Silk Road forums

Discussion => Security => Topic started by: acurlenamu on August 31, 2011, 02:53 am

Title: Transfering bitcoins to SR anonymously
Post by: acurlenamu on August 31, 2011, 02:53 am
I've been reading through the SR forums and elsewhere trying to figure out the best way to get bitcoins into my SR wallet without it being traceable.  I'm concerned because the money I sent to a bitcoin exchanger is traceable back to me.  So far, the advice has been to do a series of transfers that look something like:

BitCoin Exchanger -> Wallet#1 -> Wallet#2 -> Wallet#3 -> SR

And if you use the bitcoin client as each intermediate wallets, you can delete wallets 2 and 3 when you're done, making things tough to track down.

However, a lot of sources say that *all* bitcoin transactions can be publicly viewed, so that anyone can see where some specific bitcoins started.  If this is the case, then doing the above won't work, because you could just follow the coins to their final destination.

I hear about sites where you can transfer in some bitcoins and withdraw different ones of the same value, thus making it untraceable, but I haven't found any reputable looking ones.

Also, I hear that SR tumbles the bitcoins itself, so it's not necessary to do it elsewhere.  Is that correct?

All in all, this is pretty confusing.  I'd really appreciate it if anyone could give me any advice about this!  :)
Title: Re: Transfering bitcoins to SR anonymously
Post by: Rush Limbo on September 01, 2011, 01:28 am
The way money travels is:

Dwolla => MTGox => SL

or

Dwolla => MTGox => Wallet1...N => SL

The first way is silly. It identifies you, as a exchange user, sending money to SL.

The second way is the way to go. Because how is in control of wallet 1 through N is the question. So, if you send the money through your bitcoin client (that happens to be installed on an encrypted disk using TrueCrypt, right? right!?!?!) then nobody can prove WHO was in control of the coins once they left your exchange account (you can say "Hey, I paid a dude for roses! I didn't know he would use the money to get drugz!!!"). If you prefer not to use your local bitcoin client as a pitstop for the coinz you plan on getting contraband with, then I recommend going through InstaWallet, and going there using Tor. Again, the idea is to break the chain of custody of the coins.

Tumblers are a joke in my opinion. Intermediate anonymous wallets are the way to go me thinks.

Remember, they will have to prove who purchased stuff. If they can't prove you controlled the money, well then...
Title: Re: Transfering bitcoins to SR anonymously
Post by: Rush Limbo on September 01, 2011, 01:37 am
One thing about tumblers. SL already does it for you, so there's no proof what YOUR coins bought :)
The paid coin tumblers are useless in my opinion.
Title: Re: Transfering bitcoins to SR anonymously
Post by: EnterTheMatrix on September 01, 2011, 03:11 am
I'm sure as we progress with the bitcoin currency system, things will become more secure for users.

Rush, you have some great advice there for new users. Thanks for sharing.
Title: Re: Transfering bitcoins to SR anonymously
Post by: acurlenamu on September 01, 2011, 04:28 pm
Okay, I think I've got it figured out.  Basically I'm doing the way I said, and not worrying about tumbling because SR already does that.  I think it's pretty safe to say that no one can tie my bitcoins to me at this point:

I send them through several intermediate wallets which are running on linux virtual machines, all of which are connecting via tor and using a different identity.  When I'm done with the transfer, I securely delete the virtual machines so that the only trace of them left is in the bitcoin blocks, but no way of knowing they were run on my computer.
Title: Re: Transfering bitcoins to SR anonymously
Post by: Kurt Cobain on September 01, 2011, 08:15 pm

I send them through several intermediate wallets

What kind of wallets are these? It sounds like you are not using the usual client? Because as far as i got it, tor gives a browser-connection anonymity, but the client is a programm !? confused...
Title: Re: Transfering bitcoins to SR anonymously
Post by: Kurt Cobain on September 01, 2011, 08:18 pm


(that happens to be installed on an encrypted disk using TrueCrypt, right? right!?!?!)

Could you please explain, why this has to be done? Sry.. I really don`t know..
Title: Re: Transfering bitcoins to SR anonymously
Post by: acurlenamu on September 01, 2011, 08:27 pm
What kind of wallets are these? It sounds like you are not using the usual client? Because as far as i got it, tor gives a browser-connection anonymity, but the client is a programm !? confused...
It is just the usual bitcoin client.  You tell it to connect via a socks proxy server, and point it to the ip address of your Tor client.  The easiest way to do this is to download an run the Tor Browser bundle, and then in Bitcoin use 127.0.0.1:9050 as the ip address of the proxy.

