Eleven Things to know if you source online

1. Don't spend more money than you can afford to lose. Even if the vendor is established with a perfect long term track record, you are gambling with your money. If losing your money would be unbearable, don't spend it.

2. Encrypt your entire hard drive and leave your computer off when you are not using it. If your hard drive is encrypted evidence collection will be essentially impossible if you do everything correctly. Don't worry about quantum computers or any of that pseudo-nonsense, strong encryption WILL keep you safe if you use it correctly.

3. Encrypt your communications between you and the people you work with, especially for stuff that is not gray area. If a vendor doesn't already use GPG encryption, try and convince them to. If they don't want to, seriously consider if you want to work with a person that doesn't care if your shipping address is in the open, plus doesn't care f they have loads of evidence against themselves in the open. Gray area is an exception sometimes, many of those vendors just don't feel a need to encrypt.

4. Use some sort of anonymity network when you connect to the internet for business. You can trivially be traced back by your IP address. If a source forum or a vendors website blocks anonymity networks (mainly tor as it is the most popular) you should be suspicious as hell of them. There is absolutely no legitimate reason for you to not use an anonymity network. It will go slow, but it wont go as slow as the years in prison will go if you get busted for not using it.

5. The internet is your second life. You second life should not cross over to your primary life or vice versa. Don't tell your real life friends where you get your shit from, its none of their business and draws attention to you and the scene and it could easily come back to fuck you over. Like wise don't tell people you deal with online anything about you that they don't need to know. Very rare exceptions to this can be made but remember, you can't easily spot a cop they are trained to blend in. Each person in this world who knows about both of your lives is a risk to you. Pick your risks wisely.

6. Don't have illegal shit sent to your house or anywhere connected to you. Fake IDs are more precious than diamonds, if you have the opportunity to get one DO IT. They are rare and priceless and increase your security and reduce the hassles you need to take by an order of magnitude. Let shit sit in PO boxes registered with fake IDs for weeks to months before picking it up. At the very least several days should pass. Be constantly weary when going to pick up your package, and disguise yourself well. A fingerprint is the worst thing to leave.

6b. Don't commit mail fraud and posses fake identification if the extent of your sourcing is 250 mg of a not specifically scheduled exotic analog drug sourced from your country of residence sporadically.

7. If you are planning on vending don't use your own internet connection or your home computer. It is trivial to crack WEP wireless and usually even easier to find a non secured network. You can get discrete wifi antennas that can get signals from a mile away. It is even better to drive to a different neighbor hood to get online if you vend, don't shit where you eat.

8. This is for adults. If you act immature no one is going to respect you. Treat shit like a business or you will go no where. You word is all you have in this world and if you break it once you will never repair the damage. You can throw away five years worth of reputation building by doing one stupid thing.

9. Don't use your real identity for money. E-currency is a pain in the ass to use, but its not as bad a pain in the ass as bubbas dick if you catch my drift. E-currency makes payment safer for everyone, especially when combined with Tor and a fake ID to cash out from WU via e-currency.

10. You are being watched. You are a target. You are a fool if you think you are small time and no one will come after you. Some fish might be bigger, but when a pig is starving it will eat a tadpole if it has nothing else.

11. If you can't take the heat stay the fuck out of the kitchen. Think right now of what you would do if faced with life behind bars. Would you take it like a man and go down with out saying a word or would you open your mouth for a reduced sentence. If you had to think before you answered that you shouldn't be doing this.

 

Great post!

 

Damn, whatever youre ordering I don't want to have anything to do with it!

By the way, protip: failure to give authorities encryption keys is a federal offense (in the USA) and in many cases can land you more jail time than ordering semi-legal materials online.

 

We have a fourth amendment.

That is seizing intellectual property without consent. unless they have you on some other charge, you dont have to give them shit.

 

If they have a search warrant, which they probably would, it probably isn't an unreasonable search.

 

hense why i said if they have you on something else.

like, they cant just show up and be like, "i suspect you of tomfoolery! hand me your encryption code!"

 

No, but if it is at the point where they're analyzing the contents of your hard disk I don't think the scenario is "random stop on the street" anymore. They don't have to have you charged with anything. Let's say you have incriminating evidence on your hard disk, encrypted. They suspect you of something. They serve you with a search warrant and take your hard disk. They see it is encrypted. They ask you for the key -- if you do not provide it to them you're screwed, if you do provide it to them you're screwed.

The best practice is to delete evrything, there are methods of ensuring that it can not be recovered after being deleted.

 

Wait this will happen all just from ordering RC's online? Even if your not in the states?

 

It's unlikely. But then again you never know

 

legally, its possible.
practically, NO.

only way that they will care is if your in possession of an unreasonably large amount, and are/will likely be trafficing it.

