Silk Road forums
Discussion => Security => Topic started by: Miah on June 29, 2013, 05:50 am
-
Would it be wrong for me to call out a vendor with a totally unsafe practice of the handling of customers information? I tried to advise the vendor that what they're currently doing is both wrong and unsafe and was told that DPR himself told him that it was indeed safe and that he trusts DPR. I was just like wtf?
-
How was your info used? Because if you feel like it exposed your identity, then yes it is a problem.
Future customers will probably feel the same way if he doesn't change his technique.
-
No I haven't bought from him. I don't wanna come out and say the name of the vendor cause I think that's just kinda wrong but I was interested in 'listing' an item for him to sell for me. What he does once the item sells he gets the customers address then sends it to Privnote to encrypt and then sends it back to you. Like what? ???
It makes no sense at all. We are on SR's site why expose the customers address by sending it to Privnote of all things and then sending it to me so I can ship out the item. Why not just send the address in a message through SR..and using privnote out of all things, ffs. If anyone wants to know the vendor you can message me.
According to this vendor DPR assured him this was safe for small transactions. I think this vendor is very confused. I tried to offer advice and let him know what he's doing is exposing his customers and he seems ignorant of that fact.
-
I wouldn't do business with him until he makes the changes necessary for you to be/feel safe.
Id Send him another message explaining everything again to make it clear. If he still doesn't care/understand Id message someone with a little authority here or report him.
-
I still can't believe he told me that he talked to DPR and DPR said it was ok, lol...wtf? IDK maybe he's LE? I hate to jump on the paranoid LE bandwagon but I have no other explanation. I did explain to him politely that his procedures were unneccessary and added risk to his customers and his whole business equation in which he was having none of it.
I'll wait till more people comment on this thread and see what they think. I'm 100% not for it though and would never deal with him that's for sure.
-
The vendor is Full of shit if he said he spoke or chatted with DPR! Id like to see his services so i can get a better idea of what it is he's offering.
-
Sent you a pm with the vendors link and all the relevant info :)
-
That logic is seriously flawed.
That's the equivalent of saying 'I've stolen from this store many times, I'll never get caught'. Besides the whole argument of whether or not Privnote is safe is not the main issue. The main issue is that it's a totally unnecessary step by the vendor that provides no real benefit besides the added exposure of the customer.
Someone could always spoof the site to https://privnot.com/ and it show up in the search results. I'm sure someone would use it. Sites can be hacked. Malicious code can be added. You get the point I think.
-
There's some valid reasons people don't like privnote. Granted it may not have had a problem ... yet. If I sent my address encrypted with PGP, I would hope/expect that if it was a drop ship that the vendors would keep my information PGP encrypted as well (and not using something such as privnote).
-
Hi SR´s!! Hi Miah!!
You´re talking about "...tree", I think.
That seems to be connected with "graigslist", who was already mentioned as a scammer (don´t know the exactly thread).
I would never use a service like this, to many ways to a scam!
Maybe you use BMR, there you need only 1 Btc and a PGP key for a vendor account - just an idea.
Ps: Everybody can get the info at the vendor´s page! (For everyone who´s crying for "privacy"!)
-
Would it be wrong for me to call out a vendor with a totally unsafe practice of the handling of customers information? I tried to advise the vendor that what they're currently doing is both wrong and unsafe and was told that DPR himself told him that it was indeed safe and that he trusts DPR. I was just like wtf?
And yet I sit here with -37, about 90% of which is from a thread in which I simply suggested a rough draft of a method for pre-screening vendors before they start sales. And I think about 80% of those negs were from people who did a skim-through and did not actually read what I was saying. And probably another 10% just marching behind the bandwagon, as so many people love to do in the context of ridiculing and shaming another individual for their own pleasure.
-
No I haven't bought from him. I don't wanna come out and say the name of the vendor cause I think that's just kinda wrong but I was interested in 'listing' an item for him to sell for me. What he does once the item sells he gets the customers address then sends it to Privnote to encrypt and then sends it back to you. Like what? ???
It makes no sense at all. We are on SR's site why expose the customers address by sending it to Privnote of all things and then sending it to me so I can ship out the item. Why not just send the address in a message through SR..and using privnote out of all things, ffs. If anyone wants to know the vendor you can message me.
According to this vendor DPR assured him this was safe for small transactions. I think this vendor is very confused. I tried to offer advice and let him know what he's doing is exposing his customers and he seems ignorant of that fact.
Shit like this pisses me off. If I went out of my way to protect my info by encrypting it myself, and some idiot dumped it on a third party site, I would be furious.
This is a good think to know about a vendor. Ultimately I think they should be free to run their business however they want. If they don't accept PGP encrypted addresses, or they post the address on Privnote, or email the plaintext to their shipping associates, that's up to them, but I'd like to know about it, so I can ensure I never buy from them.