Could you please explain, why this has to be done? Sry.. I really don`t know..
The main reason is that it makes it harder for someone to steal your bitcoins.  If someone got access to your hard drive, they'd need your truecrypt password to get at your wallet and steal your BTC.  There are Windows worms that look for bitcoins, so this could be important! 

Also, your wallet stores your transaction history, so someone (like LE) could conceivably figure out you were transferring coins to SR if you made a transaction that led specifically to it.  But that's why you transfer between several one-time intermediate wallets, and delete them when you're done.
Title: Re: Transfering bitcoins to SR anonymously
Post by: Kurt Cobain on September 01, 2011, 08:49 pm
well, this was new to me.

thx for your advice.

peace!
Title: Re: Transfering bitcoins to SR anonymously
Post by: Kurt Cobain on September 01, 2011, 08:52 pm
.  But that's why you transfer between several one-time intermediate wallets, and delete them when you're done.

Ok, and these wallets are just the usual ones, which you can create inside your client, right?
Title: Re: Transfering bitcoins to SR anonymously
Post by: Kurt Cobain on September 01, 2011, 08:55 pm
I think you have already answered this question. sry.
Title: Re: Transfering bitcoins to SR anonymously
Post by: 46&2 on September 02, 2011, 01:58 am
so the sr wallet, as a receiving address, can be identified?
how?
by who?
are all transactions that go in and out of sr wallets looked at?
is an attack on the bitcoin chain a way to see where the coins are coming and going? "trace"?
i can see the transfers on the bitcoin chart website. i can see all the address', but i cannot see ip address'.
i think the time to worry about your sr wallet is when(knock on wood) sr is down and it stays down for days that turn into weeks, then months, then there is a story published about how the website to buy drugs was taken down.
don't get me wrong, i love sr. it stands for freedom that our slave-masters would not like us to have.
being paranoid about your bitcoin movements is good. use the multi-wallet transfers and mixers. the more work to trace your coins, the better.
Title: Re: Transfering bitcoins to SR anonymously
Post by: Gall Anonim on September 02, 2011, 02:35 am
so the sr wallet, as a receiving address, can be identified?
how?
by who?
are all transactions that go in and out of sr wallets looked at?
is an attack on the bitcoin chain a way to see where the coins are coming and going? "trace"?
i can see the transfers on the bitcoin chart website. i can see all the address', but i cannot see ip address'.
i think the time to worry about your sr wallet is when(knock on wood) sr is down and it stays down for days that turn into weeks, then months, then there is a story published about how the website to buy drugs was taken down.
don't get me wrong, i love sr. it stands for freedom that our slave-masters would not like us to have.
being paranoid about your bitcoin movements is good. use the multi-wallet transfers and mixers. the more work to trace your coins, the better.

as Rush mentioned, the idea is to break the chain of custody of the coins. Where coins go is recorded in the blocks and is a public information. who is in control of the wallet is what you want to hide. so you can either go through InstaWallet+TOR which makes it impossible for LE to prove YOU send the money from InstaWallet to SL.

The idea behind TrueCrypt'ing your entire disk, is this: You get shit shipped to you. LE intercepts. LE does controlled delivery. LE raids your house and finds a laptop*. Remember, LE has to prove in court of law that YOU control the money and YOU purchased the stuff (again, transactions are public, so the fact that a transfer between a wallet and your SL wallet  is public knowledge). If you're disk is encrypted, then they can't prove shit BECAUSE unless they decrypt it, they cannot prove that the SOURCE wallet sits on YOUR computer. Oh btw, you do not have to tell them your password (they will try to get it out of you through social engineering and fear tactics, DO NOT OPEN YOUR MOUTH), good old 5th Amendment protects you.

Another thing you can use to strengthen your security is to use a password keeper on an encrypted volume. I use KeePass v2 on Windows 7 (my KeePass database is encrypted, AND it resides on a disk encrypted with TrueCrypt) and I have a backup copy of the password file and the KeePass software on my IronKey USB drive. I also have a TOR Browser Bundle on the same USB Key. This way ALL my information is AES-256bit encrypted. The only way LE can get to it is if I willingly tell them the password.

Also, you can store your BitCoin wallet on your IronKey USB drive. Bitcoin client can be started with a parameter that points to its data directory.

