Silk Road forums
Discussion => Silk Road discussion => Topic started by: BlueGiraffe on August 05, 2013, 10:08 pm
-
This is an urgent notice to all our clients.
There has been a massive breach of security due to the following conjunctions:
1. I keep a document with all shipping addresses as verification for any re-ships. I know this is specifically against Silk Road’s terms, but I have always kept this totally protected (properly encrypted and completely hidden). I’ve been meaning to remove all personal information and just keep the stats, but had not gotten around to that yet.
2. I very recently hired a new assistant to help me process orders. She is totally trustworthy and has access to all documentation. However she made a profound error of judgement a couple of days ago. She was meant to email me the shipping information for the day – PGP encrypted and from one Tormail account to another. There was an issue with her PGP and she failed to get it sorted and so, as it was late in the day and she didn't want to miss the shipment deadline, decided to send it another way that she believed was totally secure, but which was not (I do not want to give further detail on the forum as these may compromise things further). She also somehow mistakenly managed to send all the history rather than just the day's orders.
3. Tormail was compromised shortly afterwards.
The circumstances and the timing could not have been more horrifically aligned, and I consider the shipping information compromised.
I take full personal responsibility for this. Whatever role my assistant played, I allowed it to happen. I am a professional and I have never been responsible for such a degree of fuck up in all my life, and I feel utterly gutted and destroyed from the betrayal of trust and care that I have just caused. I am deeply sorry to all of you.
The data does link names and addresses to SR usernames but does not refer to any specific product. While I consider it low probability that there will be any direct follow-up, I do highly recommend that you clean house and do whatever else is required to protect yourself. I will also be sending this communication out by PM to all our clients.
Our account itself was not compromised from the Javascript exploit and everything is functional and secure. And of course the learning from the most painful kind of lesson is already being applied. I have already shared the details of this with DPR and have offered to walk the plank - and may yet depending on how this plays out.
Though I will never meet any of you in person, you are like a great family that I love and care for very much. And I have done the worst thing and compromised your safety. I am so sorry.
BlueGiraffe (neck hung in shame)
-
You kept the address for every transaction or just recent ones? O.o
-
Holy shit, I feel bad for you.. This is an exact example of why addresses should never be kept.
-
I have long suspected that most vendors will probably keep a log of their clients' usernames and IRL names and addresses.
Respect to you BG for admitting it, but Jesus Christ, you have seriously fucked things up. I thank my lucky stars I didn't order from you - despite being quite tempted after reading your enthusiastic and well-informed sounding posts on GHB.
-
You kept the address for every transaction or just recent ones? O.o
All the way back...
-
Is it names, addresses and SR usernames?
-
Is it names, addresses and SR usernames?
Yes, they can be linked with minor effort.
-
oh fuckery. subbing..
-
You kept the address for every transaction or just recent ones? O.o
All the way back...
It could have been worse. It's just a list of SR usernames tied to the real names and addresses (some will be bogus of course), there's not even an indication that they've bought from you I assume. It would have been a magnitude worse if it also had the order but then if a name is on there more than once it will give them an indication that the person may be "of interest".
you're very brave for admitting this, I bet there are a lot of other vendors that have been similarly compromised by the tormail issue and won't have the guts to admit it because they put their own self interest ahead of their customer's protection.
eta: I'm not downplaying the seriousness of this but still, it could have been a lot worse
-
Is it names, addresses and SR usernames?
Yes, they can be linked with minor effort.
Does that include the lottery winners or only paying customers?
To be honest, I'm not hugely worried, as abby says I reckon it would only be the repeat customers who'll receive a visit from LE (assuming your TorMail account is even of interest to LE, it might not be). Have you otherwise openly discussed your vending activities, unencrypted, on the account?
On a positive note, thank you for informing the community, it goes a long way. Personally, for that reason, I don't think you should have to walk the plank for this. I hope you and your team stay safe too.
-
You kept the address for every transaction or just recent ones? O.o
All the way back...
It could have been worse. It's just a list of SR usernames tied to the real names and addresses (some will be bogus of course), there's not even an indication that they've bought from you I assume. It would have been a magnitude worse if it also had the order but then if a name is on there more than once it will give them an indication that the person may be "of interest".
you're very brave for admitting this, I bet there are a lot of other vendors that have been similarly compromised by the tormail issue and won't have the guts to admit it because they put their own self interest ahead of their customer's protection.
eta: I'm not downplaying the seriousness of this but still, it could have been a lot worse
I did consider for about 1 millisecond not saying anything - and that was clearly unacceptable and I would not have been able to look at myself in the mirror. As it is I feel like Golum. It's going to be a long night...
Thank you for your kind words - it really helps right now...
BG
-
Is it names, addresses and SR usernames?
Yes, they can be linked with minor effort.
Does that include the lottery winners or only paying customers?
