
Using Silk Road - HockeyPlayer
http://www.gwern.net/Silk%20Road
======
A1kmm
I think the easiest attack on SR would not be one of the attacks mentioned in
the article (although similar to their second attack, but focused on legal
implications instead of fraud), but rather:

a. Law enforcement creates a large number of vendor and customer accounts. Due
to the pseudonymity, they can create as many as they like and they can't be
linked (they may need to create them over time to avoid making the pattern too
obvious).

b. The fake customer accounts buy from the fake vendor accounts and leave
positive comments, building up a reputation for the fake vendors. This would
give money to the operators of SR for fees, but aside from fees there would be
no loss for the operators.

c. Eventually, the number of fake vendors could be sufficient that it makes up
most of the volume of SR.

d. The fake customers buy from some real vendors and claim that the goods
never arrived or that they got arrested and it looks like the vendor tipped
the police off.

e. Any real customer who buys from a fake vendor gets their details sent to
their local police.

f. Most vendors, real and fake, accumulate comments saying that they tipped
people off to the police, with no way to tell which vendors are real vendors
with mostly genuine good feedback and a few forged complaints of being police
run, and which have a few real complaints of being police run and mostly
forged good feedback.

g. Police forces issue press releases announcing how many people they have
caught buying things on SR, and buying becomes a highly risky proposition.

~~~
maxwellhansen
It currently costs $505.90 to register an account as a vendor on Silk Road, so
I do not think this is a financially feasible strategy.

~~~
1337biz
I don't want to know how much money the government is already blasting every
day on the "war on drugs". If there is something where the government is
willing to waste money on, then it is for things like these.

You can already write the press release "undercover mission", "highly
sophisticated system of professional drug dealers", "illegal money
laundering", oh and how could I forget "financing terrorism".

------
cnp
Here's an academic analysis of Silk Road. After crawling the site for a few
months they came up with this:

[http://www.andrew.cmu.edu/user/nicolasc/publications/TR-
CMU-...](http://www.andrew.cmu.edu/user/nicolasc/publications/TR-CMU-
CyLab-12-018.pdf)

"Abstract

We perform a comprehensive measurement analysis of Silk Road, an anonymous,
international online marketplace that operates as a Tor hidden service and
uses Bitcoin as its exchange currency. We gather and analyze data over eight
months between the end of 2011 and 2012, including daily crawls of the
marketplace for nearly six months in 2012. We obtain a detailed picture of the
type of goods being sold on Silk Road, and of the revenues made both by
sellers and Silk Road operators. Through examining over 24,400 separate items
sold on the site, we show that Silk Road is overwhelmingly used as a market
for controlled substances and narcotics, and that most items sold are
available for less than three weeks. The majority of sellers disappears within
roughly three months of their arrival, but a core of 112 sellers has been
present throughout our measurement interval. We evaluate the total revenue
made by all sellers, from public listings, to slightly over USD 1.2 million
per month; this corresponds to about USD 92,000 per month in commissions for
the Silk Road operators. We further show that the marketplace has been
operating steadily, with daily sales and number of sellers overall increasing
over our measurement interval. We discuss economic and policy implications of
our analysis and results, including ethical considerations for future research
in this area."

~~~
waterlesscloud
$1.2 million is an infinitesimal slice of the illegal drug market, but if an
ordinary startup handled 1.2 million in transactions per month they'd be
ecstatic.

Still, it seems like the risk far outweighs the gain here.

~~~
rorrr
It's only small because bitcoins are a pain in the ass to get, and haven't
spread yet. Once they become mainstream, there's no reason SilkRoad can't be
the next huge thing. Think about - there's nothing that stops them from
selling pirated books, movies, clothing at a huge discount compared to, let's
say, Amazon.

Many things only cost a lot because the manufacturer's profit margin is huge.
That's true about anything clothing-related.

~~~
schrodinger
To me the problem is the delivery system. Everything is completely untraceable
up until the very second you enter your home address. Is there really a
feasible way to evade this liability? Maybe there is a market for truly
anonymous "po boxes" or something? How else do you keep the last step
anonymous?

