Silk Road forums
Discussion => Silk Road discussion => Topic started by: Kurt Cobain on August 26, 2011, 09:59 pm
-
Hi,
do you think, that there is any way for LE in the future, to force SR to go down? Or will the make BTC illigal? I mean, since media reports about SR, i fell like this won`t last forever.
what do you mean?
thx
-
I think it all depends if they can figure out how to trace the server through Tor. NSA/Homeland Security might be involved if terrorists are using Tor to communicate. If so, Congress has given them unlimited resources to figure it out.
-
Unfortunately, Im sure that terrorists are using tor/pgp to communicate. I mean, why wouldnt they? Also, NSA surely can track through Tor. Im sure they have the technology, but if the terrorists kept moving their place of communication, it would be tough for even NSA go get them. I dont know how Tor works. But it seems like if they could make a new onion address every so many days, that they would be tough to track down. But the ironic thing is none of us have any clue on what type of technology the government has in their hands. They may have a program right now that can break any pgp code within minutes..
This is the only bad thing about being anonymous. It attracts the very undesirable..Child porn/terrorists, etc.
-
I wouldn't worry about SR future, I think there will be more sites like SR.
Tor is pretty safe for current moment, and even more because it's open source it's safety can be improved when some flaws will be found.
About making BTC illegal, how do you imagine this ?
There're a lot of eMoney now, and to make BTC illegal is to make all those eMoney illegal, which I don't think will ever happen in near future.
-
They may have a program right now that can break any pgp code within minutes..
They may have not. Not just practically, but fundamentally. There were some incidents, when they tried to decrypt truecrypted hard drive for 2 years unsuccessfully. It is all the same asymmetric encryption used in truecrypt and pgp. Even in ideal conditions it will take years to decrypt one single key.
As a person who is interested in cypherpunk and technology, I think SR is quite safe not because of TOR or PGP security, but because SR isn't a site but an idea. And ideas aren't so easily destroyed. If even tracked, I am sure the servers won't be that easy to shut down. If shut down, it will restart on another machine. May be other sites will catch the flag and move it on. There is a black market and many others out there. There is i2c, which will help if tor is compromised. Using p2p+smart encryption it is possible to make a decentralized community which will be virtually untraceable. And it is all quite real already, just waiting for a coder to be brought to life. Bitcoin cannot be shut down already. It gathered a critical mass when all the kings horses and all the kings men won't be able to bring it down. We live in a really interesting times, when the revolution rolls on unnoticed by masses. When it become noticeable, it becomes inevitable. So get ready and fasten your seatbelts. Be proud to be part of it all.
Cheers.
-
Yeah. Without getting into the crypto of it all, the above is correct.
-
I think it all depends if they can figure out how to trace the server through Tor. NSA/Homeland Security might be involved if terrorists are using Tor to communicate. If so, Congress has given them unlimited resources to figure it out.
Consider this: Tor could already be compromised. They're simply not acting because they don't want
to tip their hand to the big fish. We shouldn't feel impervious.
-
As a person who is interested in cypherpunk and technology, I think SR is quite safe not because of TOR or PGP security, but because SR isn't a site but an idea.
Well said mate... two thumbs up. +10
-
As a person who is interested in cypherpunk and technology, I think SR is quite safe not because of TOR or PGP security, but because SR isn't a site but an idea.
Well said mate... two thumbs up. +10
+100
VERY well said. Tor could be compromised and NSA could be inside...but PGP and 4096 keys is what is stopping them and protecting us.
It is IMPERATIVE that we all start MANDATORY PGP usage for any illegal things....in fact for everything.
We have our BTC transactions to worry about too. Even though the actual coder has disclosed that it is truly NOT safe and NOT anonymous -
We clean and launder our BTC. I want to implement a "LOCAL LAUNDRY'
.....some of you have spoke to me about this before with distinct
interest.
I am not sure how to go about compiling a tumbling local wallet - but man would that KICK ASS. :)
comments welcome, share share :)
The physicality of Silk Road will remain anonymous. I bet you the servers are off-shore and underwater, 1 league under. lol
Keep it crypted, and keep your mouth shut. Loose lips sink ships. That goes for loose typing too.
