A big misconception that the author and others have is that if two countries don't have an extradition treaty it means that you won't be extradited.
It doesn't work like that. All it means it that instead of you being more or less automatically extradited now a negotiation process starts between the two countries. Put another way: extradition is manual instead of automatic.
Plenty of people were extradited from "no extradition treaty" to US.
> One very important takeaway from this article should be that just because a country does not have a formal extradition agreement with the United States, does not mean that the country will not extradite you.
Yeah, same as the British monarchy after the murder of Charles 2. Or James 2. But they tracked down the killers all the way to America, or so they say. Same with Stalin getting Trotsky in Mexico.
But there's others who never were captured, Hannibal evaded Rome until they almost captured him, but he successfully killed himself so they never got him alive. There's many others on both sides.
> Keep in mind that the NSA will start scooping up all of your packets simply because you visited torproject.org.
This particular one might not be true but the general spirit probably is. This is why I sometimes do things which a drug lord would do even though I am not one (I swear). It's for the benefit of possible-future me where I do have something to hide.
The correlation of the time where you started using Tor extensively and the time a particular Darknet service started operating? Certainly a possible leak of a few precious bits of those ~30 bits that are needed to pinpoint you.
It's a generalization of the rule that you should not restrict encryption to only those messages that are important.
> This is why I sometimes do things which a drug lord would do even though I am not one (I swear). It's for the benefit of possible-future me where I do have something to hide.
Opsec is incredibly difficult to get correct - especially in the long term. Many of the people who need to be getting it correct do not and the only reason they are not in front of a judge or serving time is simply because their government hasn't given a shit to so much as glance their way. Because if their government actually gave a crap to investigate they'd be found almost instantly. From doing stupid things like sharing photos of their pets to more mundane things like having very obvious hours of activity and using vocabulary that varies spelling regionally (eg: how you spell color/colour suddenly matters) or even worse using regional slang like a bunch of Australian slang.
If you want to be a darknet drug lord my advice is of a different flavor: Don't let yourself become too big. Once a (or multiple) governments are after you it is very likely only a matter of time before you get caught. Not because the government is particularly good at tracking people down or somehow nearly omniscient but simply because you likely had or have terrible opsec and finding you is more trivial than you've led yourself to believe. If you believe they are already looking for you it's time to abandon everything and disappear. Live your life like it never happened and whatever you do don't pass on the torch. Let your work die and be buried and someone else build on top of the grave.
I find DNMs fascinating and love reading about how founders are eventually caught.
> Opsec is incredibly difficult to get correct - especially in the long term
I'd say if you are doing it long term then you are doing it wrong. The longest surviving DNM by far was Dream which I speculate had some nation state backing it.
> I'd say if you are doing it long term then you are doing it wrong.
I agree entirely but it also depends on your threat model. When making my post I didn't have DNM's in mind (though that's the context...) and was actually thinking about the abysmal opsec of many private tracker admins.
>If you want to have some fun at the expense of business in the short
term, intentionally take your service offline periodically in order to
mess up attempts to match your downtime with public information
Wow, I would have never thought about that to use public-downtime to find/match your service.
It is also a fantastic way of knowing where the owner of the site lives and their daily routines. For example, if the site owner is doing maintenance 03:00 GMT, they probably are in Europe. If they are active during only evenings in Americas, they probably live in somewhere in America and has a day job or they study.
So, activity hours and maintenance hours can be used to pinpoint the timezone of the owner and their daily habits. Randomizing every bit of information is important.
> So, activity hours and maintenance hours can be used to pinpoint the timezone of the owner and their daily habits. Randomizing every bit of information is important.
Or injecting disinformation: pick a misleading timezone, and only connect at times compatible with that timezone (e.g. 03:00 GMT is 11PM EST). Though that might not be compatible with making all your connections from unconnected locations (not many coffee shops/libraries are open that late).
Do we have enough info to even pinpoint this type of data to him (or her) ? I was under the impression the links were nebulous at best. But I do not know that much about Satoshi
Speaking of time-matching you should also avoid starting a publicly observable spike in Tor-related activity just before the date your new Darknet service goes online.
Wow, there's a blast from the past. Here's another piece [0] by Ratliff about trying to go off the grid while orchestrating a manhunt for himself. It scratches the same spy-crime-opsec itch that the other links in this thread do, and left a lasting impression on 8-year-old me.