To be honest, I'm not hugely worried, as abby says I reckon it would only be the repeat customers who'll receive a visit from LE (assuming your TorMail account is even of interest to LE, it might not be). Have you otherwise openly discussed your vending activities, unencrypted, on the account?
Lottery winners are listed but without any connection to a SR username.
Everything else is PGP encrypted in there - this is the only thing that is not.
-
so what else does this java thing do other than getting the vpn ip??? my computer cannot detect anything now but can this thing sit and watch me undetected ??
new computer and holiday time i think !!
-
Huge respect to you admitting it, this is the best you could do.
Deleting pm's here and on the main site is probably also a good idea...
-
Considering what's done is done, this is the most admirable and best action you could have taken. I wish more individuals were like you.
... it would have been nice if you hadn't kept the records in the first place, of course, but barring that: good show, good form, and all that :)
-
My stomach flips at the idea of addresses being kept but thanks for having the balls/ovaries to step forward
-
is Libertas gonna hop in here and ban you for keeping addresses? highly doubtful.
Props to you coming out with it, but it really shouldn't even have been done in the first place but whats done is done.
-
is Libertas gonna hop in here and ban you for keeping addresses? highly doubtful.
Props to you coming out with it, but it really shouldn't even have been done in the first place but whats done is done.
It would appear that BlueGiraffe has already been demoted.
-
And this is why I say: fuck RxKing and any vendor who refuses to take PGP encrypted messages. You think Privnote or even the SR server are 100% safe from being taken over by LE next?
Always PGP encrypt sensitive info, and boycott any vendor who refuses to use it, or who re-sends your info unencrypted.
-
Huge respect to you admitting it, this is the best you could do.
Deleting pm's here and on the main site is probably also a good idea...
Huge fucking respect. Damn.
Still, you shouldn't have kept that info. Not cool man. I'm kind of glad, I was going to make a purchase from you a week ago and I decided with another vendor.
-
:'(:'(:'(:'(:'(:'(:'(:'(:'(:'(:'(:'(:'(:'(:'(:'(:'(:'(:'(:'(:'(:'(:'(:'(:'(:'(:'(:'(:'(:'(:'(:'(:'(:'(:'(:'(:'(:'(:'(:'(:'(:'(:'(:'(:'(:'(:'(:'(:'(:'(:'(:'(:'(:'(:'(
Fuckkkkk..... really. God ima have to clean house and everything thanks for telling me atleast. But I have a few shippmwnts on the way now I really hope my adress isn't flagged
-
is Libertas gonna hop in here and ban you for keeping addresses? highly doubtful.
Props to you coming out with it, but it really shouldn't even have been done in the first place but whats done is done.
It would appear that BlueGiraffe has already been demoted.
*slinks to corner with fist in mouth
-
Posting to get updates!!!
-
gah
-
Wow.
-
It's interesting that Googleeyed's minion was spraying names and addresses all over the forum a few months back and nothing happened to him (and I bet he's still using shippers and sending the addresses to them) and down the months others have admitted to keeping addresses and they seem to have been ok too, yet this happens to BlueGiraffe.
It is serious but there seems to be an inconsistency here.
I suppose the lesson to be learnt (as it is each time this kind of thing happens) is that if you're using a vendor that uses hired help to process the orders then you are going to be at a greater risk of disclosure, either deliberate or accidental.
-
Does this mean that he cant continue as a vendor? I dont find his vendor page at least. I was also going to order him soon :'(. Even though i havent made business with him yet, i find him very trustworthy and responsible. Especially after he now admits what has happened. The fact he kept the info of clients was probably a backdoor for him to keep business going even after something would happen to Silk Road. But of course i understand the policy of not doing so and it's for cases exactly like this. Hope he get's everything working - he doesn't deserve this.
-
Man. Thanks for letting everyone know.
And to the powers-that-be: Keeping those addresses was a mistake, but BG could just as easily have said nothing. Why punish or ban a vendor for coming clean? Won't that just discourage others from admitting mistakes? I know vendors are explicitly banned from saving addresses, and I get that rules are rules. It just seems dangerous to me to send the message that anyone trying to right a wrong or prevent fallout from their actions would be better off covering things up than coming clean.
-
Man. Thanks for letting everyone know.
And to the powers-that-be: Keeping those addresses was a mistake, but BG could just as easily have said nothing. Why punish or ban a vendor for coming clean? Won't that just discourage others from admitting mistakes? I know vendors are explicitly banned from saving addresses, and I get that rules are rules. It just seems dangerous to me to send the message that anyone trying to right a wrong or prevent fallout from their actions would be better off covering things up than coming clean.
I understand what you are saying but this is a big fuckery and it cannot be let pass as if nothing happened. This is a serious breach both on SR rules and both on customers security. Yes, BlueGiraffe has had a lot of dignity on admitting what happened but still this is a serious thing and you cannot pretend a SR admin to do nothing about it.
