Silk Road forums

Discussion => Newbie discussion => Topic started by: 1llude on August 30, 2013, 10:50 am

Title: Basic compartmentation
Post by: 1llude on August 30, 2013, 10:50 am
Hi all, my first post on SR, I thought why not start off with some basic compartmentation guidelines.
I've seen a lot of decent/good tutorials on how to set up a pretty secure solution for browsing SR.
However, I haven't really seen a post explaining the values of compartmentation.
So I thought I'd share some insight from my extend and hope to spark a discussion.

----- Compartmentation -----

What I mean by compartmentation is keeping your illicit activities apart form other activities.
This sounds way easier then it is. A slip of tongue can easily lead to someone having doubts about your activities, which is enough to face difficult questions.
The basic rule of compartmentation is: STFU.
Never tell anyone what your intentions are, other then the people involved.
In this thread I'll talk a little about how compartmentation COULD work, possible contamination and how to maintain a low profile afterwards.
Compartmentation takes time and effort, but will pay off when done right.

----- Separation -----

When talking about compartmentation it's basically separation of information. (Damn that sounds nice)
You don't want to share information about your private life within your illicit activities, but you don't want it the other way around.
For example: the only people who know I am a SR member are people from SR. I never talk about it to anyone.
Not on other (clearnet) communities, not to drug users, I never share anything outside of SR.
The same goes for my private life: Apart from the people I have a relation with, nobody knows anything about me. Not even what kind of movies I like. I keep it strictly business.
This goes for every community I am a part of.

Another example: Let's say BOB practices both baseball and basketball.
He never talks about basketball when playing baseball and the other way around.
As far as his baseball teammates know, the only sport he practices is baseball.
He never even mentions basketball around them.

The golden rule is: Keep your mouth shut. I think you get the idea.

----- Identities -----

For many illicit activities you need an identity. Simply because a lot of times it involves communication and so person A needs to know a way to contact person B.
Considering compartmentation, you should have a different identity for every activity you do.
On SR I'm know by the handle "1llude". For every community I am part of I have a different handle.
This may seem easy, but everything should be "unique" for every identity.
There should be no way to link identity A to identity B.
This ranges from using different handles and e-mails, to even different personality's.
You can go as far with this as you'd like, and the further the better, but remember that you should always stick to your identity. So the more you make up, the more you'd have to remember. A good reason to keep personal interaction to a minimum.

----- Contamination -----

We've talked a bit of contamination in the previous subjects. Contamination is when one identity get's mixed with another. There are literally thousands of possible forms of contamination and it's almost impossible to prevent all of them. However, if you take it in consideration you can keep it to a minimum, so that no identifying information will be leaked.
For example, never share ANY information about illicit activities to people not participating.
I can't stress this enough. Never tell your friends/family/partners that you even know the slightest bit of an illicit activity. Don't raise any suspicion. You simply can't trust anyone. If you can't keep your mouth shut when the information is valuable to you, why would someone else keep the information secret when it's of no value to them.

It also works the other way around. Never share any personal information within the illicit activity.
This should be your number 1 rule, since this leads to most compromises.
Only share information that is needed for the activity, nothing more.
Do not talk about your gender, age, location, sexual preferences, hobby's, climate, pets, diets, diseases, etc etc.
You might think this is common sense when practicing illicit activities, but you'll be amazed how many people share the slightest bit of identifying information. People wanting to compromise your identity will collect and evaluate this info to get a profile.
So again: STFU!

----- Compartmentation in action -----

Now here comes the fun part. I'm going to describe a method of compartmentation and how to avoid contamination. Please note that this is purely educational, and you should find your own way of implementing this.

First I'll define a few things so it's easier to follow:

Activity 1 = Illicit activity you don't want others to know about
Activity 2 = A different illicit activity

You                = The person practicing compartmentation
Person A       = Person needed for activity 1
Person B       = Person needed for activity 2

So, let's say you want to contact person A for any reason imaginable.
What you should do is first set up a secure workstation.
There are plenty of guides on this but the important part is that you set up a NEW workstation strictly for activity 1 and contacting person A.
When done you create a new handle. This handle should consist of a randomly chosen nickname (that could not be linked to you) and a form of communication. Again there are plenty of guides on how to securely communicate, the important part here is that this handle is strictly for activity 1 and contacting person A.

A real life scenario COULD be:
Installing a new OS host on your computer.
Boot up the host and do NOTHING but update and install virtualization software.
Inside virtualization software install a new OS with security and anonymity in mind (like debian + tor or an OS for this specific purpose like Whonix)
Within the virtualized OS create your new identity.

Now, this setup should ONLY be used for activity 1. If you want to contact person B you'd have to go through the same steps again so you have a completely new identity for activity 2.
Person A should never know you also have connections with person B and vice versa.

The problem here is that there is a chance where you'd need to contact multiple people for the same activity.
Let's say activity 1 is SR. There's a great chance you want to contact more then 1 person.
You'll create more connections that link you to the illicit activity.
PGP helps you to at least hide some content of the illicit activity but sill leaves you with the connections.
You could chose for participating in activity 1 the way I mentioned above, and create sub-identity's to contact with persons involved. So you'll set up a new "disposable" identity for the sole purpose of contacting another participant. When there is no further need for communication, you erase the identity and never use it again.

This takes a LOT of time and effort. You should also be aware of what you're doing the entire time.
However this can minimize connections to you and your illicit activity's, and that is, in my eyes, priceless.


----- Discussion -----
Alright, so this is my view on basic compartmentation.
There are a lot of other options and considerations to practice good compartmentation but I might cover that later.
I hope I inspired some people and that others here are practicing compartmentation already.
I'd like to spark a discussion and receive (constructive) criticism to improve methods of compartmentation and securing your identity.
Feel free to comment or question anything!