Silk Road forums
Discussion => Security => Topic started by: Slugger on October 09, 2012, 05:10 am
-
-----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------
| |
| Anonymous Silk Road Purchasing |
| Guide Using a Liberte Linux LiveUSB |
| |
-----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------
TABLE OF CONTENTS
I. Liberte Linux
II. USB preparation
III. Installing Liberte
IV. Booting & Set-up
V. GPG/GPG
VI. Importing Keys
VII. Encryption & Decryption
VIII. Getting ฿
IX. Instawallet
X. Bitinstant
XI. Transfering ฿ to SR
XII. Purchasing
XIII. Finalizing Early(FE)
XIV. Leaving Feedback
XV. Receiving
XVI. Conclusion
XVII. Changelog (updated 10/8/12)
-----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------
-
I. Liberte Linux
You can learn everything about Liberte Linux at their official site (http://dee.su/liberte), it has lots of good information about it. You also can go there to get a link to the updated Liberte when they update. The version Liberte linux is on while writing this guide is (2012.3). Here is a download link (http://sourceforge.net/projects/liberte/files/2012.3/liberte-2012.3.zip/download).
Liberté Linux is a secure, reliable, lightweight and easy to use Gentoo-based LiveUSB/SD/CD Linux distribution with the primary purpose of enabling anyone to communicate safely and covertly in hostile environments. Whether you are a privacy advocate, a dissident, or a sleeper agent, you are equally likely to find Liberté Linux useful as a mission-critical communication aid.
II. USB preparation
The USB memory stick must be at least 500MB to run Liberte. I have an 8GB one that I got from the superstore. In order to create a LiveUSB, you must first format the drive to FAT32. Just plug it in, go to "My Computer" (On windows systems), right click on your thumb drive, and select "Format". Make sure it is set to "FAT32" and format it.
III. Installing Liberte
Unzip the file you just installed from SourceForge. Navigate to the "Liberte" folder. You need to put that folder in the root directory of your thumb drive. When you have it in there, run the .bat file. Let it do it's thing and when it's finished your ready to boot from it!
IV. Booting & Set-up
Figure out how to get to the boot-menu on your computer. You can find it easily by googling your computers maker, and then boot menu shortcut. Put the thumb drive in and restart your computer. On the boot menu, select the flash drive and it should bring you to a screen with different options. Select the first one (Liberte Linux 2012.3). It will take a while for the first boot, be sure not to restart it or shutdown during the process.
It will ask you for a password and to confirm it after awhile. Pick a password that you don't already use and a strong one too. You don't want anybody to be able to get onto this drive. Let it sit for awhile until the desktop shows. Once the desktop shows the first thing you should do is connect to the internet.
-----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------
V. GPG/PGP
Luckily LIberte linux comes pre-loaded with GPG on it. Just click the computer in the bottom left>system tools>gpa. For your first time opening it, it will ask you to create a new key. Go ahead and do it, it will be the only way you can send or receive PGP messages. You can create a Tormail address here (http://jhiwjjlqpyawmpjx.onion/) . Remember your domain is "@Tormail.org"! You can now start importing keys, send and receive PGP messages!
Remember to check out Pine's PGP club! (http://dkn255hz262ypmii.onion/index.php?topic=30938) There is a link to my PGP key located in my signature if you want to send me a message.
VI. Importing Keys
Importing keys is a very simple process. When you are looking at a vendor prior to buying, make sure to import the CORRECT key from their profile! You will need it to be able to do your orders safely & securely. Right click on the desktop>Create New...>Blank File. Just open it and paste the PGP key into it. On gpa, click "Import" and then navigate to Desktop and select the file (or wherever you saved the file). Click open, then they will come up in your key manager.
VII. Encryption/Decryption
In order to encrypt/decrypt a message, you will need to open up the "Clipboard" on gpa. To encrypt messages, write the message you want to encrypt (You would put your address in here when you are making orders). Click "Encrypt" then select the person you wish to decrypt. NOT YOUR OWN KEY! To decrypt, you just paste the message into the clipboard, then click "Decrypt". If it matches your key, it will prompt you for a password that you set earlier. Input it and the message will be decrypted!