Moreover I tell you this: this thing would have come to the surface one way or another, either if BlueGiraffe said nothing. In this way, by being honest, s/he will much probably be allowed to create another account and start anew with a new modus operandi, but if shit did hit the fan and s/he said nothing s/he would never been allowed to vend here no matter what and on top of that s/he would have much probably lost all his/her clients and respect because nobody would trust him/her anymore. In this way s/he did an error (and a big one at that) but by excusing and admitting it openly his/her dignity remains intact.
So it's not that s/he is just getting a fist in the face for being honest; losing the vendor account is really the least of the repercussions here.
-
BlueGiraffe, at least you had the common decency to come out and man up and say what you did.
I wouldn't worry about my account if I were you. Just get a new one.
Liston admitted to keeping his customer's addresses and threatened to give my info to LE after shipping a quantity of coke to me. I reported it to the Mods here and they helped me get in touch with admin on SR. He was banned and I was assured that he would never be back unless he could hide his identity.
...three days later, he was back with the exact same profile, same PGP, same products, but added "ishere" to his name and became "listonishere".
I was assured that he would never be back unless he could hide the fact that it was him. He admitted to keeping addresses and his threats were in our messages.
He did all this because he sent a package that I ordered from the US and he sent it from the UK. I didn't get it and filed a dispute. I won after 10 days because he gave up and gave me a 100 percent refund, but only because I quoted what a mod told me on here regarding his threats and listed quite a few violations of the seller's agreement that he signed up for. I told him that I got a seizure letter a couple weeks later and he called me a liar. After that, he simply threatened me through tormail for a few weeks until I told him that the box wasn't in my name and it would never be visited again so he could send all the shit he could afford and maybe some lucky sorter or PO employee could party for a few months on his dime.
So, based on how SR handled the liston aka listonishere situation. I would think you would get a medal and not banned, since you were straight up and made a fuck up and admitted to it.
So SR would probably prefer that you send messages and threaten to narc out all your customers after sending them illegal shit, get banned, then come back as "BlueGiraffeishere".
I encourage everyone to get a person you know, tell them that you owe the PO money for a box that they found was not paid for a year and now you can't open a box or some other bullshit story about why you can't open one. Tell them you have a warrant and can't show your ID because they cross reference it and would have you arrested. Buy a bum a bag of liquor...however you need to get it done, and just have a new one every three months. It costs a few bucks more, but I sleep better at night. They can't get in trouble. I just tell them if anyone, including LE, ever asks them about it, just tell them they opened it and had both keys on a separate ring and lost them and they wrote a letter to the PO and never heard back about the situation.
Also, never get a year, or six months, if you have one like mine, they do 6 month leases but you can get a 50 percent refund after 3 months, show that to a stranger or friend and they may do it just to get an extra 30 bucks. Just bounce from one PO to another and keep your orders to a minimum. For some reason, it seems like every PO has different rates. Do one from Mailboxes etc., the UPS store, or some local businesses. You can even go to a cheap motel, pay for 3 or 4 days, tell them your wife kicked you out and ask if it is ok if your family mails you some personal stuff like copies of family photos, home videos, legal papers, bronzed baby shoes and so on, since your whore wife will just throw it away out of spite. Many men and women will not only understand, but sympathize with you. Leave, tell them you made up and are moving back in, then come back in a month with the same story. Tell them you will hook them up with a tip for helping you out. I even have ordered legit stuff for the first delivery to the hotel, just had a friend send an envelope with a die-cast car in it and immediately opened it in front of the clerk, handed him 20 bucks and told him it was not even worth the postage, but was from my grandfather right before he died when I was 12. I have 40+ orders and never had more than 5 arrive at any given location, never in my name, and never picked it up myself, except for the hotel ones. It seems like a huge hassle and expense, but facing a trial for a drug conspiracy and misusing the postal service to send illegal substances is more of a hassle and expense, at least I would think.
I am joking about what you should do, but the liston deal was discussed on here, then he was banned and I am disheartened that SR would have taken his money and let a snitch return even though they were told and knew it. I think Libertas and Scout were taken back as well. I know Libertas assured me, in good faith, I am sure, that he would not be back unless he could hide who he was...too bad he isn't a silk road Admin because I don't think he can be bought off like that. But hey, I only had to burn a hundred dollar plus PO Box that wasn't even in my name after I just renewed it. The Bitch of it is that I couldn't get a refund, because I got it under a fake name. Even funnier, a family member at the PO let me open the box under a Narcotics Officer's name and home address. Would have been great to see how that played out. I just went and wiped the outside of the box with a rag and rubbing alcohol, just in case the joke was not well-received. Guess the joke was on me, liston, or maybe you since you lost your deposit and had to buy a new account. Keep dancing you queer ass snitch. Ok, mate!