~~~
adcoelho
I guess you could always enter your address but not your name. In case of
trouble you could always argue that it was sent from/to someone else and has
no connection to you.

~~~
joezydeco
I've seen the same tip, with one added step: don't open the package for 24-48
hours. If the package is being tracked and the police is waiting to pounce
once delivery has been made, you don't want to be caught with an opened box.
If unopened you can fake innocence and say you were meaning to send it back.

------
cnp
Everyone needs to read the _rest_ of the site. It's one of the most
interesting domains I've ever come across. Fascinating guy through and
through, and his short stories are excellent.

~~~
jacques_chester
I had occasion to correspond with Gwern recently. It is always enlightening to
talk to somebody who is smarter than I am.

~~~
throw_away2012
Arrogant much?

~~~
mkr-hn
What's arrogant about wanting to talk to people you consider smarter than
yourself?

~~~
kragen
Perhaps our anonymous troll was offended at Jacques Chester's implication that
talking to people smarter than J.C. is an unusual occasion for J.C.

~~~
jacques_chester
I ... hadn't thought of it that way.

Satori in 3 ... 2 ...

~~~
mkr-hn
I learned a new word

~~~
Alex3917
Just a caveat though, jacques_chester is using the term in a way that's
metaphorical, but not correct according to the literal definition. That is, if
he now understands someone else's point of view then that implies there's
still a 'he' to have understood something, which means that he couldn't
actually be in a state of non-dual consciousness by definition.

~~~
chc
I thought _satori_ was the Japanese Zen term for what is commonly called
"enlightenment" or "awakening" in most forms of Buddhism in America. Is it
meaningfully distinct besides being primarily used in a Zen context?

------
sruser
(throwaway account)

I've spent over $50,000 USD on SR in the past year, and I'm happy to answer
any questions people have about the site or community.

~~~
revelation
It seems that SR doesn't solve the major problem for buyers: you have to name
a postal address and that address will be printed on a package containing
illicit goods.

Any bad experiences with customs or have you been using in-country sellers
exclusively? Any tricks to obscure your real address?

(Since these have mostly been answered below already: do you stick to a fixed
group of sellers or go by price?)

~~~
jacques_chester
In countries where the incrimination standard is reasonable doubt, that you
received a package addressed to you is not really a slam dunk proof that you
ordered the contents.

Furthermore, in countries where you enjoy a right to refuse to say anything
that may incriminate you, you may simply refuse to explain how or why the
package was sent to you. The prosecution will need to positively prove that
you ordered it, which is a much harder task if the seller doesn't cooperate.

(IANAL, TINLA).

~~~
revelation
Nobody will ever be convicted for some package, so much is clear. But thats
not the point. That package is enough to get a judge to sign off on a search
warrant. And in my country, there is no "fruit of the poisonous tree"
principle - even if the search is found to be unlawful afterwards, the
majority of findings are admissible.

------
handsomeransoms
Silk Road is very interesting from a design perspective, particularly the way
it leverages different open source cryptographic tools to satisfy its complex
security/privacy/anonymity requirements.

I gave a talk about this at the Oakland Cryptoparty back in October. The
slides are a little patchy and based entirely on perusing the site (read:
speculation), but it inspired a lively discussion from amongst all the
participants. It seems there's nothing like illegal drugs and the black market
to get people interested in learning more about crypto!

I'm planning on giving an updated version of this talk at "SF Cryptoparty II"
on March 23rd (attend or sign up to talk! <https://cryptopartysf.org/>). I
will definitely incorporate ideas from (and link back to) this article.
Feedback appreciated!

Slides:
[http://garrett.im/static/pdf/silkroad_oakland_cryptoparty_sl...](http://garrett.im/static/pdf/silkroad_oakland_cryptoparty_slides.pdf)

~~~
gwern
I've read your slides.

I think your Farmer's Market summary is outdated: it used Tor hidden service,
for a short period only and after the investigation started (reading the
indictment), and it's pretty clear now that Hushmail rolled over and then the
garnered information was used to extract the Paypal & Western Union financial
transactions. See my discussion of Farmer's Market in OP.

Slide 14 should mention the SQL injection attack on SR back in November or
December 2012; I also disagree that DDoSes would be ineffective.

Slide 23: IIRC, someone has a verifiable anonymous mixer. I forget its name
because it charges more than others.

Slide 27: Mtgox has been hacked and lost bitcoins, but haven't they always
made up their users' losses? That's pretty important.

------
veb
That was an awesome read. Always fun to read about drugs, but this seems like
it was written quite a while ago... wonder if anything has changed since.

