/tech/ - Technology★

>>1010510 (OP)

The technology side of the equation was never the problem since the coming of VPN's, TOR, Crypto and other encryption/proxy techniques. Only incompetence will get you caught on that side. (Think maffia ignoring warnings about updated verification keys)

The real issue is anything involving giving the buyer a phisical good [Tomatoes] in exchange for crypto. The police can and will be indistiguisable from a legitimate buyer. You're going to have to accept the police might be all and your only client you'll ever supply. Drug dealers use mail. not even police can stakeout an record the identity of every person dropping in mail in every mailbox in the country. Drones are more identifyable but can be usefull for crossing borders and customs checking for [tomatoes].

What size and weight are your [tomatoes]?

This is an appropriate webzone for your hyperquery.

Bitcoin transactions are completely transparent and open to inspection by anyone, so after the last IP in the VPN chain is sniffed in your scenario, the remaining barriers to de-anonymization are A) that VPN's cooperativeness with authorities and B) whatever barriers you've between yourself and the bitcoin wallet that paid for that VPN. The remaining VPNs don't help in this scenario, except for adding additional "VPN must be cooperative" barriers between the first VPN and your actual IP.

The other likely de-anonymization route is the server you're hosting this site on.

Your tails and computer security stuff comes into play twice

1. it's much harder for your "trick me to downloading something or whatever" scenario to actually work. Mainly as you're security-aware and probably aren't logging into your Google and Steam account from this computer.

2. when the police bust into your house or find the computer or vice-versa, your pants won't be completely down.

I term I recommend you work into any plan is disclaimability. Your ability to, when compromised, say with a straight face that you have no clue what any of this is about and are just a normal citizen who uses the internet for cuck porn, only. A Tails USB and other secret squirrel shit is going to damage any such claims.

>>1010532

>Your ability to, when compromised, say with a straight face that you have no clue what any of this is

Great contr, just want to point out that that's the first instinct all guilty people portray. (Not that an innocent wouldn't also eventually claim to have no clue). It is better to just mirror the police/investigator's emotions and questions rather than proclaim innocense and "Being unaware" of what's going on.

Investigators will also attempt to make you lie about seemingly unimportant things like "Why do you have 3 VPN's?" One could answere several plausible things, like porn, but if investigators find that that's not actually what you used it for then that gives them a foot in the door of your personal life, web of lies and denyability. It wont get you in jail just yet but circumstantial evidence is grey area, and you want every advantage you can get.

Watch interrogations on youtube and how to beat lie detector to give yourself more preparation.

Why are you posting this here? Are you a fed? Anyone with a non-zero IQ knows that /tech/ is just LARPers with no real criminals.

>could land one in jail for 20 years.

I hope this is a random number, and not the actual sentence of the country you live in.

>A chain of 3 VPNs paid for with Bitcoin anonymously. TOR with java disabled. A wi-fi router that works with SIM (both not linked to my real name, of course). will a USB wifi SIM router be good for the task?

Every post here is saved by Sunshine. You are deanonymizing yourself by posting your security measures.

>It's not the US and we don't have the allmighty NSA here.

You don't have the NSA, but you have the freedom to cover your ass with Tails without persecution?

You really don't need anything more than Tor. Especially if you are just connecting to a hidden service.

>my true IP (by tricking me into downloading something or whatever)

If they have code execution they can probably figure it out after enough time. I'd avoid opening links and files when you don't have a firewall blocking all connections other than to your first hop.

>>1010510 (OP)

>TOR

Wew.

>TOR with java disabled

Also, you can't disable Java on Tor because Tor has no integration with Java. Unless you're using Orchid. Protip: You're not using Orchid.

>USB wifi SIM router

lolwut?