But as for you BlueGiraffe, way to man up. You made a mistake. I remember one time I made a mistake...it's ok. Everybody gets one.
-
And this is why I say: fuck RxKing and any vendor who refuses to take PGP encrypted messages. You think Privnote or even the SR server are 100% safe from being taken over by LE next? Always PGP encrypt sensitive info, and boycott any vendor who refuses to use it, or who re-sends your info unencrypted.
What the fuck point is there of PGP encrypting your name and address to a Vendor if they promptly type it up into a spreadsheet?
I don't use Privnote, not because I think it is the weak link in the chain, but because the anonymous Vendor is. Be it malicious (Liston) or just plain fucking retarded (BlueGiraffe).
Anyway. I'm still going to use BG for some GHB when he gets his fucking shit together and promises not to keep my address.
-
It's interesting that Googleeyed's minion was spraying names and addresses all over the forum a few months back and nothing happened to him (and I bet he's still using shippers and sending the addresses to them) and down the months others have admitted to keeping addresses and they seem to have been ok too, yet this happens to BlueGiraffe.
It is serious but there seems to be an inconsistency here.
I suppose the lesson to be learnt (as it is each time this kind of thing happens) is that if you're using a vendor that uses hired help to process the orders then you are going to be at a greater risk of disclosure, either deliberate or accidental.
Thanks for your supportive words abby. For the record I am comfortable with losing my vendor privileges in this moment. I fucked up and it's appropriate - I'm not arguing it. I am in discussion with DPR and other SR stuff about how best this matter should be dealt with. I cannot be armored here - I must take what comes.
BG
-
Does this mean that he cant continue as a vendor? I dont find his vendor page at least. I was also going to order him soon :'(. Even though i havent made business with him yet, i find him very trustworthy and responsible. Especially after he now admits what has happened. The fact he kept the info of clients was probably a backdoor for him to keep business going even after something would happen to Silk Road. But of course i understand the policy of not doing so and it's for cases exactly like this. Hope he get's everything working - he doesn't deserve this.
Thanks findingcure,
Also for the record my intention was not to keep contact details as a back-door of post SR business if that ever happened. Rather it was my habit of keeping details until confirmed delivery of an order in case there needed to be discussion around a re-ship. And then it was my intention to remove all name and address details but only keep country information so that I would then have useful stats. I did not get a chance to do that before the document was mistakenly leaked. Not condoning anything - just clarifying intention.
And yes, right now he does deserve this. Pirate ships have to be run tightly - it's always been that way.
BG
-
BlueGiraffe, at least you had the common decency to come out and man up and say what you did.
I wouldn't worry about my account if I were you. Just get a new one.
Liston admitted to keeping his customer's addresses and threatened to give my info to LE after shipping a quantity of coke to me. I reported it to the Mods here and they helped me get in touch with admin on SR. He was banned and I was assured that he would never be back unless he could hide his identity.
...three days later, he was back with the exact same profile, same PGP, same products, but added "ishere" to his name and became "listonishere".
I was assured that he would never be back unless he could hide the fact that it was him. He admitted to keeping addresses and his threats were in our messages.
He did all this because he sent a package that I ordered from the US and he sent it from the UK. I didn't get it and filed a dispute. I won after 10 days because he gave up and gave me a 100 percent refund, but only because I quoted what a mod told me on here regarding his threats and listed quite a few violations of the seller's agreement that he signed up for. I told him that I got a seizure letter a couple weeks later and he called me a liar. After that, he simply threatened me through tormail for a few weeks until I told him that the box wasn't in my name and it would never be visited again so he could send all the shit he could afford and maybe some lucky sorter or PO employee could party for a few months on his dime.
So, based on how SR handled the liston aka listonishere situation. I would think you would get a medal and not banned, since you were straight up and made a fuck up and admitted to it.
So SR would probably prefer that you send messages and threaten to narc out all your customers after sending them illegal shit, get banned, then come back as "BlueGiraffeishere".
I encourage everyone to get a person you know, tell them that you owe the PO money for a box that they found was not paid for a year and now you can't open a box or some other bullshit story about why you can't open one. Tell them you have a warrant and can't show your ID because they cross reference it and would have you arrested. Buy a bum a bag of liquor...however you need to get it done, and just have a new one every three months. It costs a few bucks more, but I sleep better at night. They can't get in trouble. I just tell them if anyone, including LE, ever asks them about it, just tell them they opened it and had both keys on a separate ring and lost them and they wrote a letter to the PO and never heard back about the situation.
