Silk Road forums

Discussion => Security => Topic started by: Enigma on January 11, 2012, 08:18 pm

Title: Security for buyer
Post by: Enigma on January 11, 2012, 08:18 pm
Hello SR members,

I am new to Silkroad and the .onion network and try my best to find about the security measures. I was thinking of buying something off SR, but not without the proper protection :) What is the minimum I need to safely buy off SR?

1. How can I set up an USB stick that i can boot TAILS OS from & save any neccesary things on (GPG, PGP, bitcoin wallet, etc.)? (Preferably for Mac OS X but Windows is okay too)

2. In order to use PGP encryption, does this only work vie email or will i get an encrypted text block that i can "paste" anywhere?

3. What programs do i need in order to buy from SR and, if neccesary, contact the vendors and where do i get them? (Sorry for this question but i cant find a "newbie tutorial" for SR :D)

My guess is that i need: GnuPG, something to store Keys & passwords in, bitcoin wallet (?). Anything else?

Once again, sorry for these questions but i feel a little overloaded with new info.

Thanks a lot in advance!! :)

P.S. If i use a paysafecard to get bitcoins, do the bitcoins get transferred to my wallet or directly to my SR account?
Title: Re: Security for buyer
Post by: v01d on January 11, 2012, 09:00 pm
Quote
How can I set up an USB stick that i can boot TAILS OS from & save any neccesary things on
You don't want tails you want liberte linux. I would recommend doing this on windows. Download the .zip from: http://dee.su/liberte
and extract it on your blank usb. Then run the .bat file in the liberte folder. Then boot up from that USB (doing so is different depending on what computer you are doing it from.) And set a STRONG encryption password. Something long and as random as possible, but still something you can remember. Because if that gets broken you are Fucked capital f. Now you have a persistent OS that has everything you need.
Go to GPA and set up a GPG key pair.  Set a very strong password on that as well.

Quote
In order to use PGP encryption, does this only work vie email or will i get an encrypted text block that i can "paste" anywhere?
You will be using GPG, and this is what you do:
1. Make your key pair (what you should have done above)
2. Import someones public key. You'll see them on vendor pages, they are the really long strings of letters and numbers. To import copy and paste the whole thing and create a new file anywhere and save it as whatever.asc and go to GPA. Click import and select that file. Voila.
3. Now open clipboard in GPA and type whatever you want to say and hit encrypt.
4. Select who you want it to be encrypted for and tick the box that says sign and select your key from below.
5. Send them your public key if they don't have it (go to GPA hit export and save it as mykey.asc, open it and copy and paste that and send it to whoever you are trying to talk to. Without it they cant decrypt it)
6. Send them the encrypted message.

Quote
3. What programs do i need in order to buy from SR and, if neccesary, contact the vendors and where do i get them?
Liberte is all you need, except maybe a bitcoin wallet somewhere else.
https://www.instawallet.org is a great place to store bitcoins, make sure to only visit your wallet there under tor though.
Your options for getting bitcoins are mainly:

bank > dwolla > bitinstant > tradehill
bank deposit for bitinstant > tradehill
moneypak > btc on SR through a vendor (I've heard good things about sugar momma, or how ever it's spelled)
If you are paranoid about the first two tumble them around a few instawallets through tor.


Message me if you have anymore questions, my fingers are sore lol
Title: Re: Security for buyer
Post by: Enigma on January 11, 2012, 09:28 pm
Woooah, thanks man!! Your post really clears up things!! Thanks, thanks, thanks! :)

I'll follow your steps and get back to you!

I'll probably use the PSC -> SR Vendor -> Bitcoins method. Do the coins land in the Instawallet or on my SR account?

Title: Re: Security for buyer
Post by: v01d on January 11, 2012, 09:38 pm
Quote
I'll probably use the PSC -> SR Vendor -> Bitcoins method. Do the coins land in the Instawallet or on my SR account?
Be VERY careful with who you do things like PSC and such with, it's the easiest thing to get scammed on on SR. Research a vendor before you dive in.
They will go to your SR account or any bitcoin address you specify. You should just have them send it to your SR address.