>>1010544

>Investigators will also attempt to make you lie about seemingly unimportant things like "Why do you have 3 VPN's?" One could answere several plausible things

In countries that offer suspects protection against self-incrimination, you don't try to find a plausible answer, you just don't answer at all. If you've been committing crimes on a darknet but you've been found anyway, something significant brought the piggies to your door, and you're not going to talk your way out of it. The best thing you can do is shut up and not give them any additional information.

don't use tails.

Tails uses systemd which has been known to leak dns queries due to Google dns integrated by default.

Use Heads instead, it uses a proper *nix init system so you don't have retarded shit like a DNS specification in the init.

Your real problem is going to be in accepting crypto currency. All transactions are transparent. That's how they caught the guy who ran freedom hosting and a bunch of dealers. What you want is to exchange your dirty coins for clean ones but I don't think there are services that offer that anymore. Also, your VPN payment is traceable unless you cleaned your crypto currency and if they keep logs it all leads back to your ip anyway. Also, you don't need multiple VPN.

>>1010524

Brutha, here in our country you have no contact with the buyer directly. You do not even have to touch the tomatoe shipments.

You have couriers. When you hire a courier over TOR, they pay a deposit. You then arrange a purchase for the price of their deposit. The courier picks it up (it's a secret stash), breaks it down into small packs (1g, 2g, whatever) and makes secret stashes, then takes pictures and writes down the coordinates of the spot.

When a buyer goes to the site and purchases a stash, he only knows the general location (which part of the city). Then he get the pictures and the coordinates, goes there and recovers the stash.

It's this simple.

Couriers (who make stashes) and those who transport the tomatoes between cities - those are the guys who usually gets caught. The police has learned already how to look for suspicious guys crawling on their fours in the woods with flashlights and such.

>>1010532

>whatever barriers you've between yourself and the bitcoin wallet that paid for that VPN.

Using mixers. After mixing, withdrawing bitcoins via localbitcoins.com

>The other likely de-anonymization route is the server you're hosting this site on.

The server (if you mean the darknet market) is not hosted by me, of course. It's a big market that's been around for years. Yes, they might be leaking out info to the gov, who knows... Maybe it's a part of their deal with the government so they can operate in relative peace.

Otherwise, thank you for your post, it was an interesting read.

>>1010544

> "Why do you have 3 VPN's?"

So, the point is to not let things get to the point where the police knows your IP address.

Hence 3 VPNs, all located in different distant countries that do not have diplomatic relations with my country. The VPNs should keep no logs (yea, I know it's impossible to know whether they keep logs or not, but well, what can we do..)

>>1010561

I didn't know where else to post it, lol. I looked up some darknet 4chan-esque resources and just posted there. I'll try to look for other websites too. Anyways, this board is what a quick search turned up.

>I hope this is a random number, and not the actual sentence of the country you live in.

For selling in large quantities - 10 years to life in prison, lmao.

> You are deanonymizing yourself by posting your security measures.

How so?

>You don't have the NSA, but you have the freedom to cover your ass with Tails without persecution?

Not sure I get what you mean.

I'm not so much worried about Tails, I'm more worried about my ISP seeing I'm using TOR a LOT.

>>1010581

>Also, you can't disable Java on Tor

What about the NoScript extension?

>lolwut?

I'm not a native English speaker. Basically, it's a usb router where you plug in a SIM in order to connect to the internet.

> If you've been committing crimes on a darknet but you've been found anyway, something significant brought the piggies to your door, and you're not going to talk your way out of it.

Exactly!

So my goal is not getting to the point where LEOs knock down my door.

>>1010642

Why shouldn't I use multiple VPN?

> but I don't think there are services that offer that anymor

There are still some mixers around, and AFAIK I can add another layer of security by exchanging BTC for Monero and back after the mixer has laundered my dirty BTC. I'll be looking into it, tho.

>>1010682

>I'm more worried about my ISP seeing I'm using TOR a LOT

Your use case does not look like you are using it a lot. I literally do 99% of my web browsing + irc + youtube + other chats all through Tor. I try to make a lot of legitimate traffic so that the time when I do things which may be questionably legal doesn't stand out.

