Jump to content

Welcome to Drugbuyersguide

delawaredrew

Security--Encryption, Tor, PGP and more

Recommended Posts

imkerryh
Thanks so much for this info. I had not thought about botH looking over our shoulder... Yikes! I appreciate the thoughts you shared here.

Share this post


Link to post
Share on other sites
imkerryh
Sorry, typo/autocorrect error *bigB (looking over our shoulder)

Share this post


Link to post
Share on other sites
Jesse
14 hours ago, delawaredrew said:

Basically without some form of security we are all a single subpoena away from exposure. It might even happen in the vendor's country and we'd never know.
 

Except this isn't happening. People aren't going to jail because they have a Hotmail account or because they didn't use Tor. I'm not exactly disagreeing with these as suggestions. I'm just trying to identify what's really needed for the average person's security. It's much easier to get a Proton account than it is to start using Tor or TAILS---are the latter really needed? It doesn't seem so, because for the most part people aren't getting subpoenaed or arrested or extradited to other countries (which is the only way a subpoena in another country would even matter).

I'm just trying to get a handle on this myself: What is really necessary for security and what isn't?

  • Like 1

Share this post


Link to post
Share on other sites
Biskobro

For myself TAILS is key ,a 5$ USB for the laptop and I'm ready to go 

:)

Sometimes I say to myself I'm using way to much security but reading the DMN bible nothing is to much .I'm thinking of posting a like to the dmn bible cause its way to  much to post ...

Edited by Biskobro
Added more text
  • Like 3

Share this post


Link to post
Share on other sites
Biskobro
2 minutes ago, Biskobro said:

For myself TAILS is key ,a 5$ USB for the laptop and I'm ready to go 

:)

Sometimes I say to myself I'm using way to much security but reading the DMN bible nothing is to much .I'm thinking of posting a link to the dmn bible cause its way to  much to post ...

 

Share this post


Link to post
Share on other sites
delawaredrew
6 hours ago, Jesse said:

Except this isn't happening. People aren't going to jail because they have a Hotmail account or because they didn't use Tor. I'm not exactly disagreeing with these as suggestions. I'm just trying to identify what's really needed for the average person's security. It's much easier to get a Proton account than it is to start using Tor or TAILS---are the latter really needed? It doesn't seem so, because for the most part people aren't getting subpoenaed or arrested or extradited to other countries (which is the only way a subpoena in another country would even matter).

I'm just trying to get a handle on this myself: What is really necessary for security and what isn't?

Preface: I'm not a paranoid person, nor do I believe anyone is out to get me in particular, I just wrote down some thoughts gleaned from recent months doing casual research into privacy and crypto use in the US.  I did directly say (and place a divider between them) the latter steps are for deeper needs and not necessary for most readers. Maybe you missed that part. I'd at least use protonmail, tutanova, or whatever suits you. That's probably enough. But it's your call of course. Odds are you'll never be bothered. It's like insurance.

I'm also not a lawyer so I don't know what can or cannot happen. Gmail, yahoo, hotmail, and your internet providers have long memories and I don't want what I did 5 years ago to bite me in the ass in 5 years so I've begun to take precautions. All major services are known to scan your email content for info to use for advertising. Is that all it's used for? Who knows? As for using Tor, I believe protonmail has an onion address, the others probably do as well. It takes seconds to take that precaution so I do.

The feds are also already suing to get crypto exchanges to reveal US customers for tax purposes. Coinbase was forced to give up some accounts moving $20000 and up I believe.

If a vendor gets caught in any country that shares info with the US  it could expose your activities. Will it? I don't know. Will the US choose to act on that info? I don't know that either. This isn't about extradition, it's doubtful the US would allow extradition to another country. Prosecution would take place here I assume. It's about what data is available and how it's used. These weren't meant to be a "must do" set of instructions, just some ideas for those who wish to distance themselves. I hadn't seen any similar discussion here.
 
I've received LLs, you just ignore them. But I'd place a bet that the sent LL is recorded in some database. 

Edited by delawaredrew
mistake
  • Like 1

Share this post


Link to post
Share on other sites
2earls

I have talked to people here who go all the way across the spectrum from reckless to ultra paranoid and like most things, I think somewhere in the middle is fine for any member who isn't doing more than personal use buys. 

If you are moving large volume then for sure I would go all out with the best security you can get. If you have a tendency to have trouble with LE for any reasons...same.

Of the two main posters on this thread, I'm more of a @Jesse than a @delawaredrew. Do what makes you feel comfortable and use some common sense. If it all makes you so paranoid that you want to close your DBG account every other week and you had to add Zanex to your orders just to get through delivery day...well...it's not for everyone.

To the other extreme, if you feel compelled to call carriers and have them open a case for your missing/late delivery or take 20 pills because the first two didn't do the trick... well...it's not for you either. This only works if we have some respect for our community and don't jeopardize it by careless behavior.

