Silk Road forums
Support => Feature requests => Topic started by: bozangles on January 17, 2012, 07:04 pm
-
So, it's not like we have enough passwords for SR already but this has been on my mind for a while. For some background info see here:
https://en.wikipedia.org/wiki/Duress_code
A panic password or duress code is a special password pre-set to be used only in the event that the user is forced to enter or divulge their password. Accessing the site with the panic password logs the user in as normal but with the following side effects ("delete fucking everything!"):
- all pending transactions are cancelled
- all in transit orders auto-finalize
- all messages are deleted
- optionally all BTC are sent to the user's off-site wallet
- for vendors all active listings are deleted
- the panic password is installed as the main login password for the account
The idea is to give the user a way to covertly delete as much evidence as possible in an inconspicuous manner.
I'm sure there's more suggestions others can add but I think this might make a useful feature to help keep folks safe...
Bo
-
that would be a great idea for a home computer also. Maybe have the password activate formatting the drive.
-
+1 for that idea.
-
As a buyer, I'd hate to have that bomb hanging around my neck, may be useful for vendors though. Maybe some vendors will give feedback to the idea. However, I really HOPE no vendor is even suspected of using SR. Theyd have to be blabbing, or part of an already existing hi-tech investigation, where the login info wouldnt be needed as further evidence. Spoliation of evidence charges would be added instead.
They have programs like that for PCs,but I find it very easy to 'misplace' certain forms of media, media that can contain all sensitive info in an encrypted fashion.
Even if you do keep your clients on your PC harddrive, and keep SR bookmarked (which I could never recommend), the type of LE that puts a gun to your head and forces you to divulge your log-in info, will classify ownership of a SR account alone as guilt to at least a dozen collectively serious charges they will pursue if they can't attach specific transactions to said account.'Street value' exist in law enforcement for that reason,they dont need dollar numbers.Especially since the presumption of innocence went from 'innocent until proven guilty' to 'not guilty until proven not guilty'
As soon as you acknowledge owning a SR account, they'll charge you with whatever dozens of extra charges they can, and rubbing it in their faces by having a cleared out account would just guarantee those additional charges. At least where I live. And whatever evidence tipped them that you had an SR account would already outweigh whatever else they could get.
Tip to any vendors; if you ever run into trouble, don't tell them how and where you ran your business from. All you will gain yourself is a much larger punishment (unlawful use of communications device, unlawful use of internet,mail fraud, terrorism ,lifetime banishment from internet,defiling federal institution,maintaining a common nuisance, distribution and possession in enhanced penalty zones (its assumed by the court that mail trucks drive through EP zones multiple times a day), and the BS charges will keep adding and adding) Stealth packages can also earn severe reprimands under many different charges for there intentions. I hope SR vendors know how important it is to keep SR a complete secret.
-
that would be a great idea for a home computer also.
This is possible with bit of effort now if you use a real OS :-)
Maybe have the password activate formatting the drive.
Better to restore a "clean" image and scrub unused blocks on the drive but realistically if brown stuff met twirly thing in a real life situation you probably aren't going to have time for either to do their job properly and then you're looking at charges for destroying evidence or attempting to defeat the ends of justice.
For local systems it really is better to use external media and cryptography/steganography to hide everything in a way that it can be immediately hidden when needed. A USB key with a plausibly deniable TrueCrypt setup is a popular way to do that.
-
As a buyer, I'd hate to have that bomb hanging around my neck, may be useful for vendors though.
I'd expect it to be optional. Don't want one, don't set one.. but I'm curious, what's the worry? That you'd enter it by accident and trash everything or that someone else would get it and use it to fuck your account up?
Maybe some vendors will give feedback to the idea. However, I really HOPE no vendor is even suspected of using SR. Theyd have to be blabbing, or part of an already existing hi-tech investigation, where the login info wouldnt be needed as further evidence. Spoliation of evidence charges would be added instead.
If the system reveals in any way to the user who enters the password that it has been used it's completely broken. That's the point of installing it as the main password afterwards. It's also very much a weapon of last resort if for e.g. someone busts in your door and catches you red handed.
They have programs like that for PCs,but I find it very easy to 'misplace' certain forms of media, media that can contain all sensitive info in an encrypted fashion.
This is for the site not your own system - although you can do it erasing any local media this way would probably be a bad idea in the event of problems. Better to have it well hidden beforehand.
Even if you do keep your clients on your PC harddrive, and keep SR bookmarked (which I could never recommend)
That would be very dumb. I hope most sellers and buyers understand why not to do this.
the type of LE that puts a gun to your head and forces you to divulge your log-in info, will classify ownership of a SR account alone as guilt to at least a dozen collectively serious charges they will pursue if they can't attach specific transactions to said account.'Street value' exist in law enforcement for that reason,they dont need dollar numbers.Especially since the presumption of innocence went from 'innocent until proven guilty' to 'not guilty until proven not guilty'
As soon as you acknowledge owning a SR account, they'll charge you with whatever dozens of extra charges they can, and rubbing it in their faces by having a cleared out account would just guarantee those additional charges. At least where I live. And whatever evidence tipped them that you had an SR account would already outweigh whatever else they could get.
They'll probably try it on but this is something for your lawyer to deal with and they may not need to use a gun - some countries make it a crime to refuse to give up a password or private key on demand (the UK for example - up to two years in jail). I'm kinda assuming that if someone got to the point of needing this feature that they're already into damage limitation territory..
There also could be some folk unlucky to be pressured by people who are not LE who might want this ability..
Tip to any vendors; if you ever run into trouble, don't tell them how and where you ran your business from. All you will gain yourself is a much larger punishment (unlawful use of communications device, unlawful use of internet,mail fraud, terrorism ,lifetime banishment from internet,defiling federal institution,maintaining a common nuisance, distribution and possession in enhanced penalty zones (its assumed by the court that mail trucks drive through EP zones multiple times a day), and the BS charges will keep adding and adding) Stealth packages can also earn severe reprimands under many different charges for there intentions. I hope SR vendors know how important it is to keep SR a complete secret.
Shorter tip: don't talk. Period. Get a decent lawyer first and go from there.
-
I like this idea. LE asks for your SR password. Sure buddy, here you go.
Edit: You should never admit to using SR, but if they show you proof and ask you to log in...