~~~
xaver
A lot of the stuff on the cypherpunks was added fairly recently I believe. At
least, I don't remember those sections being there the last time I read it.

Gwern has an interesting approach to writing articles where he continually
updates and adds to them so that they improve over time. See:
<http://www.gwern.net/About#long-content>

------
etherael
This article was very well written and easy to digest and has some of the most
succinct descriptions of the political underpinnings and implications of the
cypherpunk movement I've ever seen without the sweeping oratory that tends to
go with such things.

That said, this single section;

 _Fortunately, I don’t think LE is authorized to engage in cyberwar (#1) or
mass entrapment & fraud (#2). And who knows, maybe SR could survive both._

Where he discusses the degree to which the state will restrain itself from
"bad behaviour" strikes me as a little naive in light of history. I'd be more
concerned about attacks along the lines of the liquor poisoning that the state
engaged in during alcohol prohibition.

I imagine if someone wanted to cause serious bodily harm to the potential
buyers in this marketplace it wouldn't be too difficult to do, and they've
proven historically they're prepared to go to this extent. I also imagine it
would have quite a high impact on the risk assessment of silk road buyers if
people started ending up dead from their purchases.

------
DanBlake
.

Option #1 : I am aware many exchanges/markets do 'bitcoin mixing' to get
around this, but the local authority could just as easily subpoena/force
someone like mtgox into giving up the info of where the coins are going. As
always, the folks who cant hide behind tor and want to appear legit are going
to be weakest. (mtgox/bitpay/coinbase/etc..) - Those are the companies that
will be 'compelled' to comply if it gets to that point.

.

Option #2: Inspect the packages you receive for fingerprints. You will likely
find a postal workers prints and be able to continually track it back to the
sourced post office. Then you just correlate the time the package was likely
sent and watch security footage, looking for something that matches the
shape/look of your package.

.

Also- Please dont take the above post too seriously. I have mostly no idea
what I am talking about when it comes to bitcoin.

~~~
toomim
No, you can't. The coins are mixed before they get to mtgox. Mtgox doesn't
know where they came from.

In fact, you don't even need to use mtgox. Mtgox is just where you swap
bitcoins for cash. If I sold drugs, it would be smart to just keep the money
in bitcoins.

And you can also exchange money for bitcoins with an anonymous physical person
in your city. Just go to localbitcoins.com, find someone near you with one or
the other, and swap with them.

~~~
DanBlake
How are the coins mixed before exactly?

Also, I think its extremely impractical to think that a volume drug dealer is
going to do physical exchanges. Even if they did opt for that route- Track the
guy he did the exchanges with, then beat him with a wrench to find out who he
bought from.

~~~
jerguismi
> How are the coins mixed before exactly?

You can mix them anyhow you want. If you know how bitcoin transactions work,
the idea is simply to break the transaction chain. There are simpler or more
paranoid ways to do it, and of course in Bitcoin world it is inviduals
responsibility to handle his own coins.

Edit: think about how someone would try to connect the transactions: timing,
amounts, etc.

I find it pretty annoying that there seems to be lot of people with strong
opinions about bitcoins, but who haven't really studied it that much...

~~~
lifeisstillgood
Where would one start - I would like to buy some and see how it all works, and
maybe leave a laptop mining some - but I would prefer to research first -
where would I start?

