Safe Practices

[beta-boy]

I thought it might be helpful to have a thread dedicated to the exchange of information concerning safety and privacy when it comes doing business with the vendors in this section.

The recent thread about hushmail made me rethink my own practices.  I had been thinking about creating a tormail.org account for some time now and only recently got around to actually doing it.

However, I also decided to do some research about the actual safety and security of tormail and ran into some unsettling information.

I went ahead and posted that information in the hushmail thread and I'll copy it here so folks who didn't see it don't have to jump over there:

The issue is ... tor and tormail uses other computers to route your browsing traffic or mail through a random series of nodes.  That part seems to work just fine and anonymity is virtually guaranteed unless you are being spied on by someone like the NSA.

However, some people claim that the FBI has established a whole bunch of computers to act as "exit nodes" ... i.e. the last node or computer that your email pops out of before reaching its destination.  They are called "honeypot" nodes and are used specifically to catch criminal activity because the emails are not encrypted when they leave the exit node.

Now ... the paranoid types claim that the whole Tor network was set-up by the government to be one giant honeypot.  (It was originally developed by the Navy.)

But ... more reasonable security people say, Tor is so big that it is unlikely that the FBI could establish more than 20% of the exit nodes as honeypots.  And probably it is far less than 20% ... even if they have created honeypot nodes ... which is something that no one has actually confirmed.

That said ... the question becomes ... do you use tormail and run the risk of the long odds of your email being scooped up into an FBI honeypot and it actually being read and acted on ... or ... do you use the power of LARGE NUMBERS by sticking with a basic gmail account ... where you "hide in plain sight" as it were by just being one in several million emails each day?   Because Tormail is specifically used by people trying to hide communications ... one can understand how LE might be doing their best to monitor as much of it as they can and might have established these honeypot nodes.  Whereas with a basic gmail account, they are literally fishing the entire ocean for a few shrimp and may need a warrant to actually monitor a specific email address.

After I posted this, I noticed someone else came into the thread and said that tormail is the best mail server to use in terms of privacy.  However, I am still concerned about this whole issue of exit nodes. I would love to hear from anyone more tech savvy than I ... or anyone who has more specific information about this issue.  At the moment, I am leaning toward using gmail and creating a new email IDs every so often.

Obviously, as someone already mentioned in the hushmail thread, the best practice would be to use an OpenPGP encrypted email server.  But it doesn't seem like the vendors are willing to go this route.  (Actually, the very best practice would be to create your own email server that gets routed through another country ... something I don't have anywhere near enough expertise to pull off.)

_________________________________________

Then, of course, there is the email content side of the issue.  And to that point I posted this:

Probably the bigger issue is the content of our emails.

That's something I have not figured out how to get around.  To receive an order you have to use a home or work address ... or like I do ... have it shipped to a UPS store.  But when you have it shipped to a UPS store, you need to have it sent to you by name so you can pick it up.

If there is a way to have an order shipped to you via store or other means WITHOUT needing to include your name ... that would pretty much solve all/most issues.  

If anyone has some tips or suggestions ... would love to hear them.  You can respond to me directly with a message if you don't want to post.

So ... if anyone is willing to share some of their safe practices ... or if anyone has any questions ... or if anyone has any information or past experiences with various email servers ... this thread is the place.

Again ... if people don't feel comfortable replying directly here in the thread, they can certainly direct message an answer or question.

 

[headbanger]

bb, I just switched over to tor mail myself and then read the same thing so now I don't know how secure we can get. Unless LE wants to make an example of someone I doubt they will spend all of the time and money to bust someone for one package. Maybe a 3 part process will be more secure  -  1 person’s emails, another pays and another is the receiver or a different receiver each time.

Hey man it's a risky business and we can do things to make the paper trail harder to follow but if LE wants to get you they will. But it's expensive to get search warrants build a case and prosecute people for a small amount. Try to take precautions and not order often or on the same day of the week/month each time, ya know an obvious pattern.

 

[SIZE=5pt]So far we have all been pretty lucky and I sure don't want to be the unlucky bastard who has his package delivered by a guy in a blue windbreaker but when that happens I imagine it will be because the person was a knucklehead and did a bunch of stupid stuff. That’s why it’s very important that we all leave feedback on anything we experience that seems suspicious to help warn others.[/SIZE]

 

[Guest]

Forget about all that fancy hushmail stuff. Go to hma.com. Yo get a free self destrutive e mail acct. You set the time when it self destructs so to speak. 1 hour 1 day 1 month. The best part is it is free.

