Silk Road forums
Discussion => Security => Topic started by: specter420 on April 07, 2012, 02:52 am
-
Well since this is my fist post
HELLO SILK ROAD FORUM!!!
I have heard good things about this community and hope to be joining you here soon.
(after going back and reading this post i feel its slightly confusing so feel free to ask any questions if needed)
So after knowing about this site for quite a while now I have decided that it is reliable and safe enough to try it out. Only thing stopping me right know from placing an order is double checking my security.
This security I will admit is lacking.
For my current setup I have an old laptop of mine booted off a USB flash drive containing ubuntu 11.10.
I am using tors browser package and right now my home internet.
THATS IT.
I honestly dont think thats enough. (Im not paranoid Im a computer geek. I know how easy this stuff is to trace)
I never gave even a quarter of a damn about security because until now I had nothing to hide from anyone and as long as i was virus free i was happy.
I feel that tor is enough to cover my web traffic (if i need anything else on the web browser side of things PLEASE let me know).
I however don't know if using my bitcoins is secure or not as all of them that I have right now have been mined by me and the entire setup and mining process was done openly and without encryption or anonymous proxies.
I live in Virginia just outside the capital city Richmond. I don't think that there is much paranoia about what goes through our mail here but I don't know much as I hardly use it. I will only be ordering from within the states because I don't feel safe ordering from out of the country. I only plan on ordering small amounts of various drugs here and there.
From what is listed above is there anything that i should change to make it more secure? should i be concerned about anything? is there anything more i could do just to be safe?
Feel free to use as much technical language as needed in explaining any changes that need to be made.
Thanks a ton for the help.
-
As a buyer really doesn't matter, they can't follow your coins. Maybe if paranoid download the mini Electrum wallet, generate some new addresses, send from your regular wallet to them, then send to SR. Encrypt electrum.dat and wipe it from your hard disk after paying. No evidence you ever generated those addresses.
Encrypt your HD with Truecrypt or LVM
Use a PO box if worried about trying out a new US vendor and not knowing how good their stealth shipping is.
-
Avoid posting things like this, "live in Virginia just outside the capital city Richmond".
-
Avoid posting things like this, "live in Virginia just outside the capital city Richmond".
I'm well aware to not give out personal info on the internet.
Saying what I did in the OP narrows it down to just over 1.5million people so I think I'll be ok.
As a buyer really doesn't matter, they can't follow your coins. Maybe if paranoid download the mini Electrum wallet, generate some new addresses, send from your regular wallet to them, then send to SR. Encrypt electrum.dat and wipe it from your hard disk after paying. No evidence you ever generated those addresses.
Encrypt your HD with Truecrypt or LVM
Use a PO box if worried about trying out a new US vendor and not knowing how good their stealth shipping is.
All good info.
Thanks.
-
Put TrueCrypt on your laptop and create a hidden container for any sensitive files you may have.
-
Hello specter,
Our recomedation is this:
+1 if you are already using a flash drive, hopefully Truecryped on your portable medium of choice. And I'm assuming since you are running Unix/Linux, you are also using Tails or Liberte?
Regardless, in our opinion, it is safest for you use GPG to encrypt your shipping details to a reliable vendor vs. the "Closedsource" and not 'publically' revealed (at this time) code/methods SR uses to protect your personal shipping information.
Tormail.net seems to be the most highly recommended emali provider on the Road, likely due to it being Tor-based. But 'off-shore' services like fastmail.fm work fine too, "if" your emails are encrypted using GPG.
Here is the thread we most often recommend to ingrate GPG with Tormail. Although it is written for OSX users, most of the instructions should also apply to Windows users.
GPG/Tormail guide for OSX users:
http://dkn255hz262ypmii.onion/index.php?topic=8235
Otherwise. using Opensource apps like Thunderbird/Enigmail/Firefox with GPG and Tormail (with MAC spoofing, ect.) is your next best bet.
Using public, (or otherwise anonymous) off-camera hot-spots, with Tor (and different MAC addresses) should elimiate your concerns about using your "home" IP. Because even Tor has potential vulnerabilities, so look into bridge relays, possibly VM''s, ec. This is just another reason we suggest using public wi-fi or otherwise anonymous hotspots in the first place. To ensure any vulnerabilities in Tor (that 'could' be used to track your 'home' IP, will be unable to do so.
And Bitcoins 'can' indeed be traced, and the forums are a great place to research this information.
However, for the 'typical' buyer, we recommend this:
Although there are many ways to obtain Bitcoins, we feel the simplest, fastest, and most anonymous way for the average buyer to obtain Bitcoins using Tor would be to go to "http://www.wm-center.com" and send them a Western Union (uding your preferred method).
Within a few hours you can transfer your Bitcoins from WM-Center to an Instawallet at "http://www.Instawallet.org".
Then (if you choose) there are many ways to "mix and tumble" your coins before transferring them to your SR account. However SR itself has a "built-in" tumbler, so this step is 'generally' not considered "essential". You can have your coins in your SR account within a matter of hours using this method.
Peace
The Flipside Crew
.
-
I'm well aware to not give out personal info on the internet.
Saying what I did in the OP narrows it down to just over 1.5million people so I think I'll be ok.
well yeah but how many people out of those million people are online in total, were online when that message was posted, were using tor and have recently started receiving suspicious parcels from foreign countries.
you done goofed!
-
I'm well aware to not give out personal info on the internet.
Saying what I did in the OP narrows it down to just over 1.5million people so I think I'll be ok.
well yeah but how many people out of those million people are online in total, were online when that message was posted, were using tor and have recently started receiving suspicious parcels from foreign countries.
you done goofed!
Honestly? Probably a couple dozen. Lol.
OP, do you use personal proxies/firewalls?
-
Get your bitcoins from a vendor, such as BTC Buddy.
-
I wasn't trying to be an ass... just messin dude.
I'm well aware to not give out personal info on the internet.
Saying what I did in the OP narrows it down to just over 1.5million people so I think I'll be ok.
well yeah but how many people out of those million people are online in total, were online when that message was posted, were using tor and have recently started receiving suspicious parcels from foreign countries.
you done goofed!
-
I'm well aware to not give out personal info on the internet. Saying what I did in the OP narrows it down to just over 1.5million people so I think I'll be ok.
Before saying what you did in the OP it was narrowed down to about 10 billion people, Took a pretty enormous leap for one post. The more little slip ups like that the smaller that number becomes, then they zero in on you and before you know it a 300 pound guy named sally is doing lines off your buttcrack.
-
So isn't mtGox a safe way to obtain bitcoins?