afaik, some people tracked down silk road, because they don't use anonymization for bitcoin. you can request some really small amount of money from silkroad to your bitcoin address repeatedly, and then try to find their node in p2p bitcoin network by heuriatics, based on how fast the information comes from each node (the faster ones->closer to actual silkroad node). I heard it could be tracked this way and is in Netherlands ;) anyway the moral of the story is to use bitcoin also with tor k On 7/2/12, Eugen Leitl <eugen@leitl.org> wrote:
----- Forwarded message from antispam06@sent.at -----
From: antispam06@sent.at Date: Sun, 01 Jul 2012 18:39:33 +0200 To: tor-talk@lists.torproject.org Subject: Re: [tor-talk] Anonymous Publishing Is Dead. X-Mailer: MessagingEngine.com Webmail Interface Reply-To: tor-talk@lists.torproject.org
On Sun, Jul 1, 2012, at 14:20, Edward Thompson wrote:
2. Email. I signed up for mailoo.org through Tor, I believe. But for all practical purposes, you could easily get a disposable e-mail address through a Firefox plugin called Bloody Vikings. Otherwise, pretty much any web mail will do... just war drive and sign up through the first open wi-fi connection you find ;)
Hmm... I already do something like that. And I tell you that most free providers are a pain to work with. And that includes all the major players. They are all going to punish you with a long annoying reidentification which will prove zero security just because you change location. And they do have the time and computing power just to try to locate you any other possible way as their business model is tightly integrated with tracking and selling private data.
Disposable email is good for accessing some resource once. Otherwise is a pain in the rear.
3. Bitcoins. Yes, block chains are not that anonymous, especially considering the difficulty of buying them legitimately in the first place. How about a coin mixing service like www.bitcoinfog.com? Their methodology is very interesting, and it seems like you'd be able to 'launder' ordinary coins, bought legitimately through an exchange... There are a few other sites like this one: http://vzpzbfwsrvhfuzop.onion.to
I spent some time reading about bitcoin. It's a miracle discovery. It's a proof about non conventional methods being able to compete with the conventional financial transaction type. But I fail to see the anonimity side of things. It's so nice. It's sooo geeky. It employs silly terms to scare the layman like mining. Or worse, it has terms with a clear equivalent in conventional finance like wallet. My grandma knows she can watch over her wallet and things would be all right. And if someone forces her she can go to the police station and declare the theft. Till version 0.6 there was no protection from theft with BC. Crap concept with junk application from the point of view of annonimity. Each time some conspiracy theorist starts making sense I remind myself that people (programmers are people, aren't they?) are above all stupid followed closely by lazy. Just take a look at the way FF is developed: in the era of Facebook developers are doing their best to shed MORE data instead of patching up the holes. By holes I don't mean Secunia security holes, but privacy holes.
4. Do you really need your own dedicated VPS?! And only in developed Western countries? Have you checked out this list of BTC-friendly servers:
Actually any service should be checked for its origin or place of doing business. Always remember the case of Hide My Ass which proved to be full of Holes if you allow such a gross joke. They weren't keeping logs till pressured. Than they said everybody is obliged under law to keep logs. And to prove the indolence of their users: they are still in business, trapping flies for the government. On the other hand, servers hosted outside the reach of certain totalitarian governments are blocked on the crime of spam or copyright infringement. If these were anything but hassle (see the problems with the free webmail above) yahoo and google would have offered email only between their users.
Anyway, my point is that there are ways to acquire BTC, randomised enough not to be a concern, after which you can buy all the hosting (and related) services your heart desires. And if your threat model encompasses an organisation with vast resources, like the NSA for example, consider that they haven't yet managed to track down the guys running the Silk Road drug site (http://silkroadvb5piz3r.onion)... ;)
Usually this kind of trafic is tolerated because they want to catch a bigger fish. Sometimes services like that are set up by the investigating authorities. And some other times they set it up independently just for the sake of compensating the budget restrictions (those drones are mighty expensive, mind you).
Cheers _______________________________________________ tor-talk mailing list tor-talk@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk
----- End forwarded message ----- -- Eugen* Leitl <a href="http://leitl.org">leitl</a> http://leitl.org ______________________________________________________________ ICBM: 48.07100, 11.36820 http://www.ativel.com http://postbiota.org 8B29F6BE: 099D 78BA 2FD3 B014 B08A 7779 75B0 2443 8B29 F6BE