Silk Road forums

Discussion => Security => Topic started by: fartsinthewind on May 30, 2013, 06:57 am

Title: Vendors messing up, asking for address again
Post by: fartsinthewind on May 30, 2013, 06:57 am
I've had three similar scenarios in the past week, where i've ordered from established vendors (over a year, 95+ % ratings, but I have only done business with them one before, so two are new to me, i always do the legwork to ensure their legitimacy as much I can) message me after the order was placed (in two cases after the order was marked 'in transit') via PM asking me for my address again.  All three times I have politely responded with, sorry for the mishap, please cancel the order (and they all have).

Wondering if anybody else is coming across this. I'm getting ready to hit two years on SR, but this is the first time since I've used PGP that "established" vendors are asking me for my address again via PM. Just wondering if their account could/would have been compromised/hacked into. The public key for the one I have done business with in the past did not change, so thats good.

Thoughts?
Title: Re: Vendors messing up, asking for address again
Post by: DoctorFate on May 30, 2013, 07:24 am
Hacked into, phished or not, sending your pgp encrypted address again wouldn't be much different then when you ordered.

When a vendor marks an order in transit they can no longer see your address so if they accidentally marked your order in transit then they would need to get it again or I guess cancel your order.

I understand the fear but if their account or computer was compromised, the attacker or LE or whoever would need to know their pgp pass to decrypt anything you sent them with pgp encryption.  It just seems like alot of work to get to you, are you into any international espionage?   Borus?! Is that you??
Title: Re: Vendors messing up, asking for address again
Post by: StExo on May 30, 2013, 10:07 am
I have more than 7 buyer accounts so if one asks for my address again, I cancel the order with them on that and make the order again from another account. As soon as somebody asks for my address again when it has the same SilkRoad username as this forum account (as I've now made myself a very high priority for LE right after DPR unfortunately given my skills and recent project). Paranoia - probably. But I'd rather have that than too lax.

What security improvements does it offer? None that would make sense to me, but if somebody/LE somehow got hold of the info I was ordering from x vendor who dispatched the order already, then I don't know, the vendor may be co-operating with LE to hunt me down or for a bribe from another member and as I've ordered from them they are in a better position to ask without arousing suspicion.

Yeah, paranoia alright.
Title: Re: Vendors messing up, asking for address again
Post by: Notrealperson6708 on May 30, 2013, 12:31 pm
I have had 2 vendors mess up orders (one was 10g short, the other got sent to Brooklyn, NY which is very far from me) and ask me for my address again.  I just re-encrypted it and sent it to them.  Everything turned out fine.
Title: Re: Vendors messing up, asking for address again
Post by: dirtybiscuitzz718 on May 30, 2013, 12:35 pm
Better they ask for the addy again, rather than not.. showing they did in fact NOT store your addy.
Title: Re: Vendors messing up, asking for address again
Post by: StExo on May 30, 2013, 03:05 pm
Better they ask for the addy again, rather than not.. showing they did in fact NOT store your addy.

True, I've received a message once from a vendor when a package was caught in customs and said he'll resend. Sure enough, before I could respond, he dispatched the package, and it arrived. I believe he was given a stern warning when I passed the info to the staff.
Title: Re: Vendors messing up, asking for address again
Post by: astor on May 30, 2013, 09:11 pm
It could be as innocent as you messing up the encryption, or them messing up the decryption. If it happens every time, they could have lost their private key and are too embarrassed to admit it. Doesn't matter though, I wouldn't send them my address in plaintext. They need to own up to losing their key or I would shop elsewhere.

Of course, it could be a compromised account. There's no way to tell for sure, unless something obvious happens like buyers start getting arrested.

Also, people don't realize that PGP offers more than communication privacy. In a pseudonymous community like this, it is your identity. It is the only reliable way to prove you are you if something happens like your account is compromised, or you communication with people through out of band channels. Backup up your key in 3 places, because losing it is a huge pain in the ass.
Title: Re: Vendors messing up, asking for address again
Post by: fartsinthewind on May 31, 2013, 07:19 am
Yeah, they say denial is the most powerful drug....but i'm going to chalk this one up to paranoia. The fear.....it's getting to me man!!!

Thanks for your input guys. 7 moar days till I hit the two year mark....yipee! I can honestly say I've seen one vendor, a shitty one at that, (Aakove*) be here the majority of the time. Do guys wise up and get out? I've seen the best of the best come and go time and time again....soon i'll be calling it quits myself. Its certainly lost some of its appeal. I guess that's a good sign???

