Silk Road forums
Discussion => Security => Topic started by: Steelydust on February 06, 2012, 06:57 pm
-
People have said that you should send bitcoins from Mt.Gox --> Wallet --> Silkroad, because if you send them straight to your silkroad account that you could possibly be identified. To me this sounds like paranoia, sending bitcoins straight to Silkroad should be completely safe, right? If I'm wrong, then explain how this is a dangerous practice.
Thanks.
-
Not saying if you're right or wrong, but from a risk perspective I think the worst that can happen is an AML request from MtGox.
-
I read on the forum yesterday or day before somebody did that and lost all their coins. Mt gox says on its site at the bottom that any connection from a Tor address will freeze the acct and require you to provide ID and all this other crap. Mtgox is in bed with LE to prevent money laundering and whatever else. It's just a simple step so I don't see why it's a big deal. I created an instawallet and transferred there first then on to SR. Added about 10-15 minutes to the overall transaction. Well worth the "trouble" imo.
-
If you have do a cash deposit through bitinstant.com and have a fake id on MT. Gox tied to a related tormail address then you should be fine sending bc directly to SR from Mt. Gox. I guess if you got busted and your computer was seized and examined it may be possible to find your activities but it's highly unlikely.
-
People have said that you should send bitcoins from Mt.Gox --> Wallet --> Silkroad, because if you send them straight to your silkroad account that you could possibly be identified. To me this sounds like paranoia, sending bitcoins straight to Silkroad should be completely safe, right? If I'm wrong, then explain how this is a dangerous practice.
Thanks.
Better to send to you wallet first, because otherwise they could link your SR to your mtgox.
-
Why not just use get-bitcoin.com ? Transactions from a TOR connection have never been an issue there...
-
I read on the forum yesterday or day before somebody did that and lost all their coins. Mt gox says on its site at the bottom that any connection from a Tor address will freeze the acct and require you to provide ID and all this other crap. Mtgox is in bed with LE to prevent money laundering and whatever else. It's just a simple step so I don't see why it's a big deal. I created an instawallet and transferred there first then on to SR. Added about 10-15 minutes to the overall transaction. Well worth the "trouble" imo.
But these are entirely different things you are talking about.
They are talking about accessing their website from a TOR exit node IP address. Which would happen if you accessed their website over TOR to make the transfer.
But transferring to the SR account has nothing to do with this. You can access their website over regular network, and just put in your SR BTC account number. It works just fine. SR tumbles the BTC a few times between your account and the target vendor account. So, the advantage of tumbling yourself is somewhat dubious. But, of course, doesn't hurt. :)
-
People have said that you should send bitcoins from Mt.Gox --> Wallet --> Silkroad, because if you send them straight to your silkroad account that you could possibly be identified. To me this sounds like paranoia, sending bitcoins straight to Silkroad should be completely safe, right? If I'm wrong, then explain how this is a dangerous practice.
Thanks.
This is most definitely NOT paranoia.
If your transaction originates from an identifiable source of money (bank account, check, etc).
There is a trail built into the btc system that allows transactions to be 'verified' by the network.
Please read the following link, it should satisfy at least a small portion of your curiosity
hxxxs://en.bitcoin.it/wiki/Anonymity
To anon your coins use a service that forwards coins using a "green" address... in other words
original coins -> your wallet -> xxxx different wallets > (transfer from green address service NOT your wallet, though the coins are deducted from your wallet(s) and there is a trail of the moves it complicates things to move them around) > sr wallet
-
I read on the forum yesterday or day before somebody did that and lost all their coins. Mt gox says on its site at the bottom that any connection from a Tor address will freeze the acct and require you to provide ID and all this other crap. Mtgox is in bed with LE to prevent money laundering and whatever else. It's just a simple step so I don't see why it's a big deal. I created an instawallet and transferred there first then on to SR. Added about 10-15 minutes to the overall transaction. Well worth the "trouble" imo.
But these are entirely different things you are talking about.
They are talking about accessing their website from a TOR exit node IP address. Which would happen if you accessed their website over TOR to make the transfer.
But transferring to the SR account has nothing to do with this. You can access their website over regular network, and just put in your SR BTC account number. It works just fine. SR tumbles the BTC a few times between your account and the target vendor account. So, the advantage of tumbling yourself is somewhat dubious. But, of course, doesn't hurt. :)
I agree with what you're saying, in theory. My concern was that I read in the forum the other day that a person did what you are saying (moved their coins straight from SR to mt gox) and their coins were frozen by Mt Gox. There's a lot of different ways to fund your mt gox acct, and some may be dubious and others not. Like I would not fund mt gox from a bank transfer into dwolla or something then send the coins straight to SR. My point is only that the more transfers there are, the safer it would seem to be. To each their own. I just thought I'd throw it out there because I heard it could be bad news.
-
I've sent BTC directly from mtgox to SR and nothing happened. Just don't access mtgox through tor. SR generates a new random BTC address for you each time anyway.
I don't trust the wallet tumbling services.
