Hacker News new | past | comments | ask | show | jobs | submit login
Using Silk Road (gwern.net)
368 points by HockeyPlayer on Feb 19, 2013 | hide | past | favorite | 165 comments

I think the easiest attack on SR would not be one of the attacks mentioned in the article (although similar to their second attack, but focused on legal implications instead of fraud), but rather:

a. Law enforcement creates a large number of vendor and customer accounts. Due to the pseudonymity, they can create as many as they like and they can't be linked (they may need to create them over time to avoid making the pattern too obvious).

b. The fake customer accounts buy from the fake vendor accounts and leave positive comments, building up a reputation for the fake vendors. This would give money to the operators of SR for fees, but aside from fees there would be no loss for the operators.

c. Eventually, the number of fake vendors could be sufficient that it makes up most of the volume of SR.

d. The fake customers buy from some real vendors and claim that the goods never arrived or that they got arrested and it looks like the vendor tipped the police off.

e. Any real customer who buys from a fake vendor gets their details sent to their local police.

f. Most vendors, real and fake, accumulate comments saying that they tipped people off to the police, with no way to tell which vendors are real vendors with mostly genuine good feedback and a few forged complaints of being police run, and which have a few real complaints of being police run and mostly forged good feedback.

g. Police forces issue press releases announcing how many people they have caught buying things on SR, and buying becomes a highly risky proposition.

I think some pretty basic clustering algorithms would reveal this self-serving subset of participants in SR. The fake vendors and fake buyers would have to interact with the real ones (and positively, with real drugs) in order to go unnoticed.

Is the data available to perform this clustering? Like with BitCoin, are all SR transactions recorded for posterity and accessible to every market participant?

Not to users, I don't think. I also think this would run afoul of the (claimed) data retention policies that DPR has posted - after a while most information is gone.

That's a pretty nice playbook, but it fails for the reason every attack against SR fails: It doesn't get you the vendors, and they're the only big fish there to catch. At best, you can spend time and money just treading water to keep them in check, but it will never shut them down.

No it removes the incentives to buy there -- the idea that SR is safe -- kills the customer base and so the sellers will leave.

It'll just create demand for a stronger web of trust. When the price on reputation goes up, people will find better ways of appearing reputable. Also, vendors that have been around for a long time will be able to raise prices and/or take on more demand.

SR would have to be brain dead not to realize that this is an issue. As maxwellhansen, one has to purchase a token to become a seller which are quite expensive. Furthermore, there is a limited number of tokens and the only way to get a token is to buy it from someone (who will then lose said token). Therefore it is pretty hard to become a seller.

this is incorrect, the site does require you purchase a vendor account but this is from the site admin and not from another user. to become a seller/vendor on the site you just need money, about $500 USD I believe.

There is no requirement besides money? Seems like there should be some other act which law enforcement would not want to perform, but which a legitimate seller would.

no, if law enforcement paid for an account they could operate however as a new seller they would need to prove themselves by sending out product, something I am sure they could do but probably would not want to get involved in sending out grams of cocaine or heroin for 6 months just to build up a database of people who are buying a gram of drugs for personal use. There is no way to translate a seller account into information regarding the site or other sellers, therefore for law enforcement it is a waste of time and resources.

like what? Send sample product to a deaddrop location?

But the number of tokens is still limited correct?

no not at all, based on the fact that more sellers = more choice = better prices for consumers

It currently costs $505.90 to register an account as a vendor on Silk Road, so I do not think this is a financially feasible strategy.

I don't want to know how much money the government is already blasting every day on the "war on drugs". If there is something where the government is willing to waste money on, then it is for things like these.

You can already write the press release "undercover mission", "highly sophisticated system of professional drug dealers", "illegal money laundering", oh and how could I forget "financing terrorism".

A. Why does it matter that the police have your address? Addresses are public information. Anyone could have your address and send illegal material to it. B. Just stick with the reputable vendors before the whole police thing happened.

Regarding B, it's a practical defense, but it also means it was something of an effective attack: undermine the efficiency of the marketplace by adding a barrier to entry.

And you won't accomplish anything by shutting down Silk Road. Most of drugs that get in a country don't do it by packages sent by Silk Road. LE (Law enforcement) is already low on resources, so they better use them for bigger 'operators'.

Even more: if they happened to be able to close Silk Road, or make it impractical or unusable, another similar site would rise within weeks. If they don't understand this, they simply don't understand internet.

This is another example of how useless does the so-called "war on drugs" get.

Exactly. And the new site will learn the mistakes committed by the old site.

Not to be finicky , but why did you abbreviate law enforcement if you only used it once?

I, uh, think if you're on sites like Silk Road, LE is the typical way of writing it, so he was expanding LE rather than contracting Law Enforcement.

Basically, a http://en.wikipedia.org/wiki/Sybil_attack aimed at networks of people, rather than networks of machines.

