Silk Road forums

Discussion => Security => Topic started by: coolmexi02 on July 15, 2012, 01:04 am

Title: So am I being anonymous enough? How can I learn to ship.
Post by: coolmexi02 on July 15, 2012, 01:04 am
Ok nice to meet you guys. So glad I found silk road but need some pointers.

Anyways I found a public wifi hot spot (a place like starbucks etc).

Before Connection I spoofed my mac address on a computer that I bought.

The thing that scares me is as soon as I connected to the wifi a screen popped up on my computer
with out even opening a browser. How does it do this? Its a popup making me agree to a big lists of terms regarding that they track what we do. So as soon as I got in I fired up TOR and came here to visit you guys.

My question is am I safe for spoofing my mac address? Or does this authentication pop up can reveal my real mac address? How did they make that window pop up as soon as i connected with out opening a browser? What information can they get about me? that pop up looked like a system pop up and not affiliated with any of my browsers.


Also... I would to one day like to share my magical cookies I bake so strong with you guys. How would I go about mailing some cookies? I mean how do I mail off 20 big cookies in a box with out having to show my face at the post office?

How do I always stay current with what the real SR .onion is?

I kno. alot of questions but please help a new guy out. Anyone that helps me out will prob get free cookies form me in the future :D

- peace

Title: Re: So am I being anonymous enough? How can I learn to ship.
Post by: sundhara on July 15, 2012, 02:24 am
... Second thread about MAC Address spoofing in a row.

Please don't try MAC Address spoofing. It is an unreliable way to ensure your anonymity. Get a USB Wi-Fi Dongle or change your WLAN chip (If you don't know how to do this, just take it to a computer repair shop with your laptop and tell them you want them to replace it. Don't take no for an answer... It's very simple to do with any laptop purchased in the last what 5 years? Just tell em you got MAC banned off a gaming server.

About the cookies... You'll know once you start buying :P

Check Wikipedia I guess? Hidden Wiki? exit.onion?

The main problem is the annoying name. silkroadvb5piz3r.onion
silkroad + visual basic 5 + PIZ (that shitty candy that came out of a cartoon character's mouth or ass - pez) 3r.onion :D
Title: Re: So am I being anonymous enough? How can I learn to ship.
Post by: Imaginarytailus13 on July 15, 2012, 02:32 am
Public wifi is either free or paid for. Hotspots usually have companies/firms like fon/etc for handling an internet connection, a browser or prompt comes up and asks you to agree to certain terms and condition, or even to pay for usage. I assume thats what it was. They cannot get any info as long as your connection is secured through tor. I think you`ve mistaken the wifi-access prompt for something else. How do you mail cookies without showing your face? If you can`t walk into the post office casually and send some cookies, then perhaps you should consider forgetting about it. Tying to heavily disguise your elf will not work, you can certainly pay other people to do it if you feel insecure. You should already have packed them airtight in the box before going there. You can bookmark the forum url if you want for any news on the SR`s state, they usually redirect you to to another url before completely discarding another one.
Title: Re: So am I being anonymous enough? How can I learn to ship.
Post by: sundhara on July 15, 2012, 02:39 am
If you can`t walk into the post office casually and send some cookies, then perhaps you should consider forgetting about it.

Or just take small doses of anti-anxiety meds until OP grows balls. At the very least, not being able to walk into a post office with cookies means OP is a scared bitch... and I was much smarter about how I bought from silkroad when my balls hadn't dropped yet either. :P
Title: Re: So am I being anonymous enough? How can I learn to ship.
Post by: Carbonic on July 15, 2012, 02:49 am
Ok, I don't know too much, but I'll try and help as much as I can. Basically, I don't think you need to use a public wifi hotspot all the time. Perhaps you're more comfortable with that, I don't know, but you can do it from home if you take the proper precautions. First, look up Liberte. It's a small version of Linux that you can install to a flash drive and boot to. It's highly secure, as it won't leave any trace of your Tor activity on your computer, and is encrypted so no one but you can boot to it. Also, if you're prepared to do a full reinstall, I'd recommend DBAN (Darik's Boot And Nuke tool) to absolutely wipe your hard drive, and any traces of Tor on it. If you do that, from that point forward only access Tor through Liberte. From then on, I'd spend some time around the security forums here, picking up tips and tricks from people who know far more than I. Until then I can offer up what I have and maybe others can come and correct/add on to it.