Also, never get a year, or six months, if you have one like mine, they do 6 month leases but you can get a 50 percent refund after 3 months, show that to a stranger or friend and they may do it just to get an extra 30 bucks. Just bounce from one PO to another and keep your orders to a minimum. For some reason, it seems like every PO has different rates. Do one from Mailboxes etc., the UPS store, or some local businesses. You can even go to a cheap motel, pay for 3 or 4 days, tell them your wife kicked you out and ask if it is ok if your family mails you some personal stuff like copies of family photos, home videos, legal papers, bronzed baby shoes and so on, since your whore wife will just throw it away out of spite. Many men and women will not only understand, but sympathize with you. Leave, tell them you made up and are moving back in, then come back in a month with the same story. Tell them you will hook them up with a tip for helping you out. I even have ordered legit stuff for the first delivery to the hotel, just had a friend send an envelope with a die-cast car in it and immediately opened it in front of the clerk, handed him 20 bucks and told him it was not even worth the postage, but was from my grandfather right before he died when I was 12. I have 40+ orders and never had more than 5 arrive at any given location, never in my name, and never picked it up myself, except for the hotel ones. It seems like a huge hassle and expense, but facing a trial for a drug conspiracy and misusing the postal service to send illegal substances is more of a hassle and expense, at least I would think.
I am joking about what you should do, but the liston deal was discussed on here, then he was banned and I am disheartened that SR would have taken his money and let a snitch return even though they were told and knew it. I think Libertas and Scout were taken back as well. I know Libertas assured me, in good faith, I am sure, that he would not be back unless he could hide who he was...too bad he isn't a silk road Admin because I don't think he can be bought off like that. But hey, I only had to burn a hundred dollar plus PO Box that wasn't even in my name after I just renewed it. The Bitch of it is that I couldn't get a refund, because I got it under a fake name. Even funnier, a family member at the PO let me open the box under a Narcotics Officer's name and home address. Would have been great to see how that played out. I just went and wiped the outside of the box with a rag and rubbing alcohol, just in case the joke was not well-received. Guess the joke was on me, liston, or maybe you since you lost your deposit and had to buy a new account. Keep dancing you queer ass snitch. Ok, mate!
But as for you BlueGiraffe, way to man up. You made a mistake. I remember one time I made a mistake...it's ok. Everybody gets one.
Some good suggestions. And thanks for your kind words. If I was required to leave I would probably leave it at that - not try slip back in under a pseudonym - don't really see the point...
BG
-
And this is why I say: fuck RxKing and any vendor who refuses to take PGP encrypted messages. You think Privnote or even the SR server are 100% safe from being taken over by LE next? Always PGP encrypt sensitive info, and boycott any vendor who refuses to use it, or who re-sends your info unencrypted.
What the fuck point is there of PGP encrypting your name and address to a Vendor if they promptly type it up into a spreadsheet?
I don't use Privnote, not because I think it is the weak link in the chain, but because the anonymous Vendor is. Be it malicious (Liston) or just plain fucking retarded (BlueGiraffe).
Anyway. I'm still going to use BG for some GHB when he gets his fucking shit together and promises not to keep my address.
Was a ridiculous fuck-up. No dispute. If I am allowed to continue vending on SR, this is my solemn promise: I will not keep addresses at all - even for verification of re-ships. I'm just making that statement formally and publicly here for what it's worth.
BG
-
All though it is good that you have come clean, it does not make what you did any better. It is extremely irresponsible and careless for you to keep addresses, and your reason for doing so is not nearly good enough. If you did need to re-ship it is very simple for you to get the customers details again. In my opinion you have fucked up and you deserve to suffer from the consequences, you jeopardized peoples freedom and for that you don't deserve to have vending privileges.
-
You and your assistant need a good ass fucking.
If i need a reship ill resend my ADDRESS TO U.
FUCK
-
What the fuck point is there of PGP encrypting your name and address to a Vendor if they promptly type it up into a spreadsheet?
Yep. In my view, the safest practice is when plaintext customer addresses never touch storage media. You decrypt them in your PGP app in RAM, you copy them over to your label printer software, and then they are discarded. You don't save them a text file. You don't transfer them on a thumb drive. You don't send them by email.
I understand this is not ideal to certain workflows, but it is ideal from a customer safety perspective.
-
It's interesting that Googleeyed's minion was spraying names and addresses all over the forum a few months back and nothing happened to him (and I bet he's still using shippers and sending the addresses to them) and down the months others have admitted to keeping addresses and they seem to have been ok too, yet this happens to BlueGiraffe.
It is serious but there seems to be an inconsistency here.
I suppose the lesson to be learnt (as it is each time this kind of thing happens) is that if you're using a vendor that uses hired help to process the orders then you are going to be at a greater risk of disclosure, either deliberate or accidental.
Thanks for your supportive words abby. For the record I am comfortable with losing my vendor privileges in this moment. I fucked up and it's appropriate - I'm not arguing it. I am in discussion with DPR and other SR stuff about how best this matter should be dealt with. I cannot be armored here - I must take what comes.