* YOU should never walk away from a laptop you're doing this on and leave it unlocked. Recently LE's used infrared camera and staged a fake package delivery to get a child predator off of his computer for a second, then they raided the house. Computer was unlocked, and they were able to gather evidence. NEVER leave your computer unattended if you're logged into SR etc.
Title: Re: Transfering bitcoins to SR anonymously
Post by: Kurt Cobain on September 07, 2011, 07:58 pm


 you can delete wallets 2 and 3 when you're done, making things tough to track down.



How do you do this? I don`t find any any button?

thx
Title: Re: Transfering bitcoins to SR anonymously
Post by: myolddutch on September 07, 2011, 08:29 pm


 you can delete wallets 2 and 3 when you're done, making things tough to track down.



How do you do this? I don`t find any any button?

thx


What he means is he has several different complete versions of Bitcoin running at the same time, and he transfers coins through each of them before they go into SR.

Then when the coins have hopped across his separate Bitcoin wallets and into SR, he deletes all of these several Bitcoin softwares. So there's no button to delete a wallet from inside the software - all you need to do is remove the software itself (specifically, it's the file called 'wallet.dat' that you need to remove).

The only problem with this is that each time you wanted to transfer coins into SR, you'd need to start new wallets, and it takes time to download the blocks before you can use them (especially through TOR I'd imagine). But that's a small price to pay for good anonymity. Just start them off 48H before you need to make the transfer I suppose.

Title: Re: Transfering bitcoins to SR anonymously
Post by: 46&2 on September 08, 2011, 02:23 am
so the movement of coins should be done through tor using online wallets only?
having a wallet on your pc can reveal you? so, encryption of your entire pc is best?
is there a way to get coins using tor through the whole process?
 
Title: Re: Transfering bitcoins to SR anonymously
Post by: invisibleman_007 on September 08, 2011, 02:57 am
so the movement of coins should be done through tor using online wallets only?
having a wallet on your pc can reveal you?

^^^  This.  so what is the purpose of having bitcoin software on your computer if someone chooses to use an online wallet?  I installed this software: http://bitcoin.org/  But after reading several, (many?) posts it would seem the best way would be purchase the bitcoins and have them sent to online wallet then SR.  Leaving your computer out of the loop.  (out of the loop as long as you're using Tor to purchase your bitcoins)

Would it be a good idea to just delete the bitcoin.org software, since I'm not going to use the"wallet" service associated with it?

(sorry for the thread jack, figured since it was being discussed I'd ask here)
Title: Re: Transfering bitcoins to SR anonymously
Post by: Looker on September 08, 2011, 04:50 am
I think the thing that is being overlooked here is that (and correct me if I am wrong) when you send btc from mtgox you are not sending them to 'Silk Road' you are sending them to an address, and the address you are sending them to changes each time you load the account page so there isn't anything showing a pattern on the other end.

This is going from mtgox to SR, I imagine the same is also true from buyer to seller, none of your personal info in any way is tied to the bitcoins which is partially why SR uses it. The user can be quite foolish/careless and even without pub/private key pairs there is still no clear chain of custody from your bank account to the seller. Think of it this way:

Bank account -> MtGox

Assuming both are in clearnet and you are not using Tor to access them once the USD hits MtGox and you buy btc there is a record of you buying the btc in some way, and then your account having btc of some sort.

MtGox -> Silk Road

This is where the break in the chain of custody is from this point forward you sent a virtual currency to an address, that will not be used again, and does not contain metadata (i.e. info about the owner of that destination)

Buyer -> Seller

Now because we have an escrow system you actually 'pay' Silk Road, again since this is btc nothing identifies the destination owners information it's simply an address. Now once escrow payout occurs it becomes Silk Road that is paying the Seller, not the buyer, this is additionally key for purposes in US courts that makes a silk road purchase extremely hard to prove because this here breaks chain of custody even if everything else they had proof of, the way many US laws are written they have to effectively demonstrate that you had a transaction with an individual for illegal goods for a sum of money. In order to prove this they have to have some evidence of you providing the seller currency. Which isn't possible because 1 you aren't paying the seller, Silk Road is and 2 when you exchange btc there is no identifying information on the destination.


Bearing all of this in mind do I encrypt my address? Absolutely, but there is another way of anonyminity that consists of making sure that your SR packages, and online behavior in the clear shows standard patterns that are not suspicious. And always remember you use mtgox to learn how to daytrade with bitcoins so you can better understand how real stock trading works and you buy stuff online regularly in general.

