Tutorial Silk Road - lol.rmch.fr

I need a very simple tutorial of how to purchase Bitcoins and send them to Silk Road. This process seems ridiculously complicated.

I need a very basic, step-by-step process, with an explanation of the importance of each step and what I'm doing. I've looked at Mt Gox, but was intimidated by how many accounts I needed to set up to put money in (a total of three). Intersango was recommended in the beginners guide, but it is requiring me to set up a "Dwolla" account with no explanation of why. What is Dwolla and what does it do? Is it trustworthy, as it is asking for my real identity?
Silk Road is billed as efficient and simple, but I'm finding it to be exactly the opposite. A little help for a frustrated beginner would be hugely appreciated.
submitted by vicethrowawayaccount to SilkRoad [link] [comments]

NOOBS GUIDE - How not to get your bitcoin stolen on Empire Market and verify any empire site

Hi guys and gals,
I have made this guide because as some of you have probably experienced before there are tons of phishing sites that are mimicking empire market. Lots of them are very credible but steal your bitcoins. The most convincing phishing sites use a 'man in the middle' attack where it directs traffic to the original empire market site, but changes the bitcoin deposit address. People fall for this because the nature of the attack means that the users individual personal phrase is displayed correctly and everything seems to be normal but when you deposit, the coins disappear. This has led many users to falsely blame empire market and assume they are conducting an exit scam which is not true.

Firstly I would like to say to avoid this you must have a critical mindset of every empire market onion url you visit. Even if it has worked several times before. I will detail in this guide how to stop getting your money stolen and this is for educational purposes only. I do not take responsibility for anything you buy on the site. Please let me know if there is anything you would like added to the guide and I will aim to do so. I would also appreciate if everyone could upvote this and if the mods could sticky this so we can get maximum views to stop people getting scammed.

With that out of the way, I am assuming you know how to use PGP. if you don't please research how to do this before you continue, the following links may help you (if there is enough demand I will eventually make a separate tutorial on this):


The critical requirements you must have before continuing:

The reason why most people get scammed is because they don't verify their links, and when they have, they use the wrong empire market public PGP key located on the phishing sites. The attackers have set this up to work with their own phishing empire market site. The real empire market PGP key has always been located on dreadditevelidot.onion:

  1. Copy dreadditevelidot.onion into Tor
  2. on the right hand side of the page you will see a link saying '/d/EmpireMarket' click on it
  3. towards the top of the page underneath where it says 'Dread' you should see a button called 'PGP' click on it.
  4. Copy the PGP public key into notepad and save it as a .txt or .asc file and import it into your chosen PGP program (i tend to use GPA as part of the GPG4WIN toolkit but others prefer to use kleopatra, each to their own it does the same job)

Once you have this key imported name it something like empire market or whatever you wish, this will be the real key that will tell you if any site you are on is genuine or not. It is published only by the creator of empire market. NEVER and I repeat NEVER use the empire market PGP public key located on any empire market url as this can be faked. Only use the one on dreadditevelidot.onion, I hope that is crystal clear.

Now in general, what you want to do next is:

  1. take a link from dark.fail e.g. dkndfkn9gfnf.onion(not real) and add '/safe' to the end of it, or alternatively click on 'verify mirror' once you land on the site.
  2. follow the prompts until you see a PGP message displayed for you, copy this into GPA or other program and click 'verify', if all is good you should see a popup saying 'valid signature' and maybe some text highlighted in green. It looks like this:
  1. If you see anything saying 'bad signature' then under no circumstances login or use the site as it is a phishing site.
  1. if the signature is good proceed to login

Now, once you are certain the site is real, you still don't want to trust it 100%. What you want to do is go to the bitcoin deposit page and click 'generate a bitcoin deposit address'. Once that is done, underneath you will see a link saying 'Get PGP signed proof of ownership', click that and go through the prompts (as similar to before on /safe) you will see a PGP and you want to verify that also to make sure the signature is valid.

Once you have successful signatures for the previous steps you pretty much have the green light to deposit your bitcoin to that address. However if you are planning on depositing an amount you can't afford to lose, what I would suggest is depositing a small amount first. And if it is successful then you can deposit again later as the site will be confirmed to be genuine. This is an almost fool proof way of ensuring you don't lose your bitcoin if you follow the steps I have mentioned. HOWEVER IT MUST BE STATED THAT EVERY TIME YOU DEPOSIT TO A BITCOIN ADDRESS, YOU HAVE TO GENERATE A NEW BITCOIN ADDRESS AS ANY NEW COINS YOU SEND TO A PREVIOUS ADDRESS WILL BE LOST.

To prevent any further losses to your account you can go into your profile and enable 2FA authentication. This essentially ensures that no one can access your account unless they have your private PGP key and also if the .onion you see in the decrypted message doesn't match the url one you are on, it is a phishing site. If you would like a tutorial on how to do this please request it enough times and I will try to find time to write a tutorial up.

I am writing this from a position of frustration after losing a large amount of money to scammers and hope that my information can help you. Please take the time to follow all the steps meticulously and feel free to comment if you are having trouble. I work full time so I will try to get back to people when I am free. Please excuse any grammar errors as I wrote this in a rush and plan on editing it based on feedback. Happy Shopping

Mods please sticky this, spread the word and lets eliminate the scammers.

EDIT: I have had alot of requests from people who still can't successfully verify the mirror. Please make sure when you solve the captcha on the 'verify mirror' link that you copy the whole txt including the signature and the pgp code before you verify. If you are using dark.fail and it still isn't working then retry the captcha a few times becuase there may be a sync issue on the empire market server. For all the other users who still can't get it to work, for these people I think only a video tutorial would help. Also probably better not to login to any site until you have a firm grip of PGP, how it works and how to use it. As you can understand this would take time and i plan on releasing one on the weekend so please stay patient until i have edited and uploaded one on youtube. To make life easier for people I also plan on uploading empire markets PGP key to a download website, but I am hesitant to do this because I don't want anyone to half follow the instructions and then blame me if they lose their bitcoin.

EDIT [8 JULY 2019]: i apologise again for my delays, i live a very busy life. However please read the following information for those of you who are still having trouble verifying your links. I have ascertained the reason why some people are still get invalid signatures (note this is different to a 'bad signature'). The reason why is because kleopatra doesnt recognise where this key is coming from as its not part of the pgp network (not 100% accurate explanation but as noob friendly of an explanation i can give). To fix this what you need to do is certify the key in kleopatra:
  1. Open kleopatra, you should see a collection of public and private pgp keys including your own.
  2. Look for the empire market key and right click on it, then click certify
  3. Follow the prompts and certify it against your own pgp key. (You may need to enter your password)
  4. Once its all done you should see somewhere on the final dialog box where it says certification successful. (If not try it again)
  5. Click finish
  6. Now when you go through this tutorial again if the key is valid you should definitely see 'good signature' displayed in GPA.
  7. Smile and enjoy your hard work and patience of going through the tutorial.
Guys here is the empire market key that I have on my own computer (use at your own risk, it works for me and other people):
submitted by ufcfanatic123 to darknet [link] [comments]

Bitcoin, dogecoin. How I tried to make my fortune in 2014 with the sweat of my computer.

Bitcoin, dogecoin. How I tried to make my fortune in 2014 with the sweat of my computer.

