Silk Road forums
Discussion => Security => Topic started by: ixor568 on August 09, 2012, 05:09 am
-
Hello everyone,
I'm putting in an order for some coins via bitinstant. I've decided to use the cash deposit > bitcoin address as my method of acquiring said coins. The only bitcoin address I have is my SR address, so I decided to use that. However, before I make the deposit I've been thinking this perhaps is not a secure way? Is it possible to trace these coins back to me? Part of me thinks not considering nothing will be tied to my real identity, but to be sure and safe I would appreciate any input from my fellow community members.
Regards, Ixor 8)
-
As a newbie I also am wondering the same thing. Why use a service like mt.gox when you can just go bitinstant > cash at bank > SA address. Is it just to be more secure?
-
Hello everyone,
I'm putting in an order for some coins via bitinstant
Not sure if bitinstant deposits coins.. rather funding. For bitinstant > mt. gox, you receive USDs in your account
-
Hello everyone,
I'm putting in an order for some coins via bitinstant. I've decided to use the cash deposit > bitcoin address as my method of acquiring said coins. The only bitcoin address I have is my SR address, so I decided to use that. However, before I make the deposit I've been thinking this perhaps is not a secure way? Is it possible to trace these coins back to me? Part of me thinks not considering nothing will be tied to my real identity, but to be sure and safe I would appreciate any input from my fellow community members.
Regards, Ixor 8)
I have no knowledge..)
-
My take on BitInstant cash deposit is that it would be possible in theory to associate the BitCoin address with the deposit location. You can and should use a fake name, but assume your general geographic location could be determined by an interested investigator.
I think a good practice with BitInstant cash deposits would be
1) Run BitCoin client over Tor and get an address
2) Use BitInstant to deposit cash with a fake name to the BitCoin address
3) Transfer the bitcoins to a service like BitCoin Fog and let the service obfuscate the block chain for 3-7 days (again, use Tor)
4) Move the funds from your obfuscation service account to your Silk Road account (again, use Tor)
I would be weary of linking my geographic location directly to my Silk Road account by doing a BitInstant deposit straight to my Silk Road bitcoin address. Why is it that you can't run a BitCoin client to get another address?
-
bit instant > gox > sr?
-
Just do bitinstant > instawallet > SR. You can even run them through multiple instawallets to be safe, but remember to save the instawallet URL or you'll be screwed.
-
I recently used bitinstant (via GetBitcoin) successfully. I recommend skipping GetBitcoin (they just add an add'l $1.50 charge) and going straight to bitinstant. The BTC were ultimately delivered via coinapult to my email, which I sent to my desktop Bitcoin address.
What I did was go to GetBitcoin (https://get-bitcoin.com/) and entered my information there. (Remember the PIN you enter here as you need it for final delivery from coinapult!) I selected Payment Method: Cash (Bank XXX). I was redirected to TrustCash, where I was able to select the bank branch I wanted to use, and also able to print deposit invoice. If I clicked "return to site" from this TrustCash confirmation page, I was sent to bitinstant's website showing event ID etc., indicating to me that GetBitcoin just uses bitinstant behind the scenes.
I went to this bank branch and spoke to a teller to deposit the exact cash amount into the Account # and Routing # told by TrustCash. Within 30 minutes I received an email from TrustCash confirming my payment. At the same time I received an email from coinapult informing me that I had a deposit. I followed the link in the coinapult email and on that page I entered the PIN from step 1 and my Bitcoin wallet address. Once my Bitcoin client (running on my computer) had caught up with the network transactions, I had my BTC.
All in all, I spent $1.50 using GetBitcoin and then 3.99% add'l charge using bitinstant behind the scenes. But I have my BTC.
-
Just do bitinstant > instawallet > SR. You can even run them through multiple instawallets to be safe, but remember to save the instawallet URL or you'll be screwed.
This is terrible advice, not only has instawallet had problems with security before, but if you ran it through a million instawallets you wouldnt be any safer than if you ran it through none. Actually you would be slightly safer if you avoided instawallet in general.
-
Currently, I'm using bitinstant to acquire BTCs. I use their major bank cash deposit to BTC address. I use a new tormail account on every new deposit/transaction with trustcash and bitinstant. I have read that some have had their BTCs intercepted with using the same tormail address over and over again.
Once I have the deposit conformation email from trustcash & bitinstant I use 'block chain info', http://blockchain.info/, to check the status of the exchange/transfer to SR. Just paste your BTC address om the 'search' portion part of the page. I use a separate SR account & BTC address just for deposits. Once the 'block chain' status page shows 5 or more conformations the depsit will be complete. Then I log onto SR using my deposit only account then transfer only the BTCs I need to my ordering account by using just my account name no BTC address.