-
Would it be wrong for me to call out a vendor with a totally unsafe practice of the handling of customers information? I tried to advise the vendor that what they're currently doing is both wrong and unsafe and was told that DPR himself told him that it was indeed safe and that he trusts DPR. I was just like wtf?
And yet I sit here with -37, about 90% of which is from a thread in which I simply suggested a rough draft of a method for pre-screening vendors before they start sales. And I think about 80% of those negs were from people who did a skim-through and did not actually read what I was saying. And probably another 10% just marching behind the bandwagon, as so many people love to do in the context of ridiculing and shaming another individual for their own pleasure.
I feel you on that, I've been getting that same vibe thrown my way too for trying to help. Idc though f em it's just a number but +1 to you cause I feel your plight. When I started this thread I had -9 negs now it's at -12 ..lol.. that's hilarious getting neg'd for bringing this absurd practice of this vendor.
Shit like this pisses me off. If I went out of my way to protect my info by encrypting it myself, and some idiot dumped it on a third party site, I would be furious.
This is a good think to know about a vendor. Ultimately I think they should be free to run their business however they want. If they don't accept PGP encrypted addresses, or they post the address on Privnote, or email the plaintext to their shipping associates, that's up to them, but I'd like to know about it, so I can ensure I never buy from them.
Exactly my point. In the vendors defense he did tell me of his policy. He wasn't dishonest but it seems like sometimes it's a big pissing contest in this community.
-
a vendor admited to me yesterday that they did not know how to use PGP "or whatever we call" and thought nothing of it. I've tried to explain the rick and ignorance in his attitude and have asked him if he was joking befor I expose him everywhere as that was about the sacrier things I've heard here.
PGP is simple! also for newer users, most of us say PGP but are using GPG(GnuPrivacyGuard) the open source clone.
two respected members just gave me some food for thought but if a vendor asks for privnote instead of PGP I find another vendor. I don't know much about it because PGP is the best, super simple to use, why use anything else?
-
No I haven't bought from him. I don't wanna come out and say the name of the vendor cause I think that's just kinda wrong but I was interested in 'listing' an item for him to sell for me. What he does once the item sells he gets the customers address then sends it to Privnote to encrypt and then sends it back to you. Like what? ???
It makes no sense at all. We are on SR's site why expose the customers address by sending it to Privnote of all things and then sending it to me so I can ship out the item. Why not just send the address in a message through SR..and using privnote out of all things, ffs. If anyone wants to know the vendor you can message me.
According to this vendor DPR assured him this was safe for small transactions. I think this vendor is very confused. I tried to offer advice and let him know what he's doing is exposing his customers and he seems ignorant of that fact.
Shit like this pisses me off. If I went out of my way to protect my info by encrypting it myself, and some idiot dumped it on a third party site, I would be furious.
This is a good think to know about a vendor. Ultimately I think they should be free to run their business however they want. If they don't accept PGP encrypted addresses, or they post the address on Privnote, or email the plaintext to their shipping associates, that's up to them, but I'd like to know about it, so I can ensure I never buy from them.
I could name ten vendors that transmit their customers addresses over clearnet in cleartext using free clearnet email services. :( A lot of shit goes on that the customers don't know about. :(
If you do not have to courage call them out in public why even mention it?
shiiiit.... it took me like a century to learn how to use it and then I just went back to privnote :P I wish we had auto encryption here like atl (not going there quite yet :o) to dummy proof this shit for me, but based on my understanding I think it's just fine....if privnote was no good, like jack said, I think lots of people would be in jail already or on their way and I find the latter unlikely but certainly a very minute possibility. maybe ill lift my fingers one day soon but right now I am going to veg out......... 8)
Why would anybody buy from such lazy vendors is beyond me. As for your logic failure read the post by Miah.
-
No I haven't bought from him. I don't wanna come out and say the name of the vendor cause I think that's just kinda wrong but I was interested in 'listing' an item for him to sell for me. What he does once the item sells he gets the customers address then sends it to Privnote to encrypt and then sends it back to you. Like what? ???
It makes no sense at all. We are on SR's site why expose the customers address by sending it to Privnote of all things and then sending it to me so I can ship out the item. Why not just send the address in a message through SR..and using privnote out of all things, ffs. If anyone wants to know the vendor you can message me.
According to this vendor DPR assured him this was safe for small transactions. I think this vendor is very confused. I tried to offer advice and let him know what he's doing is exposing his customers and he seems ignorant of that fact.
Shit like this pisses me off. If I went out of my way to protect my info by encrypting it myself, and some idiot dumped it on a third party site, I would be furious.
This is a good think to know about a vendor. Ultimately I think they should be free to run their business however they want. If they don't accept PGP encrypted addresses, or they post the address on Privnote, or email the plaintext to their shipping associates, that's up to them, but I'd like to know about it, so I can ensure I never buy from them.