Make money just by working on your computer: the rise of electronic currencies, in the wake of bitcoin, can be a little dream, especially in times of crisis. We tried the experiment. Wealth at your fingertips? Not for everybody.
Reading time: 6 min.
We have known at least since March 2013, with the soaring Bitcoin (BTC) price during the closing of Cypriot banks: electronic currencies, it has not much virtual. Since the creation of the enigmatic Satoshi Nakamoto serves as a safe haven, a playground for speculators, interests the States and even makes it possible to pay for his trip to the space where his beer, bigger world would dare to pretend that it only serves to buy prohibited substances on SilkRoad - if it ever was.
At the end of November, James Howells was mocked a lot, this Brit, caught in a household frenzy, inadvertently threw a hard disk containing 7,500 bitcoins, the equivalent of 4.8 million euros. A small fortune now lost in the depths of the Docksway dump near Newport. Nevertheless, before causing the consternation of the global Internet, Jamie still had the nose to undermine the BTC at a time when the experience mobilized a handful of hardcore geeks.
Since the rise (sawtooth) bitcoin, each unit currently weighs more than 800 dollars, nearly thirty cryptocurrencies have emerged. Is it possible, this year again, to let this promising, volatile and risky train pass, or to fall into
  1. Choose your electronic motto.
  2. All are based on the same principle: to summarize (very) big features [1], the issuance of money is governed by an algorithm, and the new corners put in circulation reward the resolution, by participants in a network of peer and mathematical problems, including the validation and archiving of transactions, which are public [2]. Mining a cryptocurrency is like putting the computing power of your computer in the service of the network.
  3. Since the program is decreasing [3], the mining becomes more and more difficult with time (and with the increase of the number of participants): to hope to make his pelote via the only computational activity, one must either have to at its disposal a large fleet of machines, to be a miner from the first hour. Exit the bitcoin, long since out of the reach of a personal computer.
  4. I similarly gave up the litecoin and peercoin, already well launched (they date respectively 2011 and 2012), to set my heart on one of the most recent currencies - and certainly the hippest of the moment: the dogecoin.
  5. As its name suggests, the cryptocurrency favorite Shiba Inus from around the world is a tribute to the Doge, one of the most famous memes of 2013, with its captions in Comic Sans, the font most sorry for the web. A geek joke, therefore, except that - the unfathomable mysteries of the Internet - its value jumped 900% in the third week of December, and she suffered a Christmas robbery online.
  6. Admittedly, at the time when these lines are written, the dogecoin caps at 0.00023 dollars [4] - its quite ridiculous (and quite depressing), but even if you bet on the future, so much to go frankly.
  7. 2. The hands in the engine the billboard.
  8. From there, things get tough (a little). Installing an electronic purse on ones computer is not very complicated (the software is available for Windows, MacOS, Android or, for the more adventurous, on a repository to compile under Linux). It is also possible to use an online wallet, but it is more risky (except, perhaps, when one is called James Howells). When opened for the first time, the purse automatically synchronizes with the Dogecoin network (be careful, it can be long), which gives you a payment address (we can generate more later).
  9. The two most common ways to undermine electronic money are to use the computing power of the computers microprocessor (CPU) or, more efficiently, that of the graphics card processor (GPU). In the first case, the program is simple to install; in the second, it is necessary to choose the most adapted to its material [5]. There are, thankfully, a lot of online tutorials. Still, to operate the corner board requires in all cases to trade the comfort of the GUI for aridity, so confusing to the layman, command lines - we have nothing for nothing.
  10. Finally, at work alone, we prefer collaboration. Mining is best done in groups, or rather in pool: it distributes the gains, of course, but also the difficulty. For the dogecoin as for all the crypto-currencies, the pools are numerous. A quick tour of a dedicated section of the Reddit community site can help you make your choice.
  11. 3. Extension of the field of struggle.
  12. And after? After, we can rest, since it is the machine that works. But the truth of a cryptocurrency - even at the exceptionally high LOL and LOL rates of the Shiba Inu - is cruel and brutal: not all computers are equal. Or rather, some are more equal than others. For while you heat your CPU or your graphics card to grapple some unfortunate corners, others will sweep the game thanks to specialized integrated circuits, computing capabilities much higher.
  13. If the game of buying and reselling corners is basically just another stock exchange mechanism, less the intervention of the central banks - what is at stake, and the big political question they ask: are we certain to prefer speculation pure and perfect to monetary policies, however questionable they may be? -, production, it is the law of the strongest (in calculation). There are even lethal weapons at $ 10,000 each, with which your processors are like mosquitoes in front of an A bomb.
  14. And if you think it does not matter because after all, it does not cost you anything, think again: the components, like humans, wear out faster when they work at full speed, and the bill of electricity can quickly grow. The profitability of the case is anything but certain, as evidenced by the results of online calculators. (Needless to say, our laughing dogecoin does not stand up to this kind of simulation.)
  15. Much more boring, from a collective point of view: the carbon footprint, current and above all expected, of electronic currencies worries more and more. Last spring, Bloomberg estimated that the energy consumption of the Bitcoin network was equivalent to that of 31,000 US households. Not sure, according to the site, that their emission is less damaging to the environment than have been some physical currencies.
  16. For exciting to analyze that is the emergence of cryptocurrencies, it is better to ask now about their cost, economic and ecological. To see it as a potential source of income, except for being a very early adopter with a hollow nose, an individual with a lot of computational capital or a clever trader, you have to make a point.
  17. If the recurrent comparison with the famous Ponzi pyramid [6] is discussed (after all, the decentralized currencies do not make promises), remains that, as long as the value does not collapse, the system benefits mainly to the first entrants - except James Howells.
  18. As the Bitcoin.fr site aptly states: all this is just an experiment, invest only the time and money you can afford to lose. LOLs love was not a worse reason than another to experiment, so I finally submitted my laptop to four days and three nights of intense activity, which makes me happy. owner of a good half a thousand dogecoins. Either the equivalent of 0.115 dollar, or 0.08 euro. It is obviously not worth the electricity consumed to generate them, it increases my carbon footprint, but it amuses my entourage. But laughter is, as everyone knows, a safe bet in times of crisis, less volatile than a real bitcoin.
  19. And then, after all, you never know.
  20. Amaelle Guiton.
  21. 1. For explanations more provided (the case is quite complex), refer, for example, to the series of very detailed notes devoted to blogger Turblog.
  22. 2. And as such, searchable by everyone. It is the identity of the users that is not known, unless they reveal it, hence the reputation of anonymity (relative, therefore) cryptocurrencies.
  23. 3. In the case of bitcoin, the maximum of 21 million units should be reached around 2140.
  24. 4. For a day-to-day follow-up, see the CoinMarketCap site which lists the exchange rates of crypto-currencies, based on the dollar value of bitcoin.
  25. 5. We discover then, unfortunately, that some graphics cards do not allow the mining. This is the case for the author of these lines, reduced to working in conditions of extreme computer deprivation.
  26. 6. Comparison which is at the heart of a hilarious note on the ponzicoin, signed by the economic journalist Matthew OBrien, on The Atlantic (to read if you intend seriously to invest in the dogecoin).
submitted by Mejbah411 to u/Mejbah411 [link] [comments]

Let's Get Cloaked I

For this inaugural installment of LGC, I'll show you the ropes of anonymity tech, starting from first principles.
I'll be your host, insette; I've been involved in cryptocurrency for quite a few years, largely because of the potential I recognized in darknet markets to generally speaking liberate humanity. IYAM, Bitcoin's unique selling proposition is and has always been anonymous international commerce, of the kind witnessed first on Silk Road (SR).
Before Bitcoin, it was simply impossible to transmit value anonymously across international borders. And the founder of SR evidently recognized this very early on. Conversely, pyramid schemes (see: "digital gold") have always abounded in the form of Beanie Babies, Pogs, tulips, MLMs etc. Ask yourself which aspect of cryptocurrency is more groundbreaking. Hint: it's the part where you can be behind seven proxies and operate and manage a paid distributed team of people whose actions transcend national boundaries. Taken to its extreme, cryptocurrency may even allow humanity to form entirely new, global "states".
Since this is /DCR, it needs to be said Decred builds upon Bitcoin to make not only anonymous international commerce possible, but also anonymous international boardrooms possible (think: "bearer shares on steroids"). Arguably every cryptocurrency has a boardroom or governance aspect to it, but c0 made elaborate design decisions from a very early stage to integrate those governance features into Decred's core. In a couple years, what this means is, hopefully, you'll be able to anonymously make some really big fucking decisions; decisions of HUGE consequence to the world, anonymously, in your pajamas if need be.
However, and this is the basis of LGC, if those decisions are not made anonymously; if those decisions are not made by and for anonymous people, then I feel the decisions will be of lesser scale and importance to the world. In the absence of full anonymity, decisions tend to be made behind the very same social filters which hold society at large back. Think: taxation, regulation and political correctness.
Part of the point of this series is to set your head straight. First, recognize what cryptocurrency is about. But also, embrace it.
If a bunch of people are here for the Beanie Baby ponzi aspect of cryptocurrency; if everyone here is just some schmo on Windows 10, we're going to have a very weak community at the end of the day one which isn't capable of reaching out and touching the world in a profound way. And frankly, who would give a fuck about a cryptocurrency like that? No one.
So let's make big decisions of consequence in our pajamas, anonymously.
Your homework is to obtain a USB pen drive, and make it into a Linux (or BSD) live USB.
A good place to start is with a program called unetbootin.
Any old USB pen drive will do.
You may need to search the web for tutorials; live USB creation has been written about more than enough times by now.
Making a live USB pen drive containing Linux or BSD is the first stpe towards obtaining true anonymity.
As you do this, think about what it would mean for Decred if our boardroom was predominantly anonymous and "run" by people of the anon mindset; then think about how lame and useless it would be if Decred's boardroom was run entirely by low information having Windows users, ponzi followers and politically correct VCs.
Make the right decision.
If you're already running Linux, good. Perhaps you can help spread this message to others, or help anyone you can in this subreddit install Linux on a USB pen drive.
submitted by insette to DCR [link] [comments]

05-10 10:13 - '📷📷📷📷📷📷📷📷📷📷📷📷 / 🇷🇺[[link] / 📷📷📷📷📷📷📷📷📷📷📷📷 / Best top rated and safe📷 / western union Transfer Service☑ / Former Top Vendor on Silk Road & Alpha Bay ☑ / Video proof and feedback📷 / from thousands of clients.☑ / 📷MTCN in 40-60...' by /u/gio107 removed from /r/Bitcoin within 26-36min

📷📷📷📷📷📷📷📷📷📷📷📷 🇷🇺[[link]5 🇷🇺 📷📷📷📷📷📷📷📷📷📷📷📷 Best top rated and safe📷 western union Transfer Service☑ Former Top Vendor on Silk Road & Alpha Bay ☑ Video proof and feedback📷 from thousands of clients.☑ 📷MTCN in 40-60 mins 📷 done by professionals.📷 📷 Trusted resource for guides & Tutorials 📷Ok so you want to know how to CARD WESTERN UNION right📷 📷 We also offer detailed TUTORIALS 📷✔ on how to make successful Western Union Transfers✔📷📷📷📷📷📷 What We Offer📷📷📷 WESTERN UNION TRANSFERS ✅ CASHAPP TRANSFERS ✅ DUMPS + PIN ✅ PAYPAL TRANSFERS ✅ HACKED PAYPAL ACCOUNTS ✅ BANK LOGINS ✅ CVV ✅ USA AND UK FULLZ ✅ TRACK1 & TRACK2 ✅ HACKING SOFTWARE ✅ HACKING TUTORIALS ✅ CARDING TUTORIALS ✅ 📷[[link]5 ✅ 📧[[email protected]]3 JABBER: [[email protected]]4 📷📷📷📷📷📷📷📷📷✅✅✅
Context Link
Go1dfish undelete link
unreddit undelete link
Author: gio107
1: www.cash*ut**ne**net/ 2: *w*.cas*ou*mon*y.net/ 3: mailto:[email protected] 4: mailto:[email protected] 5: WWW.CASHOUTMONEY.NET]1 6: WWW.CASHOUTMONEY.NET]1
Unknown links are censored to prevent spreading illicit content.
submitted by removalbot to removalbot [link] [comments]

Como ser anónimo na Internet – [TUTORIAL COMPLETO]

Antes de mais, não sou um especialista, apenas alguém interessado em segurança e comunicação e este tutorial é apenas direccionado à educação :D

1) HTTPS ou TOR?

1.1) Intrudução

Ao navegarmos a Internet convencional ou a “surface web” usamos protocolos. Tudo começou com o HTTP (HyperText Transfer Protocol), foi um dos primeiros protocolos quando tentamos aceder a um site mas é bastante fácil para um “hacker” ver o que fazemos e por onde navegamos isto porque não há qualquer tipo de encriptação entre o servidor web e a vossa máquina ou seja, basta alguém estar estar na mesma rede do que vocês, por exemplo a mesma rede wifi, e executar um MITM (man in the midle atack). Onde o hacker redireciona o tráfego da máquina alvo para o seu servidor e ele literalmente lê os pacotes de dados (informação trocada ou seja, passwords, utilizadores, etc) com um simples “sniff” no wireshark (programa que nos permite ver pacotes de dados (TPC, UDP, etc)). Forma bastante eficaz de roubar informações a alguém em servidores desprotegidos.
Felizmente e a nosso favor a maioria dos sites hoje em dia usa HTTPS (HTTP + SSL), muitas pessoas convencionam o “S” no final do HTTPS como “secure”, daí o cadeado verde que vemos quando acedemos a esses websites.
O processo (SSL) começa quando nos tentamos conectar a um site e ele manda-nos uma cópia do seu certificado SSL (Chave pública), o navegador verifica se o certificado está expirado, em vigor, valido, etc (uma grande treta de acreditação). Se o navegador confiar no certificado, ele cria e envia de volta uma chave de sessão simétrica utilizando a chave pública do servidor. O servidor da decrypt da chave de sessão simétrica usando a sua chave privada e envia de volta uma confirmação criptografada com a chave de sessão para iniciar a sessão segura e agora o servidor e o navegador comunicam com, supostamente, segurança. São assim realizados os primeiros momentos de conexão quando acedemos a um website com HTTPS.
P.S: Pensem em chaves publica como algo que transforma x em alguma coisa que só pode ser aberto com a chave privada, y. Mais sobre isso a frente.