-----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------
VIII. Getting ฿
Bitcoins are the main currency here at SR. It will be needed to buy anything on this site. It is really good for illegal products because it is not kept in banks, or kept track of for that matter. Remember, every single transaction you or anyone else do is available publicly on the block chain. This is not necessarily bad because your identity isn't tied to them, UNLESS you buy BTC in a way that can be traced back to you. This would only matter to you if you were under investigation by police etc.
IX. Instawallet
If you are following this guide to acquire BTC, then Instawallet will be your best friend! You just have to make sure you bookmark (better yet, save it) the link to your wallet! Remember these links are a ONE-TIME use. If you reload the page, you will get a new wallet. You need to either save or write down this unique web address.
Open up Instawallet (http://www.instawallet.org/) on TOR. Bookmark the page in Epiphany. I would make a new file on the desktop and save the address in there also because Epiphany didn't save my bookmarks when I shut Liberte down by accidentally knocking the USB out. Just make sure you saved the address permanently before proceeding to Bitinstant!
X. Bitinstant
Bitinstant is also a vital part of getting your bitcoins. They instantly wire the BTC to a multitude of places. You will be using the "Bitcoin Address" option though. It should only take an hour or two for your coins to show up after depositing money at a bank. It has happened where BTC have taken quite a while before getting them, so don't fret if they don't show up right away.
Go to Bitinstant (http://www.bitinstant.org/) on TOR. In the "Pay from" drop down box select "---> Major Bank Branch", and in the "Pay to" drop down box select "Bitcoin Address". Copy and paste the Instawallet BTC address you saved into the "Bitcoin Address" text box. Input the amount of money you want to put into your SR account. You can also put a NEW tormail account here (you don't want a direct connection to your SR account in my opinion, since its on your PGP). You may also be able to do a fake email, never did it though.
That should open up a website ran by "TrustCash Holdings" or "TrustCash". There should be a button to set your own location. Insert your local zip code and select a location you feel comfortable going to. You can drive across town if you want but I don't feel it's necessary. You are going to want to print the invoice you get at the end of the process. It may be kind of hard to do on Liberte so this is what I did.
Select the button that has a printer friendly invoice. It should come up like it wants to print but press "Print to File". Save it to your desktop and put it on a flash drive. Print it on another computer that has printer drivers. Yes the invoice is the paper that has a map on it and all the information.
Just follow the directions on the invoice and the coins will appear in your instawallet in about an hour. There is no identification needed at the bank. Just tell them you want to make a deposit and hand them the paper. They may ask you some questions, but nothing personal (just like, how much money you are going to deposit, if it's a company, etc.).
XI. Transfering ฿ to SR
You already got past the hard part with getting BTC, which is, actually getting them! Congratulations. Now you need to figure out how to ANONYMOUSLY put them into your SR account. You can very well transfer the BTC directly from the instawallet to your SR account if you want. I've done it. If you have a large number of coins, or you are making large drug purchases, I would recommend you tumble them.
You can tumble them by going to a website called Bitcoin Fog (http://fogcore5n3ov3tui.onion). Just create an account, and you will get an address to send coins to. Send the coins there, and then you can slowly send them to your SR address. Since you are getting different coins and swapping yours, you can get them a minimum of 6 hours later. They do it in parts to make it inconspicuous. It's all automatic, luckily, you just put your SR address, and the amount of hours you want to slowly get them.
Remember, everybody takes fees from you. So make sure you use enough money so you don't have barely enough to get something you want. SR, Bitinstant, and Bitcoin fog all take fees, you need to take this into account.
-----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------
XII. Purchasing
Purchasing items on SR is almost identical to purchasing items on other websites. You have a cart that you can add items to, then you check out when you are ready. So all there is left to do after you have the coins in your SR account, is to buy something! Find something you want to buy, and select "add to cart". There you will want to put the amount you want, remember that if the listing is for 100, to get 500, you put 5 into the "quantity" text box. Select the correct postage and add a gift code if you have one.