Recently I have been thinking of using 'block chain info's' own BTC wallet to make the first jump, i.e. from bitinstant/trustcash, then send from BTC wallet to SR.
Just a couple of days ago they have added a feature for mixing and sending BTCs. More info here::. http://blockchain.info/wallet/send-anonymously
They go into great detail about BTC transaction identity through their description of block chain tainting.
I think I'm going to use their mixer & anonymous sending of BTCs. I'll update.
I hope this is helpful.
peace
dc
-
Its the best way
-
There's nothing illegal about making a deposit to fund your Mt Gox account. If it's safe to use Mt Gox then it's safe to use bitinstant. It's fast and cheap. Never had an issue.
-
Just do bitinstant > instawallet > SR. You can even run them through multiple instawallets to be safe, but remember to save the instawallet URL or you'll be screwed.
This is terrible advice, not only has instawallet had problems with security before, but if you ran it through a million instawallets you wouldnt be any safer than if you ran it through none. Actually you would be slightly safer if you avoided instawallet in general.
Why is using instawallet bad, and what is a better way to go from bitinstant to SR? I don't mean to sound belligerent; I honestly want to know so I can be safer. I'd rather not go through Mtgox because of all the verification they make people provide...
-
You've made a huge mistake...
Sorry, had to do it when I saw your username! I'm pretty sure the general consensus is that running your coins through a tumbler before you transfer to SR is a good idea.
-
You've made a huge mistake...
Sorry, had to do it when I saw your username! I'm pretty sure the general consensus is that running your coins through a tumbler before you transfer to SR is a good idea.
only if you are afraid SR is run by cops.
-
You've made a huge mistake...
Marry me!
-
I am looking for an alternative to bitinstant to installwallet over tor. I was thinking of routing bitcoin-qt through my tor browser bundle Vidalia, but I get a warning message about how one of my applications is revealing my IP address.
I can install my package manager's version of tor and route it through that and it works without errors, but I bet it is just because those types of messages are not being logged. I also can't run browser bundle and bitcoin-qt at same time because of different instances of tor.
"Log notice syslog" is set int torrc but i want to set a notice log file like so: "Log notice file /user/encrypted/notices"
torrc is invalid :(
Any solutions? Thanks.
-
Thank you for all the input, everyone.
It seems the general consensus that bitistant > blockchain wallet > SR is indeed safe and anonymous. This is great, and very reassuring news.
Stay safe everyone. 8)
-
How does anyone feel about TORWallet.net ?
Can I use TOR with Blockchain.info wallet?
-
I was thinking of routing bitcoin-qt through my tor browser bundle Vidalia, but I get a warning message about how one of my applications is revealing my IP address.
I believe the warning message you're seeing is indicating that the IP address you are connecting to is not hidden, but your address is still hidden via Tor.
The message I've seen reads :
Potentially Dangerous Connection! - One of your applications established a connection through Tor to "X.X.X.X:8333" using a protocol that may leak information about your destination. Please ensure you configure your applications to use only SOCKS4a or SOCKS5 with remote hostname resolution.
Note it says there MAY be information leaked about the DESTINATION. I take this to mean that there is no guarantee that the peer which BitCoin-QT is connecting to is using Tor, which doesn't really matter. Also notice it says to configure your applications to use SOCKS4 or SOCKS5, and you've configured BitCoin-QT to use a SOCKS4 proxy (Tor).
So I don't think BitCoin-QT over Tor leaks your IP. Even if it did, which it doesn't, you would be OK if you washed your BitCoins afterward.
-
I'll take your word for it.
Is it better to set the Vidalia setting (under advanced -> tor control) for my tor to run on 127.0.0.1 9050 or 9051, or is it better to use "configure control port automatically" option and get the random port from FireFox?
It seems like I heard is was bad to run tor on any port other than 9050 or 9051.
Or... no difference.
So running is bitcoin client is safer than using an instawallet because the actual wallet is on your computer?
And while I've got you here. Recommended transaction fee of 0.01 or what? I didn't have to configure that option on instawallet.
Thank you.
-
You've made a huge mistake...
Marry me!
Her?
(Sorry for going OT, I'll stop now!)
-
I'll take your word for it.
Is it better to set the Vidalia setting (under advanced -> tor control) for my tor to run on 127.0.0.1 9050 or 9051, or is it better to use "configure control port automatically" option and get the random port from FireFox?
It seems like I heard is was bad to run tor on any port other than 9050 or 9051.
Or... no difference.
So running is bitcoin client is safer than using an instawallet because the actual wallet is on your computer?
And while I've got you here. Recommended transaction fee of 0.01 or what? I didn't have to configure that option on instawallet.
Thank you.
Well, don't just take my word for it. I'm not really an expert, but I am trying to share my limited understanding.
