I feel like this is a hack that is rarely talked about. And it's the most reliable method I've found for getting an email account that I can use for signing up to other websites.
Imagine you want to create a completely anonymous account on some website. Most websites require an email account to sign up. if you're lucky you can use one of those a temporary email services, but many websites block those nowadays. They only accept trusted email providers like Gmail, Protonmail, etc. And trying to make an anonymous account on those providers is difficult. Even Protonmail, surprisingly. If you try to sign up for Protonmail using a VPN or Tor, they will ask for a phone number or a second email account. So now you have to get a phone number anonymously (very difficult), or get another email account anonymously, back to square one.
Darknet markets solve this problem. Pay a bit of Monero, and you get an account. Completely anonymous. Now I won't pretend it's easy. Even just signing up for a darknet market often requires learning how to PGP encrypt/decrypt messages. But it only takes an 30 min or so to figure it out and sign up, and it opens up a new world of tools to use for privacy. There are many other types of accounts that you can buy aside from Protonmail, and many other products in general that you can buy.
I don't get why Protonmail doesn't just accept anonymous crypto as an option during signup, but until they do this is honestly the most reliable option I've found. I really wish more websites just accepted crypto for account creation. It's understandable that in order to prevent spam accounts, account creation has to cost something, and crypto allows it to cost something without costing your privacy.
Anyways, here's a quick guide to get started. I'll avoid direct links since I don't know if those are allowed.
- install Tor Browser Bundle, and use it for the following steps
- search for websites like Daunt, Dread forums, and Tor Taxi. Darknet markets change all the time so use those websites to figure out which ones are currently active. Cross-check links across multiple websites to make sure they are trustworthy, since often scam websites will try to pose as legitimate ones
- look for markets that let you search for the product you're interested in before signing up, to save you time
- some markets require you to load funds into the market and then pay using those funds. Avoid loading more than you need, since some markets have "rugpulled" before (aka taken everybody's funds and disappeared. This is the risk of an anonymous market).
Edit: also if for some reason a seller doesn't accept Monero, you can use a crypto swap. Basically you send the swap service some Monero, tell them what crypto to convert it to (like Bitcoin or Ethereum), and where to send it to. Many can be used anonymously, without signup
that's assuming they don't scan the contents of mail, in which case physical surveillance would include content too.
Physical surveillance of mail is incredibly expensive, slow and subject to a bunch of regulations.
It also doesn’t consistently work.
Electronic surveillance of communications is incredibly cheap in comparison, near instantaneous and an evolving new technology that’s loosely regulated if at all.
It also creates a 1:1 copy of the transmission for interpretation at a later date.
Regulation means nothing, if the feds want to track people there's endless strings they can pull. Plenty of evidence online of feds intercepting packages and bugging devices. They can even use illegal means and then use parallel construction.
On the other hand, just because the feds collect a bunch of dsta to be decrypted later, doesn't mean they actually will. Encryption is very rarely cracked, it's far more difficult than tracking people down via camera footage. Not to mention, statute of limitations means that even if they crack it 20 years later, the data might be useless by then.
Fact is, I can send some monero to somebody today and know it won't be cracked within the year. But if I put on a mask and gloves and try to send a letter in the dead of the night, I know there's still a chance that I'm caught.
There's a reason why hackers today choose to use crypto and mixers rather than cash. Same reason why the US criminalized tornado wallet. Turns out, Monero and mixers are incredibly effective.
Physical surveillance is barely even circumstantial evidence of the crimes we’re talking about, Hndl troves are incontrovertible. People get caught using monero to do crimes all the time.
Of course if you dress up like the hamburgler you’re gonna stick out. Just look normal.
I did not intend to fight you about this, the point of my reply was to provide some context about the often overlooked physical side of things.
We very often overlook the physical because we think it’s too unknown and that we understand the digital much better but in many years I’ve never met a person who thought that way and could explain in detail how the web works or why certificates are scrubbed.
Keep your nose clean out there, you never know whose gonna be looking in 20 years…
I think this comment is a good example of why people don't like physical methods. It just seems so hand-wavy, like homeopathic medicine. How do you judge how well it will work in a given situation? Physical privacy is just dependent on too many unknowns. And privacy techniques for the user have not improved in the past 100 years, meanwhile surveillance and location tracking algorithms for the authorities have progressed.
Digital privacy continues to improve every year. Andbody can use Tor and Monero, and benefit from the research and development behind them. Anybody can audit the tech, and build on top of it. Right now darknet markets are clunky to use, but they definitely feel better than they did 5 years ago, and they'll keep getting better.
Anyways thanks for engaging in this discussing with me, it definitely helped me explore these ideas deeper.
depending on your juridiction, the statute of limitations should save you after 20 years :)
They might see that I ate a sandwich and mailed a letter vs my transactions are in a public ledger and can be tied to me at any time in the future when that ledgers cryptography gets broken or my information or the other party’s information gets corroborated.
Quantum is fake. Everybody knows it but no one talks about it.
Parallel computing is not fake though, and the technology to do it is being deployed at scale never seen before in our lives. Hash cracking software is already designed to take advantage of video cards, and the same mathematics were put into service and honed on those video cards years before during the crypto boom(s).
So now you have to contend with the future of ai: if the bubble pops then there’s piles of parallel computing hardware out there that are suddenly upside down on their leases and have to be pressed into service doing something, anything. If the bubble doesn’t pop then consistent improvements in efficiency of new stuff cause old hardware to become available to the part of the market that can afford a little more per millisecond of torch time: crypto and crackers.