Liberte comes with pre-installed GPG, a text encryption service that you should learn to use. Once you're running Liberte, look under System Tools, then gpa. Basically, you create your keypair, which consists of a private key and a public key. The public key you share with anyone who might want to message you, and the private key you guard closely. Basically, it allows someone to write a message, encode it using your public key, and then that message can only be decrypted and read using your private key, ensuring that you and only you can read the message. You will notice many vendors have a PGP public key block on their vendor pages. This is what that's all about.

On the subject of secure passwords, you can't be too careful. If you've never heard of Diceware, look it up. An 8-10 word password should be great, (although I'd still recommend you throw in a symbol or something for safety) and not too hard to remember. Use this password as a key for a password manager (Liberte comes with Figaro's Password Manager 2). For your other passwords, Figaro's Password Manager 2 has a password generator, and since it remembers passwords for you, I'd suggest using letters, numbers, and symbols and go as long as you want. 35+ characters ensures that no one's going to be able to brute-force it before the sun burns out.

Being a vendor is a big job, and if you don't plan on getting caught, not one to take lightly. Packaging things stealthily and so they won't get caught is an art, and it can be hard. I'd recommend asking around the shipping section more on that specifically.

Basically I would tell you to be as paranoid as you feel is reasonable, and then a bit more. LE worry about the small-time personal buyers on here, but you start vending, and you're a target, but I assume you know that. Just be careful out there, if you get caught it has a chance to bring the press' attention this way, and no one here wants that to happen, so if you have a question, ask it and people will be happy to answer.

Title: Re: So am I being anonymous enough? How can I learn to ship.
Post by: fuckthepolice101 on July 15, 2012, 05:14 am
Using public wifi hotspots is not needed when you use tor. If you understand how tor works you will realize that connecting from a public wifi spot is being paranoid.cs

Things you should be more worried about than what connection you use when accessing the tor network:

-Trojans/keyloggers on your machine
-shoulder surfers reading your screen
-narcs, rats and informants
-fingerprints, hair and other forensic evidence  in/on your packaging
-items that have identifiable signatures in your packing (examples: if you use a unique type of envelope that is only available at one store. the use of specialized fonts for lablers that can only be purchased from a single online store, invisible ink 'fingerprints' from color printers that give the serial number/make/model of printer that was used)
-a routine that allows LE to predict your movements
-opening your fat mouth to people about your private business

these are just a few that come to mind.

As far as being secure - tor is not the weakest link in the chain (imho)
Title: Re: So am I being anonymous enough? How can I learn to ship.
Post by: kmfkewm on July 15, 2012, 09:26 am
Using public wifi hotspots is not needed when you use tor. If you understand how tor works you will realize that connecting from a public wifi spot is being paranoid.cs

Things you should be more worried about than what connection you use when accessing the tor network:

-Trojans/keyloggers on your machine
-shoulder surfers reading your screen
-narcs, rats and informants
-fingerprints, hair and other forensic evidence  in/on your packaging
-items that have identifiable signatures in your packing (examples: if you use a unique type of envelope that is only available at one store. the use of specialized fonts for lablers that can only be purchased from a single online store, invisible ink 'fingerprints' from color printers that give the serial number/make/model of printer that was used)
-a routine that allows LE to predict your movements
-opening your fat mouth to people about your private business

these are just a few that come to mind.

As far as being secure - tor is not the weakest link in the chain (imho)

Using random WiFi in addition to Tor is strongly complimentary. Tor is very good at keeping some x% of your sessions anonymous some y% of the time against most attackers, but these numbers are not 100 even against relatively weak attackers. If you surf Tor for a year maybe the attacker deanonymizes one of your sessions. This is not extremely unrealistic, and is actually probably likely to happen to at least some of the people surfing silk road in a given year, even with a relatively weak attacker. If the dreaded day comes that the attacker deanonymizes one of your sessions while you are visiting SR, you are fucked if you are using your home connection but you are still quite likely to maintain anonymity if you are using a random WiFi hotspot and taking the proper precautions while using random WiFi. So although it is definitely not absolutely required that you only connect from random WiFi access points, it does offer a significant amount of additional protection and I would suggest that bigger vendors in particular seriously consider never connecting to SR from an access point that can be tied to them.