Silk Road forums
Discussion => Newbie discussion => Topic started by: neo67 on June 16, 2013, 09:33 pm
-
Really need your help on this guys!! I am struggling to use PGP encryption so i wondered if Privnote is really safe to hide my address?
I know there is probably alot of info on this already but i have been unable to find it--can anyone point me in the right direction?
Many thanks.
-
PGP is the much preferred method. Privnote is only as reliable as whoever maintains it, and as with Hushmail, they would probably fold under LE pressure.
just my opinion
-
PGP is always safer. Honestly though, it seems 80% of people who do transactions on SR do not use any sort of encryption at all for their addresses. Most of the people I know who actively worry about encrypting their crap are spending multiple thousands of dollars on a regular basis.
-
Ok thanks for the reply man............who the hell are the LE??lol
Can you recommend any tutorials on how to use PGP please?
-
Well i mean is PGP worth the hassle, as SR encrypt the address as well plus using Privnote can add more security. I can't for the life of me figure out how to use PGP,struggling to find decent PGP software to download..any ideas?
-
privnote is not necessary with PGP, it is not currently crackable at 2048 bit currently (but set up 4096 for the future)
LE=Law Enforcement
here is a great tutorial
http://32yehzkk7jflf6r2.onion/gpg4usb/
-
Dude, I'm no computer wiz and I figured out pgp. It seems intimidating at first but once you get it, it's like WTF???This shit is simple. Download one of the free programs and p;lay around with it for a while. I made 10-15 orders B4 I learned how to use it and I was starting to get paranoid without it.
One thing with things like pgp, is a lot of the directions that come with it or tutorials use words and phrases like they think everyone is a computer wiz instead of talking laymans terms.
I use Gpg for windows and it's pretty easy once it "clicks" in your head.
-
I actually prefer Privnote. It requires zero skill other than literacy. And I can't really see any LE agencies banging down my door because of it, using it to encrypt names and addresses proves nothing.
But sure, PGP is easy once you've used it a couple of times.
gpg4usb is super simple and their site has great tutorial-
This is what I use and you will find a great tutorial on Youtube specifically for gpg4usb, its about 10 minutes long. ;D
-
PGP is a much preferred method but heard it can be cracked?
-
PGP is a much preferred method but heard it can be cracked?
In theory anything can be cracked. If you use a good password however, the number of years that it would take to crack your pgp key would make it practically uncrackable.
Opinions on Privnote really vary. I think it's fairly safe, and I accept it because I think it's safer than plain text addresses. And you would be amazed by the number of people who just write their address in plain text. But if you really care about your security you should use pgp.
You can learn how to use GPG4USB here: http://dkn255hz262ypmii.onion/index.php?topic=8962.0 and join the SR PGP club here: http://dkn255hz262ypmii.onion/index.php?topic=30938.0 to learn everything you need to use encryption effectively and secure your very own secret identity.
-
Would recommend PGP over privnote I have quoted what i wrote for someone else who was asking how to use PGP as well!
PGP: This is quite important especially when sending a vendor you name and address because it mean that if the message was ever intercepted your details could not be read and the only person that can decrypt your message is the vendor that the message is meant for!
I use windows so can only really help you with the windows method of setting up PGP. But you need to download a piece of software called GPG4Win (CLEARNET: www.gpg4win.org). During the installation you will be asked to choose the components you wish to install and on this step you must make sure you select GPA.
Once installed you can use this straight away without creating your own keys. You just copy a vendors public key into a text file and then save it on your computer then you open GPA and import the key by selecting import and then locating the text file on your computer. Once the key has been imported it will tell you if it has been successful and will appear in your keychain. you can then just select clipboard, type in your message, select encrypt and then select the key you want to use. You will then have a nice encrypted message that can only be decrypted by the vendor. You can also select multiple keys on one message, this means that multple people can decrypt your message and is very handy if you make orders with different vendors at the same time.
If you want to set up your own private/public key I have put links to a couple of good resources that explain how to below:
CLEARNET: Guide: http://gpg4win.de/handbuecher/novices_6.html
CLEARNET: Video: http://www.youtube.com/watch?v=R-FyJXUxVQ0
-
Thanks everyone for your replies especially fucknuts! ......your recommended tutorial was REALLY helpful..i can now use PGP successfully! yay! :)
Anyone who is struggling to use PGP this is a fantastic tutorial that fucknuts recommended, here it is:
http://32yehzkk7jflf6r2.onion/gpg4usb/
Very clear and simple steps of how to set p PGP software using Windows.
Thanks again. :)
-
hehe, I wrote that guide btw. I think it's helped a few thousand people at this point. :)
Privnote is much less safe that a desktop PGP client. It exposes you to many vulnerabilities and attacks. The site could be run by LE. The code could transmit the decryption key back to the server (presumably the url is the decryption key). Even if the JavaScript is safe now, it could be modified at any time by the Privnote admins without you knowing. The exit node could replace the Privnote site with its own, including malicious code.
The thing about the code changing isn't theoretical. It actually happened with Hushmail, which would PGP encrypt your messages with a Java app in the browser. They stored your private key on their servers, but it was symmetrically encrypted with a password. So, when they got an LE request for an account's emails, they sent a different Java applet to that person, which sent the password back to their servers. They got the private key and decrypted the emails.
The moral of the story is, never use a third party, and especially a web site or browser code, for your security.
-
one vendor i use refuses to deal with privnote - he/she says they pass information on to LE
-
Keep in mind when using PGP that it is only as strong as the weakest link, if you keep the unencrypted message on your computer or use a password that you use elsewhere then it can be unsafe still, that said I think I prefer it to privnote so far that is.
-
O astor you LEGEND! lol.... i was struggling to find a simply explained tutorial on how to use PGP until i came across your tutorial, it made me realize how simple PGP use is!
I used Privnote once on my first order....soooo wished i hadn't now! I was hesitate to use it in the first place...it seemed a bit suspicious and that it could be easily cracked but i stupidly used it anyway! i'm an idiot, i know.
Having said that at least i didn't write my address with no encryption at all, i cam imagine that some people do lol and my address should of been read by now and thus deleted....but is it permanently deleted!? how do we know this to be true?! we don't really do we?
-
So is it not safe to just rely on SR's promise that they will delete the address as soon as the order is confirmed ????
I use PGP too over privnote.