L
-
"I am not sure how to go about compiling a tumbling local wallet - but man would that KICK ASS. :)"
+1
-
"I am not sure how to go about compiling a tumbling local wallet - but man would that KICK ASS. :)"
+1
I'm actually working on it. :) All brains welcome for contributions! we have everything portable but the ability to clean coin...
http://dkn255hz262ypmii.onion/index.php?topic=2482
L75
-
I'm sure that if a significant number of politicians and higher ups in government really got their panties up in a bunch they could crack TOR pretty quickly.
After all the original sponsorship for the entire TOR project was the US Navy Research Lab.
-
I'm sure that if a significant number of politicians and higher ups in government really got their panties up in a bunch they could crack TOR pretty quickly.
After all the original sponsorship for the entire TOR project was the US Navy Research Lab.
the entire internet was a government project remember ARPANET?
however there's no way LE can fuck with OTF encryption, 4096 PGP and biometrics.
It's how we use Tor, the internet, and our encryption that will keep us safe.
L75
-
I hate when i see wild speculation about government advances in cracking encryption that require such breakthrough's in factroization to exist and be kept from the research community. The weak link is always the human element.
-
As a person who is interested in cypherpunk and technology, I think SR is quite safe not because of TOR or PGP security, but because SR isn't a site but an idea.
+1
p.s. if the nsa wanted to crack on SR, it'd be a walk in the park for them... though the time when that will be easy may pass, then this will come: https://secure.wikimedia.org/wikipedia/en/wiki/Assassination_market
-
the weak link is always the human element.
+1
that's for damn sure.
L
-
Since discovering this place a few days ago, I've done nothing but think about it. Here are some conclusions/ideas from a weed smoker's perspective:
There hasn't been a bust related to SR yet, right? but since the place got blown open by gawker, the fucking death cancer of the internet and leading cause of brain rot in 20-somethings, LE is probably planning something.
The availability of everything from drugs to weapons to whatever is in the XXX section that I will never click on makes it a prime target
Maybe they won't go after users who are just buying personal quantities of weed. On the other hand, maybe they will lump in casual weed smokers with all the other bad stuff for propaganda purposes. We are in the same boat as some people doing things that really really piss off LE, the wrong news story could lead to a renewed fear of marijuana in the U.S. On the third hand (?), there could be a martyr story in there for poor pot users who are forced to equate themselves with pedophiles and such.
I don't know how much they actually care about the low quantity buyers, but if they go after us, that probably means they would go after every single person that has ever bought through here...50,000 users? Something on that scale would renew the war on drugs for the next 100 years, but I don't know if that's even technically and financially feasible.
yeah, those are my thoughts. Can't say I'm paranoid though, just wish I had more free time to do the leg work to set up that first buy.
-
Since discovering this place a few days ago, I've done nothing but think about it. Here are some conclusions/ideas from a weed smoker's perspective:
There hasn't been a bust related to SR yet, right? but since the place got blown open by gawker, the fucking death cancer of the internet and leading cause of brain rot in 20-somethings, LE is probably planning something.
The availability of everything from drugs to weapons to whatever is in the XXX section that I will never click on makes it a prime target
Maybe they won't go after users who are just buying personal quantities of weed. On the other hand, maybe they will lump in casual weed smokers with all the other bad stuff for propaganda purposes. We are in the same boat as some people doing things that really really piss off LE, the wrong news story could lead to a renewed fear of marijuana in the U.S. On the third hand (?), there could be a martyr story in there for poor pot users who are forced to equate themselves with pedophiles and such.
I don't know how much they actually care about the low quantity buyers, but if they go after us, that probably means they would go after every single person that has ever bought through here...50,000 users? Something on that scale would renew the war on drugs for the next 100 years, but I don't know if that's even technically and financially feasible.
yeah, those are my thoughts. Can't say I'm paranoid though, just wish I had more free time to do the leg work to set up that first buy.
shh. you're killing my high.
L75
-
hehe sorry about that. ;) also, in reading other posts, looks like I might be wrong about CP being in the XXX section?
-
hehe sorry about that. ;) also, in reading other posts, looks like I might be wrong about CP being in the XXX section?
all good :)
its ok i'm high again. lol
you are indeed incorrect about CP. Silk Road and we the peeps do not promote that shit here.
I did see "do you like your cock sucked after anal?" which may offend some. lmao.