Be safe everyone. :)
Title: Re: Vendors messing up, asking for address again
Post by: Notrealperson6708 on June 06, 2013, 07:48 pm
Better they ask for the addy again, rather than not.. showing they did in fact NOT store your addy.

Right....this was how I looked at it.  I was a little sketched out for a minute, but thought "what's the worst that can happen?  I want my damn drugs!".
Title: Re: Vendors messing up, asking for address again
Post by: HollandOnline on June 07, 2013, 09:33 pm
I've had three similar scenarios in the past week, where i've ordered from established vendors (over a year, 95+ % ratings, but I have only done business with them one before, so two are new to me, i always do the legwork to ensure their legitimacy as much I can) message me after the order was placed (in two cases after the order was marked 'in transit') via PM asking me for my address again.  All three times I have politely responded with, sorry for the mishap, please cancel the order (and they all have).

Wondering if anybody else is coming across this. I'm getting ready to hit two years on SR, but this is the first time since I've used PGP that "established" vendors are asking me for my address again via PM. Just wondering if their account could/would have been compromised/hacked into. The public key for the one I have done business with in the past did not change, so thats good.

Thoughts?

good day
im a Sr seller..

i has happened to me...the printer jammed...and the envelop was not printed....and i had already pushed the in-transit button...

it can happen....

solution...1...ask customer address in pm in privnote...pgp...or plain...and destroy address manually...
solution...2....cancel order.....let customer reorder...

both is possible....



good weekend!

We hope to have informed you well...


Sincerely Yours,
HollandOnline
Title: Re: Vendors messing up, asking for address again
Post by: milliardo23 on June 08, 2013, 12:59 am
is it not wise to have the same forum account as your buyer account?
Title: Re: Vendors messing up, asking for address again
Post by: FartBomber on June 08, 2013, 02:22 pm
I ask for adresses trough PM all the time but its always because the customer sent his PGP key to me instead of the actual encrypted address or because they have used the wrong PGP key. I never put the order in transit before having printed the label for the customer so imho vendors who put the order in transit and then ask for the address are doing something wrong.
Title: Re: Vendors messing up, asking for address again
Post by: fartsinthewind on June 10, 2013, 08:02 am
I've had three similar scenarios in the past week, where i've ordered from established vendors (over a year, 95+ % ratings, but I have only done business with them one before, so two are new to me, i always do the legwork to ensure their legitimacy as much I can) message me after the order was placed (in two cases after the order was marked 'in transit') via PM asking me for my address again.  All three times I have politely responded with, sorry for the mishap, please cancel the order (and they all have).

Wondering if anybody else is coming across this. I'm getting ready to hit two years on SR, but this is the first time since I've used PGP that "established" vendors are asking me for my address again via PM. Just wondering if their account could/would have been compromised/hacked into. The public key for the one I have done business with in the past did not change, so thats good.

Thoughts?

good day
im a Sr seller..

i has happened to me...the printer jammed...and the envelop was not printed....and i had already pushed the in-transit button...

it can happen....

solution...1...ask customer address in pm in privnote...pgp...or plain...and destroy address manually...
solution...2....cancel order.....let customer reorder...

both is possible....



good weekend!

We hope to have informed you well...


Sincerely Yours,
HollandOnline

Dank je vel! I understand it happens.

And regarding using your account name as your forum name? Not sure why anyone would do that. Forums are accessible through tor portals, and you can browse em and search without login credentials, i think. Hell, maybe the search bar works better that way, ha
Title: Re: Vendors messing up, asking for address again
Post by: BlackIris on June 10, 2013, 09:15 am
And regarding using your account name as your forum name? Not sure why anyone would do that. Forums are accessible through tor portals, and you can browse em and search without login credentials, i think. Hell, maybe the search bar works better that way, ha

And so? If the account is an alias you use only here and in the SR and nowhere else and it has no ties whatsoever to who you are etc. what does it change? The point of having an alias is in its anonymity. Until the alias is anonymous using it in the forums along SR makes no difference whatsoever from using two different aliases. Who cares if people can see your alias name and what you post with it? It is not that seeing a name or what you write can make them understand who is behind that name until there's an association somewhere to be had (but to do something like that the association has to be obvious; it is very difficult to associate a person to an electronic alias just by writing posts alone).

Naturally the thing changes if your forum name CAN be associated somewhat with some other alias you have outside or similar things (but in that case you are anyway irresponsible for what it concerns security IMO).
Title: Re: Vendors messing up, asking for address again
Post by: Heinemen on June 10, 2013, 12:29 pm
Better they ask for the addy again, rather than not.. showing they did in fact NOT store your addy.

This brings up a good point