>What about the NoScript extension?

He's mocking you about not knowing the difference between javascript and java.

>>1010685

>Your use case does not look like you are using it a lot.

Well, maybe you're right. But I would need to log in to the store often to manage things, issue orders to couriers, order big batches of tomatoes and so on. Dunno if it's considered "a lot" since it's mostly text traffic, no movies or big files.

>He's mocking you about not knowing the difference between javascript and java.

Ah, I know it's. Java is just shorter to type.

>>1010687

>Java is just shorter to type

Yeah, but java is something totally different so you shouldn't do that.

>>1010683

Mr. >>1010685 is on the right track, but I'm not mocking you. If you're planning to use technology in the course of committing felonies, however, you should know the difference between Java and Javascript, and Tor (not TOR) and the Tor Browser Bundle. Details matter when you're staring down the barrel of decades of prison time.

>it's a usb router where you plug in a SIM in order to connect to the internet

I assume you mean a 3G/4G modem that connects to your computer via USB. That's not WiFi. Again, details matter. A public WiFi connection (e.g. through a university's or coffee shop's unsecured network) is possibly a better choice. Or a neighbor's cracked WiFi connection. I'll leave others to opine about that, however.

>>1010687

>Ah, I know it's. Java is just shorter to type.

And J is shorter to type than Java. But J is its own programming language, too (https://en.wikipedia.org/wiki/J_(programming_language)) which is different than Java, which is different than Javascript.

DETAILS MATTER

Ignore this fact at your peril.

>>1010689

Hello. There are two kinds of SIM modems:

one is plugged in directly, the other is a wi-fi hotspot.

> Details matter when you're staring down the barrel of decades of prison time.

Absolutely! I'm still researching, and won't start until I'm sure I've done it all right.

Public wi-fi connections are a good thing, too. I'm looking into this option too.

>>1010691

Yup, you are right. Thank you for your advice, anon.

>>1010687

>Ah, I know it's. Java is just shorter to type.

you're the blackest gorilla nigger 3I've ever seen

>>1010696

WRY

>Throwaway PC

Start with refurbish imports which is a throwaway of a throwaway.

Hopefully, that's not a hand-me-down.

The problem is these can be traced with:

Official buyer and possibly connections if hand-me-down -> Official receipt record containing -> FCC ID / MAC addresses (bt/wifi/lan) -> OS-level intentional exploits

>spoofing

Software level spoofing is unsafe. Imagine having to use DNS through systemd then one day they decided to change the config defaults or some inside bug occurs exposing your DNS or your DNS servers are all down and OS tried to use malicious fallback (linux in general).

Get an LB-Link usb-wifi anonymously then spoof that. It works with open sauce code and no drivers or external kernel modules needed. They're also sold on certain RYF stores but most lb-link work out of the box with kernel 4.12 i think.

>VPN

VPN is unsafe.

>wi-fi router + SIM

If the SIM is bought with your credentials or card it is obviously unsafe. Don't even try walmart. Security cameras, SIM cards are sold with traceable bar code (and store bar codes) so if they manage to flag that SIM they can backtrace you with the official receipt (if you filled out correct name address) or have a general idea where the person is based from the store's location.

This is a mix of safe and unsafe. Cell ID values expose your general location and can be triangulated by agents but you can just replace the SIM but usually not the IMEI. Maybe with Balong tool you can change IMEI but that's illegal. As long as you keep off your personal credentials from passing through the modem and remain anonymous it would be fine.

The problem is if the router's OS has backdoors where it phones your Cell ID + IMSI info (closed source android phones presumably have this). All it needs is to phone that 1KiB info and it costs them nothing and what costs nothing is usually implemented.

>good setup

wifi router+modem/SIM

Huawei toolbox or similar to monitor if your cell id suddenly changed when they're spoofing cell IDs (IMSI catchers that analyze data)

As much as possible try to feel if the connections have huge latency and delay which is likely a sign.