Also for instawallet when you go to the site make sure to save the url you get for that wallet. Without that URL you lose that waller and any bitcoins in it.
Title: Re: Security for buyer
Post by: ShitPickle on January 11, 2012, 09:50 pm
Seems like overkill.  You really think cops would waste time going after buyers by tracing coins?  Also, what legal framework and networking tools allow for that?  Is there even one known prosecution of a buyer or even vendor, for that matter?  What's wrong with: Dwallia -> Mt.Gox (or some other dealer) -> wallet -> encrypt real address and name and give to reputable vender -> spend?  Is all this other shit really required?
Title: Re: Security for buyer
Post by: v01d on January 11, 2012, 10:20 pm
Seems like overkill.  You really think cops would waste time going after buyers by tracing coins?  Also, what legal framework and networking tools allow for that?  Is there even one known prosecution of a buyer or even vendor, for that matter?  What's wrong with: Dwallia -> Mt.Gox (or some other dealer) -> wallet -> encrypt real address and name and give to reputable vender -> spend?  Is all this other shit really required?
It may seem like over kill but I follow two important things:

1. I'd rather have something and not need it than to not have it at all.
2. Just because something hasn't happened doesn't mean it never will.

Better safe than sorry. ;)
Title: Re: Security for buyer
Post by: zifnab on January 11, 2012, 11:54 pm
Seems like overkill.  You really think cops would waste time going after buyers by tracing coins?  Also, what legal framework and networking tools allow for that?  Is there even one known prosecution of a buyer or even vendor, for that matter?  What's wrong with: Dwallia -> Mt.Gox (or some other dealer) -> wallet -> encrypt real address and name and give to reputable vender -> spend?  Is all this other shit really required?
It may seem like over kill but I follow two important things:

1. I'd rather have something and not need it than to not have it at all.
2. Just because something hasn't happened doesn't mean it never will.

Better safe than sorry. ;)

Echo that. Just 'coz you're paranoid, doesn't mean they're not out to get you.
Title: Re: Security for buyer
Post by: ShitPickle on January 12, 2012, 02:50 am
So the cops are going to do all that work to bust a small pot deal, or whatever?  I don't think so.  They'll just outlaw bitcoins this year in the US and try to make a more corporate/state controlled internet.  If somebody gets busted it's because it was detected in the mail, otherwise, this is totally safe.
Title: Re: Security for buyer
Post by: Enigma on January 12, 2012, 09:37 pm
Thanks for the tips! I agree, rather safe than sorry; although this might be like tying your shoes wearing a helmet. :)

I managed to set up Liberté Linux on my USB and boot my PC from it. Now I'm facing my next dilemma. How do I connect to the internet? :D When I was experimenting with TAILS, all possible Wi-Fi networks showed up - but not on Liberté. Does built-in Wi-Fi work with Liberté? It should since I've read about using public Wi-Fi on http://dee.su/liberte . Any help is greatly appreciated! :)
Title: Re: Security for buyer
Post by: doublemint on January 12, 2012, 09:47 pm
You don't have to download any of the programs off of silkroad, honestly I would advise against it. Just go to the real site and everything you need is free; most of the virtual goods are virus's here....and are free programs.
Title: Re: Security for buyer
Post by: Enigma on January 13, 2012, 06:07 am
You don't have to download any of the programs off of silkroad, honestly I would advise against it. Just go to the real site and everything you need is free; most of the virtual goods are virus's here....and are free programs.

Thanks for the warning, but I haven't downloaded anything from SR onion site. Also, I'm not quite sure which programs you mean. Liberté? I got that off the clearnet.