Here's an academic analysis of Silk Road. After crawling the site for a few months they came up with this:



We perform a comprehensive measurement analysis of Silk Road, an anonymous, international online marketplace that operates as a Tor hidden service and uses Bitcoin as its exchange currency. We gather and analyze data over eight months between the end of 2011 and 2012, including daily crawls of the marketplace for nearly six months in 2012. We obtain a detailed picture of the type of goods being sold on Silk Road, and of the revenues made both by sellers and Silk Road operators. Through examining over 24,400 separate items sold on the site, we show that Silk Road is overwhelmingly used as a market for controlled substances and narcotics, and that most items sold are available for less than three weeks. The majority of sellers disappears within roughly three months of their arrival, but a core of 112 sellers has been present throughout our measurement interval. We evaluate the total revenue made by all sellers, from public listings, to slightly over USD 1.2 million per month; this corresponds to about USD 92,000 per month in commissions for the Silk Road operators. We further show that the marketplace has been operating steadily, with daily sales and number of sellers overall increasing over our measurement interval. We discuss economic and policy implications of our analysis and results, including ethical considerations for future research in this area."

$1.2 million is an infinitesimal slice of the illegal drug market, but if an ordinary startup handled 1.2 million in transactions per month they'd be ecstatic.

Still, it seems like the risk far outweighs the gain here.

That study didnt cover all the hidden transactions, also DPR sells on his own site too when it started his g/f was the first vendor selling shrooms. So theres one person in this world who knows who DPR is, which is exactly enough for her to rat him out should anything go south in their relationship. Im sure she's told all her friends too like Max Visions' gf did.

Another problem is all the writing hes done on the site about agorism. Surprised feds havnt broken out the writing analyst software and then trolled agorist forums and the bitcoin forum to match it up, unless hes been extremely careful with his Opsec

It's only small because bitcoins are a pain in the ass to get, and haven't spread yet. Once they become mainstream, there's no reason SilkRoad can't be the next huge thing. Think about - there's nothing that stops them from selling pirated books, movies, clothing at a huge discount compared to, let's say, Amazon.

Many things only cost a lot because the manufacturer's profit margin is huge. That's true about anything clothing-related.

There is a certain point where their bandwidth will exceed the noise threshold and it will be trivial to trace the location of their servers and of their offices, tor or no tor.

And if they are simultaneously the subject of renewed enforcement interest...

""" Night City was like a deranged experiment in social Darwinism, designed by a bored researcher who kept one thumb permanently on the fast-forward button. Stop hustling and you sank without a trace, but move a little too swiftly and you'd break the fragile surface tension of the black market; either way, you were gone, with nothing left of you but some vague memory in the mind of a fixture like Ratz, though heart or lungs or kidneys might survive in the service of some stranger with New Yen for the clinic tanks. """ - Neuromancer: William Gibson

I would imagine if your income was high enough you could spread the bandwidth around enough to stay under the radar for a long time.

I would think tracing the flow of bitcoins to them might be more productive, though that could be spread around quite a bit too.

You're right, though. There's some level at which they'd get nailed.

> and it will be trivial to trace the location of their servers and of their offices

You're very naive if you think that SilkRoad is not running on servers rented anonymously with bitcoins, in a country outside of US/European jurisdiction.

Actually I sort of assume that they are running the servers in a jurisdiction that is less than cooperative with US authorities. But at some point that becomes immaterial. If the operators are ID'd that's when they get in difficulties.

If they are smart, they have multiple "real" identities set up to be ID'd first, and a plan to sterilize, evac and start over when the cover is blown.

But they have accomplished something that few people ever get to do. Pioneer a new kind of crime.

> Think about - there's nothing that stops them from selling pirated books, movies, clothing at a huge discount compared to, let's say, Amazon.

And that is precisely when Bitcoins will receive renewed focus from officials all over and g-men will step forth to somehow try to make operations involving Bitcoins illegal.

Books I could see, but only expensive academic material. I'd guess the market for those is fairly small.

You don't need to get behind TOR to buy fake clothing (ioffer.com comes to mind, pretty sure there are tons of other sites around who would love to sell you fake clothing straight from a Chinese factory)

And why would you buy physical copies of pirated movies if you can get them for free?

> And why would you buy physical copies of pirated movies if you can get them for free?

BluRay market is 5-6 billion dollars. People buy them.

To me the problem is the delivery system. Everything is completely untraceable up until the very second you enter your home address. Is there really a feasible way to evade this liability? Maybe there is a market for truly anonymous "po boxes" or something? How else do you keep the last step anonymous?

If I was going to do this kind of thing, which I'm not since none of these grey market items has much appeal to me, I would go online and find a listing of houses which are vacant (foreclosures, or for-sale houses) and use their address. You would not be able to use USPS, though, since those places have their mail stopped. I don't believe this directly violates any laws but IANAL.

Alternately, if you were alert enough at your mail fraud you could find a neighbor who is out of the house during the day and use their name and address, and intercept the package from their mailbox. This is, of course, a felony.

