Silk Road forums
Discussion => Newbie discussion => Topic started by: barney010278 on March 04, 2013, 08:02 am
-
If you werent using PGP and were posting directly on this site, are you trackable or does the forum/Tor browser protect you?
-
bump past all that spam!!
-
It's a loaded question. PGP is for sensitive identifying data that you want to send to someone you trust with it (namely to destroy it properly later). There is no reason to not use PGP or encryption on sensitive data. It's lazy and dumb.
Now, can someone ID you from posting on the forums. Yes, there are several ways. However, you can do things to mitigate the risk. Tails LiveCD website has a lot of good info on this.
-
I think that the hoops one has to jump through to have a decent SR experience kind of serves to weed out some of the more.....er....lazy types. It *shouldn't* be too easy, ya know?
Why no use PGP? I mean....it makes me feel like James Bond every time I use it, besides it's practical side..... 8)
-
The short of it is that they can't figure out who anyone user on Tor is from IP but they can inspect the Exit Relays and Entry Points. They can't ID a specific user, but they can see if a suspect matches a users activity. I've heard of two ways of doing this; 1) marking the packet going through the Entry and Exit in some way 2) Correlating other service usage or connection status (IE when you connect and disconnect) with Tor data. I read an article where they where able to catch an anon by chatting with him on IRC and at the same time messing with the suspect (In real life's) WiFi. He typed in chat he was having internet troubles exactly matching what they were doing.
Also, Tor does not automatically protect against correlating different identities either.
Use a bootable CD or USB
Hard reset and boot back into the liveCD when switching identities (Accounts you don't want correlated together)
Do not use WIFI (If you must you better not be using WEP)
Do not use any other services (music streaming, games, etc) at the same time as TOR which could be used to correlate activity with ID
-
I am so computer illiterate!! I have tried following everyone's instructions but I think it might
be my firewalls or something but it always gets interrupted when i download.
I have through along the way installed Kleopatra, is this a PGP or just a program that assists
when using a PGP program?
-
http://dkn255hz262ypmii.onion/index.php?topic=30938.2415
^ Pine is BEYOND awesome at helping people with pgp. Amongst others of course. (PrincessHIGH is awesome too).
NO need not to learn it. Plenty of helpful people and will benefit you in the long run. Takes a bit of time but with effort and 100% patience, you will prevail. They have some pictures too to show you if you hate reading. Hope this helps. Cheers!
-
Keep your PGP/GPG keys encrypted on your computer using something like TrueCrypt. Ensure your TrueCrypt key is only in your head and not used on websites or elsewhere or written down.
-
Thanks for the info Slurp.
Along those lines, I'd recommend saving files to Flash storage (USB key, or SSD) as magnetic tape drives can be analyzed for past deleted/overwritten files. However, I'd look into a permanent delete program because when you delete a file it isn't truly deleted until that memory is over written.
-
Alternatively, if the feds are coming rub a magnet along and/or smash your hard drive discretely.
-
You can *buy* a device to demagnetize your HD. A standard magnet wont be good enough. Besides if the feds can prove you smashed your HD or Erased it they can charge you with that regardless if they can prove anything else. Best to not even have to destroy it in the first place. The thing about encryption is that in the US it's very hard for law, possibly illegal, to force you to unencrypted your drive (Especially if you can't remember the pw).
-
Using truecrypt, the data is useless without the decryption key. Memorize a very long password. Put it on a USB drive as a hidden volume so that you'll have plausible deniability.that an encrypted volume even exists.
-
for my first two purchases I didn't use pgp and the vendors didn't seem to have a problem with it.. i think it's just more to protect yourself, right? like to the vendors they probably don't really care either/or, correct?
-
what is a good pgp for mac?
new to SR and still figuring everything out. want to make sure i am anonymous before i go buy something.
-
Alternatively, if the feds are coming rub a magnet along and/or smash your hard drive discretely.
You can use Active Killdisk with multiple DoD pass to erase your drives. I use it once in a while to destroy all my harddrives data.
-
You'd want to use PGP for your own protection for your address etc. This way, if say an exploit in SR were found and someone was able to retrieve order records, they would only get the encrypted/unreadable shipping address. Theoretically if you didn't use PGP they might see the address in plain text. The only way to decrypt and read the address is with the vendor's private key, which only the vendor has.
So, that means if a vendor was busted and their computer was seized, with the private key on it, they could only then decrypt the information.
Yeah, probably 99%+ of the time you'd be fine, but not give yourself a little extra protection--it only takes maybe 10 seconds...
-
Just take 10 minutes out of your day & figure out how to use PGP.
http://x35jfacrznhhtrfr.onion/tutorials/pgp/windows/
-
a lot of vendors dont care if you use pgp because it is YOUR OWN risk. pgp is intimidating at first, but if you do a forum search for "command line easy as shit" you will find a pgp guide to use from the command line step by step, and once you follow it and see how the command line works, it really is absolutely easy as shit
-
its easy. use it
-
You can use privenote?
-
what is a good pgp for mac?
new to SR and still figuring everything out. want to make sure i am anonymous before i go buy something.
Check out GPGTools. It is completely free and works great! They also have video walkthroughs. If you are still stuck after that check out the PGP threads here or YouTube. There is a great amount of visual explanation of PGP on YouTube.
Best of luck!
~Sudo
-
what is a good pgp for mac?
new to SR and still figuring everything out. want to make sure i am anonymous before i go buy something.
Check out GPGTools. It is completely free and works great! They also have video walkthroughs. If you are still stuck after that check out the PGP threads here or YouTube. There is a great amount of visual explanation of PGP on YouTube.
Best of luck!
~Sudo
-
privnote looks kewl? and are you not safe browsing the forums using Tor?
-
Follow the link in my Sig.
:)
Always use PGP when sending your addy to any vendor!!
:P
Also go here, right within our own forums : http://dkn255hz262ypmii.onion/index.php?topic=107219.0
for those of you that do not have the 50 posts.....you can also raise your post count in the "Newbie PGP Club" !!
Hope this Helps!!!!
Peace,
ChemCat
8)
-
It is a bit paranoid to think anybody would care to go after you for buying 20 pills or a bag of weed especially knowing that there is no way for you to roll over on your dealer here.
That said, it is too easy to use pgp so why would you not.
Computer literacy and low risks anyway I can see the reasons for not bothering. If you are buying amounts to distribute then that is another story. If I were to buy the B1,500 brick of heroin I would want to take every precaution, this being one of them.
-
Doesn't SR's use of the https protocol encrypt everything going over the air anyway? I'm not understanding why further encryption is needed.
-
bump
-
Doesn't SR's use of the https protocol encrypt everything going over the air anyway? I'm not understanding why further encryption is needed.
SR encrypts msg's but what you send to a vendor isnt encrypted.
My Question is quite simply this, Why would anyone Not want to be Safe? it's easy and i personally
feel as though something which takes a few seconds more time is well worth doing in order to keep my Freedom :)
But, to each their own i suppose :P
i'm sure there are alot of people that dont encrypt :o
LOL
Peace,,
ChemCat
O0
-
Thanks for the explanation ChemCat. Scout offered a challenge to newbies to send him an encrypted message using his public key, and so far I'm lost doing it with Cryptophane, which was supposed to make things easier.