Any tips on my Internet problem?
Quote
How do I connect to the internet? :D When I was experimenting with TAILS, all possible Wi-Fi networks showed up - but not on Liberté. Does built-in Wi-Fi work with Liberté? It should since I've read about using public Wi-Fi on http://dee.su/liberte . Any help is greatly appreciated! :)
Title: Re: Security for buyer
Post by: v01d on January 13, 2012, 06:38 am
Quote
How do I connect to the internet? :D When I was experimenting with TAILS, all possible Wi-Fi networks showed up - but not on Liberté. Does built-in Wi-Fi work with Liberté? It should since I've read about using public Wi-Fi on http://dee.su/liberte . Any help is greatly appreciated! :)

That just means liberte doesn't see your network device. I'm not exactly sure how you would fix that. You'd probably have to drop to terminal and go root and try something like ndiswrapper. Maybe you should just stick with tails or look into getting a usb network adapter compatible with Liberte.

Or go wired.
Title: Re: Security for buyer
Post by: Enigma on January 13, 2012, 03:39 pm
Hmm, okay thanks. I'll check out ndiswrapper but i'll probably use Ethernet to connect. I have to set it up manually right? :) Thanks for your help v01d, I almost feel ready to use SR haha
Title: Re: Security for buyer
Post by: cache on January 13, 2012, 03:46 pm
My wireless card in my laptop isnt recognised bt Liberte, never got round to sorting out as an Ethernet cable was the easier solution.
Title: Re: Security for buyer
Post by: Looker on January 13, 2012, 09:05 pm
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

This is where I shamelessly plug my own product, have a look at the thread in my signature, even if you don't purchase one from me it's a good guide of tools that are useful for use on SR and should get you started quite well. If you are open to using windows then my VM could save you a lot of hassle and trouble.

Thanks,
Looker
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2.0.17 (MingW32)

iQEcBAEBAgAGBQJPEJx3AAoJEEMAzoKrkXQ+TW4H/1o6zp7KinA7N8ceGuOAib1E
oCZTn3jEIcEOG/pjOxkGCte32tZpnMRd5wszyxI7KjMR1fOjn+cfBouhyHbQZgOa
IopMEgnTrSk0OccH8aRYwHBvkO628377esZpVkScrAw4iKHjcKj3BF2BX7ME0QJi
8nDrTHoEGjkWZOyW+Z2REeMuO1XxpmptB5JPGl8pE/vY/h5m/J0Ig01xy5XEc+NS
T0ascnCPig2Yw4ra9dkjrXASVHax2b10+cXa3Aj3yRasALOXgo4MwnUuMtk1x+66
60Fj3M10HackME2bUKMMEN0+i3gkPZIHJdhUdT5YNfdQgCjjMrMBN0Og9Q3oOxE=
=u5sq
-----END PGP SIGNATURE-----
Title: Re: Security for buyer
Post by: Enigma on January 14, 2012, 04:16 pm
I have found a Linux driver for my WLAN Controller. It is a .tar.gz file containing a "src" and a "lib" folder as well as a file called "Makefile" containing codes. How can I install this driver? Will it be persistent? Thanks in advance! :)
Title: Re: Security for buyer
Post by: SecuritySolution on January 16, 2012, 08:00 pm
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Enigma,

This would be in the event you recieved the source code for the driver you need. You would need to compile against your kernel source headers and insert it as a module most likely. It may be as simple as using 'make all' to build it and 'make install' to install it assuming you have all the required packages installed.

Thanks,
SecuritySolution

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2.0.17 (MingW32)