1. Let the package be delivered to a certain address in an apartment building (preferably not too close to your home), say Building X Apartment 123.

2. Once the package is delivered, get to the apartment and tell the owner "Oh, I'm so sorry, I accidentally entered Apartment 123 in my order, instead of Apartment 223, which is where I actually live! I can haz package nao?" Most likely, they will not know the residents at Apartment 223.

3. In most cases, you will now have your package. (If they ask for some ID, you could always go "Sure, do you want me to get that first?", most people will then give you the package right there. If not, just leave and don't come back.)

Yes, this is a purely hypothetical idea, but it seems to me that it's pretty easy to come up with something relatively secure.

Your options are:

1. A layer of indirection a.k.a. finding someone who will receive mail for you without giving up your name.

2. Owning the distribution channel, and using addresses that are downstream of you while diverting your packages to their intended destination.

Note that if the USPS is involved, both of these are federal crimes...

I guess you could always enter your address but not your name. In case of trouble you could always argue that it was sent from/to someone else and has no connection to you.

I've seen the same tip, with one added step: don't open the package for 24-48 hours. If the package is being tracked and the police is waiting to pounce once delivery has been made, you don't want to be caught with an opened box. If unopened you can fake innocence and say you were meaning to send it back.

Private PO Boxes exist already.

NZ: https://www.privatebox.co.nz

Canada: https://www.bufferbox.com/

"It's only small because bitcoins are a pain in the ass to get, and haven't spread yet. Once they become mainstream"

In other words, it will always be small. Bitcoin has almost no chance of becoming mainstream.

$1.2 million is an infinitesimal slice of the illegal drug market, but if an ordinary startup handled 1.2 million in transactions per month they'd be ecstatic.

apples and oranges. This is illegal and their take is maybe enough to pay one criminal lawyer for a month.

Criminal lawyers make 1.2 million in a month?

Silk Road's cut of the transactions is a lot less than $1.2 million.

$92,000 per month per the study. Not to be sneezed at, but not a gigantic sum.

as other said, their cut is under $100K.

A decent criminal lawyer will take that in a month and tell you that he needs $2-$3++ million for a drug case. (From Aaron S case we learned that a simple fed case is $1.5 million, on average)

"A decent criminal lawyer will take that in a month and tell you that he needs $2-$3++ million for a drug case."

[citation needed], which is really a passive-aggressive way of saying "bollocks". Well I'm not saying that Pablo Escobar's lawyers didn't bank that much, but really - there are thousands of drug dealers tried every single day, a sizable percentage of that with turnovers way over 100k / month - you're not seriously suggesting their defenses all cost millions? 500 hours (= almost 3 full-time man months!) at 150 USD / hour = 'only' 75k.

whilst i agree with your overall assessment I do think that if the Silk Road admin(s) was/were identified and arrested it would be far from your usual drug trial and may involve a lot of expert witnesses dealing with Tor, .onion sites, bitcoin and importantly how they could link the defendant with SilkRoad given the anonymity provided by Tor. This would all add to the costs of defnding a client way more than your usual drug bust.

$150 USD per hour feels very cheap for a criminal defence lawyer for someone charged with such serious offences.

Everyone needs to read the rest of the site. It's one of the most interesting domains I've ever come across. Fascinating guy through and through, and his short stories are excellent.

I had occasion to correspond with Gwern recently. It is always enlightening to talk to somebody who is smarter than I am.

Arrogant much?

What's arrogant about wanting to talk to people you consider smarter than yourself?

Perhaps our anonymous troll was offended at Jacques Chester's implication that talking to people smarter than J.C. is an unusual occasion for J.C.

I ... hadn't thought of it that way.

Satori in 3 ... 2 ...

I learned a new word

Just a caveat though, jacques_chester is using the term in a way that's metaphorical, but not correct according to the literal definition. That is, if he now understands someone else's point of view then that implies there's still a 'he' to have understood something, which means that he couldn't actually be in a state of non-dual consciousness by definition.

I thought satori was the Japanese Zen term for what is commonly called "enlightenment" or "awakening" in most forms of Buddhism in America. Is it meaningfully distinct besides being primarily used in a Zen context?

His article on bitcoin is a great read as well. http://www.gwern.net/Bitcoin%20is%20Worse%20is%20Better

One of my favorite sites. If you aren't familiar with it already, it will probably lead you to lesswrong.com. Also worth a good amount of time input.

Lesswrong is a weird place. I can read an awesome, insightful article one moment, then something completely bat-shit insane the next.

The problem with LW is that the old-timer's confidence is pegged at 100% for non-controversial stuff (like Bayes' Theorem) and highly controversial stuff (like the inevitability of unfriendly AI). It's essentially a cult of personality around Eliezer Yudkowsky, with little dissent.

They use the non-controversial value-add stuff to draw new members into the cult. Eliezer has stated in interviews that the most important thing you can do is help him on his research if you can, and otherwise to make as much money as possible to give to his research, save a bit for your living expense. Now he has dozens of people that agree with him completely, a few hundred that mostly agree with him, and thousands that think he's a pretty swell guy and don't realize the shady depths of the philosophy he's pushing.