L75
-
It would be fairly difficult to diminish the SR community. If they find the server(s), what stops the community from pulling up another backup? In that case, they might manage to find some buyers addresses which were unconfirmed and unencrypted, and all the BTC stored in the SR wallets.
The community seems strong, so unless a significant amount of people get caught, nothing is stopping people from using multiple proxies, Tor, PGP and bitcoins. There are many other communities which do what we are doing, with much less security. I know of places which operate on IRC, and people feel secure sitting behind a vhost.
Although there was some senator who was yelling about getting rid of SR, there are many reasons for LE not to. Since there is no violence involved when purchasing drugs through SR, it makes it much less of a threat to society. Have you ever wandered the streets of NY, London, Rio, Athens etc? Especially the streets where one doesn't dare to stop at a red light, because someone might break their window and rob them. Why would resources not be spent on cleaning those places up?
-
God damnit my post got eaten by the board. ANYWAYS:
It is pointless to speculate about what attacks (on tor/pgp/otr/what have you) might be discovered in the future. The more clandestine government organizations of the world do not advertise their technological capabilities. Personally I am always amused when people make ridiculous claims about how the NSA or the Secret Freemason Illuminati Cabal have a secret RSA quantum solver or super secret magical rjindael cracking machine but hey that is just me.
The organizations interested in sites like this one have shown no indication that they can defeat us through purely electronic means when we use these security tools properly. That could change at any time of course but what does it matter. When old tools are broken new ones are made.
It is all the same asymmetric encryption used in truecrypt and pgp.
Truecrypt has nothing to do with asymmetric key cryptography.
-
God damnit my post got eaten by the board. ANYWAYS:
It is pointless to speculate about what attacks (on tor/pgp/otr/what have you) might be discovered in the future. The more clandestine government organizations of the world do not advertise their technological capabilities. Personally I am always amused when people make ridiculous claims about how the NSA or the Secret Freemason Illuminati Cabal have a secret RSA quantum solver or super secret magical rjindael cracking machine but hey that is just me.
The organizations interested in sites like this one have shown no indication that they can defeat us through purely electronic means when we use these security tools properly. That could change at any time of course but what does it matter. When old tools are broken new ones are made.
It is all the same asymmetric encryption used in truecrypt and pgp.
Truecrypt has nothing to do with asymmetric key cryptography.
As I have understood how encryption works, there is no magic formula to breaking it but to randomly try different passwords until the correct one is found. With 2048 bit encryption and above, and of course long passwords with both numbers, upper and lower case characters and symbols, one would need one hell of a computer and a lot of time to get this done. So it seems impractical to do this kind of attack.
The easiest way would be to lure people into leaking information which leads to them. And we see this at least once a week here. guys wanting to sell larger quantities to sellers, and others asking for proxies - "hey I want to buy a lb from this guy but he wont ship to xx. Can I have it delivered to you so you can send it to xx?".
I get around one message a week asking for personal info, or similar questions. Journalists wanting to interview me by phone, requests to pay through Paypal, in person trades, sending me cash in the mail etc. But what's stopping us from ignoring these messages?
-
As I have understood how encryption works, there is no magic formula to breaking it but to randomly try different passwords until the correct one is found. With 2048 bit encryption and above, and of course long passwords with both numbers, upper and lower case characters and symbols, one would need one hell of a computer and a lot of time to get this done. So it seems impractical to do this kind of attack.
The easiest way would be to lure people into leaking information which leads to them. And we see this at least once a week here. guys wanting to sell larger quantities to sellers, and others asking for proxies - "hey I want to buy a lb from this guy but he wont ship to xx. Can I have it delivered to you so you can send it to xx?".
I get around one message a week asking for personal info, or similar questions. Journalists wanting to interview me by phone, requests to pay through Paypal, in person trades, sending me cash in the mail etc. But what's stopping us from ignoring these messages?
Yes brute force attacks are impractical or impossible, but algorithms can be broken with 'magic formulas.' Inventing a way to easily factor very large numbers would break RSA. A magic formula could be found tomorrow that breaks rjindael or RSA or whatever. There is no way to predict this.
That said, breaking algorithms is difficult. It's far more likely that government agencies would try to find attacks on specific software implementations that we use. No need to beat RSA (thousands of mathematicians have been trying for 30 years now already) if you can find a flaw in GPG that lets you retrieve the plaintext with ease. No need to break any of the cryptography in tor if you can find an flaw that lets you find out users' true IP addresses with ease.
