Silk Road forums

Discussion => Security => Topic started by: SuperDimitri on January 20, 2012, 06:03 pm

Title: Needed: SR Staff & Mod approved security protocol (tl;dr)
Post by: SuperDimitri on January 20, 2012, 06:03 pm
I have been here just over a month. In this month, I have probably read 10 novels worth of posts on security.
My problem is that not one single method is a standard protocol. EVERY post has argumentation, which leads to a slurry of jumbled up info, as what one person say sis the best way, another person will proceed to prove it's wrong. The problem is that not everyone using SR is an IT genius. And when they're not, they are pushed aside and called stupid. These aren't the actions of a community I would want to be a part of.
Guess what? MOST users AREN'T computer literate. We dropped out of school, or we were wasted through it all.
I'm pretty sick of reading all these goddamn posts that have more arguments over security than actual lessons.
If you want to call this a community, then we need to come together as one. We NEED a SOP, that's Standard Operating Procedure,on security. A set way. Not a million different ideas, but ONE, that WORKS, for EVERYONE. That is family, that is community. All this bickering about what is right and what is wrong is keeping us apart, and THAT is the problem with a Revolution. You can't win a war, when there's a war within your troops.
I am asking for a SOP on security to be posted. Guidelines EVERYONE can follow, and shop safe with. This guide would HAVE to be approved by SR Staff & Mods. Yes, I know the info is out there, but OUT THERE is it, it's fucking hard to piece together a good guide from all the slurry. It's like trying  to be a Paleontologist without 1st having been trained! Then having all your co-workers bash you for being dumb. 
If you want to call this a community, and  you want  it to go far, then we need for people to step up and lead. Not just rake in the $$.

I see most of you hate the LE world. I do, too, BUT....what do they have that we don't?? Organization. SOP's. Protocols. Which....they ALL learn. Not from a 1,000 different places, but from ONE. they ALL learn the SAME thing. Same for sports, car racing, etc.
Until SR has a SOP for security, the confusion and the slurry will continue.
PLEASE, SR, make, or have someone make a step by step tutorial on how to practice safe SR traveling. The arguments over security has left me seething a this so-called community.
We can't fight 'the man' man on man. It takes a team.
thanks for your time.
SD
Title: Re: Needed: SR Staff & Mod approved security protocol (tl;dr)
Post by: zomgwtfbbq on January 20, 2012, 06:29 pm
I see where you're coming from, but I actually think having a "standardized protocol" could work to our disadvantage.  In general, it's much easier to identify things that always adhere to a regular pattern or a standard procedure.  There are some guidelines that everyone ought to be following - PGP/GPG, full-disk encryption, that kind of stuff - but I don't think there's a one-size fits all approach.

Speaking of encryption... And this is sort of off-topic ... All these vendors that have GPG keys... I don't understand why they don't use them more often.  Want to send me a PM with my DCN?  Please, for the love of all that is good and holy, send it encrypted.  I went to the trouble of encrypting my address when I ordered from you, so you have my key and I have yours - so take that extra step and GPG those DCNs and order updates.

Also... I think vo1d (or is it v0id?  v01d?) did make a fairly simple tutorial.  It doesn't have any official stamp of approval on it AFAIK, but the general guidelines in it are good.  It's around here somewhere.
Title: Re: Needed: SR Staff & Mod approved security protocol (tl;dr)
Post by: fisher on January 20, 2012, 06:42 pm
One good reason to not have standard operating procedure, is that it would become predictable. people using different measures for security will keep LEO guessing. the SOPs are the reason that LE is detectable. If LE operated differently from one place to another, they would be less likely to be thwarted by criminals who pay attention to their SOPs. using a variety of security with how you do things makes you harder to find. I do agree that the arguing about what is BEST for security is counter productive, and there should be a basic security thread stickied and locked, but here is the basics.

use pgp for all personal information
use instawallets accessed through TOR for transfers
use addresses that are known to work for deliveries (e.g. your real name and address)
memorize the real SR address silkroadvb5piz3r.onion
Don't ever sign for anything, EVER
Don't put personal info in public view on SR
Be smart about what you are doing (who you are dealing with, how much and how often you are buying)
use public wifi to access TOR when available
if caught, stay silent, and let your lawyer talk for you

Title: Re: Needed: SR Staff & Mod approved security protocol (tl;dr)
Post by: SuperDimitri on January 20, 2012, 11:05 pm
OK, that makes sense. I appreciate your time and knowledge. Both of ya's.
Title: Re: Needed: SR Staff & Mod approved security protocol (tl;dr)
Post by: QTC on January 20, 2012, 11:19 pm
I agree with both people who responded to the OP. There are many different approaches to operational security, but there are some things that everyone whose opinion counts will agree on. fisher has listed some very simple, yet easy to remember things that everybody will agree on. My only recommendations would be to use a bitcoin mixing service over instawallet, and to avoid using the same hotspot over and over.
Title: Re: Needed: SR Staff & Mod approved security protocol (tl;dr)
Post by: SuperDimitri on January 20, 2012, 11:39 pm
Problem with public wifi is that I don't think it's ok for what appears on the screen when on SR to be showing in a public place. Other than sitting in the car, I suppose.
Title: Re: Needed: SR Staff & Mod approved security protocol (tl;dr)
Post by: TravellingWithoutMoving on January 20, 2012, 11:47 pm
...er.....doubt original poster is going to get what he's hoping for......partly because they got enough on their plate etc..and its not their problem...
the VM by 'Security Solution' IS an attempt to provide this....