After reading a couple of resources regarding the error we're discussing, I think I have a better understanding of what the message means.
https://trac.torproject.org/projects/tor/wiki/doc/TorFAQ#IkeepseeingthesewarningsaboutSOCKSandDNSandinformationleaks.ShouldIworry
https://tails.boum.org/bugs/Tor_Warning:_Potentially_Dangerous_Connection/
Basically Tor is saying that a program (BitCoin-QT) accessed another machine by specifying an IP address instead of a DNS name. Tor is warning that if the program (BitCoin-QT) did a DNS lookup outside of Tor to get the IP address it is connecting to, anyone monitoring your traffic would see that you did a DNS lookup on whatever domain that IP address corresponds to. They would have to be actively monitoring your traffic at the time, and they would not be able to see the your actual communications, since those communications are going through Tor. They would just see that you did a DNS lookup on a certain domain name, and of course they would infer that would likely mean you would then communicate with that domain.
The message is just saying that BitCoin-QT may have done a DNS lookup outside of Tor. The rest of the communications are still taking place over Tor.
I don't think BitCoin-QT does DNS lookups, I think it just uses IP addresses because that is all it needs. I am not positive on that though, I will do some more research to satisfy my own curiosity.
I only have experience configuring BitCoin-QT to use Tor as a SOCS4 proxy on port 9050. I don't know if there is a better way. As I said above, I'm pretty sure using 9050 is fine.
Assuming BitCoin-QT does not do any DNS lookups, then it is just as secure as InstaWallet, not better no worse.
The thing I want to stress is that neither BitCoin-QT nor InstaWallet are secure enough for my liking if you want anonymity. Since we're talking about using Tor and depositing to Silk Road I'm assuming you want anonymity.
Say some proclaimed authorities infiltrate Silk Road and they see your account received a deposit from address A. By analyzing the block chain they would see what address that deposit came from, call it Y. If you used Tor for address Y then your real IP address is not the one they'll see associated with the source address, Y, but they may not need your real IP.
If you did a BitInstant deposit to address Y, then address Y is associated with whatever name you put on your MoneyGram and it is also associated with the geographic location you made the deposit at. If you used MtGox then address Y is associated with your real name and bank account, right? I've never used MTGox. Again, I'm not an expert but I want to stress the importance of scrubbing your bitcoins before depositing them into Silk Road. You can do many intermediate hops to different addresses or wallets and it is basically just as easy to trace the Silk Road deposit back to the initial bitcoin purchase by analyzing the block chain. Back-tracking the transfer of a single amount of bitcoins from A to B, B to C, etc, etc is very easy.
A scrubbing service is different because they don't just daisy chain one single address to another single address, transferring the same amount each time. They will take portions of your bitcoins and send them to many different addresses, and then those addresses send fragments out to more addresses, again and again and again. When the block chain is analyzed after this happens all that can be determined is that there were many different addresses that deposited to the address being investigated.
For example, when someone looks at the block chain for the Silk Road address, A, that received a deposit they will see that B, C, and D all deposited bitcoins to A. When B, C, and D are analyzed they see that E, F, G, H, I, J, K, L, M, N, O, and P deposited to those addresses. Then they have more addresses to analyze, and then another larger set of addresses, and so on and so on. It becomes exponentially more difficult to analyze enough transactions to actually link all the bitcoins from address A to whichever address you first used.
Even if they did manage to trace the Silk Road address to an address you used in a wallet, it wouldn't prove that your initial address is responsible for all of the bitcoins in the Silk Road account. When the block chain shows a situation where five addresses contributed to a transfer to a single address there is no way to know which bitcoins came from which of the five addresses. Just like regular currency, bitcoins are fungible. In theory it could be a coincidence that your initial address received a deposit of the same amount that got deposited into Silk Road later on. Who is to say who had control of the intermediate transactions in the block chain? Given sufficient time in a scrubbing service, they probably couldn't link all the transfers back your initial address anyway.
Look at the block chain info on this one address: http://www.blockchain.info/address/12vFsGHP3YsBWQufoGeytaJyg2kioTWS5b
We see that three addresses contributed to a wallet that transferred a fraction of a bitcoin to a single address. Which source address contributed how much of the transaction? There is no way to know.
It is like having a joint bank account. If your wife deposits $10 and you deposit $10, then $3 is transferred out of the account, who's $3 was it? Where did the $3 come from? There is no way to know.
That process gets repeated again and again, over and over by a mixing service. That is what you need to achieve anonymity with your bitcoins.
That is the best way I can describe how mixing services and block chain analysis works. If someone has more information or corrections to things I am misunderstanding then I would be interested to hear their input.
TL;DR : Silk Road deposits can easily be tracked back to you regardless of how you setup your wallet, unless you use a scrubbing/laundry/mixing/obfuscation service. That is why I advised using one of those services and depositing from that service to Silk Road in my first post in this thread.