Cheers

~~~
jerguismi
If you want to test out how it works in practice, try playing with
instawallet.org , maybe buying small amount of coins and tracking how it
works. There are also free bitcoins sites, I don't have much experience with
them or either with mining. You can track transactions on blockchain.info

If you want to learn about technicalities, Satoshi paper would be a good
start: <http://bitcoin.org/bitcoin.pdf>

Then bitcoin wiki: <https://en.bitcoin.it/wiki/Main_Page> I especially like
the myths page: <https://en.bitcoin.it/wiki/Myths>

------
damian2000
Interesting video and article here from the point of view of Australian
customs

[http://www.abc.net.au/news/2012-12-05/dark-internet-
linked-t...](http://www.abc.net.au/news/2012-12-05/dark-internet-linked-to-
drug-seizure-spike/4410872)

~~~
jacques_chester
Slightly OT:

"Computer expert" Chris McDonald is actually Professor Chris McDonald. He
holds appointments at the University of Western Australia and at Dartmouth. I
was lucky to have him as a lecturer for several course and as my honours
supervisor.

<http://www.csse.uwa.edu.au/~chris/>

He's nominated for teaching awards with comical regularity. If you ever get a
chance to take one of his courses at UWA or Dartmouth, take it.

------
juanramon
Talking about Tor; you can built your own Silk Road with <http://osclass.org/>
(it's a software for creating your own classified site) and using the Tor
plugin [http://blog.osclass.org/2013/01/21/anonymous-with-tor-
plugin...](http://blog.osclass.org/2013/01/21/anonymous-with-tor-plugin-for-
osclass/).

Disclosure: I participate in Osclass.

~~~
arcadeparade
thanks for the link. Any links on creating a .onion link and the rest of whats
needed?

~~~
acebarry
<https://www.torproject.org/docs/tor-hidden-service.html.en>

I set up a hidden service once to bypass a university firewall. It's
surprisingly easy.

------
mrmagooey
I wonder if the current little spike in the bitcoin price (from
<https://mtgox.com/>) could be attributed to this article being posted on HN

~~~
cnp
The Bitcoin price has been dramatically spiking for the past two weeks. Very
curious as to why.

~~~
SlipperySlope
Look at the transaction volume as charted by blockchain.info. You will see a
good correlation between that and the price of bitcoins.

A good part of the recent bitcoin transaction volume is due to online gaming
startups that use bitcoins, especially to work around US online gambling
restrictions.

The bitcoin economy is very rapidly growing from a miniscule base, first in
illegal and gray-market trade, and then in international trade where low
transaction costs and lack of credit card fraud appeal to global merchants.

------
sc0rb
This makes me wonder what other 'interesting' business ideas people can come
up with to operate as a hidden service?

Throwing anonymity into your business plans could turn up some interesting
ideas....

------
codygman
It's very annoying that the back button doesn't work on your site.

~~~
gwern
I didn't do anything to break it, and it seems to work fine in my Debian
Iceweasel.

~~~
codygman
Fair enough, I'm using:

Debian GNU/Linux 6.0 \n \l

Google Chrome Version 24.0.1312.57

Not sure why the back button doesn't work. Great site/content though! Just a
minor annoyance that I thought was on purpose.

~~~
gwern
Well, if you figure out what was going on (could be Cloudflare doing
optimization, or maybe Hacker News inserting a redirect?), please contact me.

Since I'm on Iceweasel I don't always see issues in other browsers - for
example, apparently all my MathML was broken for the longest time in Chromium
because they just didn't support it.

------
SlipperySlope
What is most interesting about this article is how to set up the Tor browser.

Privacy is very, very, important - especially for those who are oppressed, and
even for those living in democracies.

------
drivebyacct2
Man, SR is one of those things I look at in awe. I'm not sure I'd ever have
the cojones to have something shipped to me...

The comments on the blog post are sad in a "Good god people are effing stupid"
sort of way.

Also, if you're getting on Tor, I recommend Tails [1]. Most people aren't
aware of all of the things they need to be wary of when getting on Tor and not
leaking their identity.

[1] Tails: <http://tails.boum.org>

~~~
barbs
A similar linux distribution: Liberté. This one's based off of Gentoo (Tails
is based off of Debian)

<http://dee.su/liberte>

------
LatvjuAvs
There is no other place where I can safely buy military grade sniper rifle
with delivery to my door, than tor network!

~~~
gwern
Didn't the Armory shut down because it was hard to compete with all the
_offline_ sources of military-grade guns...?

------
espadagroup
The first rule of Silk Road is you don't talk about the packaging...or post
pictures of it...