This is already happening.
The space you need to be able to solve for to transact physically is limited and finite, the same space for digital is unlimited and infinite.
What do you mean the space for digital is unlimited and infinite? There's finite resources on the planet. 2048-bit RSA is not getting brute-forced in our lifetime (without quantum). And if you are talking about password strength, all of what you mentioned should be factored in. Take the combined compute of all GPUs of the world, factor in Moore's law with a 50 year horizon, and figure out how strong your password should be. I know some people use 128 bits of entropy but I think 100 bits is plenty. Use a word-based passphrase for easy memorization. Or just use a hardware key.
Now I'd love to know how to calculate what level of security is enough for physical methods. Anything rigorous?
Of course Im not suggesting that d-h is comparable to some mathematical expression of laundering your money during lunch and sending a letter. You can’t compare the two using mathematics because elliptic curve works in a really narrow set of domains. Now my friends in actuarial work might have something to say about that but I was trying to use types of equations as a way to help explain how the physical and digital are different. what I mean is that any new discovery or development could undo the security of digital transactions, specifically blockchains which exist as public ledgers in perpetuity. When solving the calculus of what degree of concern and care a person needs to exercise you gotta look to any possible future.
Physical transactions are done when theyre done. You either succeed or you don’t, no one can dig back into the perfect public copy of everything you did and reveal it was you (or even in the case of some blockchains what was done!). Perhaps they find out they have a surveillance video of you going to the restaurant and getting lunch then mailing a letter and try to use it as evidence that you conducted a cash transaction using a nonce. It’s meaningless.
You don’t need to worry about it in any way you wouldn’t have to worry about conducting the transaction digitally. The solution space of a physical transaction is finite, which of course could be partially or completely encompassed by the infinite solution.
That last part is to say that for both a physical or digital transaction you gotta worry that the other party (or yourself) screwed it up somehow or betrayed their counterpart but because it’s common to both methods it’s not worth discussing.
Again the point of all this math talk isn’t to suggest that we ought to be talking in proofs or something silly like that. Some people really “get” math though and using it as a metaphor can help get the point across.
Better the devil you know than one you don't. Physical methods involve too many unknowns, and chances are the people using them are overconfident, victims of dunning-kruger effect. The weaknesses of cryptography can be publicly studied. The blind spots in the surveillance network of your neighborhood are a big unknown. I've made enough security mistakes in the past to know that the biggest risk is the user, and the more you can offload to professional tools like Tor and Monero, the better.
It's not that simple. They have a rough idea of your location past on the post office box. They use surveillance footage to narrow down the list of suspects. They know that the suspect cares enough about privacy to mail cash to an email service. That's at most 1/1000 individuals. So in a city of a million residents, that's about 1000 people. Combined with surveillance footage, traffic cameras, and phone tracking to determine the movements of all citizens, as well as cameras around the post office box to get the height and build of the suspect, they can probably narrow it down to 5-10 people. Then they monitor those 5-10 people individually. Even using illegal methods like breaking in and installing mics, cameras, bugged hardware. Once they confirm who the suspect is, and find evidence, they use parallel construction to come up with some legal rational for how they found the evidence, hiding their illegal methods.
Imo targeted surveillance is game over. The enemy has magnitudes more resources on you, and you'll never even know that it's happening. The best you can do is avoid it in the first place. Hide amongst a million others, using Tor or Monero.
I agree about the devil you know vs the infinite possible future ones you don’t.
I think you’re making way too many assumptions about physical surveillance (“they know you care about privacy” as opposed to the actual thing they know, which is simply that you mailed a letter, being able to narrow your suspect list down based on the fact that they care about privacy, etc) but even if I were to take every single one of them at face value then the authorities have less information than is public on a bitcoin transaction (I know you’re a fan of monero, I’m using the amount of information in a bitcoin transaction here to make my point clear in the language of crypto). And they had to be looking when you did it.
I’m of the opposite opinion: digital surveillance is game over. The opponent still has orders of magnitude more resources than you, but they also have access to your entire communications chain via well documented backdoors, can apply millions of exploits on each piece of software or hardware involved in that chain, can literally directly translate those resources to faster and higher quality exploits and with hndl they don’t even have to be there when it happens. I think the best thing you can do is avoid the digital as much as possible.
I always used to laugh at my professors, friends and coworkers who were “revolver next to the fax machine in case it gets any funny ideas” types but a few decades around computer security done made me into a stereotype.
I should have been more specific. They are looking for somebody that mailed cash to an email service for account X. They know the mail came from postbox Y. They use surveillance footage and other factors to find the 10 people that used postbox Y that day. etc.
And yes the Monero blockchain is public, just like Tor traffic, but it's all encrypted.
Except with Tor and Monero, it's not them vs you, its them vs everybody using Tor and Monero. That's way harder. My point was that targeted surveillance is game over. Trying to break Monero is not a targeted attack. And the number of exploits on Tor and Monero are much more known than the number of exploits known for physical methods. You can look them up. Again, the fact that all this information is public is a good thing. It means security can improve over time. Hackers get better too, but if we look at history, in general computer security gets the upper hand over time. For example look at how hard it is to jailbreak an iPhone nowadays.
Physical methods is where there actually might be a million exploits. Nobody knows how secure they are, and anybody who claims to know is probably overconfident, with very little rigorous evidence.