1.2) Se HTTPS é assim tão seguro, porque usar tor?

Bom, mesmo com esse tipo de segurança há várias formas de ver ou atacar alguém. Sempre podemos fazer phishing, ainda usar MITM (fazermo-nos passar por o servidor verdadeiro, é difícil AF mas possível) entre muitas outras coisas..
Com o Tor deixamos de ter esses problemas. Mais ou menos.

1.3) Mas o que é Tor?

Tor é uma comunidade, uma rede de computadores muitas vezes referida como Dark Web ou Deep Web.
A rede Tor dá-nos um nível de segurança com 128-bit AES (Advanced Encryption Standard) end-to-end (De computadores para computadores, não da nossa máquina até ao website). No final das contas é uma rede que sobrepõe “IP’S” em várias camadas e deve ser tratada como tal.
O melhor é usar HTTPS e Onions (Tor), HTTPS protege os nossos dados a nível de navegadores (nós)<=>(WEBSITE) e a rede Onion reforça o anonimato com “loops” pela internet de modo a escondemos a nossa identidade (IP). Mas esse nível de segurança depende do próprio website/servidor com que estamos a tentar comunicar. Para os nerds que desconheciam esta tecnologia, aqui têm um “Let’s Encrypt” para onions (here)
A rede tor funciona a partir de nodes, qualquer um pode fazer um relay, node de saida, etc. Uma autentica rede de computadores que comunicam entre si anonimamente.

1.3.1) Um aparte do funcionamento dos nodes…

Utilizando este modelo de 3 ou mais nodes fica mais difícil, mas não impossível de correlacionar o vosso pedido inicial com o vosso IP original. Também queria frisar que a maior parte destes nodes são universidades (fun fact)
O problema vem quando escrevemos “plain text” num site que acessamos via Tor, imaginemos que o meu exit node é o FBI ou a NSA. Se tivermos introduzido dados sensíveis apenas rezem que quem estiver a manteoperacional o exit node não tenha poder computacional suficiente para desencriptar a vossa ligação.

1.4) Let’s get REAL

Depois disto não parece nada seguro usar tor né? O bom é que é praticamente e impossível quebrar 128-bit AES. Toda a rede de bitcoin (hash rate atual é de 60M) demoraria 2.158 x 10^12 anos para quebrar 1 só chave. E para além do mais, sempre podemos configurar os nossos nodes, mais aqui.
Apenas não coloquem nada que não gostariam que se tornasse publico pois a segurança nunca é garantida! O que é (praticamente) garantido é o anonimato com o tor :)(Eu diria até que o vosso anonimato é garantido, todos os websites na deepweb que foram fechados até o dia de hoje por exemplo, não teve nada a ver com uma falha na rede tor mas sim foi um descuido dos administradores)
E para comunicação na web (chat) usem sempre PGP (Pretty Good Privacy), vamos falar mais a frente.

2) Que sistema operativo usar / Como Operar

Pretty bit topic here..

2.1) Sistemas Operativos

Querem anonimato? Usem um sistema operativo ao vivo (Live Operating System / Live CD). É um sistema operativo contido num dispositivo de armazenamento móvel, podem usar em qualquer lado com um computador (motherboard não desbloqueada) não deixando qualquer rasto no pc da sua existência (kinda, mais a frente).Caso não queiram ser tão hardcores sempre podem usar linux muito bom também, updates constantes da comunidade ;)Para o típico utilizador windows.. sabiam que o windows envia tudo o que vocês escrevem e falam para a Microsoft? Aqui têm tools que removem a telemetria and stuff (here)
Se são uns completos noobs e nunca instalaram nenhum OS (operating system) podem usar uma coisa chamada Virtual Box que emula um sistema operativo dentro de outro. Pesquisem.

Recomendo o uso do Tails (Live), Link here.

P.S: No que toca à Apple não tenho experiência portanto, não comento.P.S2: Dêm uma vista de olhos no “qubes”, sistema operativo hardcore para segurança.

2.2) PGP, Como Operar & Related

2.2.1) Mini Introdução

Temos de assumir sempre o pior, qualquer agência de inteligência ou governamental interceptou e desencriptou os nossos dados. O que eles podem usar contra nós?
Temos sempre de agiter o cuidado de nunca compartilhar dados pessoais, NUNCA. Ter uma boa password sem nada que nos identifique (Tenho uma boa password?) e diferentes passwords e entidades para cada serviço/website que usemos. Lembrem-se, basta “deslizar-mos” uma vez e somos comprometidos. Caso usem o mesmo utilizadopass qualquer organização/pessoa com intenções pode “ligar os pontos” e identificar-te.

2.2.1) PGP (Pretty Good Privacy)

Outro passo que devem tomar é comunicar apenas usando PGP. Lembram-se das chaves publico e privadas? Vou salientar novamente esse tópico.Tomem em conta que nem sempre é possível comunicar com PGP, quando estamos a preencher informação num website ou wtv essa informação pode estar comprometida.
Side Note: Há uns open sorce code para usar o Proton Mail com PGP com alguma facilidade, pesquisem nerds.

O processo PGP:

GUARDEM BEM A VOSSA CHAVE PRIVADA, GUARDEM NUM LOCAL OFF-GRID, fisicamente escondida. Caso comprometida, fudeu. E já agora, se a perderem não há nenhuma forma de a recuperar.
No tails a área onde podem mexer com o PGP fica no canto superior direito, uma que parece uma prancheta, vão a “manage keys”.
Por exemplo, uma das razões que o Silk Road falhou foi que Ross (um dos administradores) nem sempre comunicava através de encriptação PGP e depois de ser apanhado (meteu informações pessoais na net no inicio da sua jornada) as autoridades tiveram acesso a tudo o que não estava encriptado.
Sugiro sempre que guardem as suas chaves privadas num cartão SD ou melhor num microSD para que se um dia forem apanhados e alguém for-vos bater à porta podem simplesmente parti lo e os vossos dados ficam seguros x)

2.2.2) Tails e resíduos

(assumindo que têm o tails a funfar..)
Tails é um excelente sistema operativo para privacidade, quando ligado e “bootado” no PC ele cria um drive virtual e quando é fechado tal é apagado, mas não permanentemente.
Como deve ser conhecimento geral, armazenamento na memória de um computador (no seu disco rígido) funciona a base de 0’s e 1’s. Vamos supor que crio uma pasta chamada “teste”. O disco rígido será desempenhado de designar os respetivos 0’s e 1’s a uma secção do disco e saber onde está tal secção.
Temos 2 dados importantes aqui, os dados da pasta “teste” (0’s e 1’s) e a sua localização na respectiva secção do disco, chamam-se “pointers”. Pointers apontam o local do disco onde estão armazenados os dados (0’s e 1’s).Quando apagamos algo (tradicionalmente) apenas apagamos os pointers e os 0’s e 1’s anteriormente designados à pasta teste estarão agora labled como livres, esperando serem rescritos por novos 0’s e 1’s de novos dados. Espero ter sido claro.
Portanto, alguém com habilidades pode pesquisar no disco 0 e 1’s designados como “espaço livre” que, organizados “façam sentido” e recuperar os nossos dados privados.
Temos 2 opções:

2.2.3) Encriptação do disco inteiro & destruição segura de ficheiros & RAM

No que toca a encriptação do disco tails tem uma funcionalidade incorporada chamada FDE (Full Disk Encryption) ou seja, formata-vos a pen (ou o quer que seja que estão a usar) e rescreve-a com o seu conteúdo encriptado sendo apenas possível ganhar-lhe acesso com uma palavra-passe. E como sempre, guardem a password num local seguro ou memorizem-na.
Tutorial de como encriptar o disco (here)
E no que toca a destruição segura dos ficheiros há vários programas para o fazer, apenas recomendo que o faças no mínimo 3x (para garantir aleatoriedade). Duck it.
Mesmo com o disco encriptado e os dados limpados ainda podemos extrair-te informações pela tua RAM 📷
Chamam-se de “Cold Boot” esses tipos de ataques.

Primeiro, RAM (random acess memory), quesamerda?

RAM é o local onde o computador armazena dados que apenas são necessários temporariamente e isso acontece milhões de vezes por segundo. Pensem na RAM como uma memoria onde pode ser escrita e rescrita os 0’s e 1’s extremamente rapido.
Imaginemos que estão a trabalhar num documento de texto, enquanto trabalham tal está a ser guardado na RAM (armazenamento de curto prazo) até que clicam em salvar e o documento é armazenado no disco rígido em si (armazenamento de longo prazo).
Nesse período de tempo os dados são armazenados na RAM sem qualquer tipo de encriptação. Quando desligamos o computador normalmente ele passa por um ciclo onde limpa os dados armazenados na RAM mas se ele perder energia abruptamente os dados ficam “leaked” na RAM e é onde são realizados os Cold Boot Atacks. A única medida que podemos implementar contra este tipos de ataques é usar RAM DDR3 (isto porque ela necessita de eletricidade para manter dados, passado x tempo os dados são apagado) e desligar o PC normalmente, sempre.

2.2.3) Inimigo? Javascript.

Imaginemos que corro servidores maliciosos tendo em conta que tenho uma grande comunidade a alimentar-se dos meus serviços e sou apanhado. O que as autoridades podem fazer para os apanhar?
Um dos métodos mais comuns usado pelas autoridades é injetar javascript ou seja, todos os utilizadores iriam acessar uma página web alterada que tinha como intenção correr javascript que transmitia o IP da pessoa e a sua localização (visto que tal código era apenas descodificado e corrido no pc da pessoa).
Dito isto, aconselho desativarem a execução de javascript nos vossos navegadores (browsers). Tanto no iceweasel (tails) ou no firefox (tor) podemos desativar a execução de javascript com o seguinte procedimento:
(se usam tails, cada vez que o iniciam poderão de ter de fazer isto)

2.2.4) Dados EXIF

Tiramos tantas fotografias com os nossos telemóveis né? Sabiam que provavelmente a vossa localização está incorporada nelas?
Quase todos os formatos de fotos podem ter as cordeadas incorporadas menos o formato .PNG portanto é imperativo para um criador de um website apenas permitir formatos PNG e também para nos porque a nossa informação pode dar “leak” por um erro tão simples como este.
Felizmente o Tails tem uma solução, basta irmos a Applications -> Accessories -> Metadata Anonymisation Toolkit, mais info –> (here)


Bem, não.
VPN’s não são de confiança. A famosa “HideMyAss” que supostamente tinha uma carrada de implementações de segurança que nem eles próprios conseguiriam ver o que o utilizador fazia abriu a boca quando questionada pelo governo da Inglaterra sobre o caso LulzSec.Mas se tentarem a vossa sorte escolham uma que no mínimo tenha 128 bits ou até mesmo 256 bits de encriptação.
Se querem ainda mais segurança do que já têm, comprem umas raspberryPi, disfarçam-nas e coloquem-nas em um sitio que tenha uma rede Wifi Publica escondidas e com eletricidade, façam uns servidores OpenVPN, uns proxies da treta e GG (Como criar uma rede tor mas caseira). Fiz um tutorial de como fazer uma VPN numa raspberry, depois é só fazer uns loops.
P.S: DNSQueries, não confiem na vossa rede.