Along the same lines there’s a German show (on US Netflix) called “How to Sell Drugs Online Fast” that’s loosely based on the true story of a teenager[1] who started an online drug business from his bedroom. It’s pretty funny and a bit Silicon Valley-esque. There’s also a documentary where he’s interviewed. I think it’s called “Shiny Flakes” which was the name of his website.
> This section tries to be as operating system independent as possible
But if you are going to interact with Tor and setup hidden services, Whonix[0] is your best bet. The idea behind Whonix being that even if there's some javascript-based 0-day that tries to decloak you, it can't leak your naked IP, because it fails closed and everything is routed through Tor.
Huge difference. Whonix consists of two VMs, one where you actually work and another which acts as a "router" sending all of your traffic out over Tor.
Code running in the work VM can't leak your IP even with root access.
This is a great article, I love reading stuff like this that goes into detail into interesting and unusual lives, whether criminal or not. Is there any collection of similar articles, related podcasts, or particular stories I should check out?
The host is masterful at divulging the right amount of technical detail to keep both casual and tech savvy listeners engaged. He is also very good at finding good topics and getting hackers to talk on the podcast.
Readit News
It doesn't work like that. All it means it that instead of you being more or less automatically extradited now a negotiation process starts between the two countries. Put another way: extradition is manual instead of automatic.
Plenty of people were extradited from "no extradition treaty" to US.
> One very important takeaway from this article should be that just because a country does not have a formal extradition agreement with the United States, does not mean that the country will not extradite you.
https://www.expatriationattorneys.com/non-extradition-countr...
But there's others who never were captured, Hannibal evaded Rome until they almost captured him, but he successfully killed himself so they never got him alive. There's many others on both sides.
This particular one might not be true but the general spirit probably is. This is why I sometimes do things which a drug lord would do even though I am not one (I swear). It's for the benefit of possible-future me where I do have something to hide.
The correlation of the time where you started using Tor extensively and the time a particular Darknet service started operating? Certainly a possible leak of a few precious bits of those ~30 bits that are needed to pinpoint you.
It's a generalization of the rule that you should not restrict encryption to only those messages that are important.
We need robots that do this constantly.
If you want to be a darknet drug lord my advice is of a different flavor: Don't let yourself become too big. Once a (or multiple) governments are after you it is very likely only a matter of time before you get caught. Not because the government is particularly good at tracking people down or somehow nearly omniscient but simply because you likely had or have terrible opsec and finding you is more trivial than you've led yourself to believe. If you believe they are already looking for you it's time to abandon everything and disappear. Live your life like it never happened and whatever you do don't pass on the torch. Let your work die and be buried and someone else build on top of the grave.
> Opsec is incredibly difficult to get correct - especially in the long term
I'd say if you are doing it long term then you are doing it wrong. The longest surviving DNM by far was Dream which I speculate had some nation state backing it.
I agree entirely but it also depends on your threat model. When making my post I didn't have DNM's in mind (though that's the context...) and was actually thinking about the abysmal opsec of many private tracker admins.
Wow, I would have never thought about that to use public-downtime to find/match your service.
So, activity hours and maintenance hours can be used to pinpoint the timezone of the owner and their daily habits. Randomizing every bit of information is important.
Or injecting disinformation: pick a misleading timezone, and only connect at times compatible with that timezone (e.g. 03:00 GMT is 11PM EST). Though that might not be compatible with making all your connections from unconnected locations (not many coffee shops/libraries are open that late).
[0] https://www.goodreads.com/book/show/41181600-the-mastermind
[0] https://www.wired.com/2009/11/ff-vanish2/
[1]https://www.theguardian.com/world/2015/nov/03/german-teen-so...
Talk about horrible OPSEC.
I didn't know there was a book, but there was a series of articles a while ago by the same author : https://magazine.atavist.com/the-mastermind/
But if you are going to interact with Tor and setup hidden services, Whonix[0] is your best bet. The idea behind Whonix being that even if there's some javascript-based 0-day that tries to decloak you, it can't leak your naked IP, because it fails closed and everything is routed through Tor.
[0] https://www.whonix.org/
Code running in the work VM can't leak your IP even with root access.
Deleted Comment
I thought I read (on hn) of such a community…
lots of content, you gotta weed through a lot to get the good stuff
I wonder how true that is.
[0] https://en.wikipedia.org/wiki/XKeyscore
Besides, it's not like the NSA doesn't have the capability to scoop all packets from people they've seen visited torproject.org.