Bare IP with modem/SIM is okay. no need to route with VPN. just use tor directly.

Make sure you do DNS setting at the hardware/router level NOT software level as said previously but if you're not using local dsl/fiber then you're fine.

also a tip:

Use yagi or other directional antennas over your modem.

Huawei is pretty advanced and you can use Balong and toolbox to monitor, change IMEI and lock or block Bands (but not cell id of the same band. at least it can make you avoid hand-overs). Other models may allow you to lock cell ID but I'm still looking into it.

Omni-directional antennas may make your router seek stronger quality and nearer signals like that IMSI catcher van parked outside.

>>1010699

Hello. It appear you're tech savvy, and I'll need some time to process your post.

But this part:

>no need to route with VPN. just use tor directly.

Why, tho, especially if it's not one VPN but, for example, 3 ?

Note my reasoning for the several VPNs:

>For example, the tomato selling darknet website somehow is able to learn my true IP (by tricking me into downloading something or whatever). Will the VPN chain protect me in this case? Will the tomato site's nefarious owner only see the last IP address from the VPN chain?

>>1010709

p.s. the SIM, of course, is not bought with my credentials.

Also, I'm not in the US (not even in any of the Americas)

Hey bois, a quick questions.

Do TOR's obfs4 bridges act like a VPN service?

if someone was to discover your true IP on TOR, would they see your real IP or the bridge's IP?

>>1010709

>>For example, the tomato selling darknet website somehow is able to learn my true IP (by tricking me into downloading something or whatever). Will the VPN chain protect me in this case? Will the tomato site's nefarious owner only see the last IP address from the VPN chain?

They can ask as many providers possible. All of them keep logs so pinpointing the source is never a hard thing to do. VPN is a trap since you'll have to pay for the service and who knows what kind of transactions these require? A lot of VPN services are even run by intelligence agencies and it's pretty cheap thing to do.

>>1010689

>Details matter when you're staring down the barrel of decades of prison time.

Meanwhile you have some curryniggas running phishing and tech support fraud on million dollar scale from their windows xp pc's running Google chrome and 16 year old's using their mom's credit cards to buy ddos services and bragging about it publicly under accounts linked to them.

Sometimes it feels like the law enforcement just doesn't give a fuck anymore. They just pick few people to make examples of and think that solves the problem.

>>1010709

>>1010742

What are you even worried about? That tor will somehow leak IP but your VPN/proxy config won't? That's ridiculous.

You sound like a retard so technology isn't your main issue here. You'll brag about your [tomato] business to someone or make another stupid mistake that reveals your identity independent from your internet. Even on this board you type with a special snowflake posting style that makes your posts stand out like a sore thumb, who's to say you won't do the same shit on your [tomato] site and get recognized?

Funny thread, though. Eating [tomato], lol. You fucking degenerate. Just go to Colorado like all the other potheads, mate.

>>1010821

Curryniggas are in a different country from where they commit the crime, and their own LE is dysfunctional. Even so, what's the point here? That OP can move to currystan and sell all the [tomato] he wants? I guess he could, but then he'd have a bigger problem, namely: living in currystan.

>Sometimes it feels like the law enforcement just doesn't give a fuck anymore.

More like the media doesn't give a fuck. They have an agenda, and news about cybercriminals (unless they're autistic incels targeting roasties) don't advance that agenda, nor do people click on those headlines, so they don't bother reporting much when they get caught.

Could someone recap for me, I'm lost in the comments

>>1010679

Clever. Physical goods still involve risk but really clever system as long as you keep the surveillance state at bay.

In my country they dont rlly care. My local weed shop is placed safely behind the police station. Saves them travel time if anyone is being a nuissance.

>>1011698

>Clever

Indeed. I wonder why it's not done like this in the US, too.