BG
I don't disagree with you but I am disappointed that this penalty is applied indiscriminately. I was reading a post in another thread earlier today where a vendor admits they keep addresses for a month, for probably the same reason you did (to make sure you weren't being asked to send to a different address, which would indicate a scammer) and I suspect they're a much bigger vendor than you and therefore have many more names. Yet I doubt a penalty will be applied to them, despite it being the same breach you were done for.
I'd say a lot of vendors are doing it, it's just very few of them have the gumption to admit it, particularly when things go wrong.
-
Does this mean that he cant continue as a vendor? I dont find his vendor page at least. I was also going to order him soon :'(. Even though i havent made business with him yet, i find him very trustworthy and responsible. Especially after he now admits what has happened. The fact he kept the info of clients was probably a backdoor for him to keep business going even after something would happen to Silk Road. But of course i understand the policy of not doing so and it's for cases exactly like this. Hope he get's everything working - he doesn't deserve this.
Thanks findingcure,
Also for the record my intention was not to keep contact details as a back-door of post SR business if that ever happened. Rather it was my habit of keeping details until confirmed delivery of an order in case there needed to be discussion around a re-ship. And then it was my intention to remove all name and address details but only keep country information so that I would then have useful stats. I did not get a chance to do that before the document was mistakenly leaked. Not condoning anything - just clarifying intention.
And yes, right now he does deserve this. Pirate ships have to be run tightly - it's always been that way.
BG
Thank you for correcting me. I could try to give you advices, but i know i don't need to. If my information would have been in your hands when this happened, i couldn't bring myself to blame you. It doesn't mean i would give that privilege to every vendor, but i would have made exception with you and taken consequences. After all, it wasn't directly you who made the mistake and choices are made in both ways. Even coming here in first place is choice. Understanding that there is many, whom this is bigger problem, i just wanted to shortly give my personal input. You deal the situation the best way you see - i don't need to add anything to that. You have my support.
-
The Reasonably Paranoid Post:
1. BG being a top vendor, having thousands (?) of customers, whose names and usernames with addresses all linked, I believe this would be a major opportunity for INTER-LE to do a massive international crackdown on incriminated users and scare the shit out of everyone else by using the media to say that SR is compromised.
2. Now that so many usernames and real names are tied, LE could easily multiple sexy vendor accounts and see every customer's stats and have that as evidence for all the orders users have made.
3. This fucking sucks but thanks anyway BG for letting us know.
Q: does this mean that we should close our accounts and have them deleted, or at least their history, by SR ?
-
I'm not a customer of BG's but I've seen his presence around here. Obviously, keeping the buyer list and especially having it passed by an intern (or assistant) unencrypted ain't good. THAT being said.. I think people need to relax. A SR username with an address tied to it, with not date/time/order info... is NOT the end of the world. Nothing is going to happen to those people at all. Simply nothing. It proves nothing. Someone could have gone down the phonebook and pulled random names/addresses from allover the country and put random names from the SR forum next to them and created a document for no good reason.
And no, I'm not being sarcastic/funny. There's no proof of anything. Out of the gazillion gigs of data seized (we don't even know if the Tormail emails were even seized or what's even going on), you think 1 list of addresses is going to justify a SWAT team kicking down every door on that list? No!
BlueGiraffe seems to be a standup guy/vendor who immediately took ownership of this snafu. He/she didn't even need to bring this to the attention of DPR/SR/the forum.. nobody would ever be the wiser. I don't think he should loose his vendor privleges at all! Also, get real people.. every single vendor stores buyer information. And vendors, don't say "well I DONT!" because you most probably do.. it streamlines operations and even though it sucks, I think it's an understood. Not to scare people.. but I'm sure other vendors have passed your information around unecrypted at some point too.
Relax, nothing will happen. Everyone needs to be more security conscious with all this fuckery going on with Freedom Hosting etc, and that's about all we can do. Change your passwords, DON'T talk/exchange anything unencrypted, and use common sense.
-
Hey, I just read your statement and have to say, respect for telling the truth, that is a honest move!
BUT
This is ridiculous, I just don't get, why you have to save the addresses for the reship stuff. Maybe it's because of scammers, but I think the safety of your non-scamming customers should be WAY more important than some scammers.
Furthermore, I really hope you instantly fired your new "employee"; if this would've happened outside this (at least we all thought) anonymous environment, she probably would've been killed or at least fucked up big time.
I always had the feeling that you are a very professional vendor, but - as I read in your statement - you seem to trust somebody with such sensitive information, even though the person seems not to have ANY clue about encryption.
Q: does this mean that we should close our accounts and have them deleted, or at least their history, by SR ?
I was thinking about that myself, but this would suck big time (at least if you are somebody that has an account with a lot of transactions).
What if the SR would change the username of everybody that ordered from BG? Or just transfer the history to another account?