You may be interested in the results of a big voluntary annual survey here: http://lesswrong.com/lw/fp5/2012_survey_results/

It has some questions that do a reasonable job of surveying people's beliefs on transhumanisty and Yudkowsky-y stuff like AI, cryonics, and many-worlds. Going by the survey, the population is more heterogeneous than you give it credit for.

I thought it is well established in the lesswrong community that we shouldn't give money to Eliezer Yudkowsky until the Singularity Institute proves itself to be of value.

The prevailing ideas (AKA Eliezer's ideas) do change. They used to be for AI research before they were against it. I am too bothered by the groupthink to hang around for long periods of time. I get enough of it IRL.

I'm pretty sure he's still for AI research, he just realized he'd been irresponsible about it.

I'd much rather people change their mind as they gain greater understanding, as long as they document the reasoning.

It's just that it gives me the heebee-jeebees to see everybody change their mind together.

Eliezer often cites a theorem from a mathematician that says that ideal rational agents can't disagree and applies it to normal conversation. In the LW circle this is used to bully people into conformity. No allowance is given for the time that it takes humans to think things through or negotiate on a set of priors based on their joint life experience. In practice at LW, it means that if you haven't conformed to a result that disturbs you within the course of a single conversation then you must be irrational. Because by Aumann's theorem rational agents will not remain in an undecided state.

They really are a bunch of borg.

I hang around with a bunch of LW people both online and in real life, and I really don't think that I've ever seen anyone deploy the kind of rhetoric you're describing when arguing with someone. It sounds unreasonably dumb.

On the other hand, I see a lot of examples of people being unusually polite and curious about people who disagree with them, and who try to specifically cultivate the ability to drill down to the root cause of arguments and learn as the result of a dispute.

So it's a highbrow version of Scientology, then?

It reminds me very strongly of the Objectivist cult. Similar personalities and faults.

Example of batsheet?

A good example of LW going off the deep end is "Roko's basilisk" and Yudkowsky's response



I started the RW article because LW readers distressed over the basilisk were emailing me (and other RW contributors) for help, because the matter is banned from discussion at LW. Even though the idea is utterly foolish, it would be inhuman to just tell them to go away; but individual emails don't scale. So, thinking that since secrecy hadn't worked the way out would be the way through, we quickly put that together. Then Warren Ellis and Charlie Stross publicised it and I've spent a coupla days getting it into fit condition for hits from the entire world ...

Frankly, the article is still insane. (Look at the talk page for my girlfriend's reaction. She felt like throwing my laptop across the room for wasting a second of her time on this inanity.) This is because this shit is almost impossible to explain to normal humans. I have found it easier explaining Scientology to normal humans.

Pretty much no-one on LessWrong endorses or believes in the basilisk ... they just advocate most of its component parts.

LessWrong are generally a pretty good bunch, but this will be their Xenu. Unfair as that may be. And they did it to themselves.

(gwern - if you're wondering why Dmytry can be quite such a dick at LW about this stuff, it's because he gets email from LW's distressed children too. He does his best to be a helpful, decent person.)

That's not LW's problem, that's pretty much solely Yudkowsky's problem. Very few LW regulars agree with his response.

He himself doesn't even agree with his response. In the Reddit open thread on the topic he said he reacted rashly because the idea that somebody would be smart enough to come up with it and then stupid enough to post it publicly (his words, paraphrased) did not occur to him in advance. I think currently he's primarily deleting posts for it because once you've started that trend, there's not really that much to make up by stopping.

That sounds scary, but not crazy?

The basilisk argument, in a nutshell, is this: At some point in the future, a near omniscient and omnipotent being, whose existence is not a certainty, will judge you and may punish you if it finds that the actions you take today are not pleasing, according to its undiscoverable morals, and the fact that you know about this increases the risk of you being punished.

The parallells to religion should be obvious to anyone with the ability to see the bigger picture, but it's somehow reassuring that even the most rational of humans can transform into a religious nutjob and not realize it. The road to hell is paved with good intentions, etc. :-)

It sounds like Pascal's wager to me. I haven't really thought it through in much detail, though - for safety reasons...

(throwaway account)

I've spent over $50,000 USD on SR in the past year, and I'm happy to answer any questions people have about the site or community.

What types of items have you purchased, and what's the loss rate? Does it vary with types of products?

I have an HSA insurance plan where I effectively pay out of pocket, so I'm starting to get more and more tempted to buy non-US drugs for which I have or could get a valid US prescription. Not particularly drugs of abuse, but something like ciprodex (ciproflaxin antibiotic + dexemethasone (steroid) otic (ear drops); $140 in the US and $55 in Canada). Stockpiling some other drugs (tamiflu, etc.) might also be tempting.

The only drugs I see on SR seem to be psychoactive, either research chemicals or boring prescription psychiatric drugs like xanax or adderall.