  • Like 2
  • Thanks 1

Share this post


Link to post
Share on other sites
Jesse
1 hour ago, delawaredrew said:

 I did directly say (and place a divider between them) the latter steps are for deeper needs and not necessary for most readers. Maybe you missed that part. 

No, I saw it. They're all good suggestions. But Tor was in your first two, on the "must have" list, and I just question whether it's really a must-have. With the caveat, as 2earls said, that one is not moving large volume and that one is not uncomfortably anxious about the whole process and/or already on LE's hit list for some reason---i.e., someone like me. Do I really need Tor? I honestly don't know. Especially since Tor is ultimately not a protection unless you have TAILS. Not if you're being watched.

I guess that's my issue with it. Most of these won't really help you if you're actually being sought out and watched by LE. And few, if any, matter much if you aren't, as far as I can tell.

Most people who get in trouble with the cops---for whatever reason---drop themselves in the drink with their own mouths. They don't exercise their right to remain silent. If they do engage in illegal activity, they blab about it to their friends and acquaintances. Some even outright confess.

Not that I'm anywhere near qualified to write a security tip list, but if I did, the first thing I would put on it is: SHUT THE FUCK UP. Don't chat up your friends about any possibly illegal activities in which you might be engaged. For the love of God, don't initiate contact with LE. And don't think that by talking you can somehow convince LE of your sweet innocence.

Again, I am not an expert. You clearly know more about Internet security than I do, so I do take what you're saying seriously. I just suspect that Shutting The Fuck Up is worth Tor and TAILS ten times over!

 

Share this post


Link to post
Share on other sites
delawaredrew
1 hour ago, 2earls said:

I have talked to people here who go all the way across the spectrum from reckless to ultra paranoid and like most things, I think somewhere in the middle is fine for any member who isn't doing more than personal use buys. 

If you are moving large volume then for sure I would go all out with the best security you can get. If you have a tendency to have trouble with LE for any reasons...same.

Of the two main posters on this thread, I'm more of a @Jesse than a @delawaredrew. Do what makes you feel comfortable and use some common sense. If it all makes you so paranoid that you want to close your DBG account every other week and you had to add Zanex to your orders just to get through delivery day...well...it's not for everyone.

To the other extreme, if you feel compelled to call carriers and have them open a case for your missing/late delivery or take 20 pills because the first two didn't do the trick... well...it's not for you either. This only works if we have some respect for our community and don't jeopardize it by careless behavior.

To be clear I don't go all secure in most cases. It's overkill. But for sites we don't review here I do take extreme protections.

 

Share this post


Link to post
Share on other sites
delawaredrew
29 minutes ago, Jesse said:

No, I saw it. They're all good suggestions. But Tor was in your first two, on the "must have" list, and I just question whether it's really a must-have. With the caveat, as 2earls said, that one is not moving large volume and that one is not uncomfortably anxious about the whole process and/or already on LE's hit list for some reason---i.e., someone like me. Do I really need Tor? I honestly don't know. Especially since Tor is ultimately not a protection unless you have TAILS. Not if you're being watched.

I guess that's my issue with it. Most of these won't really help you if you're actually being sought out and watched by LE. And few, if any, matter much if you aren't, as far as I can tell.

Most people who get in trouble with the cops---for whatever reason---drop themselves in the drink with their own mouths. They don't exercise their right to remain silent. If they do engage in illegal activity, they blab about it to their friends and acquaintances. Some even outright confess.

Not that I'm anywhere near qualified to write a security tip list, but if I did, the first thing I would put on it is: SHUT THE FUCK UP. Don't chat up your friends about any possibly illegal activities in which you might be engaged. For the love of God, don't initiate contact with LE. And don't think that by talking you can somehow convince LE of your sweet innocence.

Again, I am not an expert. You clearly know more about Internet security than I do, so I do take what you're saying seriously. I just suspect that Shutting The Fuck Up is worth Tor and TAILS ten times over!

 

I thought I had Tor below the line, my apologies. I should have verified my own post when you mentioned it instead of making a smart-ass comment like I did. Apologies again.
My justification for using Tor is just because it's such an easy step, assuming the encrypted email provider has an onion site. I also like to think I am helping our vendors by leaking as little data between us as I can. That may or may not be true and LE may (probably) has tools that I can't imagine.
You are 100% right. If you are already under surveillance, the steps above might help eliminate some evidence but it won't stop LE.
Keeping one's mouth shut among friends to avoid attention goes a very long way. That I agree on. :)

Edited by delawaredrew

Share this post


Link to post
Share on other sites
Vickydog
On 9/22/2019 at 5:08 AM, delawaredrew said:

One thing that is missing from this forum is a thread about basic operational security for using crypto, ordering, or even just communication. I am open for any tips, corrections, or additions: I am not an expert so there may be holes or better ways. There are no referral codes in the links, I get nada from this. Nonetheless you can google the software names to make sure I'm not scamming you. It doesn't hurt to be cautious and doubt is the main path to security. If in doubt, verify. Nothing here is unusual, just basic steps to help avoid the eyes of big bro.