Cheers
-
Let's be honest... if you have ordered more than a few times on SR then you can assume that address (and likely product ordered) has already been sent by one of your vendors via TorMail. BG is probably one of the few actually admitting it.
It will be interesting to see how hard LE wants to crack down on users of SR specifically. With the focus of terrorists starting to wane they might start emphasizing crackdowns on drug users and buyers. Hopefully there is just so much info on TorMail that LE can only go for the big guys or can't even disseminate what's going on in the emails. Then again if they've cracked down on TorMail and are going after the "deep web", it's only a matter of time before they stumble on the behemoth that is the Silk Road.
-
Another good reason to never use your real address, not even for domestic....
I am curious... where do you get your stuff sent to? I just moved and am having my orders sent to my old address (where my buddy still lives), seems like a good idea for me not to be there when the packages arrive, right?
-
A few important questions:
Did the spreadsheet contain metadata? If so you might be several degrees of even more fucked.
Did it contain tracking numbers?
We already know that LE records all mail covers in the US. It's safe to say that every one of your customers will now have their mail covers pulled and examined by an analyst (regardless of whether you kept the tracking numbers, but that'd just make the analysis easier).
Did you have in transit shipments? Have you notified those customers that the shipments are compromised by LE and could be CD'd?
-
If you "punish" this BlueGiraffe person by yoinking their account, the next time this happens the vendor won't say anything.
Your label printers can snitch too, they are proprietary blackboxes who knows what kind of memory they keep or information that can be extracted from them.
When I sold stuff I kept note of the amount and then packed everything separating for amounts. I then spawned a truecrypt container on a live CD running in ram only, and pasted the encrypted PGP from SR buyers into an empty text file inside the container and decrypted for immediate printer use. (printer ran in it's own VPN snapshot with no network access). The printer snapshot I kept on an Ironkey drive in a TC container. Afterwards I kept customer info until they received the goods then shred -fvzu -n 3 /home/user/container.txt and never wrote down "1kg MDMA" and instead used codewords. Prob not a foolproof setup but seemed to work. I JTAG attached to my printer and was trying to figure out how to clear flash memory and reverse engineer to see what was going on then got out of the game and destroyed everything. Maybe for lulz I'll buy some more Amazon cheap label printers and see what kind of info they keep around.
-
If you "punish" this BlueGiraffe person by yoinking their account, the next time this happens the vendor won't say anything.
As I said, there are things much worse than losing an account for something like this. Read what I wrote about this before.
SR admins cannot just let the thing go because BG was honest, but s/he still has his/her honor and dignity intact by having done this and much probably all his/her customers. If s/he did otherwise when shit would have hit the fan (and it would, sooner or later) the thing would have been much different.
-
As I said, there are things much worse than losing an account for something like this. Read what I wrote about this before.
I agree.
The WORST thing that could happen is BlueG is persecuted and banned from this site ensuring if this EVER happens again with ANY other vendor they'll simply keep their mouths closed and not warn people to clean house.
That would be the worst outcome.
BlueG needs punishment, BUT I FOR ONE WISH TO PURCHASE FROM HIM.
His misdeed and idiocy is now well known, so buyer beware. If you don't want to order you now know not to. Do not attempt to protect me by culling a Vendor you have no intention of using.
-
The WORST thing that could happen is BlueG is persecuted and banned from this site ensuring if this EVER happens again with ANY other vendor they'll simply keep their mouths closed and not warn people to clean house.
No, the worst thing it can happen to you as a vendor (that's what we are talking about) is to have all your dignity and honor stripped so that nobody will ever buy from you again knowing who you are (and this thing can be linked also to losing your life or other drastic things depending on the circumstances). An example? Infinitesource; now compare that to "losing a vendor account" and which is worse.
Do you REALLY think a vendor can seriously "keep his mouth shout about keeping addresses" so that it will NEVER come out? If you think so then you have a point, but luckily it is not so.
And apart this let me understand, what would you want SR admin to do? To just say: "oh well, since you said that you kept addresses we will just let the thing pass"? Great, now a vendor has just to talk about the rules s/he breaks and nothing will ever come out of it just because the vendor has been "honest"; is this what you want?
Having honor and dignity is NOT a virtue or something you are an hero because of it, it is how things HAVE TO AND MUST be. If you do admit you fucked up (and especially if your client security is at danger) it's not that you need a medal because you admitted it and prevented trouble to your clients, you just did what you HAD to do and if you didn't you were a piece of shit. Those that don't do it just for a sort of temporary self-preservation simply have no honor no dignity and people sooner or later will understand it and then they will be fucked up, but seriously and forever; losing account privileges it's nothing in comparison to something like that.
-
And apart this let me understand, what would you want SR admin to do? To just say: "oh well, since you said that you kept addresses we will just let the thing pass"?
I want them to act as Libertarians.