2.2.6) Cuidado com downloads

Por vezes numa comunidade da deepweb recebemos PM (private messages) que nos dizem que a nova atualização do tor tem uma falha de segurança e aqui está o link X para dar patch. Treta, nunca confiem e façam sempre o download do website oficial (cuidado com o phishing) mas podemos sempre verificar a autenticidade dos nossos downloads.
Recomendo o uso do GnuPG. Pesquisem, muito importante! Voltamos a usar o nosso amigo PGP ;)
P.S: Não só downloads, também podem assinar mensagens encriptadas (quase como encriptado 2x)

2.2.7) Simples e eficaz, adeus monitorização da treta

Podem-nos identificar de várias maneiras, uma delas é pelos nossos padrões habituais que podem ser usados contra nós em tribunal.
Uma forma fácil de acabar com isso é desabilitar “mostrar o meu status online”, muito comum em fóruns e comunidades.

2.2.8) Usem bridges!

Mesmo com esta segurança quando ligados ao tor o vosso ISP (Internet Service Provider) pode ver que vocês estão a usar o Tor, para tal sempre podemos usar bridges. Lista de bridges (here) captcha é hard mesmo.. (ataques de correlação)
Depois de entrarem vão ter acesso a uma lista de bridges que são publicamente disponiveis pelo Tor, talvez não seja a melhor opção mas sempre tens a opção de mandar diretamente um email para [[email protected]](mailto:[email protected]) com o body da mensagem sendo “get bridges”, infelizmente só funciona para Gmail e Yahoo (anti bots)
Para usa-las no boot do tails aparecem 2 opções: Live e Live (Fail Safe), neste menu cliquem em Tab , Espaço e escrevam “bridge” e depois enter. Modo bridge ativado. Ao entrarem no tails basta adicionar as vossas bridges numa tab que vos vai aparecer neste formato-> IP:PORTA e gg.
Visto que é muito menos provável que o vosso ISP conheça estas ligações. Também podem especificar o pais assim: XXX.XXX.XXX.XXX – COUNTRY: X
De qualquer das formas bridges é um assunto complexo, do your homework. Coisas bonitas para vocês (here)

3) Governo e polícia

3.1) Os seus limites

Bom, não têm, pelo menos os americanos (casos mais conhecidos). Eles chegaram ao ponto de ter uma conta no silk road como vendedores onde seriam vendidas fake ID’S (durante 7 anos), após esse período começaram de apreensões. E no serviço postal dos US, qualquer encomenda “ilegal” não eram apreendida mas sim colocavam-lhe um tracker.
Tenham sempre em mente que se eles vos querem apanhar mesmo, eles farã tudo no seu alcance para vos capturar. Tenham sempre em mente que se vocês estão a fazer qualquer tipo de actividade considerada ilegal têm sempre de ter em conta o pior cenário possível. Vocês até podem ter uns PC’s, uns servidores e algumas skills mas não é nada comparado com o poder deles.
Lembrem-se, basta escorregarem uma vez e acabou, sejam prudentes.

3.2) O que fazer quando se é apanhado

Errar é humano. Provavelmente vamos todos cometer um erro e se o governo achar que somos um peixe suficientemente grande ele vem a trás de nós.
É sempre melhor prevenir do que remediar, temos de ter já um advogado pago 50k + extra (caso sejam ilegais, mesmo.) isto porque o governo pode congelar-nos as contas/apreender o dinheiro.
Sabiam que o silencio é um direito? Mantenham a boca fechada. Eles vão tentar usar todas as táticas para nos fazer admitir que somos culpados dos crimes de que somos acusados.
Provavelmente a primeira coisa que eles vos vão dizer é que nos querem ajudar e estão a trás do maior peixe do cardume, ignorem, treta.
Eles vão dizer “então não queres cooperar? Estava a tentar ajudar-te mas agora só vais dar problemas” ou “Tens alguma noção dos crimes de que és acusado?”. Mais uma vez, mantenham-se calados e continem a pedir por um advogado.
Nunca falem sem o vosso advogado presente e nunca façam nada que não seja exigido legalmente. Vocês têm o DIREITO de estar calados.
Não discutam com os policias sobre se eles têm ou não alguma coisa contra ti, sê chill nesse assunto. Age assustado, ansioso e confuso. Como se não soubesses o que se passa e apenas queres o teu advogado. Diz aos policias: “Vocês estão-me a assustar, apenas quero o meu advogado”… como eu amo engenharia social.
Com o vosso advogado é o basico, sejam honestos com ele e trabalhem como uma equipa. Privilegio Cliente-advogado.

4) Cool Stuff

4.1) TorChat

TorChat funciona da mesma forma que o tor funciona com todas a features que todos gostamos, cria links .onion da mesma forma que o tor mas usa-o para identificar um ID de uma pessoa em particular sendo que esse ID pode comunicar com outros ID.
P.S: Não recomendo, ideia bonita mas não sabemos o nível de anonimato ou as vulnerabilidades que tal implica visto que funciona da mesma forma do que se como tivéssemos criado um HiddenService (um site tor) no nosso PC. Isso pode levar a problemas sérios.
Fica à vossa mercê, de qualquer das formas a sua comunicação eu<=>parceiro teria o mesmo nível de segurança do que o tor.

4.2) Como utilizadores do Tor foram apanhados


4.3) Email anónimo, História & Tor


5) Recomendações

submitted by Acujl to chapeubranco [link] [comments]

An Illustrated Beginners Guide to the Silk Road (Revised)

Submitted this a couple weeks ago. I have since revised and added to it based on your feedback. I also changed the tutorial to reflect buying bitcoin from bitinstant (instead of my first choice cryptocurrent which has been offline since the btc crash). Hope it helps some of you get started! http://cannabiscorner.net/guide-to-the-silk-road-part-1-getting-started/
submitted by medicineman33 to SilkRoad [link] [comments]