I could name ten vendors that transmit their customers addresses over clearnet in cleartext using free clearnet email services. :( A lot of shit goes on that the customers don't know about. :(
If you do not have to courage call them out in public why even mention it?
shiiiit.... it took me like a century to learn how to use it and then I just went back to privnote :P I wish we had auto encryption here like atl (not going there quite yet :o) to dummy proof this shit for me, but based on my understanding I think it's just fine....if privnote was no good, like jack said, I think lots of people would be in jail already or on their way and I find the latter unlikely but certainly a very minute possibility. maybe ill lift my fingers one day soon but right now I am going to veg out......... 8)
Why would anybody buy from such lazy vendors is beyond me. As for your logic failure read the post by Miah.
I don't have to mention their name cause currently they stand at 5 transactions plus I'd rather not be a snitch. From all the info I gave in this thread about the vendor the astute reader should be able to come to a figure out what vendor I'm talking about.
-
::)
-
I chip at H #4 and have purchased from multiple vendors over the past ~6 months.
US domestic H vendors come and go over time, of course, but there are always currently successful vendors who refuse to use PGP.
I will never provide my mailing address without PGP encryption. I have very high conviction in this statement.
Even as a chipper, I understand how desperate things can get for opioid abusers. I know these vendors are always getting business without PGP because people are sick and will compromise their security to get well. I empathize, but man it bums me out.
PGP should be considered mandatory on SR for any sensitive information. The risk is simply too high.
-
I just tried to find out why a vendor I wanted to purchase from only mentioned privnote as a way of contacting him. I pmed him, which was quickly read asking if I could use PGP and why he doesn't. Pretty sure he does not know how to use it and should not be a vendor in my opinion. PGP IS SIMPLE PEOPLE!! I've asked him for clarification, ie; does he kow how to use fucking encryption or not? no answer yet. He has a few hours before I post his vendor name.
If you can't use PGP/GPG with 100% confidence you have ZERO business being a vendor.
-
People send me their addresses using privnote everyday. Some people are too lazy to learn PGP. I've personally talked about multi kilogram deals and murder with people I knew in person using privnote but that was years ago and with people who never learned PGP. If privnote was doing something shady them me and many other people would be in prison. Just saying...
shiiiit.... it took me like a century to learn how to use it and then I just went back to privnote :P I wish we had auto encryption here like atl (not going there quite yet :o) to dummy proof this shit for me, but based on my understanding I think it's just fine....if privnote was no good, like jack said, I think lots of people would be in jail already or on their way and I find the latter unlikely but certainly a very minute possibility. maybe ill lift my fingers one day soon but right now I am going to veg out......... 8)
I don't mean any insult at all to ANYONE, I am just sitting here a bit shocked right now.
you have almost 1200 post but can't use PGP? Sorry but thats pretty fucked. Chose to use it or not is your choice and the people you communicate with, but it is simple, don't make other think it is difficult to use or learn because it is not and I am anything but tech savvy, and had no friends IRL or online to help and it took some effort but not much. I will help anyone(as time permits), one on one, learn to use PGP for email encryption. No offense meant, I just can not believe all the trouble people who have been here longer than a week are having.
Everything and more about the topic is here in this fantastic book.
"PGP & GPG Email for the Practical Paranoid" by
Mike Lucas
-
Miah the comment was aimed at Jack N Hoff.
Aurelius Venport how is covering an ass of a lazy vendor snitching? Transmitting "customers addresses over clearnet in cleartext using free clearnet email services" is dangerous and dumb.
But hey, let's all just shut up and let this practice continue because nobody wants to say a thing. I mean, that is what the community is about, right? A giant circle jerk.
-
Ya I understand..I think we're all basically here on the same page. Just sometimes ppl explain it differently or w/e. I'll give you guys a hint who the vendor is though ok? Let's play the game here we go:
C---s L--t
whoever wins gets +1 to their E peen cool? :P
-
No I haven't bought from him. I don't wanna come out and say the name of the vendor cause I think that's just kinda wrong but I was interested in 'listing' an item for him to sell for me. What he does once the item sells he gets the customers address then sends it to Privnote to encrypt and then sends it back to you. Like what? ???
It makes no sense at all. We are on SR's site why expose the customers address by sending it to Privnote of all things and then sending it to me so I can ship out the item. Why not just send the address in a message through SR..and using privnote out of all things, ffs. If anyone wants to know the vendor you can message me.
According to this vendor DPR assured him this was safe for small transactions. I think this vendor is very confused. I tried to offer advice and let him know what he's doing is exposing his customers and he seems ignorant of that fact.
Shit like this pisses me off. If I went out of my way to protect my info by encrypting it myself, and some idiot dumped it on a third party site, I would be furious.
This is a good think to know about a vendor. Ultimately I think they should be free to run their business however they want. If they don't accept PGP encrypted addresses, or they post the address on Privnote, or email the plaintext to their shipping associates, that's up to them, but I'd like to know about it, so I can ensure I never buy from them.
Agreed. I would be very concerned if this was happening. There is no reason why the buyer can't encrypt the address with the actual seller's public key. The person in the middle should never know those details, it just puts people at greater risk.