 

[Jewbacca]

Great thread BB! I'm quite the fan of organization, and it's always a good thing to have a central location for the discussion of individual topics that generate frequent interest. As I'm sure you've found in conducting your own research, it's very easy for individual questions on topics like this to wind up buried in one-off posts in unrelated threads, which makes them tougher to find, or at the very least, cumbersome to find and review. Anyway, nice work, and it's always great to see members proactively looking for ways to get involved for the benefit of the entire community. Keep it up, and I'm sure that I'll have some comments to add on this subject soon.

 

[Guest]

My thoughts exactly J

 

[High Tide]

That's a great tip RH, thanks. I think gmail and maybe yahoo offer "disposable" accounts, but I doubt if they have specific times and such.

I believe most people agree the safest practice is to order small amounts and lower controlled stuff. I know the schedule is something people can't control, they need what they need regardless of where it is on the schedule. As HB points out, LE isn't going to waste a lot of time and resources trying to set up a case against someone ordering small, for their own consumption. Even better imo is ordering things you have an Rx for. Technically it isn't okay to import something regardless of whether you have a Rx, and people who do are usually "double dipping" anyway. I just don't think the people who matter are willing to try and prosecute a person who is importing small amounts of stuff they have an Rx for. At least that's what I tell myself when I place an order.  /default_rolleyes.gif

 

[Guest]

@HT Exactly..............

Lets be serious if you were placing thousand dollar orders from a SY vendor maybe but a few benzos here and there. and a few P Ks for your back just not enough LE manpower.

 

[halflife]

Forget about all that fancy hushmail stuff. Go to hma.com. Yo get a free self destrutive e mail acct. You set the time when it self destructs so to speak. 1 hour 1 day 1 month. The best part is it is free.

Sure it is hma.com & not hidemyass.com ?

1/2

 

[beta-boy]

Just thought I'd post this for all the folks who've been doing the encryption thing.

I don't think the NSA is looking for the likes of us.  And I doubt the LE that is looking for our sort of business has these resources.

Still ... important to know what is foolproof and what isn't.

______________________________________________

Report: US military cracked most online encryption


By JACK GILLUM
From Associated Press
 
September 05, 2013 4:59 PM EST
WASHINGTON (AP) — The National Security Agency, working with the British government, has secretly been unraveling encryption technology that billions of Internet users rely upon to keep their electronic messages and confidential data safe from prying eyes, according to published reports Thursday based on internal U.S. government documents.

The NSA has bypassed or altogether cracked much of the digital encryption used by businesses and everyday Web users, according to reports in The New York Times, Britain's Guardian newspaper and the nonprofit news website ProPublica. The reports describe how the NSA invested billions of dollars since 2000 to make nearly everyone's secrets available for government consumption.


In doing so, the NSA built powerful supercomputers to break encryption codes and partnered with unnamed technology companies to insert "back doors" into their software, the reports said. Such a practice would give the government access to users' digital information before it was encrypted and sent over the Internet.

"For the past decade, NSA has led an aggressive, multipronged effort to break widely used Internet encryption technologies," according to a 2010 briefing document about the NSA's accomplishments meant for its UK counterpart, Government Communications Headquarters, or GCHQ. Security experts told the news organizations such a code-breaking practice would ultimately undermine Internet security and leave everyday Web users vulnerable to hackers.

The revelations stem from documents leaked by former NSA contractor Edward Snowden, who sought asylum in Russia this summer. His leaks, first published by the Guardian, revealed a massive effort by the U.S. government to collect and analyze all sorts of digital data that Americans send at home and around the world.

Those revelations prompted a renewed debate in the United States about the proper balance between civil liberties and keeping the country safe from terrorists. President Barack Obama said he welcomed the debate and called it "healthy for our democracy" but meanwhile criticized the leaks; the Justice Department charged Snowden under the federal Espionage Act.

Thursday's reports described how some of the NSA's "most intensive efforts" focused on Secure Sockets Layer, a type of encryption widely used on the Web by online retailers and corporate networks to secure their Internet traffic. One document said GCHQ had been trying for years to exploit traffic from popular companies like Google, Yahoo, Microsoft and Facebook.

GCHQ, they said, developed "new access opportunities" into Google's computers by 2012 but said the newly released documents didn't elaborate on how extensive the project was or what kind of data it could access.

Even though the latest document disclosures suggest the NSA is able to compromise many encryption programs, Snowden himself touted using encryption software when he first surfaced with his media revelations in June.