Comprehensive guide to safely browse the SilkRoad

First of all, I'm no security expert. The following guide will be nothing but technical instructions to securing your machine to make digital information storage and transmission secure.
Your security is divided in 3 parts. Also remember your security (as in lowering chances to get caught) is only as strong and your weakest link. Those 3 parts are :
a) Money
You can (and will) get caught if you aren't careful with how you move money. Banks and LE work hand-in-hand to trace money. I won't cover that aspect but you need a bulletproof way of buying (if you are a buyer) and/or selling (if you are a seller) your bitcoins.
b) Drugs
Yes, you'll get caught if you don't handle drugs in a secure fashion, ldo. It includes shipping, stealthing, receiving packages, storing. You get the idea.
c) Information
Here is the part I'll develop in this guide. How to handle information (mostly digital information) to not get caught and be as stealthy as possible.
All the following softwares are :
1) Free - you don't have (and shouldn't, as sad as it sounds for security reasons) to pay anything to fully use them
2) Open source - Anyone with knowledge can see what the programs are made of. Def a security plus.
We will need (In order of use) :
a) a good anti-virus
Before even starting the job, we need to make sure we're working in a safe environnement. If you have a keylogger installed on your computer then all futur steps will be for NOTHING. So if you don't have an updated AV installed yet, get one. I personally use AVG. Here is the link but it's recommended you search it yourself using google, after all, I could be a hacker myself.
b) a password manager
You'll need to save at least 5 complex passwords. I strongly recommend using a password manager (with passwords creation) such as KeePass. It's multi plateform (windows/linux/android).
c) TrueCrypt
Very powerful piece of software which allows you to encrypt files/folder or even full system partition using bulletproof algorythm such as AES.
d) VirtualBox
Very powerful software which allows you to run a completely autonom virtual machine inside your physical machine.
e) Ubuntu 13.04
Free OS. Very safe. Not so user friendly but you'll only use it to browse SilkRoad and use PGP (more on that later).
d) Tor Browser Bundle (TBB)
A package of pre-configured software to use TOR. Awesome.
I assume you already installed the antivirus and ran a minutious scan on your system. Your system was clean already ? Great, you can read what's next.
So first, we want to create an encrypted folder so that we can install a complete different OS in it. It'll be 100% safe and impossible (without the passphrase ldo) to know what it is you are putting in the folder.
a) Click on "Create Volume"
b) Select "Create an encrypted file container"
c) Select "Standard TrueCrypt volume"
note : Do your research on which option you want to use.
d) For Volume Location, select where you want to save the file. Type in a random name and click "save" then "Next" !! Note : You can select a USB pendrive (with at least 10GB and USB 3.0 strongly recommended) so that you have a portable, encrypted OS. Very useful since that you can physically hide it from LE in case of a search at your place) !!
e) Encryption Options
I advise to use AES. The technology is old which, in security, is a good thing since it means it has been tested by many security experts. I don't know about Hash Algorithm. I think I use RIPEMD-160 but it's up to you to do your godamn research on which option you want to use.
f) Volume Size
Pick at least 10gb, (no more than 15GB really). Note : TrueCrypt will encrypt the whole 10GB no matter what it is you put in, even empty space. So consider the number you type in (10GB here) as gone once you click "Next".
g) Volume Password
Open KeePass (!!!!!!!! with a strong masterpassword !!!!!!!!) and generate a random passphrase using at least 15 (25+ advised) characters (with lowercase, uppercase, numbers, symbols, space everything checked). Save it carefully, and copy paste it twice in TryeCrypt.
h) Large Files
Select "Yes"
i) Volume Format
Move your mouse randomly (to create randomness in the Key) a few seconds then click "Format", wait.
Congratulation, you now are the owner of an encrypted file container.
First, you need to mount the encrypted folder you just created. For this, open TrueCrypt, and click on random letter (remember it and always use the same to avoid corruption). I personally use R: (don't ask me why, I guess I used it the first time and it stuck). Then, click on "Select File" and browse to your newly created folder, click on "Open". Then, click on "Mount", it'll ask for your passphrase. Open it with KeePass and copy past it. Click "OK". If everything went well, you can know access your encrypted folder using Windows Explorer in computer. Truecrypt created a virtual partition.
Okay, so now, off to creating a Virtual Machine. You must have downloaded Ubuntu 13.04 (700MO or so). Good, save the .iso file somwhere.
a) Open VirtualBox, click on "New". In name, type in Ubuntu, it'll automatically select the type and version needed. Click "Next".
b) Memory Size. It's the amount of RAM you want to allocate to your virtual machine. I personally have 12GB of RAM and I allocated 4096MO to my VM (virtual machine). Note : Consider that the amount of RAM you give to your VM gone from your physical machine. Even if you don't run anything on your VM, the amount given (4096MO) won't be usable by your physical machine until you shutdown your VM. Click "Next".
c) Hard-Drive. Select "Create a virtual hard drive now", click "Create".
d) Type of hard drive file Select "VDI (Image disk VirtualBox)" Click "Next".
e) Select "Fixed Size", click "Next".
f) File location and size For location, click the yellow folder and go to the letter you mounted the file in TrueCrypt (for me R:\the-name-of-your-VM.vdi) In size, pick whatever the amount of GB you allocated to the crypted folder MINUS 1.5GB. !! Note : very important. For exemple, if your crypted folder is 10GB, you must pick 8,50 Gio. !! Click "Create" and wait a minute or two for VBox to create your VM.
Here are the settings I use for my SilkRoad Machine.
To access settings, in VirtualBox, select your newly created VM and click "Configuration". Go to the onglet "System" => "Proc", select a reasonnable Value (where the green and red meets is generally ok). Type in 90% in allocated ressources. Go to the onglet "Display" => "Video", select a reasonnable Value (where the green and red meets is generally ok). Number of screen, 1 by default. You can use more screens if you have more than one. Vbox supports it beautifully. Click "OK".
a) Open VBox, select your virtual machine in the left and click "Start" at the top. You now are running your virtual machine.
Now you must install Linux on it. A window will pop up and ask you to select a booting disk. Click the yellow folder and browse to the Ubuntu.iso file you previously downloaded. Click on "Start".
You VM will now boot using Ubuntu. Install it, check "Download updated while installing", leave everything else as is.
Select "Erase disk and install Ubuntu". File in the settings needed. In name, type whatever you want (note : I usually just type in the same letter I used to mount the folder with TrueCrypt). Pick a password (a new fresh password, that one isn't necessarily important but make sure you remember it). Select "Require my password to log in", you don't mind extra lawyers of security. Click "Continue". Now, wait, the installation can take up to an hour or two.
When done, click on "Restart Now". When rebooting, you will be asked to if you want to boot using the installation, DON'T anything and wait. Now you have a beautiful orange/purple page asking you for your password. Type in the password you wrote during the installation process and press Enter. Welcome to Ubuntu.
b) You need to setup a few things.
First, you can go fullscreen pressing Right CTRL + F (the CTRL next to the arrows on the right of your keyboard). Better, right ?
You'll notice those black borders onto the sides. That's ugly and bad for your eyes. To remediate, you need to install a pack of drivers especially made for Virtual machines.
To do so, put your cursor to the very bottom center of your screen (if you are in fullscreen mode, else you have access to the options at the very top of the window). Click on "Peripheric", Click on "Install Guest Additions". An autorun window will open up, select "Run Software" and click "OK". Enter your Ubuntu password. Click "Authenticate". An ugly purple window will open with ugly white characters, it's the terminal. We'll use it later for different stuff. Wait a minute or two until you have the terminal says this "Press Return to close this window...". Press Return on your keyboard (above Enter) to close the window, ldo.
Reboot the virtual machine by going to the very top right of your screen. Now to go the options, on the left, you'll see a dock of icons, click the Gear with the Red hammer or whatever you call it in english (I know it's not a hammer). Double click on "Displays", pick your favorite resolution. Click "Apply" then "Keep that resolution". Much better, cierto ?
You will notice the OS seems slow and laggy, even more so if you installed your VM on a USB pendrive. To remediate, follow those steps.
Run the terminal (push ALT + F2 and type in "Terminal", double click to open it. Copy past that command :
/uslib/nux/unity_support_test -p
The following should appear :
Not software rendered: no
Not blacklisted: yes
GLX fbconfig: yes
GLX texture from pixmap: yes
GL npot or rect textures: yes
GL vertex program: yes
GL fragment program: yes
GL vertex buffer object: yes
GL framebuffer object: yes
GL version is 1.4+: yes
Unity 3D supported: no
As you can see, 3D acceleration isn't activated. To activate it, return to terminal and copy past that command, enter password when asked. When "asked to continue [Y/n] ?", type in Y then press enter.
sudo bash -c 'echo vboxvideo >> /etc/modules'
Shutdown the virtual machine (you can do it manually inside the VM or press Right CTRL + Q and select "Send extinction signal".
Go back to VirtualBox and go to configuration => display. Check Activate 3D acceleration.
Boot your VM, open terminal and type
/uslib/nux/unity_support_test -p
You should now see that Unity 3D is supported and your OS is fluid. Don't expect native performances tho, it's still an emulated OS.
Run your VM. Open a firefox window and go to https://www.torproject.org/projects/torbrowser.html.en
Select the Linux version and download it. Close Firefox. We want to use that machine on the clearweb as little as possible.
Unpack (or drag&drop) the tor-browser_en-US folder in the folder "Home" or desktop or whervere you want.
Open the folder and double click on "start-tor-browser". It will open a weird text editor with gibberish stuff in it. Close it. We need to activate an option first.
Push ALT, in that window, type "dconf-editor" and press Enter. In dconfg-editor go to: org => gnome => nautilus =>preferences Click on "executable-text-activation" and from drop down menu select: "launch: to launch scripts as programs." Close dconf-editor.
You can now launch TOR. and browse anonymously the road. I strongly advise you to install KeePass for linux by going to Ubuntu Software Center to save passwords for Silkroad as well as your PGP passphrase.
PGP is a powerful protocal that allows you to encrypt and decrypt messages and files. It has been used for over 15 years and is the standard all over the world for industry and governement communications.
So first, we must create our own set of keys.
A) Creating your own keys
To do so, open the terminal and type GPG. It will reply :
gpg: Go ahead and type your message ...
Ok, you've got GPG installed already, perfect.
To create your key, type :
gpg --gen-key
Type 1 then hit Enter
You'll be asked to chose between 1024 and 4096 bits. Chose 4096 (the most secure), hit Enter.
Next window, type 0, press Enter, then type Y, press Enter.
You are now asked to enter your name, it's important you don't type in your Real Name obviously but it's also important to chose something that identifies you. I chose my Silkroad name so that my contacts know the key is mine.
Email adress : [email protected] or whatever you want, shouldn't be real.
Comment : none, press Enter
Type in "O" to confirm, press Enter
Enter passphrase, very important to chose something very secure. As usual, open up KeePass and generate a strong passphrase, there is no limitation AFAIK.
Then you'll be asked to do random stuff on your computer to generate bytes to ensure randomness in your key pool. Do stuff, open a random file and type in stuff for exemple. Once it's done (it can take a few minutes), you now have your own set of keys.
What we want to do know is to export the public key so that you can share it with your sellers/buyers.
Type :
gpg --armor --export your-email-adress-used-before
Copy paste the public key in a .txt file on your desktop and share it whenever you buy/sell.
B) Importing a public key
To send a message to someone, you must important its key. To do so, create a document and copy paste the key there, close & save it.
Now, open seahorse (hit ALT and type in Seahorse, open the program called "Passwords and keys".
Put your cursor in the very top left of your screen and click file => import, select the file you saved the key in. Done.
C) Encrypting a message
Open the terminal and type :
gpg -ear name-or-email-of-your-contact < Press Enter Type your message
Press Enter, finish by typing "end" and press Enter again.
You'll have your encrypted message. Something that looks like that :
-----BEGIN PGP MESSAGE----- Version: GnuPG v1.4.12 (GNU/Linux)
hQIMA7eD31/5BBRZAQ/9Hq1r1gpOIf2r06zSIL8Ww0tUCC9PlNiMpemPwhpZsccB vO4MOMrnV41BHToTQNfh0xiZdXFxO/T6ow4oatP2Ap/BvZtipcAAjJKowP6aaTOJ Wgd7nC4FTJvRUjgkW/p3imlQsdTVb3+2dNzCPp0yrr8NocW77+4Ka/+4aoql0UmI 3mKLjo0+eof8qAnQd5jOaAcWTszhIwBd99rXVbRCjNa/jMsSQ9Vnn7L+WqYGHuAI MMdOCU3peifV/7zA6A0bMKzStWc1JIa84wus91/mmErkRcNZHqThCje8eulinzRm RthaH0yi7ty65F3IuSqbq/qdpdE9UXvwjySbFE7ANCPpnkP4jv+oL95UezyjbO2x ra1Il7XKbYvaf0oXJAz5xKsLfeHKB3kCR+Kxzt9NmdRZ4rPZ4ZjSN5WI9YeOL0t/ W7oaCyBcFD/6/m/63VNYZTrwrqBGqsWhXVFpoHalvd+09CffsdQjwDIMy9u3TtRk j+FDSGuukKrS/7exWSoajSDhTK+koSS8CIFvyocZ81EkGhnUjd4kxlIAu4UCXmG6 LiJXXo7X5PK7knGtlzZXstrtrrttr8FFeAbSHsZ0+ihdxtNSvx1EPewl TtLSKoUT9ickUrxFoPm2z1vqBwN/087EaCU6BSX8uwZ8GrxMwSKgVmQKfVyfgMDS RAGGtmuRwgfyhthrertwF0KV8nTajDnSqoGiMAgK7y+e320OEFnYXOKIXlue l7FvOHwi9jZbBAR4HHAfhgJIj78P =OT60 -----END PGP MESSAGE-----
You can now send the encrypted message to your contact.
D) Decrypting messages
Open the terminal and type :
gpg -da < Press enter, then copy paste the message you received. Press Enter, finish by tiping end then press Enter again.
You will be asked to enter the passphrase to decrypt it. Open KeePass and copy paste it. The result will be like this :
You need a passphrase to unlock the secret key for user: "abcd [email protected]" 4096-bit RSA key, ID xx, created 2013-05-08 (main key ID xxx)
gpg: encrypted with 4096-bit RSA key, ID xxx, created 2013-05-08 "abcd [email protected]" ENCRYPTED MESSAGE TO THE SILK ROAD HERE
You can now safely converse with your vendors.
I hope everything worked well. Finally, the most important security advice someone can give is to use your brain. Don't do anything stupid and you should be fine.
Feel free to discuss issues you may have encontered here or by PM, I'll gladly help you getting setup.
Remember also that your security is only as good as your contacts security. For exemple, if your seller is stupid and keeps detailed informations of his buyers on file, then there isn't much you can do in case he gets caught.
I could have sold this tutorial but I chose not to because my personnal security is guaranteed only if yours is aswell. You get my point.
-----BEGIN PGP PUBLIC KEY BLOCK----- Version: GnuPG v1.4.12 (GNU/Linux)
mQENBFGIAIUBCAC75V2SJ50dU6+gUY7jdrHxJKmdjXjlOxWjE+CTuti+Pq8NveTK aPXWHmFZpsEtW+v7tHmPPT/cjEKlmo/B9Wxl9daFis+6gFQHnaKNRCFVmOSt9GL8 7qBxrxC/HZTeBgdE8dWf4RPSc911PRb2+iCCrdgj+5ILwp3fcM5EHoRqKiFDpb3A fybrw3prvpPx8dyt1H/p73S6Gfk+Iuwcq2+iIAMJUJQUc+CwMFFCplQ1BUeiD+nn 5o24FXF9Krcbw8w5lZCfPVPSh0GYTvNMaj1VWjEQFU4j0rCOiJ+UVckpgJ4MRrxI MbKJ8srGLSJRnCHM2syQC0Zq/2iwRuZY7zWXABEBAAG0EVdoYXRzdXA1NiA8YUBi LmM+iQE4BBMBAgAiBQJRiACFAhsDBgsJCAcDAgYVCAIJCgsEFgIDAQIeAQIXgAAK CRBioWhoc3JRsCrhB/9M2AptCTjyitpQR1ZnqwFop/NDdOIY1DtERkyQKfbHftzK 5I/LI3wxP5rhts2NY/EMVl8ziJVZ7h0J9japkoia8uOYX9Un6aMasHM0PH7Mln2K 936BeoZDQbPQV8NOCyNT4lMNt7Ajd+6GJcmAIduPmUi6xjgge716MhQlTBg5HG 94ZJT3Xm7W9tuIiJh8H9Dkr60F9UuwtIPfKPEeXyxUI25fZAQ+nyVz39ap2fjyeW EYMB6y90zxWjFPiFfpx+BfcWOmzHaXkps/bG6kSbOcVn9UJS32C0JyIFmfa96N6H +tSmk+WW98u5dSBzhIoYYiXxWPihJDOjTCUYkFC9uQENBFGIAIUBCADrkKs31LOL 4MQ6fdzhw2MvTI8zDad2bJZCd/+Gf8yGTNKhagJIHo8KEuCDINydQXHCt+aNKZZ7 d/QG09nABaybZJfqf1ffOiD5L1PivcKJMdJNozNuIhWxc4E35A7c/wCPJdDOBV0v eqf57illUo+yz7CKfyO088BYMGTrBRi/ifqmPyMuYzzC4SZcx1MJFU1mzONYU1r0 ZYj0eeKdRrbHPfJUAWQUr6MteMvJp5g8JfyYC+Th+zASEYRRfs3I52rsLb1hpxoi 87xUK89xoXdg4uLysz1Iy/PhGjmtbi61sZCv1oh+o9biNsy9zIjqwhCW7oMPwmJ6 Szh2nNTMCuNFABEBAAGJAR8EGAECAAkFAlGIAIUCGwwACgkQYqFoaHNyUbBKWAf5 AbYVbQVRNYVw5pR6+NDLw1qxlafGz/7j6YnApif0vuVzBEE9aFOUdxfKyIy+Ka8l NYjoAItym2mDTsRZqJwEm1FPbmVFu7WPAnnmn1ECyHBSV0vnJjCL5qkoMx9d/EHs WBW7htnRVtbuJEzVZzzSfddjWEYXGqYcqocebBwQpNgdfuQrHadAbkSmDwLfz+KD r17m1i9sUej8hiFLr64XGau7nl2l+iRMR2vTcVpNZDTJa/t4JlrwMINR95ORo3ze bRVKbedZIn3ifeSzyWDTsScvkNVAe4dovATaHWU/+tkNgL4ECI1UNS8XYsGqWe+r pbfj19eRRPAc4lbNfLlUKQ== =aq6t -----END PGP PUBLIC KEY BLOCK-----
edit : Fixed a few typos.Reorganized chapters using roman letters.
submitted by MUST-BE-ANONYMOUS to SilkRoad [link] [comments]