I purchase mostly opiates, though I have occasionally purchased other classes of drugs as well.

I have been scammed a couple of times, but I have never lost a package that was actually sent by the vendor. I have a 100% delivery rate.

Every time I was scammed was the result of finalizing early. This is bypassing the escrow system and giving the vendor the money immediately. Usually new users are asked to do this, and some vendors require it. I've learned my lesson and never FE (finalize early) now.

You can find non psychoactive/psychiatric drugs, it just varies a lot and you need to keep your eyes open. Certainly the market for what you are looking for is smaller, but it is there if you are persistant about it.

Things like antibiotics, ssris, antivirals and other mainstream drugs that aren't abused are often available relatively inexpensively from online pharmacies based out of India due to their price controls and flexible intellectual property laws.

How do people find reputable online pharmacies that sell real meds?

anything unsolicited = scam anything for ED = good chance its counterfeit

google for pharmacy review sites, pick ones that include reviews from users and the site owner. if there aren't any bad reviews trash it. Usually a few will get most of the discussion - these are usually the safest bets, but make sure to read the last few weeks worth in case somethings gone wrong.

Try to pick one thats been around at least a year and ships a good variety of drugs but skips commonly abused stuff like sedatives, stimulants, steroids and narcotic pain killers as they are much more likely to be a scam.

India is probably the safe choice. Don't order from anywhere that doesn't disclose their location. Don't order from "brokers".

A large variety of boring medicines in every dose manufactured is almost always going to be legit, trustworthy and not counterfeit. It'll usually come wrapped in foil strips that are verifiably the local licensed pharma manufacturer.

Always pay with a credit card and always expect 2-3-4 week deliveries.

The scary thing is I remember reading about people buying and then GC/MSing the drugs promoted by spammers. 10 seconds of googling doesn't find the result. I think they were mostly real/safe, although some were somewhat under-strength.

Well, these aren't exactly about the site, but if you'll humor me, a couple of questions jump to mind:

Do you have purchases sent directly to your home/business, or do you attempt to obfuscate the delivery somehow? If so, can you share anything about the tactics you use?

What percentage of your purchases arrive as expected? Do you have any reason to believe that anything is being intercepted by Customs / Border Police / Whatever, or do you only buy from in-country sellers?

Also, have you happened to notice if SR sellers sell things like Clenbuterol, and others that could fall into the "Performance Enhancing Drug" category?

I have purchases sent to my home, most of the time.

I have never lost a package that was actually mailed, though I have been scammed a couple of times by vendors who never send anything.

I try to stick to domestic vendors to avoid customs, but sometimes it is impossible due to supply issues. When I am ordering internationally I stick to Canada if possible. I once had a package from India get stuck in customs for over a month. When it finally arrived it had been opened and retaped shut. However, they did not find the actual contents of the package, it was very well hidden.

I am not familiar with Clenbuterol but I did manage to buy some Provigil after reading this article (http://www.huffingtonpost.com/johann-hari/my-experiment-with...).

"I have never lost a package that was actually mailed, though I have been scammed a couple of times by vendors who never send anything."

You've said this a couple times - how do you differentiate?

Does the article reflect your experience?

It seems that SR doesn't solve the major problem for buyers: you have to name a postal address and that address will be printed on a package containing illicit goods.

Any bad experiences with customs or have you been using in-country sellers exclusively? Any tricks to obscure your real address?

(Since these have mostly been answered below already: do you stick to a fixed group of sellers or go by price?)

In countries where the incrimination standard is reasonable doubt, that you received a package addressed to you is not really a slam dunk proof that you ordered the contents.

Furthermore, in countries where you enjoy a right to refuse to say anything that may incriminate you, you may simply refuse to explain how or why the package was sent to you. The prosecution will need to positively prove that you ordered it, which is a much harder task if the seller doesn't cooperate.


Nobody will ever be convicted for some package, so much is clear. But thats not the point. That package is enough to get a judge to sign off on a search warrant. And in my country, there is no "fruit of the poisonous tree" principle - even if the search is found to be unlawful afterwards, the majority of findings are admissible.

I touched on this in some other replies, but basically, I use my real name/address, try to use domestic sellers as much as possible, and have never lost a package to USPS/customs.

I assume some people rent a postal box under a fake ID.

What opiates are you mostly buying?

Unless you are ordering Heroin, which is very expensive on SR, at that spending rate you are probably buying Oxys or Opanas.

This might surprise some, but there are much simpler and better-priced places to get those online than SR / with 24h turn-around, overnight UPS - that won't involve an eventual FBI/DEA reverse sting - which is were SR is heading with all this attention.

>there are much simpler and better-priced places to get those online than SR

for example?

Unless you're dealing to others maybe?


Presumably you are either a dealer, or you have a gigantic drug habit?

I'd prefer to answer questions about SR, not about myself.

I think mentioning the $50K figure invites some questions.

I am not a dealer. As the OP said, I have a gigantic drug habit.