During a Web chat organized by the Guardian on June 17, Snowden told one questioner that "encryption works." Snowden said that "properly implemented strong crypto systems" were reliable, but he then alluded to the NSA's capability to crack tough encryption systems. "Unfortunately, endpoint security is so terrifically weak that NSA can frequently find ways around it," Snowden said.

It was unclear if Snowden drew a distinction between everyday encryption used on the Internet — the kind described in Thursday's reports — versus more-secure encryption algorithms used to store data on hard drives and often requires more processing power to break or decode. Snowden used an encrypted email account from a now-closed private email company, Lavabit, when he sent out invitations to a mid-July meeting at Moscow's Sheremetyevo International Airport.

The operator of Lavabit LLC, Ladar Levison, suspended operations of the encrypted mail service in August, citing a pending "fight in the 4th (U.S.) Circuit Court of Appeals." Levison did not explain the pressures that forced him to shut the firm down but added that "a favorable decision would allow me to resurrect Lavabit as an American company."

[SIZE=12.666666984558105px]The government asked the news organizations not to publish their stories, saying foreign enemies would switch to new forms of communication and make it harder for the NSA to break. The organizations removed some specific details but still published the story, they said, because of the "value of a public debate regarding government actions that weaken the most powerful tools for protecting the privacy of Americans and others."[/SIZE]

[SIZE=12.666666984558105px]Such tensions between government officials and journalists, while not new, have become more apparent since Snowden's leaks. Last month, Guardian editor Alan Rusbridger said that British government officials came by his newspaper's London offices to destroy hard drives containing leaked information. "You've had your debate," one UK official told him. "There's no need to write any more."[/SIZE]

 

[Interim]

Communication with the vendors is important, IMO what is even more improtant is the payment and shipment parts of the process. I doubt someone acquiring 30-60 tabs per order or less and .5 pounds is going to draw a large amount of attention UNLESS it is too frequent. UPS is not officiall signed up with the U.S Government and this organization :

http://www.nabp.net/news/ups-first-package-delivery-company-to-join-csip-in-fight-against-rogue-internet-drug-outlets

in an effort to bring down the amount of illegal internet pharmacy operations.

How would UPS contribute to the reduction of illegal internet pharmacy operations. What resources do they have to bring to the table. My guess would be information. Information on who is shipping from where and to who they are shipping.

Frequency and behavior patterns are possible clues that UPS can produce to assist in thwarting the illegal internet pharmacy operations globally. UPS once supplied with information as to where these shipments originate and to where and how often might give clues to L.E. as to assist in identifying the shippers. It is not too unreasonable to presume that most shipments  are originating from a couple dozen locations. Once those are monitored, information can be compiled regarding to where these shipents are going and how often. Weight is also going to be a factor in determining who L.E. will want to scrutinize first. Frequency and weight. I am not expert by no means, but it not that complicated , they are not trying to figure out how to splice DNA here folks. In a relatively short period of time that data can be analized and priority targets will be produced.  

That information in combination with communications with the vendors and data on financial transactions will come together and after a time of building a case, it is quite possible a task force will begin to " execute ". The individuals doing large transactions will of course be of most interest. They secondary and lastly individuals obtaining for personal use.

We probably have a long time to go before they get down to the thousands of individuals that utilize the SY vendors for personal use.

Some things that might expedite the process are individuals getting " sloppy" . This covers a lot of ground. Using ones real name. sending Mg or WU multiple times per week. Behavior like calling UPS/FedEx everytime a pkg is delayed or experiences an exception. I have done it many times my self in the past. NOT anymore. I am very careful to go back to the basics and I never send more than I can lose and if something goes haywire. The very last thing I do is get on the phone with a carrier. Chasing down a truck is probably one of the worst things one can do. That driver can look you in the face andd act as nice as can be, BUT you can believe they would receive major kudo's to be part of busting someone involved in illegal drug related activities and they WILL in the future begin to share these types of behaviors with Mgmt.

Getting a safe email is a VERY GOOD IDEA. There are a number of far more simple practices one can do to lower the risk of being singled out by a carrier or financial instution.

Be smart people, keep your private information private. Hold your ordering to a mimimum. Alternate between MG and WU, ask the vendor to mix it up and have your orders send UPS and FedEx. Go to a different place to send money.

The best way to stay under the radar is to not develop patterns. I recommend even using multiple vendors that ship from different origins. I know it is hard to do these things, but it is paramount.

We are very low on the food chain here, but we are part of it. Keep these things in mind and do not let your guard down. One too many mistakes could spell a huge hassle.

 

[Dkaramazov]

That's great advice interlude, I hope that everyone reads this. I would have to agree with everything you mentioned. Great post.