And yes the weakest link in all this is ourselves. As I said they cannot (or will not) beat us yet in the electronic realm so they rely largely on social engineering to obtain information and our dependence on the mail system to catch us in the act.
-
Truecrypt has nothing to do with asymmetric key cryptography.
yup, my fault. I was too excited writing a flameable post to mix two not really identical definitions. Though I hope you got the point. Both use practically unbreakable algorithms. It all relays on mathematical dilemma, so scientists are supposed to break it, not LE.
By the way, any scenarios of LE catching down buyers? As far as I understand there is no evidence of actual trading. BTC is too slippery to prove it really was payed to the seller for goods. Lawyer's word needed.
-
As I have understood how encryption works, there is no magic formula to breaking it but to randomly try different passwords until the correct one is found. With 2048 bit encryption and above, and of course long passwords with both numbers, upper and lower case characters and symbols, one would need one hell of a computer and a lot of time to get this done. So it seems impractical to do this kind of attack.
[/quote]
well, they're all forms of protection involving some form of cryptography.
As of 2010, the largest (known) number factored by a general-purpose factoring algorithm was 768 bits long (see RSA-768), using a state-of-the-art distributed implementation. RSA keys are typically 1024–2048 bits long. Some experts believe that 1024-bit keys may become breakable in the near future (though this is disputed); few see any way that 4096-bit keys could be broken in the foreseeable future.
use 4096 and change it. fucking tangle shit up for LE like a nest.
i have a post on rotating biometrics and one on a WIP local tumbling wallet.
i pray i get this finished for the whole bitcoin world.
the people are gaining more power now, not uncle sammy so solly
L75
-
My TOR hidden node is on a flash drive. I make a clone of it every few weeks and geocache it (Check out the Lexar Echo ZX!). Same thing with my BTC and passwords, etc. All under multiple levels of encryption. I have no reason to think I'm being watched, etc. But I'm prepared. I'm nobody, but that might change. The time to close the barn door is not AFTER the horses get out...
Couldn't SR be re-propagated the same way? Oh noes, they busted the server! Plug in a new flash drive on the other side of the planet, boom, SR is back! Taking down the site is pointless. I'm sure the machine has been traffic analysed already. They know it's an idea, not a thing. The same applies to the goods sold here... They will attack it the same way, create fear. When you look at how LE operates, that's all they ever do, it's all they can do. Create fear of what will be done to you if you don't obey. There is no chance they can ever take down SR, they can only make you afraid to use it. Just like weed, or meth, or... SR takes away one more tool; the ability to 'make a deal if you rat out your supplier.' You don't know the supplier, so you can't do it even if you wanted to. So, the only tool they have is fear. You decide if you're going to succumb to it or not. Period. That's it. I expect to see them perform a synchronized bust of everyone who has bought from an LE vendor on SR. It's the only thing they can do. Is the risk of being one of those people larger or smaller than in conventional face-to-face deals? I say smaller. No money, no face-to-face... There are so many elements missing that are usually used in prosecution. How does it tie together? Oh, that tracking number, USPS delivery confirmation. Don't do business with any vendor who uses tracking numbers. How else do they prove you actually got it? Oh, your feedback... Word it carefully. It is easy to make their job very hard to do on the prosecution side when using SR. You just can't be a chicken that confesses. They have to be able to prove that you GOT the package they sent. They have to prove they sent you contraband. They have to prove that you paid for it (well, it helps them if they can, possession is still illegal if you paid for it or not). How good does this look for them? When has Government ever been organised enough to pull that off in one synchronised action across the whole country, which they would have to do to make a real press statement out of it? Make a double-edged sword of it by using your brain! Make it hard for them, cover your ass. While dirtbag buyers have caused some vendors to insist on tracking, this is how LE would prove you received it. So don't use tracking. SR is, hopefully, working on a way to track dirtbag buyers.
I see LE having only one option. They'll sell to and keep track of the users they do business with themselves. This will be but a fraction, but enough to run a 'bust' on all of them simultaneously and make a media scene out of it. I don't see them having a chance to do it any other way, and even this is a stretch for them. If you aren't a pussy too afraid to fight their charges, you'll be fine. When they try to spring this trap, having it turn out as a colossal failure when they can't make charges stick, will be SR's redemption and final test of success as a model of business and freedom.