Basically without some form of security we are all a single subpoena away from exposure. It might even happen in the vendor's country and we'd never know.
So what can you do? You can dramatically minimize risk with a few steps. This is NOT a guide to absolute safety. This just adds layers that make digitally tracking you down difficult. The main lesson is: Encrypt, encrypt, encrypt!! 

1) The big one. If you are using a gmail, yahoo, hotmail, outlook, comcast, etc.... email address- stop now. I've been guilty of this, I started 15 years ago with a big email provider and just kept doing it. Get a free protonmail, tutanova or countermail address. There's debate over which is better but at least all 3 should provide encryption of your data on their servers. Do not mention anything sensitive in subject line, it may or may not be encrypted. If you can, only use a single email address for any single vendor. Make another email for other vendors. Combined with step 2 you are way safer.


2) Use Tor browser only to access the encrypted email accounts, Tor is the standard and does a good job to hide your location and make IDing you difficult. Not impossible but highly unlikely. Chrome, Firefox, Safari... they are not secure out of the box. Tor is the entrypoint to the darknet, so it is obviously well regarded by those with privacy needs. I use it often even when serious security isn't needed. https://www.torproject.org/. It is slower than other browsers due to the many steps the data moves through. I don't stream or download torrents using Tor for this reason.

----------------------------------------------------------------------------------------
Really curious about this? Read on. Step 3 is overkill for most of us but may be handy for other purposes, particularly in crypto if you are US based. Steps 4-5 are for the truly paranoid, privacy, conscious, or risk-averse.
 

3) Use a vpn, it can add some privacy depending on the provider. Skip the free ones, they make money somehow. I use protonmail's paid basic VPN service. You can use the VPN for anything also. Like bypassing a netflix country block, or such actions. You can use with Tor; VPN + Tor isn't necessarily safer but it doesn't hurt as far as I know. You can run mobile and home PC data through most VPNs

4) Learn and use PGP encryption for any of the vendors willing to use it. Almost no one does though they should. It only adds 30 sec to sending/receiving a message but it's a bit of a pain in the ass to learn. PGP means you and the vendor both independently create a public key and private key for yourselves. The cryptography is way over my head but essentially each user provides their public key to each other and the message is encrypted using the receiver's public key. Only the receiver's private key can then decrypt that message. At the moment it is nearly impossible to break this encryption. 
For doing this I use https://www.gpg4win.org/index.html
The weak spot here is exchanging public keys. temp.pm is a nice service for transmitting sensitive data, the service encrypts your message and then it self deletes at your specified time.  You send a link, when it expires it's gone. For many of us, this service might be good enough to avoid using PGP locally on your PC. Depends on the vendor.

5) My goto for really, really, sensitive actions is using "Tails". This will take a little bit of time and effort to set up, but there are good guides. Tails is a Linux OS that usually runs off a USB stick (known as a live USB). It is designed to leave no trace on the host PC and have no memory of its own. So the next time you boot into it, it is the first time as far as the OS knows. https://tails.boum.org/. Like PGP you'll need to find a guide for the OS you use.
--------------------------------------------------------------------------------------------------------------------

That's it from me for now. I hope others know more. All this info is culled from various friends, websites, and guides. I make no pretense to being an expert.

Thanks to vendor pink for introducing me to temp.pm, it is an awesome resource.
 

I usr nord vpn and proton mail. Contrary to what majority thins, bitcoin is psedoanonymous. As far as TOR? I think insyalling thay would raise more eyebrows.thats just me. Now.crypto can be tumbled.etc...etc... But.why go to the trouble when blockchain is public record. So.i just do wu and money s. Thats just me.....crypto is never anon. I forget the name. But twonew eallets are out that afdd another layer...but. Idk. Too much trouble and if they see a someone jumping thru hoops well....that raises more queries ....just me

Share this post


Link to post
Share on other sites
SpriteHamster

Monero is anon altcoin.

10 minutes ago, Vickydog said:

I usr nord vpn and proton mail. Contrary to what majority thins, bitcoin is psedoanonymous. As far as TOR? I think insyalling thay would raise more eyebrows.thats just me. Now.crypto can be tumbled.etc...etc... But.why go to the trouble when blockchain is public record. So.i just do wu and money s. Thats just me.....crypto is never anon. I forget the name. But twonew eallets are out that afdd another layer...but. Idk. Too much trouble and if they see a someone jumping thru hoops well....that raises more queries ....just me

 

  • Like 1

Share this post


Link to post
Share on other sites
Vickydog

@SpriteHamster yes! Thank you... I could not remember the name at all....it sounds interrsting. Eatched some yoi tube videos on this.

  • Like 1

Share this post


Link to post
Share on other sites
DoomKitty

Monero is definitely the way to go!!! its also good as a safe way to better anonymize your BTC.  Traditional tumbling BTC is a bit silly imo.  But you can convert your BTC to Monero, then back to BTC with MorphToken or Cake Wallet and send to a different BTC wallet. But hopefully more vendors will start using Monero!

Share this post


Link to post
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.


×
×
  • Create New...