 

[Dkaramazov]

Actually ups is literally "signed" up with the with the feds since march,  The settlement docs are not hard to find--but don't have length handy, but you search doj website for it if i remeber correctly. Even the above reasonable precautions can't save you from some vendors.  Its all whether they decide they want you.  IMO

You're right in that anything you do is not 100% secure, but it's better to take some precautions to make it less of an issue. Yeah, I just read something recently, where UPS and FedEx were being sued by the government for failure to stop the delivery of prescription meds. I think the article was from several years ago though. I'll have to look it up.

 

[Jewbacca]

Actually ups is literally "signed" up with the with the feds since march,  The settlement docs are not hard to find--but don't have length handy, but you search doj website for it if i remeber correctly. Even the above reasonable precautions can't save you from some vendors.  Its all whether they decide they want you.  IMO

The same can be said of any gray area or not-so-legal activity. In our city, old fashioned "pea shake" gambling houses are wide spread, and have been for decades, most in a specific part of the city. Does LE know where they are? Sure. Do they raid them? Sometimes, generally when they become a noticeable nuisance. Those that tend to their business and "fly under the radar" generally go unchecked. Interlude seems to be making largely the same point. Take reasonable precautions, don't fall into routines and habits and don't go overboard in your activities. Does this guarantee you that there will never be any problems? Of course not. Just as there are no absolutes in life, other than the big dirt nap that we'll all eventually have to take. Life is full of risk mitigation exercises, and this is yet another one. As with anything involving risk, if the stakes are too high, and too daunting, then one should get out. If not, then you pay your money and you take your chances, and play it as intelligently as possible.

As for UPS being "signed up" to assist the Federal government, that may be how the DOJ wants you to view it, but as well documented as the cases involving UPS and Fedex are, what's even more well documented is the fact that Washington turns a blind eye to the largest of the cartels because the US lacks the ability to control gang violence along it's border with Mexico. Only one of the cartels has the strength to maintain order, and it's been widely written that cooperation exists between this organization and Washington. It's also a poorly kept secret that the SY network is largely controlled by one cartel, with the tertiary participation of a few others. Care to take a guess as to which organization that would be? In any event, none of this should make anyone feel any safer in their online activities, as at the end of the day, we're talking about very violent organizations here, and political policy can, and often does, turn on a dime. My point though is that the SY network  as Interlude states, fulfills orders from no more than a dozen physical locations, which is a generous number to say the least, with a significant percentage of orders being fulfilled from a few store front locations that are far from a secret in terms of location. The well documented truth is, if the US government wanted to shut down the SY operation, they would. For a number of national security and financial reasons, they have chosen not to, and in my opinion, are not likely too, at least where personal use customers are concerned. Will there still be the photo op moments where tens of millions in cash and product are paraded before the media in an attempt to continue justifying the "War on Drugs"? Of course, but these high impact, large scale interdiction efforts will be where the focus is, not on packages of 20 pills being shipped to the suburbs. The bottom line is, you're right. If they want you, they'll get you, but in my amateur yet fairly well read opinion, "they" aren't likely to come knocking with regularity any time soon. Those that make their activities obvious, and those that do so in a smug, less than discrete manner are the ones who should be concerned, along with larger scale Schedule 1 traffickers. Where the typical DBG member is concerned, however, keeping current in one's research, participating in the community in an effort to do so and employing some intelligent best practices such as those outlined by Interlude will go a long way towards insuring one's legal safety. And again, if the risk isn't something that one can stomach, then they simply shouldn't take the risk. Pure and simple.

 

[Dkaramazov]

Well put Jewy! Hope all is well with you and I wish you the best.

 

[Interim]

Actually ups is literally "signed" up with the with the feds since march,  The settlement docs are not hard to find--but don't have length handy, but you search doj website for it if i remeber correctly. Even the above reasonable precautions can't save you from some vendors.  Its all whether they decide they want you.  IMO

 I am sorry that was a simple typo. I meant to say are "NOW" signed up. Yes you are correct that they have agreed to be more involded a while back, while FedEx has basically told them they are NOT going to step up opening their customers pkgs. That MIGHT change. But I think the culture of corporate FedEx is more liberal that that at UPS and very well may dig their heels in about opening suspect pkgs just because they meet some criteria laid out by the DEA and whatever task forces , organization etc.

 

[High Tide]

I forget which thread the topic was discussed, but I had seen a news clip about how the USPS takes down the information of all the mail it processes. Someone else found and posted the news video clip. I'm not sure how much it helps to use a different name when sending money via WU or MG. I'm sure it doesn't hurt, but personally try to avoid using those services or vendors that require them. 