Even if this may be less than perfectly secure, the fact that most SR uses tumble before sending their BTC to SR makes it much less likely LE is looking at this method much anyhow.
-
i'll be the guy to confess to being an idiot and doing that. it was my first buy and i barely understood how anything worked... long story short - i tripped on acid and it was awesome. coins werent frozen or anything. i now tumble it through a wallet or two however.
can anyone verify, does mt gox make you verify the account every time (assuming you want to withdraw your coins) or only if they get suspicious?
eg if i create an account right now and deposit to it and then want to send them to sr, will they make me verify?
-
can anyone verify, does mt gox make you verify the account every time (assuming you want to withdraw your coins) or only if they get suspicious
MtGox only send you AML (verification request) if you want to exceed the daily transfer limits, or if required to do so by the law of their host country (Japan). Also due to changes of their AML system, assets will not necessarily be frozen during the AML. The single worst thing you can do is access their site via TOR.
I still wouldn't be so bold as to regularly transfer funds directly to SR, but that's more a testament to my cautious nature than it is to anything else. Since SR is a closed source system (as it has to be) we don't know how effective the tumbler is. And since the block chain is public and permanent, I don't see why err'ing on the side of caution wouldn't be the best approach.
-
^ This guy knows what they're talking about, especially the part about how SR's bitcoin mix cannot be trusted. If you are not buying coins anonymously, you need to mix your coins (not just send them to intermediary wallets), or you are quite linkable to your drug money.
-
Money you send to Silk Road from Mt.Gox can be identified as having been sent to a Silk Road address. How? By address merging.
Suppose Officer Friendly opens a Silk Road account and deposits 0.01 BTC to his SR address, A.
Later, you send money directly from Mt. Gox, who is working with Officer Friendly, to your SR address, B. Mt. Gox stores this fact in its own database, linked to your identity.
Later, Silk Road tumbles the coins, possibly resulting in a transaction that takes coins from both addresses A and B, which proves that A and B both belong to the same wallet. Since Officer Friendly knows that A belongs to SR, he therefore knows that B belongs to SR, and since Mt. Gox knows you sent to B, they know you sent money to Silk Road. Now they can send the DHS to your door.
-
Explain to me how to tumble
In the past i just send gox --> my wallet on desktop --> sr
How should i go about tumbling?
-
Sounds like you're tumbling to me. Just a way to keep from going directly from a legal acct that could be monitored by LE to a not exactly legal one. Maybe some one knows better?
-
Explain to me how to tumble
In the past i just send gox --> my wallet on desktop --> sr
How should i go about tumbling?
So this counts as "tumbling"
its too simple tho :D
-
I remember reading here on the forum that, SR tumbles the BTC anyway before actually sending them to your account on SR.... I hope that's true.
-
I feel like I've been beating a dead horse over the past couple of days, but what you describe as "tumbling" (a nonsensical term btw) does nothing to protect you. A more accurate term would be "proxying," and it adds perhaps two seconds of extra work for somebody trying to figure out your financial transfer topology. Please, please use a mixing service like Bitcoin Fog to properly blind (in the cryptographic sense) your transactions. I've posted at length about this recently so if you want to know how you're open to various attacks check out my earlier posts.
-
So hang on a sec- are BTC anonymous or aren't they? I thought that somebody would need to know a lot of things to get a line on you, like when you spent your coins and how many of them you spent.
-
Bitcoins themselves don't have a big sign on them that says "Alice bought these coins," but they can be linked back to Alice and then her dealer Bob since the transaction history of all public keys is public (go to blockexplorer.com and plug in some bitcoin address you've used before and you'll see how much you've sent to whomever). You can unlink yourself from your drug money by blinding the transaction chain, my preferred way of doing this is by using a mixing service. If you are obtaining your coins in a truly unlinkable manner (such as by mining them yourself and doing the first transaction from behind Tor) then of course you don't need to do any blinding because you were never linked to the coins in the first place.
-
... my preferred way of doing this is by using a mixing service ...
What other options are there? I mean for "blinding the transactions" as you call it.
-
Sending coins to an ewallet, using its green address to send it to another ewallet, then sending it using that ewallet's green address to your final destination also protects you from passive attacks. Unfortunately this requires that you use instawallet and mtgox since they are the only two entities I am aware of that have green addresses at all.
-
That's correct if you're LE and know the bitcoin addresses and that Alice is the buyer and Bob is the seller and exactly what time they made the transaction and for what amount, right? You'd have to be one bad ass Sherlock Holmes or have been ratted out for them to know all that.
-
Okay I have been sending directly from Mt. Gox to SR, feel like a n00b now, even though no problems, will follow some of this advice especially QTC's advice.
-
That's correct if you're LE and know the bitcoin addresses and that Alice is the buyer and Bob is the seller and exactly what time they made the transaction and for what amount, right? You'd have to be one bad ass Sherlock Holmes or have been ratted out for them to know all that.
It's a long shot and requires a lot of work, but yes, it is possible.