You will want to put your name and address into the clipboard on gpa just as you would write it on an envelope. You saved the vendor's PGP key into your key ring right? If not, go do that, then slap yourself in the face you dummy! Where you going to just send your PERSONAL INFORMATION to a stranger unprotected? Anyways, once it's in there, click "Encrypt" and select the vendors PGP key.
Copy the WHOLE PGP message into the box. Hopefully you remembered your PIN you selected when you signed up on SR. Anyways, insert that there and then press "place order". Your money will then go into Escrow and won't leave until a few things happen (a)You finalize OR (b)Auto-finalize after 17 days. You can also take your order into the "Resolution center" where you can either get refunded if you got scammed, or the vendor will address your problem(s). It's not good practice to message the vendor over and over asking where your package is. Just take it to resolution center and it will get taken care of.
XIII. Finalizing Early(FE)
As a buyer, it is unsafe to Finalize early. If you don't know what that means, it is when you give the vendor your money. You take it out of escrow, which is there for your protection, and give it straight to the vendor. If you get scammed and you FE'd, SR won't be able to do anything for you. FE at your own risk!
XV. Receiving
This has to be the best part of the whole process. But it's also the worst! Waiting for your product. Try not to check SR every day or you may make yourself feel like it is taking WAY longer than it really is. The vendor should update the status to "In Transit" once they ship it. Vendors should make it common practice to ONLY mark a package as "in transit" AFTER they shipped it. Depending on where your package is coming from, it will take about a week if it's domestic. If the package still hasn't arrived and the auto-finalize is about to come up, take it to resolution center and work it out. You may be able to get a refund or 50% refund if it's the vendors fault or whatever.
In another thread, there was a part about where you write "RETURN TO SENDER" on it and push it aside for the day. You can very well do that and it would make it if the police came over that day, see the package, and they wouldn't be able to do anything. Just say you didn't even order a package. After a day, I would say you are good to swoop it up and CONSUME!
-----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------
XVI. Conclusion
I hope you enjoyed reading my guide! I would like to get more people practicing PGP and using a LiveUSB. Hopefully more people start using it after reading this guide. Shout out to "John Keats" for writing the guide that gave me this setup. Here is a link to his thread (http://dkn255hz262ypmii.onion/index.php?PHPSESSID=06a2f4cff9cdbd6f52bb3116d1beac7b&topic=15383.0).
If there is something you want me to add/change, please inform me in this thread or a PM.
-
Thank you for the support! I also have switched completely to Liberte after testing it! It works great and is all I need to use SR!
-
Hi Everyone! I too am using Liberte 2012.3 and I think it works great as an easy setup for non Linux folks.
I know that this thread isn't for Linux support, but I was wondering if anybody would have an idea on how to change a passphrase encryption password for a liveUSB Liberte installation.
The thing is, I got everything setup a month ago now, and after making bookmarks and accumulating important data on my liveUSB install, I realize that my passphrase is not very strong and I would like to change it.
Thank you for starting this thread...
Regards.
-
Really nice thread, but what's the point of using a LiveUSB? Just so all the SR info (username,pass,email,wallets) is on a stick rather than the hard drive? Good move...
Do you use a LiveUSB stick since you have a laptop, then use public WiFi to do BTC & SR business that way?
What if we just use our desktop at home,to visit bitinstant? Then all other sites via TOR. I've got TrueCrypt and it's use it to keep my .txt file ,with all my info, encrypted and hidden.
-
Really nice thread, but what's the point of using a LiveUSB? Just so all the SR info (username,pass,email,wallets) is on a stick rather than the hard drive? Good move...
Do you use a LiveUSB stick since you have a laptop, then use public WiFi to do BTC & SR business that way?
What if we just use our desktop at home,to visit bitinstant? Then all other sites via TOR. I've got TrueCrypt and it's use it to keep my .txt file ,with all my info, encrypted and hidden.
I say your most likely fine, depending on what your buying, to use SR from home without a LiveUSB. Its all just precautions and ease your paranoia. Plus I think its very convenient and easier to use than juggling files around in Windows between directories and into TrueCrypt. Just feels safer to me.
If anything in this guide is now outdated, please LET ME KNOW! I will update accordingly.
Good vibes everybody and hope everyone has a fantastic week!