The down side is that, as in any other method of selling contraband, the persons involved tend not to be educated on their rights and how to exercise them. If you already screwed up, by the time the charges come, there is nothing you can do. Being dumb as a rock has it's cons.... If you are dumb as a rock and you know it, do something about it.
I've already identified a couple of well-entrenched vendors that have made statements I would consider giveaways of being LE.
Misrepresentation of encryption technologies; stating that they don't work in a certain way to discourage the use of encryption... Bigtime red flag. I'll never buy from a vendor that does this.
Insisting on a tracking number/delivery confirmation. I'll never buy from a vendor that does this. That one is a double-edged sword, as I will be a vendor soon myself. I know both parties are suspicious and they want to know what's going on. The temptation and practicality are hard to hold back. Curiosity killed the cat. A tracking number or delivery confirmation number are the only practical way LE has of saying to a judge "yup, he got the stuff, here's the proof!" They could also phone up local LEs to watch every address where a teener of pot is being sent... And this isn't too far-fetched as the point isn't to bust you for a 1/16th, but to bust 4000 all at once to make a big show and instil fear in the use of SR. It's the only viable course they could take. So be prepared for it and don't screw up in advance... The name on the package doesn't matter if; it was sent to your address, they can prove it was received, and you are in possession of it. Admit to nothing, it won't help you. You can't make a plea deal to rat out your supplier, because you don't know who he is! Exercise your right to remain silent, there is absolutely nothing you can say that will help you, every word will screw you more. Shut your damn mouth!
-
...
There hasn't been a bust related to SR yet, right? but since the place got blown open by gawker, the fucking death cancer of the internet and leading cause of brain rot in 20-somethings, LE is probably planning something.
...
I'm sure that LE was aware of SR even before the "Gawker expose." And if SR goes down tomorrow the sellers and buyers will just reconnect via some other means. Or they'll just move to another board, like OVDB or Farmer's Market. The concept of selling banned substances over the Internet, which has been going on for years, has now gained a much wider audience.
I can't see how LE could set up a seller's account on SR and actually send out real narcotics, with the goal of harvesting addresses and then going to those addresses to arrest people. It would be bad publicity for someone to say "Yeah, I bought some weed from the DEA, and it was pretty good stuff." I'm worried for those buyers who say they ordered something from a seller and got bogus product, because that kind of thing would work. There's buyer intent and no actual illegal substance sent.
Same thing for those sellers who keep listing stuff that's really in demand and never sending out orders -- there's another case where the seller has a list of names and addresses along with follow up emails asking, in effect, "Where's the illegal narcotics I ordered?"
Sales over the Internet are a fairly new way to do business that won't go away, but we're going to have to learn better ways of staying safe.
-
I can't see how LE could set up a seller's account on SR and actually send out real narcotics, with the goal of harvesting addresses and then going to those addresses to arrest people. It would be bad publicity for someone to say "Yeah, I bought some weed from the DEA, and it was pretty good stuff."
Not directly. LE obtains a lot of information in illegal fashions which it cannot use directly to prosecute. BUT, they use that information to set up a separate case.
They may not be able to use an address obtained from selling Cocaine to someone in a case against said person for publicity reasons.
But, they could still use it, and they definitely WILL use it to watch and set up surveillance and pile together something unrelated to their ill-gotten information.
They will make no reference to the REAL initial contact in their prosecution, but will create a viable excuse for the surveillance that no one can prove wrong and any further data or evidence gathered.
SR could be used as a focal-point gathering mechanism, as such. Buy from a Fake SR Vendor who is really LE? Get watched until they can build a case unrelated to SR or the fact that SR is where they got your name and address...
I venture to say that this is being done as we speak. But that so few SR Vendors are Fakes, they will nab only the dumbest and most careless. As with all else LE does...
At $150/Seller Account, and under 200 accounts... That's not much of a budget! Every SR Vendor could be LE. Hell, maybe SR was set up BY the LE?!!?!?! A po-dunk Police Department spends orders of magnitude more than that just on gas for one Police Car....
Teh Paranoidz, dey haz meeee!
...but it is entirely possible... Even feasible. Hell, probable...