 

But do you guys mean only if the people running the site are FED's? Or with all, even 100% legit sites you need to take the precaution?

 

In USA it is quite ambiguous as to if they can force you to reveal a pass phrase or not. A USB key or a token used for decryption they can force you to hand over, but a pass phrase it hasn't been to the supreme court yet. There was a pedophile (nasty fucks!) that got busted in USA with an encrypted laptop and his case has been in the court system for years now I think with no final decision reached , some courts have ordered him to turn his password over and appeals have said he can't be forced to. It is certainly NOT a federal offense to refuse to turn over your password. At most he will be held in contempt of court and do a few years in jail (not that I support the dude). Same is true for drugs.

It might help to include something incriminating in your password, like hereismypassword-idolotsofdrugsandamtotallyguiltyofthiscrime. Then you could argue even better that to reveal your password would be self incrimination. Plus you can just say you forgot your password lol.

In the UK it is illegal to refuse to reveal a password. Truecrypt lets you encrypt an OS with two passwords, one that leads to a clean OS and one that leads to your business OS. It should be very difficult for them to prove you have two operating systems, so you can just give up your decoy password and pretend to cooperate. You could do this in USA as well, but its mainly designed for people in places like UK where you actually need to give up a password if ordered to do so.

 

IMO people should always be taking these precautions even if they trust who they are working with. Everyone trusts the person that snitches on them, or the snitch wouldn't be in a position to snitch.

Really if people follow a strong security plan the chances of them being busted are next to none regardless of what they are doing.

 

If you don't reveal your password they are screwed unless they can crack it, which is unlikely bordering on impossible if you used a good password and encryption algorithm. At least in the USA, in the UK if you don't turn it over you are screwed which is why you should encrypt with a plausible deniability algorithm (Decrypts to two different things, one clean one bad, depending on the password entered. That way you can reveal a password and not reveal your real password. Truecrypt can do this with windows).

Grey area research chemicals you are not at much risk, illegal research chemicals it is quite likely they will seize your computer and analyze it if you are busted. I know a small handful of people who have been raided over getting various substances in the mail (one over personal amounts of a schedule III and a few hits of acid, but he still got woken up with his house surrounded by feds with guns drawn even....talk about over kill) , and they always take their computers to a lab for forensic analysis to gather evidence and try and target others you may have dealt with.

Just keep in mind that IF (and it is a big if) charged under the analog act, most research chemicals will be considered schedule ones. And the penalty for receiving a schedule one in the mail in USA is up to twenty years in prison for the first offense, for ANY amount. Sending WU with bullshit information is wire fraud. Bouncing E-currency around fake accounts is money laundering, PO boxes with fake ID is mail fraud, being on a source forum is possible conspiracy. I am not trying to scare people or anything just making sure people realize that there are real risks associated with this, even if you think you are small time and in a gray area. Better be scared off then get an unpleasant surprise right? Or better to be scared off than take a fall and roll on others. Not taking security precautions is like playing russian roulette with a gun with 500 chambers and one bullet. You probably wont get fucked, but if you do it is game over. And it is so easy to be secure that everyone should do it really =).

 

Is this likely to happen in canada or only the states and uk?

 

A friend of mine just placed an order for some RCs for the first time.

He went to a source that was recommended in another forum that seemed legit - just an email address, and positive feedback that he verified other places.

Now - he is freaking out - especially after reading this thread. He was naive and didn't take any of these precautions. Used real address, name etc.

I guess there isn't much he can do at this point except encrypt his hard drive and hope for the best.

From talking to other people in the other forum he got the sense that this kind of ordering wasn't that big a deal. I hope he wasn't wrong.

He ordered a total of 5gs of grey-area 2Cs. Shipping from China>>USA

Do you think he'll have a problem or chances are that the package will simply arrive and he can be a LOT more careful in the future?

 

I think the dude is going to relocate. one month left on the dudes lease. Do some hard drive wipes/sell his laptops and other possessions(like the rug) then start over in another town. Probably be a good Idea if the dude was a lil sloppy at first, right?

BS made some good points that gave the dude a lil bit of the noid.

 

Everyone just needs to be a LOT more carful. (magical...)

 

Well, I don't think I'll advise my friend to relocate just yet.

A healthy dose of paranoia may not be a bad thing - it will help him be more careful in the future - if he even decides to place any other orders again!

I'm sure he's not the first person to use his real name and address. And I'm sure other people had first time jitters too!

 

I definitely see your point, and yeah I now see what you and the other people meant about being more quiet, and why not to post a thread about it. But I dont see the harm in PM'ing people with a good post count some vendors, its just being friendly and nothing bad comes out of that