Comparison between Open Bazaar and upcoming Shadow Market

Both are decentralized markets. There are some similarities and differences between them. You can see some of the open bazaar images here.
Here are some of the images of Shadow Market.
For one I think Shadow Market looks a lot better. I was reading through the tutorial for open bazaar and it just didn't feel comfortable to me the way it is set up. They concentrated on a bunch of weird modernized features instead of the core important stuff and usability. I think they should have had more of a Keep It Simple Stupid philosophy. From the way ShadowMarket seems set up, I think they stayed in line with the KISS philosophy more.
For example according to the docs Shadow Market will not use escrow agents at all. This seems a much simpler and better approach. Open Bazaar is trying to use moderators and escrow agents, and it just seems too complex, and too many ways to cheat the system. Its better to just rely on people being mostly honest and natural incentives. People don't behave as badly as you think in general, I remember e-bay used to say something like this on one of their pages. Similar things were said about Silk Road marketplace when it succeeded so well when others thought it would fail.
A big difference I see between the two markets, is the fact that Shadow has the currency and wallet as kind of the anchor of the system. While OB is trying to attach itself to the Bitcoin network. Maybe this has security implications, or stability implications. Maybe its a huge benefit to have the development of the wallet and network already in place for Shadow, while Open Bazaar will have to build this alongside their market.
Also the POS system could possibly be adapted in some ways to secure the system in ways that OB could not. I think there is a lot of extra potential brought into a decentralized marketplace network if you have a currency and POS system as the anchor. I am wondering if any others have thoughts on that and could elaborate what benefits could Shadow's Market and entire platform design have over Open Bazaar.
submitted by shadow_shi to Shadowcash [link] [comments]

How do / Can I operate a business with Bitcoin?

I can't seem to wade through the articles on how to accept Bitcoin long enough to find good information on what it takes to operate a business with Bitcoin instead of USD. A friend and I are chatting up the possibilities and we're both motivated to explore it, but I don't know of anyone doing it other than maybe Silk Road. I have this fear that I'll be shown an incredibly obvious search query on Google that I should have tried; but with a little luck maybe I'll end up with a link to some tutorial on best practices for book keeping and irs reporting and such???
submitted by Zaskoda to Bitcoin [link] [comments]

Warning: DrugsList is extremely insecure [x-post /r/DarkNetMarkets]

DISCLAIMER: I have no affiliation with any marketplace. My interest is only seeing a more secure and trustworthy underground drug market. I have reported numerous issues to other drug markets and have had them successfully fixed. I have never accepted payment from any drug market for security services. I am only an interested observer and occasional customer.
EDIT: here is the original thread at /DarkNetMarkets
The Drugslist website makes numerous simple security errors in its implementation, and is completely unfit as an underground drug marketplace storing bitcoin wallets.

Error 1: The PGP error

As drug market users you have likely noticed that it is always reinforced that you should use PGP for all private message. A lot of users struggle with PGP since you have to download an application, learn public key cryptography, learn how to sign/encrypt and manage keys etc. There is a reason why it is complicated, because ease of use and security are a direct tradeoff. Were PGP to be simple, it likely wouldn't be effective.
This is why you have never seen a serious drug marketplace that attempts to implement PGP on the web, or inside a browser - because it is insecure. You can only guarantee the security of PGP and your messages if you use a desktop app.
I noticed yesterday that drugslist was making a huge error and had implemented PGP in a web browser as part of the their drugs marketplace. This is a huge red flag, because not only is it not secure, but it also teaches users that pasting private keys into a web form is ok, when it is far from. Security conscious people spend a lot of time reiterating into people basic security practices and when Drugslist does something like implement PGP in a browser and ask users to paste a private key into a web form, they undo a lot of that security advocacy performed by others.
I'm going to try and explain in the simplest terms of why PGP in the browser is a bad idea, because I explain what Drugslist did:
When you install PGP normally on the desktop - you go to a trusted site and download the package, and almost all PGP tutorials will, as a second step, show you how you can verify that the package you downloaded is the same one the developers signed off on - to guarantee that it either hasn't been backdoored or manipulated on the server, or that it hasn't been backdoored or manipulated in transit to your computer. You only have to do this once, when you install the application. From then on your can use the PGP app a thousand times and be confident that it hasn't been backdoored (there are ways around this, such as a trojan on your system, but it won't be backdoored by the developer).
This is an essential part of establishing the trust relationship between developer and user, you can guarantee that it hasn't been compromised using cryptography (Bitcoin also does this, as does Tor).
When you use PGP in a browser, your browser downloads a new copy of PGP every time you use it, and has no way of checking the signature. Worse, it doesn't even check if is downloading it from the correct server. That means someone could easily insert a backdoor into it, or weaken it, and you would never notice. It doesn't matter how much you check the code the first time you use it, you can't guarantee that it would be the same every subsequent time.
This isn't a hypothetical attack, there are at least two known cases where the US Government has taken advantage of web-based cryptography to read 'encrypted' messages for users: Hushmail and Lavabit. In the Hushmail case users had no idea that Hushmail had changed the code to give the government access. In the Lavabit case, because they were using web based crypto they were also vulnerable to a subpoena, which they ended up receiving when Snowden became a user. This is why web-based crypto is bad, because it can't be protected or guaranteed.
Drugslist present their web-based PGP alternative as a direct replacement for desktop PGP, which is not the case. Web based PGP is never secure.
They place a link to it right above the box where you send private messages:
Don't know PGP? Check out our client-side PGP encryption tool. No data transferred and everything stays on your device!
All throughout the site, in the FAQ, there on the private message box, it mentions the web-based PGP implementation as an alternative to desktop based PGP, which it certainly is not.
Now this part I can't stress enough: to a security professional, this is a very simple mistake - it is something that even a security professional with only hours of experience would know is a red flag. This is like a mechanic pointing out that the tyre in your car is wobbly and about to fall off.
I noticed that Drugslist have this feature yesterday in their thread about their API. I knew very very little about Drugslist at this time, I had signed up a week earlier and then forgotten about it - not even looking at what vendors are there, etc.
Here is the thread announcing the API:
I got to this second paragraph and immediately stopped reading:
Our site now offers, a fully featured API escrow, auto withdraw for vendors, 1% commission payments on any money spent by anyone whom you refer, a fully integrated forum and email system, client side pgp encryption and decryption as well as a very active customer support and development team.
I immediately had to see this for myself - surely they don't mean PGP in the browser, that would be lunacy. I open the site, find the feature - and sure enough they have implemented PGP in a browser using Javascript and are asking users to paste their private keys and secret messages into a web form. This is absolutely unacceptable, especially by a marketplace claiming to be security conscious.
Without reading the thread further, I then write this comment telling Drugslist that they need to change and remove the client-side PGP feature. Drugslist replied quickly, and they partly gave an indication that they understood the issue, but they mainly chose to ignore what I reported.
edit to add, while we were having this conversation despite denying it was a problem every time I went back and checked Drugs List they were adding warnings to the PGP tool that demonstrated they didn't understand the issue. I would check their page and the wording would change to include a warning, I would go back, leave a comment with a counter-point, check their page again and the warning would be updated again based on the comment I left. This shows that they weren't understanding the issue.
What proves it further is the message they have on the PGP page now:
This is in big red writing at the top, and was added after I raised the issue:
While our Javascript PGP implementation is secure, and can be verified by looking at the source code, understand that other websites claiming to have client-side Javascript PGP could be insecure. Be cautious of any site offering client-side PGP. You should always search through the source code looking for Javascript includes, XHR requests and HTML5 outbound data calls.
Note two things here: they are still misunderstanding the issue - there is no way to implement this securely, besides their reassurance. Also note that this is a feature that is supposed to be built for users who find desktop PGP complicated, yet it is asking them to conduct a thorough audit of the PGP code prior to using the tool each time. This is completely unrealistic.
Back on the comment thread, there was also a completely surreal situation where i'm left spending a dozen comments explaining to DrugsList what the actual problem is, since it is clear they don't understand what i'm actually reporting - in the meantime they continue to deny that there is a problem.
I had no idea at the time that this would lead to an hours-long conversation where drugslist would repeatably deny the existence of numerous security issues despite the clear evidence to the contrary.
I went back up to that original post and kept reading about the API. Two lines later and we have another security issue:

2. API Security Issues

I'll keep this brief. The problems with the API are:
  1. It asks you to place your marketplace password in the URL of the API. This is a big no-no, since many applications log URLs in plain text. A URL is 'non sensitive' data and all applications treat it that way, you should not be placing passwords into the URL
  2. The password used in the API is the same as that used in the API, so if your API somehow leaks, the person finding the password can login as you. This is poor design.
  3. The API client makes no effort to authenticate the server, and vice-versa. This means it would be incredibly simple to intercept the data passing between the API client and the API server. Running over Tor only makes it easier, since a lot of Tor configs have misconfigured DNS.
The drugslist response to these concerns is that they 'expect' API clients to know these problems and to use them securely.
I had now discovered a number of basic security issues in reading only two paragraphs of text from Drugslist, and in all these cases the Drugslist user had responded quickly, completely denying any issue or any problem - and dismissing the concern. This was becoming a pattern and it prompted me to look at the history of this user and this drug marketplace, it didn't take me long to find more hits.

Error 3: SQL Injection

I only had to scroll down 3 or 4 previous thread before finding this thread - where a user of reddit had reported an SQL Injection vulnerability to DrugsList.
Set aside for a moment what you may believe about how the person reporting that bug behaved or conducted themselves, because this is a very serious issue.
I could not believe what I was seeing as I scrolled through the screenshots attached. I haven't seen this type of elementary SQL Injection bug for years. This stuff used to work 10 years ago, but you rarely see it any more as most programmers and websites have wisened up to the simplest of SQL Injection bugs.
Make no mistake about this: what is being demonstrated in that bug is the ability to take control of the application and run whatever commands you wish on the database. This means you can take passwords, steal bitcoin, insert your own vendor account etc.
This is the exact same type of bug that cause both Sheep and BMR to be hacked, instead this bug was much, much simpler than either of those
This SQL Injection bug lead to what was now becoming a regular situation - the drugslist user coming in, denying that there was an error, and claiming that the user who found an SQL Injection had only found a 'small bug' and couldn't 'do anything'. He was daring the next attacker to delete/hack his entire site as a way of proving that a bug exists.
This lead to a completely surreal comment thread, the kind I have never really had before, where we have the admin of the drug market along with a mod from the sub trying to convince people that this wasn't a real bug - using terms that are taken from information security, but using them in such a way that makes it clear to anybody who knows the field that these guys have no idea of what they are talking about.
The sheer simplicity of the SQL Injection attack lead me to open up a browser and to go to Drugs Marketplace and to check for myself to see if I could find any other bugs (having a single simple bug on the main page usually means there are more).

Error 4: Multiple SQL Injection Points

Within 3 minutes of checking their app it was clear that both their search page and their product page are not filtering user input and allow a user to tamper with SQL queries in any way they want.
I private message Drugslist and tell him that he needs to take his site down and come clean about the security issues. I've never seen a site like this. A potential hacker with no knowledge of info sec would only require 10-12 hours of learning to take complete advantage of stealing everything from Drugs List.

Error 5: Server Leaking Info

After discovering the two bugs I come to the conclusion that there is no point in testing this further, since every parameter I test is vulnerable.
I look down at my logs and I can't believe what i'm seeing - the server is leaking critical information about itself that would make it simple for a dedicated adversary to trace down not only the location of the server, but the people running it.
This is worse than Silk Road in the early days, where similar output lead the authorities to the location of the Silk Road server.

Error 6: Consolidating everything in one market

The other problem with Drugs List is that in an effort to be convenient they consolidate everything into one website and behind one URL: market, wallets, email, forum and even PGP
Were the market hacked or taken over by LE, they would get everything - your emails, your messages, your PGP (via the web tool). This is why each vendor and buyer should host each of these separately - email should be with one host, wallet with another, marketplace on another, PGP on your desktop - this rule is the same as the 'diversify your holdings' rule in the finance world, you don't want a single point of vulnerability.
There is also a reason why other markets host their forums and their marketplaces on separate URLs, its so that you isolate them from each other. The threat model to a forum is very different to the threat model for a bitcoin drug marketplace - you don't want a bug in the forum leading to a complete compromise of your bitcoin drug marketplace.

Over-marketing and under-delivering

If you look at Drugs Lists claims, they keep reiterating security and how they have hired 'PHD's in math' and 'security experts'. There is no chance this is true. Drugs List has almost certainly been put together by a single person with a minor understanding of technology and almost no understanding of security who outsourced the work of programming the marketplace. It is likely that he has hired cheap offshore labour to build this site using a service like oDesk or Elance. I don't believe his programmers know that what they are building is being used as a drug marketplace.
When I search some of these marketplaces for 'bitcoin escrow marketplace' I get a number of hits for people attempting to hire cheap labour to build such a marketplace. Some of these sound a lot like Drugs List, and that would also match up with how the site has been implemented. This is exactly how SR1 was taken down and I have more than enough information to conclude that were a sufficiently motivated adversary interested in taking down Drugs List, they would likely do so in very short order.
It doesn't matter if you believe that I am out to "get" drugs list or not, there is a pattern in his communication where numerous people have reported security or other concerns to them and they are dismissed. So either all these people reporting concerns are crazy (which would include me, two other techs on the SQL injection thread, TMPSchultz and gwern on the multi-sig thread), or drugs list is negligent with user data and are in way over their heads with operating a secretive bitcoin based underground drug market.
Of the 3 issues I reported to them, his replies indicated that he didn't even understand 2 of them. It took me numerous messages to explain what was wrong with doing web-based PGP, despite their first response indicated that they understood the issue and thought it was ok.
There is a pattern here in how features are over-marketed and then under delivered and sheer negligence with security reports. The question vendors and buyers have to ask themselves is do they really trust their identity and money with someone who is not only incompetent in building a website but in utter denial about there being a problem.
IF YOU ARE A VENDOR OR BUYER: Don't trust me - please, find someone you know who is a programmer or a tech and ask them to take a look at these two threads:
  1. This one where I report the PGP error, which becomes very weird at the end
  2. This thread, where a user reports a simple SQL injection
That is the lest amount of due diligence you should do before using a drug marketplace, especially as a vendor. You will find that even those with a cursory knowledge of programming or info security will find those threads worrying to the point of being amusing.
submitted by the_avid to SilkRoad [link] [comments]

Of Wolves and Weasels - Day 480 - Weekly Wrapup #62

Hey all, GoodShibe here!
And this was your week in Dogecoin.
This Week’s oWaWs
Top Images/Memes of the Week
Other Cool Stuff
Did I miss something? Of course I did! Please let me know in the comments and I'll add it in! :D)
It's 8:38AM EST and we've found 99.25% of our first 100 Billion DOGEs! Our Global Hashrate is down from ~891 to ~899 Gigahashes per second and our Difficulty is up from ~14655 to ~15701.
As always, I appreciate your support!
Please take 10 seconds or so out of your day to vote for Josh Wise.
submitted by GoodShibe to dogecoin [link] [comments]

Considering downloading a VPN and Tor browser in order to access the Silk Road 3.0. I have some questions and am looking for some general advice.