My postal delivery woman a while back noticed I recieved LP's and so at one point I had a seller send something in an LP carrier with a crap record they got at the local salvation army and ship a decent quantity of product in it quite easily, When she dropped it off (the LP having come from germany) I told her, 'Oh wow this is great, it's an autographed LP I have been waiting for!' since she knew I recieved them regularly there was absolutely no suspicion of anything illicit.

It's all about illusion and how you are able to blend in your behaviors with normal patterns that people don't think twice about.
Title: Re: Transfering bitcoins to SR anonymously
Post by: superman on September 08, 2011, 08:10 am
so the sr wallet, as a receiving address, can be identified?
how?
by who?
are all transactions that go in and out of sr wallets looked at?
is an attack on the bitcoin chain a way to see where the coins are coming and going? "trace"?
i can see the transfers on the bitcoin chart website. i can see all the address', but i cannot see ip address'.
i think the time to worry about your sr wallet is when(knock on wood) sr is down and it stays down for days that turn into weeks, then months, then there is a story published about how the website to buy drugs was taken down.
don't get me wrong, i love sr. it stands for freedom that our slave-masters would not like us to have.
being paranoid about your bitcoin movements is good. use the multi-wallet transfers and mixers. the more work to trace your coins, the better.

as Rush mentioned, the idea is to break the chain of custody of the coins. Where coins go is recorded in the blocks and is a public information. who is in control of the wallet is what you want to hide. so you can either go through InstaWallet+TOR which makes it impossible for LE to prove YOU send the money from InstaWallet to SL.

The idea behind TrueCrypt'ing your entire disk, is this: You get shit shipped to you. LE intercepts. LE does controlled delivery. LE raids your house and finds a laptop*. Remember, LE has to prove in court of law that YOU control the money and YOU purchased the stuff (again, transactions are public, so the fact that a transfer between a wallet and your SL wallet  is public knowledge). If you're disk is encrypted, then they can't prove shit BECAUSE unless they decrypt it, they cannot prove that the SOURCE wallet sits on YOUR computer. Oh btw, you do not have to tell them your password (they will try to get it out of you through social engineering and fear tactics, DO NOT OPEN YOUR MOUTH), good old 5th Amendment protects you.

Another thing you can use to strengthen your security is to use a password keeper on an encrypted volume. I use KeePass v2 on Windows 7 (my KeePass database is encrypted, AND it resides on a disk encrypted with TrueCrypt) and I have a backup copy of the password file and the KeePass software on my IronKey USB drive. I also have a TOR Browser Bundle on the same USB Key. This way ALL my information is AES-256bit encrypted. The only way LE can get to it is if I willingly tell them the password.

Also, you can store your BitCoin wallet on your IronKey USB drive. Bitcoin client can be started with a parameter that points to its data directory.

* YOU should never walk away from a laptop you're doing this on and leave it unlocked. Recently LE's used infrared camera and staged a fake package delivery to get a child predator off of his computer for a second, then they raided the house. Computer was unlocked, and they were able to gather evidence. NEVER leave your computer unattended if you're logged into SR etc.

awesome response. 2 questions  swim has is  1 if your laptop is confecated. and its not encrypted on a controlled d. you used an insta wallet+ tor so no problem can they see all the other files and possibly illegal software dl's and file new charges based on that?
2 so your saying the ip info isnt recorded they just need to find your wallet dat to confirmn the transfer? if someone has made 1 transfer from exchange > bitcoin wallet> SR does this compormise any future transactions for that wallet?

its late that might not make sense if it does please help!! thanks again
Title: Re: Transfering bitcoins to SR anonymously
Post by: Kurt Cobain on September 08, 2011, 10:22 am
Thx for your reply.

Somebody else here told me, that you can also do it the same way with using instawallet.org. Doing it this way, it might be a little bit more easy. What do you think?
Title: Re: Transfering bitcoins to SR anonymously
Post by: 46&2 on September 09, 2011, 01:19 am
I think the thing that is being overlooked here is that (and correct me if I am wrong) when you send btc from mtgox you are not sending them to 'Silk Road' you are sending them to an address, and the address you are sending them to changes each time you load the account page so there isn't anything showing a pattern on the other end.

This is going from mtgox to SR, I imagine the same is also true from buyer to seller, none of your personal info in any way is tied to the bitcoins which is partially why SR uses it. The user can be quite foolish/careless and even without pub/private key pairs there is still no clear chain of custody from your bank account to the seller. Think of it this way:

Bank account -> MtGox

Assuming both are in clearnet and you are not using Tor to access them once the USD hits MtGox and you buy btc there is a record of you buying the btc in some way, and then your account having btc of some sort.

