Silk Road forums

Discussion => Security => Topic started by: ismysecsufficient on May 04, 2012, 04:02 pm

Title: another "is my itsec ok" thread
Post by: ismysecsufficient on May 04, 2012, 04:02 pm
First of all, I'm sorry if this has answered at legth before elswhere. This is another "is my itsec ok" thread. Sorry it's got so long. Used Throwaway acct 4 security.

#tor
Ok so I made first mistake - access SR through Tor Browser bundle, wisened up.
I'm on a Mac. Got TAILS to work (don't tell me liberte is better I can't get it to work). Have 0 purchases, so gonna nuke my hd before, run TAILS now.
TAILS has not the new tor security fix - concerns?

#gpg/pgp
Don't worry, I figured asymmetrical keys out. But, problems: I do have to physically store my keys (mine, vendors'), as I'm struggling w/ encryption via TAILS, I'm honestly too dumb to activate truecrypt w/ TAILS!! So i just keep my USB key holding the keys well hidden (just like my stash, can't encrypt your stash LOL). Suggestions for discrete key servers or better using keys w/ TAILS, does that exist?
Plus pgp will only go so far…protect you from SR gone "bad" not vendors addy harvesting… it's just another layer of sec and peace of mind. Right?

# MAC address spoofing
no idea - let the flame wars begin :.-( I order via home wifi or some friends ethernet when there - maybe someone explain AGAIN in noob lingo why not do dis?

# getting physical mail deliverd
= real (maybe mine maybe not mine) name, real address, (Mop n Pop P.O. box unavailable), anyboy can send anything to anybody to set them up. You know the deal. Not a seller.

# RL
IRL I'm not a known druggie, dont deal etc. Not having had to deal w/ cops ever. would be genuinely horrified upon bust. Of course I try my best so nothing case-related will get out of my mouth, FUCK my life is at stake so i'll play accordingly!!!! The enemy will not be helped (I know easy said, not easily done).

#getting btc
greatest problem: i have only a semi-anon route (don't purchase them direcly, more deatils would be security risk). Dedicated FININT would easily track that i acquired some, but I guess I'm WAYYYY too small.

#country
I AM NOT IN THE USA! so no DEA etc. (?) no more detail for security so please dont recommend moneypak vendors (what IS that anyway).

#SR
I have lurked a bit and over the last month or so, seen the tone here got more hostile due to all these busts. I'd like to help SR be safer but noobishness doesn't help.
My thoughts on security so far are, you can beef up IT sec beyond any normal persons or low level LE's comprehension.
Still someone will infiltrate and snoop or intercept packages. Read the ER (Euphoricknowledge) stuff again.Trust and getting too big as a single seller/importer and fucking Skype, cim, you name it, brings ya down. Same: TFM. Don' get cocky.
Let's enjoy SR while it lasts and NEVER FORGET IT HAS EXISTED A FUCKING LONG TIME (for an internet thing at least). MAY SR LIVE LONG AND PROSPER (uhhh seriously baaaad trekkie quote ew - but I mean it).
And DPR and crew I wish ya massive cashout :) sadly it prlly won't match the wallst gangster ones

tl;dr: n00b, getting semi anon bc, deleted hd, TAILS, no clue where to store keys. Prepared for worst. BUT FUCKIN LOOOOOVES SR!!!!!

Would really apprechiate answers. Come on, flame me...any answer is appreciated :-)

And please if i was too specific about me point that out too, ill try and delete.

edit: have been reading (not always understanding lol kmfkewm's posts - you're awesome!)