) for my roommates.
also the two email accounts i used to receive updates from bitinstant and crypto are not encrypted or tormail or anything like that (i thought that might raise flags on their end), tho they are fake names and shouldn't technically be traced back to me (pls correct if im wrong).
would it be safe to proceed for now or should i scrap everything and do john keats' liveusb liberte method instead?
once that is done, how should i proceed now? i gathered that i should buy btc with my usd on crypto, send the btc to a personal wallet, through bitcoinfog to another wallet and then to sr? i could use some tips on getting a wallet, i know there are both local machine and online ones, what would you guys recommend?
finally im working on getting GPG installed, would it be secure to use it with my above-mentioned computer and network setup?
sorry about all the questions, i am still getting the hang of all of this netsec business and learning, i will keep doing my research but i figured i would post this here for now if anyone wants to help me out.
thanks everyone
-
Can't use Tor and obvious proxies when connecting to sites like cryptoxchange or mtgox
Remember, there's nothing illegal about BUYING bitcoins. It's what you do with them afterwards that makes a difference. For all anybody knows you bought some hosting with it.
If really paranoid torify Irssi and connect to #bitcoin-otc and buy bitcoins 100% anonymously. Or just find somebody on bitcointalk.org selling them, or another fixed-rate site. Then you can use Tor.. but not exchanges.
If I was going to use an exchange I'd (through Tor) ssh into a dirt cheap VPS hosted offshore I bought with bitcoins and use it as a remote desktop to trade and sell/buy bitcoins on these sites. I'd probably put in a socks proxy as well for added security.
Also your fake name and everything is a bad idea unless you can quickly get ID scans made up in that name. What if they seize your funds for identification?
EDIT - There's no reason to use bitcoinfog to pay here unless you're paying with $3000+ or something. Send it to yourself, create a new address, send to that address, send to SR. Now you have $0.00 in wallet.dat so Truecrypt the file and wipe it from your drive if really worried.
-
Can't use Tor and obvious proxies when connecting to sites like cryptoxchange or mtgox
Remember, there's nothing illegal about BUYING bitcoins. It's what you do with them afterwards that makes a difference. For all anybody knows you bought some hosting with it.
If really paranoid torify Irssi and connect to #bitcoin-otc and buy bitcoins 100% anonymously. Or just find somebody on bitcointalk.org selling them, or another fixed-rate site. Then you can use Tor.. but not exchanges.
If I was going to use an exchange I'd (through Tor) ssh into a dirt cheap VPS hosted offshore I bought with bitcoins and use it as a remote desktop to trade and sell/buy bitcoins on these sites. I'd probably put in a socks proxy as well for added security.
Also your fake name and everything is a bad idea unless you can quickly get ID scans made up in that name. What if they seize your funds for identification?
EDIT - There's no reason to use bitcoinfog to pay here unless you're paying with $3000+ or something. Send it to yourself, create a new address, send to that address, send to SR. Now you have $0.00 in wallet.dat so Truecrypt the file and wipe it from your drive if really worried.
well i have read on other threads here that crypto doesn't ask for identification until you have 5 transactions or something like, or less than $250 dollars (it is). i figured for one btc batch it would be fine, then i could scrap that account and use a new one, or use a better method like the one you described.
i have decided not to risk it and made a TAILS usb, since I read on a thread here that liberte and midori had DNS issues (want to be as safe as possible).
however i am still not entirely sure how wallets work. do online wallets require a wallet.dat on your personal drive? can they get hacked and they will see the address to where btc was transfered? in that case would transferring from a personal wallet to sr be a better option because you can delete wallet.dat afterwards?
so far my plan of action is this:
buy butcoins on crypto with the money i have >>> transfer to ewallet (is strongcoin good?) >>>> to another ewallet just for extra security (probably another stroingcoin but i'm open to any suggestions)>>>>>> to an electrum personal wallet (i am planning to make a LUKS encrypted usb since tails doesn't seem to work with partitions on the same usb)>>>>> to SR. after this i will truecrypt the wallet.dat, delete it, then format the usb and write some random innocent data over it a bunch of times.
i do have a few more questions:
1. how necessary is it to do all of this from an anonymous wifi location (cafe or something like that)?
2. also, assuming that I have accessed tor before from my everyday use hard drive (didnt purchase anything though), would it be a good idea to wipe that harddrive (i'm not sure if having tor pack itself installed is incriminating)?
3. finally, is it alright to access ewallets through tor or does that raise a flag on their end?
thanks guys. i'm really paranoid and trying to grasp all of these security concepts but time is a factor (don't want to say more than that for security reasons).
-
come on guys, surely someone in the know can spare a few minutes to help me out? 1 response in 20 days? :'( :'(