I suspect that, like many HN readers, I am a young guy who works in technology and makes more money than is good for him. I am single and unattached, so I've got plenty of disposable income. And I seem to be good (so far) at remaining a stable, productive employee despite my habit.

This story typically doesn't have a very nice ending. Maybe you're just having some fun, and will be able to shrug it off some day. I hope so. But if you find yourself trying to quit, and unable to, try to find some help.

Sometimes it takes a lot of tries, with lots of different kinds of help from lots of different kinds of folks.

The operational words, though, as you perhaps realize, are so far. While I'm not a fan of the nanny state, if you're taking fifty grand a year of illegal drugs, it's highly likely that in a few years you'll look back at this moment and wish you had taken a different path while you still had time and resources, before everything went to hell. You won't have the option, at that stage, of rewinding time, but you do have the option of doing something different right now.

Why not spend even one evening thinking it over, maybe talking about it with someone you trust, see what your options are? You are obviously smart and determined, and a drug habit doesn't have to be unavoidable fate.

Please be very careful. <3.

I hope (for your liver's sake) you stick to unit products like OxyContin or are really good at ice water extraction.

Thanks. My curiosity is sated.

If you've spent 50 grand on SR in the last year you're either dealing (I make no moral judgement on this) or you have a growing problem.

IF you're not dealing I would advise you to think very hard about the road you're taking, because that is one heck of a habit.

What's the experience like? I enjoy taking recreational substances occasionally but don't really do it because drug dealers are generally shitty people who one doesn't want to deal (ahem) with. Is the experience with acquiring better on silk road?

There are still scammers on SR, but the forums and reputation system go a good job at reducing that risk substantially (edit: if you're smart about doing your research and only dealing with the top vendors).

I do have to meet with RL dealers from time to time, and I vastly prefer SR.

I've heard about the site and am casually curious, but how does the obvious security hole of eventually having a product sent to a specific real world address work out in practice? What is the genearl method for anonymizing this.... I'm sure it's a pretty basic question, but since you're here and all...

I've never ordered anything from Silk Road, but one thing I'm surprised isn't done is using cheap/knockoff consumer products as a "carrier."

For instance, if it were well known that ordering a $295 DVD player from FrobozzCo.cn would result in delivery of a $29 DVD player stuffed full of Adderall or whatever people order, I imagine people would feel pretty safe ordering that way.

The other thing is, I'm not sure that the act of merely receiving illicit goods in the mail is adequate grounds for prosecution in the US. You can always claim that you have no idea where it came from or why it was sent to you, can't you? Otherwise it would be a popular revenge tactic to order something nasty for delivery to someone else.

Well that really depends on what you do with the package. If you see it is not addressed to you, then bring it inside, open it, and consume the contents, you just gave the prosecution evidence. Even if they cannot build the case against you, they might try charging you for opening mail addressed to someone else.

> I've never ordered anything from Silk Road, but one thing I'm surprised isn't done is using cheap/knockoff consumer products as a "carrier."

Some do. They package them in small consumer goods and that sort of thing. For example, the Australian vendor who was recently convicted was importing, IIRC, MDMA and the powder was being stashed in flashlights by his vendor.

> The other thing is, I'm not sure that the act of merely receiving illicit goods in the mail is adequate grounds for prosecution in the US. You can always claim that you have no idea where it came from or why it was sent to you, can't you?

It's not; something further is necessary in practice. Look up "controlled delivery".

As I just mentioned in other comments, I have the packages shipped to my home, using my real name. I have never had a package intercepted.

I think I benefit from the fact that the items I am ordering are very small and fit into normal sized envelopes. From what I've read, packages are much more suspect than envelopes.

I have not used the site either, but from what I've read, the best idea is to use the name of a previous tenant, and to stick with domestic. If the parcel is sent via USPS First-Class or Priority, it cannot be searched without a warrant.

What personal drug habit requires $50k? If it is blow, that's at least an 8-ball every single day for a year. I can only guess you're buying that volume of drugs to resell it. Which is essentially why the guy in NZ was caught.

That's $135 per day. So to put it in percpective, at SR prices, thats 1.5 OC80 (OxyContin 80mg - oxycodone) pills per day. That's a far cry from people who do 10-20 of those.

Wow, guess I never did the mathematics on an opiate addiction before. And people say smoking is an expensive addiction!

That's a massive amount of money for a couple of (very cheap to produce) tablets each day.

How do you get your bitcoins?

How do you know the goods you purchase are safe for consumption? Is it based on reputation of the vendor? Do you have home testing kits?

Silk Road is very interesting from a design perspective, particularly the way it leverages different open source cryptographic tools to satisfy its complex security/privacy/anonymity requirements.

I gave a talk about this at the Oakland Cryptoparty back in October. The slides are a little patchy and based entirely on perusing the site (read: speculation), but it inspired a lively discussion from amongst all the participants. It seems there's nothing like illegal drugs and the black market to get people interested in learning more about crypto!

