Silk Road forums

Discussion => Security => Topic started by: WigerToods on June 20, 2013, 12:54 am

Title: how safe are 400's
Post by: WigerToods on June 20, 2013, 12:54 am
Is it possible for post office or LE to pinpoint when certain 400 labels were given and to who?  I'm guessing most people do not ask for them because every employee I have asked for them just looks at me like I am crazy; then, usually a supervisor will say, "yes, you can hand those out upon request".  I'm sure this has been asked just would like new ideas on the topic.  Are they safe to use, should I try to exchange them with someone else, should I wait a while to use them.....?  What is the best practice in opinion when it comes to this topic?  Any info would be greatly appreciated.
Title: Re: how safe are 400's
Post by: WigerToods on June 22, 2013, 06:38 pm
Im not worried about what they think!  I'm worried that they would be able to trace them back if intercepted to the exact location they were given out and then being able to see on camera who they gave them to.
Title: Re: how safe are 400's
Post by: thyme on June 22, 2013, 09:24 pm
I'm not as concerned about them being identified by specific 1-to-1 postal counter interaction (obviously the mailed-out ones are more trackable.)
I am more concerned about their potential for profiling packages, as the label 400s are vanishing -fast- from common use,  and also concerned down the road for their potential to be used in traffic analysis.  Eagan center was built for a reason.

I admit I'll be a bit more worried once they can (no offense, USPS, I know you're working your collective asses off) actually track my mail correctly AT ALL. The system has been just... amazingly... bad since the big change.
However, I expect they'll work that out pretty quickly, and then you will have:
- the immense pool of shipping from Amazon and other retail behemoths
- the extremely large pool of tracked parcels that used Click and Ship labels (including about 95%+ of the Ebay/etc. type parcels I now receive) or APC/kiosk printed labels
- and an increasingly small number of label 400s, used by the village/extension type offices (like the drugstore POs - although the one I was just at has an APC now?), privacy freaks, people who hate those fucking APC labels because they don't fit and I already labeled these presents and documents and what the hell I just wanted postage what is this [I have issues],  people who are on a cash-only basis and ship using stamps and 400s, and, uh, us.  Those last two overlap a fair bit, I think.
I haven't USPS sent anything from a private shipping store yet, I'm not sure what they're using.

It does not take too much to figure out to start looking at the label 400s extra close, both at the package inspection level and at the system/tracking level. This ain't rocket surgery.  I'm not giving anyone ideas here. If it's obvious to me, it's been obvious to them. 
Even for just sorting for screening, it is a potential risk. Go to the next level and sort by collection source. It only takes one eager inspector (or one department that really needs to pay for new dogs) to fuck your day.  I can see ways in which this is used as a low-cost easy sort for them to pull a small enough number of packs for an efficient screening.

If I were the USPS/USPIS and I were -trying- to create a fragmented tracking system, putting the label 400s behind-the-counter and then happily giving them out would be a great way to go.  Create no barriers beyond making sure the people who go after them are -motivated- and aren't just bored in line and then end up using the labels later because they're around. Don't ask for ID; it will scare people off and you'd lose a target group, if you really were trying to use a label group for this purpose. (I don't think that was the intent, by the way, I think the identifiability of the method is fallout from the systems change.)
However, a note: if they were really, really good, they'd then offer brilliant tracking on this small subset (L400s), because it would get chatted up and everyone would refuse to change methods...

Review this thread:
http://dkn255hz262ypmii.onion/index.php?topic=12337.msg115893#msg115893
and then consider the relative uniqueness of label 400s and consider the possibilities as far as tracking mail traffic over time.
I don't know what the requirements are to enter data into ISIIS, they are surprisingly difficult to find, but it doesn't seem to be the same level as a mail cover. 
The obvious areas include identifying people who receive many L400 parcels and the origins; identifying areas from which many L400 parcels are shipped; building the address db and sharing with ICE/CBP.

Trends change. Maybe it's just me, but I'm curious. Out of general package mail, how many *non-SR* pieces come with label 400s? I've received a handful of 400 packages at most - yeah, I keep a tally sheet - out of triple-digit packages in all my different settings.
Shrug. I've been told I was overreacting on this, so I've been thinking carefully about it and trying to be as unparanoid as possible. I've been watching a lot of mail flow in and out of work and other places. I'm sticking with paranoia, thanks.
Just because something's worked thousands of times doesn't mean it will  work when the environment changes.  The environment just changed. Time to adapt.
I'm not shipping things. But from here it looks like a good  idea to merge into the blandified mailstream, using currently dominant shipping methods and adapting them to render them unlinkable.


Goofy option: create some kind of massive social campaign to bring back the label 400s in order to expand/diversify the pool of L400 users. I have no idea how you'd do this.