MtGox -> Silk Road

This is where the break in the chain of custody is from this point forward you sent a virtual currency to an address, that will not be used again, and does not contain metadata (i.e. info about the owner of that destination)

Buyer -> Seller

Now because we have an escrow system you actually 'pay' Silk Road, again since this is btc nothing identifies the destination owners information it's simply an address. Now once escrow payout occurs it becomes Silk Road that is paying the Seller, not the buyer, this is additionally key for purposes in US courts that makes a silk road purchase extremely hard to prove because this here breaks chain of custody even if everything else they had proof of, the way many US laws are written they have to effectively demonstrate that you had a transaction with an individual for illegal goods for a sum of money. In order to prove this they have to have some evidence of you providing the seller currency. Which isn't possible because 1 you aren't paying the seller, Silk Road is and 2 when you exchange btc there is no identifying information on the destination.


Bearing all of this in mind do I encrypt my address? Absolutely, but there is another way of anonyminity that consists of making sure that your SR packages, and online behavior in the clear shows standard patterns that are not suspicious. And always remember you use mtgox to learn how to daytrade with bitcoins so you can better understand how real stock trading works and you buy stuff online regularly in general.

My postal delivery woman a while back noticed I recieved LP's and so at one point I had a seller send something in an LP carrier with a crap record they got at the local salvation army and ship a decent quantity of product in it quite easily, When she dropped it off (the LP having come from germany) I told her, 'Oh wow this is great, it's an autographed LP I have been waiting for!' since she knew I recieved them regularly there was absolutely no suspicion of anything illicit.

It's all about illusion and how you are able to blend in your behaviors with normal patterns that people don't think twice about.

thanks for your input. it calms my paranoia a little to speculate on these topics. i have spent a LOT of time pouring through the threads in the forum to get a good grasp on the best techniques to not leave a lot of digital fingerprints and i hope i have done a good enough job so far(knock on wood).

Title: Re: Transfering bitcoins to SR anonymously
Post by: EnterTheMatrix on September 10, 2011, 05:39 pm
I think the thing that is being overlooked here is that (and correct me if I am wrong) when you send btc from mtgox you are not sending them to 'Silk Road' you are sending them to an address, and the address you are sending them to changes each time you load the account page so there isn't anything showing a pattern on the other end.

This is going from mtgox to SR, I imagine the same is also true from buyer to seller, none of your personal info in any way is tied to the bitcoins which is partially why SR uses it. The user can be quite foolish/careless and even without pub/private key pairs there is still no clear chain of custody from your bank account to the seller. Think of it this way:

Bank account -> MtGox

Assuming both are in clearnet and you are not using Tor to access them once the USD hits MtGox and you buy btc there is a record of you buying the btc in some way, and then your account having btc of some sort.

MtGox -> Silk Road

This is where the break in the chain of custody is from this point forward you sent a virtual currency to an address, that will not be used again, and does not contain metadata (i.e. info about the owner of that destination)

Buyer -> Seller

Now because we have an escrow system you actually 'pay' Silk Road, again since this is btc nothing identifies the destination owners information it's simply an address. Now once escrow payout occurs it becomes Silk Road that is paying the Seller, not the buyer, this is additionally key for purposes in US courts that makes a silk road purchase extremely hard to prove because this here breaks chain of custody even if everything else they had proof of, the way many US laws are written they have to effectively demonstrate that you had a transaction with an individual for illegal goods for a sum of money. In order to prove this they have to have some evidence of you providing the seller currency. Which isn't possible because 1 you aren't paying the seller, Silk Road is and 2 when you exchange btc there is no identifying information on the destination.


Bearing all of this in mind do I encrypt my address? Absolutely, but there is another way of anonyminity that consists of making sure that your SR packages, and online behavior in the clear shows standard patterns that are not suspicious. And always remember you use mtgox to learn how to daytrade with bitcoins so you can better understand how real stock trading works and you buy stuff online regularly in general.

My postal delivery woman a while back noticed I recieved LP's and so at one point I had a seller send something in an LP carrier with a crap record they got at the local salvation army and ship a decent quantity of product in it quite easily, When she dropped it off (the LP having come from germany) I told her, 'Oh wow this is great, it's an autographed LP I have been waiting for!' since she knew I recieved them regularly there was absolutely no suspicion of anything illicit.

It's all about illusion and how you are able to blend in your behaviors with normal patterns that people don't think twice about.

+1 FANTASTIC post! This should be posted in the FAQ, you explain each process in such a clear and well thought out way.