I'm planning on giving an updated version of this talk at "SF Cryptoparty II" on March 23rd (attend or sign up to talk! https://cryptopartysf.org/). I will definitely incorporate ideas from (and link back to) this article. Feedback appreciated!

Slides: http://garrett.im/static/pdf/silkroad_oakland_cryptoparty_sl...

I've read your slides.

I think your Farmer's Market summary is outdated: it used Tor hidden service, for a short period only and after the investigation started (reading the indictment), and it's pretty clear now that Hushmail rolled over and then the garnered information was used to extract the Paypal & Western Union financial transactions. See my discussion of Farmer's Market in OP.

Slide 14 should mention the SQL injection attack on SR back in November or December 2012; I also disagree that DDoSes would be ineffective.

Slide 23: IIRC, someone has a verifiable anonymous mixer. I forget its name because it charges more than others.

Slide 27: Mtgox has been hacked and lost bitcoins, but haven't they always made up their users' losses? That's pretty important.

That was an awesome read. Always fun to read about drugs, but this seems like it was written quite a while ago... wonder if anything has changed since.

A lot of the stuff on the cypherpunks was added fairly recently I believe. At least, I don't remember those sections being there the last time I read it.

Gwern has an interesting approach to writing articles where he continually updates and adds to them so that they improve over time. See: http://www.gwern.net/About#long-content

I was written May 2011 from the top of the article, but some of the footnotes have been updated recently.

This article was very well written and easy to digest and has some of the most succinct descriptions of the political underpinnings and implications of the cypherpunk movement I've ever seen without the sweeping oratory that tends to go with such things.

That said, this single section;

Fortunately, I don’t think LE is authorized to engage in cyberwar (#1) or mass entrapment & fraud (#2). And who knows, maybe SR could survive both.

Where he discusses the degree to which the state will restrain itself from "bad behaviour" strikes me as a little naive in light of history. I'd be more concerned about attacks along the lines of the liquor poisoning that the state engaged in during alcohol prohibition.

I imagine if someone wanted to cause serious bodily harm to the potential buyers in this marketplace it wouldn't be too difficult to do, and they've proven historically they're prepared to go to this extent. I also imagine it would have quite a high impact on the risk assessment of silk road buyers if people started ending up dead from their purchases.


Option #1 : I am aware many exchanges/markets do 'bitcoin mixing' to get around this, but the local authority could just as easily subpoena/force someone like mtgox into giving up the info of where the coins are going. As always, the folks who cant hide behind tor and want to appear legit are going to be weakest. (mtgox/bitpay/coinbase/etc..) - Those are the companies that will be 'compelled' to comply if it gets to that point.


Option #2: Inspect the packages you receive for fingerprints. You will likely find a postal workers prints and be able to continually track it back to the sourced post office. Then you just correlate the time the package was likely sent and watch security footage, looking for something that matches the shape/look of your package.


Also- Please dont take the above post too seriously. I have mostly no idea what I am talking about when it comes to bitcoin.

> I am aware many exchanges/markets do 'bitcoin mixing' to get around this, but the local authority could just as easily subpoena/force someone like mtgox into giving up the info of where the coins are going.

The coins are mixed _before_ they arrive to mtgox or some exchange, I would guess.

> Even if you mix the coins a few times through a few sites, its still going to be the best way to find them.

Any arguments here? The authorities would need information from every web site that has been involved with the transfer. The mixers can reside in the tor network, so it is impossible to get the connecting information.

No, you can't. The coins are mixed before they get to mtgox. Mtgox doesn't know where they came from.

In fact, you don't even need to use mtgox. Mtgox is just where you swap bitcoins for cash. If I sold drugs, it would be smart to just keep the money in bitcoins.

And you can also exchange money for bitcoins with an anonymous physical person in your city. Just go to localbitcoins.com, find someone near you with one or the other, and swap with them.

How are the coins mixed before exactly?

Also, I think its extremely impractical to think that a volume drug dealer is going to do physical exchanges. Even if they did opt for that route- Track the guy he did the exchanges with, then beat him with a wrench to find out who he bought from.

> How are the coins mixed before exactly?

You can mix them anyhow you want. If you know how bitcoin transactions work, the idea is simply to break the transaction chain. There are simpler or more paranoid ways to do it, and of course in Bitcoin world it is inviduals responsibility to handle his own coins.

Edit: think about how someone would try to connect the transactions: timing, amounts, etc.

I find it pretty annoying that there seems to be lot of people with strong opinions about bitcoins, but who haven't really studied it that much...

>I find it pretty annoying that there seems to be lot of people with strong opinions about bitcoins, but who haven't really studied it that much...

Read the last line of my original comment. No reason to get snippy.

Where would one start - I would like to buy some and see how it all works, and maybe leave a laptop mining some - but I would prefer to research first - where would I start?