iQGcBAEBAgAGBQJPFIJjAAoJEKhBWjky5wQCVBQMAI/YieclIOW6N513B4Pkbgiz
ztwArR1XIPhNxO2yTZDvMNxVqV6ReUkPoy8K5crnclL2gQIMReTuCj+IjIOG4bIT
WhZSgCDElnmfgp2+StWKwBI2kkYKfx8rEy0NbdRrY3Qo2LKMjCgW9mVtbnxVkWaV
RlTJUJYAMAovSpVr6th4Rt7h0NKUlGFmyYuoXwW79mLJFiU3qCctnUCKwOS8co1g
onOSO4C6fx4UPtQmYym3YdH7zUxtBVHO47QkWBX3ZVOxIwIUKLF16xN2OzalCyBY
7yZkiNVLgBXum/rBTAMNMEVMXtHFpMAFxV4d5r3z/b979iUbVXSSM9n8Wbxyhk58
1RMTUNNem6aQaNKk3Hm+yySccalobsdG5DmiXDR3/hwYROThIDRiD8oMaSzlIs0g
E/8iEKBPagaiGwgQ/9U9IVCo28p/VAaLQWdphcnsoBJGhPzBuYrbGJ1eXqnvJl59
hhSXJDuTHYBEB1pmPaNx6eoahilE4zqekA+kzUXB5w==
=dVBR
-----END PGP SIGNATURE-----
Title: Re: Security for buyer
Post by: Enigma on January 16, 2012, 09:07 pm
Thanks for your reply SecuritySolution. I'm a newbie to Linux and thus what you have written seems like a great task for me :D Could you maybe go into further detail? Maybe a Step-by-Step guide? Or do you have a link to such a guide?

P.S. To connect to the internet via Ethernet is it secure to skip the router and connect straight into the box dangling from the wall? The box that also connects to the stationary phone. Or does the router somehow encrypt my traffic?
Title: Re: Security for buyer
Post by: v01d on January 16, 2012, 09:59 pm
Become root.

Quote
Root access is possible during the first 2 minutes after boot. Switching to the second terminal (logout to shell, Alt-F2) and typing okroot during that timeframe enables the root user's password: liberte. After that, switch to the first terminal and launch X server (Alt-F1, Ctrl-D). You will now be able to become root using su - in a terminal.
Source: http://dee.su/liberte-documentation

open terminal.

cd directory/file/is/in
tar -zxvf filename.tar.gz
cd into/file
make build
make install

If all goes well, it'll work.
But:
http://sourceforge.net/projects/liberte/forums/forum/1137582/topic/3983226
Quote
You can get root access in Liberté (detailed on the site - you need to logout during first 2 minutes after boot, then Alt-F2, then run passwd), but it won't help you to install things: there is no toolchain, and only user configuration is persistent between reboots. In order to install stuff, you need to rebuild the USB image - follow the build from SVN instructions on the site if you want to take that route.
So, I doubt it'll work.

Quote
To connect to the internet via Ethernet is it secure to skip the router and connect straight into the box dangling from the wall? The box that also connects to the stationary phone. Or does the router somehow encrypt my traffic?
There shouldn't be a need to skip the router, but you are relying on tor not your router. So yes, you are safe.
Title: Re: Security for buyer
Post by: EnjoyablePeach on January 17, 2012, 02:57 am
I use TrueCrypt with a hidden volume, and in that I run a VMWare VM running stripped down Windows 7 running under 1.7GB in space on a 32 GB jump drive.
Title: Re: Security for buyer
Post by: kmfkewm on January 17, 2012, 06:07 am
I use TrueCrypt with a hidden volume, and in that I run a VMWare VM running stripped down Windows 7 running under 1.7GB in space on a 32 GB jump drive.

So you are insecure, nice to know
Title: Re: Security for buyer
Post by: EnjoyablePeach on January 18, 2012, 01:38 am
I use TrueCrypt with a hidden volume, and in that I run a VMWare VM running stripped down Windows 7 running under 1.7GB in space on a 32 GB jump drive.

So you are insecure, nice to know

I learned it from guys I dated.  ;)
Title: Re: Security for buyer
Post by: zifnab on January 18, 2012, 03:39 am
I use TrueCrypt with a hidden volume, and in that I run a VMWare VM running stripped down Windows 7 running under 1.7GB in space on a 32 GB jump drive.

So you are insecure, nice to know

I learned it from guys I dated.  ;)

LOL!
Coffee spurt worthy.