> Sure, he re-used a few login names but I don't know how many people could've successfully gone without doing that over a 2.5 year period.
That is the difference between a professional and an amateur. An amateur tries hard to get things done, but doesn't really pay attention to methods or details. A professional knows that methods and details matter more than knowledge... and uses best practices to get things done.
If you're running the worlds largest illegal market place, the primary goal should be security and privacy. He re-used login names by accident, or maybe even just laziness.
A simple way of avoiding the above issue is to have a "personal" computer with personal accounts and activity, and a "work" computer, with work accounts and activity. Never use the work computer at home, and never use the home computer in the same place you use the work one. There's no way to confuse identities or traffic patterns.
I think Silk Road is proof of just how good Tor is. It can protect you from governments who are trying to find you. It can even protect someone who knows nothing about programming or security.
He definitely thought he was untouchable, a clear sign of an amateur. Even after all the press touting the fact he was running a huge illegal drug market under the FBI's noses, he continued to carry on like he wasn't going to get caught. Even the most low level criminals have a healthy sense of paranoia. Even close calls will make them completely change how they do things.
Even if he took the modest steps you proposed, he could have wiped and then physically destroyed the HD, tossed into a trash bin and flee the country for a few years until things quieted down. I mean, he had plenty of money, in the most secure, untraceable form so it would've been cake to hideout for a few years or forever if need be.
The other problem is learning as you go. It seems like some of his mistakes were in the very early days of the site, and they were uncorrectable due to Google caches and such.
"A simple way of avoiding the above issue is to have a "personal" computer with personal accounts and activity, and a "work" computer, with work accounts and activity. Never use the work computer at home, and never use the home computer in the same place you use the work one. There's no way to confuse identities or traffic patterns."
The problem with this approach is that you need to never use the wrong computer for the wrong thing. You can help yourself somewhat by setting up different window colors / desktop backgrounds / etc, but what happens when you go visit your great aunt for thanksgiving and forget to pack both laptops? What happens when your work laptop breaks, and you desperately need to update the site to deal with some issue?
A more reliable approach would be to have one computer with two accounts (or if you like technically sophisticated approaches, use a mandatory ACL system), one for work one for personal things. Set up each account with noticeably different colors / themes, so that you are less likely to accidentally use the wrong account for the wrong thing. If you forget/damage your laptop, you have less of a temptation to use the wrong computer.
I am sure that Truecrypt fans will point out that hidden volumes work equally well, though the extra effort required is something of a stumbling block in my opinion (and I am not a big fan of hidden volumes to begin with).
That is the difference between a professional and an amateur. An amateur tries hard to get things done, but doesn't really pay attention to methods or details. A professional knows that methods and details matter more than knowledge... and uses best practices to get things done.
If you're running the worlds largest illegal market place, the primary goal should be security and privacy. He re-used login names by accident, or maybe even just laziness.
A simple way of avoiding the above issue is to have a "personal" computer with personal accounts and activity, and a "work" computer, with work accounts and activity. Never use the work computer at home, and never use the home computer in the same place you use the work one. There's no way to confuse identities or traffic patterns.
I think Silk Road is proof of just how good Tor is. It can protect you from governments who are trying to find you. It can even protect someone who knows nothing about programming or security.