If you want to test out how it works in practice, try playing with instawallet.org , maybe buying small amount of coins and tracking how it works. There are also free bitcoins sites, I don't have much experience with them or either with mining. You can track transactions on blockchain.info

If you want to learn about technicalities, Satoshi paper would be a good start: http://bitcoin.org/bitcoin.pdf

Then bitcoin wiki: https://en.bitcoin.it/wiki/Main_Page I especially like the myths page: https://en.bitcoin.it/wiki/Myths

So what happens when the government decides to try every participant in a mixer with racketeering?

Don't know. BTW almost every web based service is a bitcoin mixer in itself, including exchanges, because it is fairly standard way to implement a hosted bitcoin wallet. Exception might be blockchain.info.

Interesting video and article here from the point of view of Australian customs


Slightly OT:

"Computer expert" Chris McDonald is actually Professor Chris McDonald. He holds appointments at the University of Western Australia and at Dartmouth. I was lucky to have him as a lecturer for several course and as my honours supervisor.


He's nominated for teaching awards with comical regularity. If you ever get a chance to take one of his courses at UWA or Dartmouth, take it.

I greatly appreciate Australia and NZ's police agencies being public and specific about interception & arrest rates; I wish America could be as informative - as things stand, I have no references on either.

Talking about Tor; you can built your own Silk Road with http://osclass.org/ (it's a software for creating your own classified site) and using the Tor plugin http://blog.osclass.org/2013/01/21/anonymous-with-tor-plugin....

Disclosure: I participate in Osclass.

thanks for the link. Any links on creating a .onion link and the rest of whats needed?


I set up a hidden service once to bypass a university firewall. It's surprisingly easy.

I wonder if the current little spike in the bitcoin price (from https://mtgox.com/) could be attributed to this article being posted on HN

No. The price has been increasing gradually and abruptly for the last 2 or 3 months. As well, over the past 2 days GA says there's been 26,107 unique visitors to my Silk Road page; if 1% actually buys bitcoins (in line with the famous 1% rule of the Internet), that's just 260 people buying bitcoins.

http://blockchain.info/charts/estimated-transaction-volume-u... suggests that daily bitcoin blockchain transactions make up something like $8m; much of this is just people shuffling bitcoins around of course, but even so, 260 people aren't going to push the exchange rate to $29!

The Bitcoin price has been dramatically spiking for the past two weeks. Very curious as to why.

Look at the transaction volume as charted by blockchain.info. You will see a good correlation between that and the price of bitcoins.

A good part of the recent bitcoin transaction volume is due to online gaming startups that use bitcoins, especially to work around US online gambling restrictions.

The bitcoin economy is very rapidly growing from a miniscule base, first in illegal and gray-market trade, and then in international trade where low transaction costs and lack of credit card fraud appeal to global merchants.

Both Mega and reddit have recetly announced acceptance of bitcoins for payment. Not saying that's the reason, but I'm sure it contributes.

Whatever it is, it's made a few people (myself included) rather rich.

Bought a fair few BTC at ~1/6th of the current price, just trying to figure out when to cash it in.

This makes me wonder what other 'interesting' business ideas people can come up with to operate as a hidden service?

Throwing anonymity into your business plans could turn up some interesting ideas....

It's very annoying that the back button doesn't work on your site.

I didn't do anything to break it, and it seems to work fine in my Debian Iceweasel.

Fair enough, I'm using:

Debian GNU/Linux 6.0 \n \l

Google Chrome Version 24.0.1312.57

Not sure why the back button doesn't work. Great site/content though! Just a minor annoyance that I thought was on purpose.

Well, if you figure out what was going on (could be Cloudflare doing optimization, or maybe Hacker News inserting a redirect?), please contact me.

Since I'm on Iceweasel I don't always see issues in other browsers - for example, apparently all my MathML was broken for the longest time in Chromium because they just didn't support it.

What is most interesting about this article is how to set up the Tor browser.

Privacy is very, very, important - especially for those who are oppressed, and even for those living in democracies.


The forum / feedback system WORKS. It pushes sketchy / lower-quality products out and if anything, that's why I feel Silk Road is a positive change in the ever-dangerous world of drugs.

That said, there are many friends who I would hesitate to tell about the site; it's just too easy to get mixed up in more dangerous or addictive classes of drugs there.

Be careful.

Man, SR is one of those things I look at in awe. I'm not sure I'd ever have the cojones to have something shipped to me...

The comments on the blog post are sad in a "Good god people are effing stupid" sort of way.

Also, if you're getting on Tor, I recommend Tails [1]. Most people aren't aware of all of the things they need to be wary of when getting on Tor and not leaking their identity.

[1] Tails: http://tails.boum.org

A similar linux distribution: Liberté. This one's based off of Gentoo (Tails is based off of Debian)


There is no other place where I can safely buy military grade sniper rifle with delivery to my door, than tor network!

Didn't the Armory shut down because it was hard to compete with all the offline sources of military-grade guns...?

The first rule of Silk Road is you don't talk about the packaging...or post pictures of it...

Guidelines | FAQ | Support | API | Security | Lists | Bookmarklet | Legal | Apply to YC | Contact