This is a long post, so I do apologize to and thank those in advance who make it through. I would really appreciate it if those who are familiar with the topic could take a few moments to answer some of my questions and help out a curious and cautious Internet and drug enjoyer :)
Hello my beloved fellow redditors, I am hoping some of you could shed some light on that ever so ambiguous darknet I've heard so much about. Like I said in my title, I am looking to do this for the sole purpose of accessing the Silk Road to purchase some illicit narctoics; namely oxycodone/oxycontin/oxycotton. As of now, oxy is the only drug I am planning to buy in the near future, but I definitely feel as though I would take advantage of the access I could potentially have to the seemingly endless variety of drugs (completely responsibly of course). I currently have a dealer, but I am sure as most of you may have had some experience with your own dealers, he can be a bit unreliable at times. Also, I feel like he sells at a very steep price and has upped his cost twice over the time he's been selling to me (10 months). I am currently being charged $40/30mg pills. This can obviously get inrecdibly expensive supporting my 1-2 weekend a month habit as it is my drug of choice.
I do understand the serious risks and possible implications of flirting with such a highly addictive and dangerous drug. I know that at some point, most likely soon, I'll need to put a complete end to my pattern of using oxy. It's just, at this point in my life, I'm not ready to quit. I have a pretty great balance with everything in my life, including a great paying job, finishing up my environmental science degree at a well known university, and an amazing and loving boyfriend. I just really, not surprisingly, enjoy the way I feel when I'm on it. I also don't take it to the point to experience "the nod" that everyone talks about. I actually take advantage of the focus it gives me and clean, do administrative tasks, or organize while I'm high. I also find it has an impressive way of bringing out my creative side and find myself drawn to sketching, cooking new dishes, and writing my SO letters when I'm feeling really stoned. But I digress, I suppose my point of explaining all of this is to make it clear that I'm not looking for people to try to dissuade me from using oxy. I know it ruins lives, I just have enough trust in myself to know I can handle the precarious nature of the situation.
Anyways, back to my initial query; how safe is it to download and use Tor to browse the darknet? I know a VPN is necessary for anonymity and I plan on making that a part of my procedure with absolute certainty as I have heard horror stories of peoples' identities being revealed and terrible things ensuing, but my knowledge on the subject kind of ends there... For some reason, I have this association between accessing the darkweb and in the process inadvertently introducing vicious malware to my computer causing irreversible damage. Is this an ignorant thought or an actual threat? And if it is possible, how likely/how big of a risk do I run of this happening if I do indeed go this route? Additionally regarding safety, should I be worried about getting busted by law enforcement? Do people ever get caught after buying from the Silk Road? I am sure if you're unintelligent about it and do something like not use a VPN or share personal information, there is a high likelihood of getting caught, but are there cases of people doing everything right and still coming out of the ordeal in cuffs? Do you guys have any other tips to note or remember while browsing in Tor, such as turning off cookies, no logging into personal accounts, etc...?
Also, big, important question: how do I actually get these packages delivered to me? Is it really safe to have product sent to your home address, or is something along the lines of a PO box the way to go (forgive me if this is a painfully obvious and stupid question, I really just have no idea)?
I am also curious to know if anyone knows about the average pricing, quality, shipment, and overall experience of working with different vendors on the site. I am not necessarily looking for specific names of sellers or anything (although sharing your experiences and opinions of such would be much appreciated as well), but more of peoples' perspectives on the comparison between picking up from your freindly, neighborhood dealer and purchasing from a larger scale, anonymous, potentially dangerous, and incredibly more serious business partner. Have you guys found that the overall process of buying online makes the process easy and convenient, similar to purchasing groceries on AmazonFresh? Because I know I am a fan of AmazonFresh. I know I briefly mentioned it in the previous lines of text, but I am very interested about the quality of the products being offered. I am sure the answer to this question is heavily dependent on the vendor or the variety of drug, but can anyone give an overall opinion on how good the stuff generally is?
Another feature of this whole thing that is quite bemusing to me, is the concept of Bitcoin. I understand it is a digital currency purchased with legal tender issued from a bank that allows for anonymous commerce, but how anonymous is it really? Does acquiring my intended purchases with this system of currency actually protect my identity? I am also wondering if obtaining Bitcoin is an entirely separate process from completing a purchase on the Silk Road or if it is something I can do in the same order. If this is not the case, how difficult is it to go about procuring these coveted digital units? It seems it would be very convenient if I was able to purchase the amount of Bitcoin corresponding to however many dollars my order cost during my time of checkout from the Silk Road, but something tells me it is not quite as easy as this. But maybe it is, you tell me!
I apologize that this turned into quite a long post, I am just incredibly intrigued by this powerful entity and really want to ensure I know everything I need to before I even consider flirting with it as a possibility. If you actually have gotten through reading this and have had any experience walking the silky road, but don't have time for an in depth response, leaving just a brief note on whether or not you think it's worth it for my purposes would be tremendously appreciated. I also plan to browse for a more Silk Road specific subreddit to post this there, so I do apologize if my placement is innapropriate. I am trying to rack my brain and see if any other questions come to mind, but that is all I can think of for now. If you have any other advice, anything regarding something I didn't cover in my post, or even just anecdotal material, please feel free to share. I really just want as much information about this beast as possible and I think talking to people with direct experience is the best way to go. Much appreciated my fellow drug enjoyers of reddit reddit :)
tldr; Looking for people to share their experiences, opinions, and whether or not they think it's worth it for me to access the Silk Road to obtain mostly oxy, as well as other narcotics. What is the best way to go about doing this? Tutorial on Bitcoin?
submitted by ucudcalmesilkurious to askdrugs [link] [comments]

How do I use GPG/PGP on a mac?

Hey everyone. Well, I think I've gotten everything about Silk Road about figured out except this PGP stuff. I have a mac, and I'm having serious issues understanding what I need to do with this PGP tool. For example, sellers ask you to use PGP encryption, I'm assuming for my address. How do I go about that? Also, there's a PGP key on a bunch of seller pages. What do I do with that? Is there by chance a screencapped tutorial or something out there? The one I managed to find has broken screencap links. I'm a little bit computer illiterate if you couldn't tell... it's a miracle I managed to get SR up and running on my own. I understand the bitcoin process, it's just this one hangup that's keeping me from placing an order!
Thank you in advance for any help! I really appreciate it.
submitted by akillertofu to SilkRoad [link] [comments]

[GUIDE] How to Sign up for HANSA Market Darknet Market (DNM) New Users/Beginners Darknet Marketplace Getting Started Guide

COMPLETE and EASY-to-understand "How to Buy from Hansa Darknet Market" guide

1. Download Tor Browser —> https://www.torproject.org/


2. Create a Hansa Market Account —> http://hansamkt2rr6nfg3.onion/affiliate/185306

3. Setup your personal Bitcoin Wallet.

4. Setup your Hansa Market Account

5. Pick a Product


6. Create a Coinbase Account and buy Bitcoins—> https://www.coinbase.com/


7. Transfer the Bitcoins from your Coinbase account to your Breadwallet App.


8. Make the Purchase

9. The vendor will now accept and ship your order. You then wait for the mail man and have a good day.

tags: hansa market, sign up for hansa, tutorial, guide, sign up, register, darknet, market, onion, tor, deepweb, marketplace, reddit, forum, 2017, search, tails, internet, pgp, hansa referral link, invite link, hansa black market invite, hansa market link, onion, hidden, dark net, buy, browse, access, login, anonymous, tor link, forum, onion, website, bmr, black market reloaded, underground, list, dark web, black market onion, sign up, hansa market, refferal, drugs, hansa referral link, code, hansa registration link, hansa market, black market, hansa marketplace, tor onion link, sign in, down, offline, url, search, tails, internet, pgp, deepweb, tor, browser, market, drugs, bitcoin, reddit, new, url, register to hansa market, darknet, silk road, reddit, link, black market, hansa registration link, hansa registration drug, silk road, weed, ecstasy, black market, hansa marketplace signup link, weapons, online, delivery, amazon, ebay, evolution
submitted by HansaFanboy to HansaMarketGuide [link] [comments]

What did you wish you knew about using Coinbase buttons for BTC subscriptions on your site, before you got knee-deep into it?

I see here I don't necessarily have to use their buttons- I can hire a coder to do some js magic & use my own events/actions as they naturally exist on my site to process the payments, or in my case the beginning of a manually-stoppable 24-hour subscription sign-up. [1]
I know I want to know how much I can expect to pay someone to do the webdev for me. And I know from the school of hard knocks that there's always something else I would have liked to have known prior to getting too involved with a certain service or platform. Like the thing PayPal does with their arbitrary freezing accounts that some poor folks don't realize happens to too many people just like them. So I come here to ask, what else is there about doing business with Coinbase that I'll wish I'd had known months down the line?
Is it too hard for laypeople to setup an account w/ them? I don't think so, but that's my opinion. I don't think JavaScript is that hard with a good tutorial, either, but once it was way over my head years ago. Is that how Coinbase is for those who think Bitcoin's just for the Silk Road because that's what the news told them on TV once upon a time?
Please someone advise. Thanks alot.
[1] : "Using Your Own Button And Custom Javascript Events You can also trigger the payment modal using your own button, and bind to a custom javascript event when a payment completes."
submitted by NginUS to Bitcoin [link] [comments]

How to buy products from Silk Road 3.1 Darknet Market The Bitcoin Group #4 (Live) - Bitcoin $300, Silk Road 2.0, Selfish Mining, Bitcoin is a Joke? Bitcoin - Tor and the Silk Road Ex-Feds Charged With Stealing Silk Road Bitcoin SilkRoad 2 Hacked! All Bitcoins stolen #HNN14

Dans l’onglet « Envoyer », copier votre adresse bitcoin de Silk Road, et précisez le montant de bitcoin à envoyer, puis envoyer Une fois que les bitcoins sont partis, appuyer sur « check deposit addresses for new deposits » pour recevoir vos bitcoins sur Silk Road. Pareil, ça prend environ 30 minutes. 5 : Effectuer votre commande Es steht wieder eine Bitcoin- Auktion der US- amerikanischen Regierung an: 50.000 Bitcoins werden in den kommenden Wochen versteigert. Trotz der Tatsache, dass Ross Ulbricht nicht vor Gericht stehen wird, starten die US-Marschalls mit einer zweiten Runde ihrer Silk Road – Bitcoin Auktion. The Silk Road Balance Sheet Discrepancy: Bitcoin Worth $4.8 Billion Still Missing. The original Silk Road marketplace has been shut down for well over seven years now and to this day, 444,000 ... Step four: Sending bitcoin to Silkroad anonymously. Open your bockchain app and select "Send money", then select "Shared coin". It is important to use Block chain's "Shared coin" option if you wish for your bitcoin to be completely anonymous. In the "from:" area select "any address". In the "To:" area copy and paste in one of your Silk Road wallet addresses. Your silkroad wallet addresses can ... The quickest way to buy bitcoin The quickest way to get bitcoins is from a bitcoins seller on the Silk Road. These sellers, located under "Money" or "Services" on the Silk Road main page, will sell you bitcoins for money - using Paypal, Cash, Western Union, Moneypak and other sources. They usually charge a fee somewhere between 5-10%. There is also some risk involved, so if you use this rout ...

[index] [21936] [7199] [25884] [38556] [4182] [29855] [23882] [21668] [23292] [27656]

How to buy products from Silk Road 3.1 Darknet Market

Issue 1 - Bitcoin $300 Issue 2 - Silk Road 2.0 Issue 3 - Selfish Mining Issue 4 - Bitcoin is a Joke and Predictions.... Please Subscribe to our Youtube Channel Would you like to support The ... How to Use Bitcoins to Purchase Things on Silkroad Trading - Duration: 5:28. Teh Pebs 43,471 views. 5:28 . How to Access The Deep Web / The Dark Net Simple Tutorial - Duration: 3:38 ... Enjoy the videos and music you love, upload original content, and share it all with friends, family, and the world on YouTube. Tor and the Silk Road - Bitcoin and Cryptocurrency Technologies Part 6 - Bitcoin and Anonymity Is Bitcoin anonymous? What does that statement even mean—can w... Two former federal agents have been charged with stealing millions of dollars worth of Bitcoin from Silk Road criminals during a probe. We look at the story on the Lip News with Jose Marcelino ...