I'm fortunate that everything I order I have a valid R~X for. I know the rules regarding importing things say that it isn't legal, but many people order from Canadian pharms and don't have an issue for the most part. As has been said many times before, and again in recent posts, probably the biggest factor to stay out of trouble is what you order and how much. It may not help prevent an occasional LL, but it probably goes a long way to preventing anything further. 

As far as the posts on this site, I try to use easy to understand yet slightly "encrypted" words when talking about different products regardless of their place on the schedule. From what I gather it helps prevent "bots" from picking up chatter regarding these topics. I'm sure LE is aware of this and most other forums and monitor it to some extent. That is why it's paramount not to discuss packaging methods as well as not even discussing highly controlled stuff that people may be ordering. When talking about things like help with WD, pain management, and other thing LE isn't concerned with it still worries me to use names openly just to prevent everyone using a search engine from finding the site. On one hand we want to help those who need it when talking about treatment, but then again we don't want everyone searching for sources to find this place and begin talking without ever reading the rules. The Mods/Admin have enough trouble weeding out those people as it is. 

There is a lot of good suggestions regarding safe practices but the old "order low schedule and low amounts" is about the best place to begin. Unfortunately for some people that means ordering small amounts requires making a lot of orders. Don't get complacent and think because you got away with 2-3 packages last week means you can always do it. That's my take on things, fwiw.

 

[Jewbacca]

Jewey, court documents signed and approved before a federal judge and filed in the federal court don't lie--well sometimes they do, but thats beside the the point, plus they don't when dealing with the doj-- as a senior mod, and with all do respect, do some research before advising readers who you know are considering comitting what is a common, but nevertheless serious as hell federal felony. like I said, with all due respect--I'm not looking for a pissing match, nor do I enjoy posting, but I feel compelled it seems people could be being misled, though unintentionally.

Consider the possiblility that the sea has changed with regard to some vendors. hopefully I'm wrong, but facts should be considered.

With all due respect, don't tell me how to conduct research, and if you're going to imply that I'm complicit in aiding and abetting members committing felonies, then let's first compare law degrees. You're entitled to your opinion, but I'm also entitled to defend mine. You think you can do a better job? Then submit your qualifications to Admin and ask for the job. Good day.....

 

[Jewbacca]

Didn't mean to imply aiding and abetting, (but others might wish to see it see it that way) but I'm not going to get emotionally involved in this.  I just wanted to state the facts not political theories.  Definitely don't want your job!  Nor would I even share  creditials for the same reason I don't like to post.   But I think people on this board are competent enough to know to rely on the facts and in fact can do there own research.  I was correcting a few incorrect statments thats all.

You say precaution, I say maybe such precautions are no longer even useful, but if your going to play with fire, of course take every precaution, and its a good point that people have become to desensitized to the risks as matter of habit, but when the nations largest shipping vendor has been being squeezed by their balls by the feds since march, buyers would start to feel those effects right about now.

Then perhaps maybe you shouldn't post, because if "others" wish to see my moderating activities and comments as aiding and abetting felonious activity, then you're just as guilty as I am by participating in this conversation. Oh wait, I'm sorry, you're "out of the game", or so I recall from your post in the HPRX thread. I guess that makes you a humanitarian by saving the 5000+ members of DBG from my ineptitude. And if you're naive enough to believe that something is "fact" just because it's presented in Federal court by a government prosecutor, or by virtue of the fact that it's posted on a government website, then so be it. All I know to be "fact" is that I've volunteered countless hundreds of hours to the members of this site, and that you seem bent on discrediting and making a mockery of me in both this and the HPRX thread. If you have some problem with me, take it up with me via PM, or there will be a pissing contest, irrespective of your disclaimers about not being emotionally involved.

Additionally, I would invite you to cut the not-so-veiled threat crap as well. If you're trying to intimidate me by insinuating that "others", i.e. Federal enforcement agencies, will attempt to charge me with aiding and abetting various felonies by virtue of my volunteer moderating activities here on DBG, it's not going to work. Aside from the JD hanging on my wall, I have far more intelligent and well versed counsel on retainer and am reasonably well informed on matters of constitutional law, so I'm comfortable with my chances. And if, by chance, you happen to be among those mysterious "others", there's no need to play games on open forum. You want an address for service of process? Just send me a PM. I stand by my "theories", as well as DBG's constitutional right to exist and it's members right to speak freely.

 

[Jewbacca]

I'm done dignifying troll trash like you with a response. Enjoy spreading your vitriol and hatefulness on Topix. Buh-bye!