Certainly suspend the Vendor account and all Customers know about the problem. Then reinstate the account and let well-informed Customers decide if I wish to purchase from them.
If they want to take very strong action they can require, as a continuation of Vendor status, to have a prominent line on his Vendor page briefly explaining the problem and linking to a forum thread about it.
Having honor and dignity is NOT a virtue
To YOU, perhaps. To ME, honour and dignity are virtues, they are virtues I look for in a Vendor, and they are virtues I find in BlueG.
You might not believe as I believe - but my beliefs do not require you to.
-
To YOU, perhaps. To ME, honour and dignity are virtues, they are virtues I look for in a Vendor, and they are virtues I find in BlueG.
You might not believe as I believe - but my beliefs do not require you to.
So to you a vendor that protects his/her clients' security for a personal error is doing a virtuous act and not just what it MUST be done in that situation.
Good to know. For me it should be the norm.
And the fact that my view is the one that's right is proven by the fact that if you admit an error that can fuck other lives yes, you will be punished but possibly nothing much more will come of it (or at last you have a chance) but if you try to hide the thing when shit will hit the fan you will become a target and nobody will give you ANY chance (just because your dignity is lost). So, again, admitting the error is in itself the real way to preserve yourself from greater harm.
You might not believe as I believe - but my beliefs do not require you to.
Good. However stop pretending an SR admin to do a nonsensical thing just because you believe in it.
It is the error that's punished. Admitting or not the error doesn't repair the error itself.
-
so what else does this java thing do other than getting the vpn ip??? my computer cannot detect anything now but can this thing sit and watch me undetected ??
new computer and holiday time i think !!
What this "java thing" does is as follows. It's an unpatched javascript exploit the FBI infected several sites hosted on one provider with. The main part you would have to worry about personally is it creates a browser cookie much like the ones flash applets on websites create, bypassing the normal cookie handling of the browser. The cookie detects when you are surfing on a non tor IP then pings a logging server with your IP address.
This is only a concern for people who use the same browser for their clear and darknet surfing (you shouldn't be). The cookie also does not get created if you use a javascript blocking plugin like Noscript.
-
so what else does this java thing do other than getting the vpn ip??? my computer cannot detect anything now but can this thing sit and watch me undetected ??
new computer and holiday time i think !!
What this "java thing" does is as follows. It's an unpatched javascript exploit the FBI infected several sites hosted on one provider with. The main part you would have to worry about personally is it creates a browser cookie much like the ones flash applets on websites create, bypassing the normal cookie handling of the browser. The cookie detects when you are surfing on a non tor IP then pings a logging server with your IP address.
This is only a concern for people who use the same browser for their clear and darknet surfing (you shouldn't be). The cookie also does not get created if you use a javascript blocking plugin like Noscript.
interesting analysis
-
Hey, I just read your statement and have to say, respect for telling the truth, that is a honest move!
BUT
This is ridiculous, I just don't get, why you have to save the addresses for the reship stuff. Maybe it's because of scammers, but I think the safety of your non-scamming customers should be WAY more important than some scammers.
Furthermore, I really hope you instantly fired your new "employee"; if this would've happened outside this (at least we all thought) anonymous environment, she probably would've been killed or at least fucked up big time.
I always had the feeling that you are a very professional vendor, but - as I read in your statement - you seem to trust somebody with such sensitive information, even though the person seems not to have ANY clue about encryption.
Q: does this mean that we should close our accounts and have them deleted, or at least their history, by SR ?
I was thinking about that myself, but this would suck big time (at least if you are somebody that has an account with a lot of transactions).
What if the SR would change the username of everybody that ordered from BG? Or just transfer the history to another account?
Cheers
I hear you on all of it.
Re changing usernames, I asked DPR about this directly, considering my clients who's details I compromised.
His response (which he's also already sent to someone else who made the request):
"This is not easily done and our policy is to not do it. Normally you would need to start over with a new account. If you want to be 100% secure, that's what you'll need to do, because things like feedback can still be linked to you."
BG
-
A few important questions:
Did the spreadsheet contain metadata? If so you might be several degrees of even more fucked.
Did it contain tracking numbers?
We already know that LE records all mail covers in the US. It's safe to say that every one of your customers will now have their mail covers pulled and examined by an analyst (regardless of whether you kept the tracking numbers, but that'd just make the analysis easier).
Did you have in transit shipments? Have you notified those customers that the shipments are compromised by LE and could be CD'd?
Some minor metadata - but not incriminating. Of course I don't know what deeper levels of metadata there may be that I cannot readily access.
No tracking numbers - we never tracked.
All compromised clients with orders in transit have been notified. And about 80% of the total list have been notified thus far (working from latest to earliest) - balance should be completed in the morning.
-
To YOU, perhaps. To ME, honour and dignity are virtues, they are virtues I look for in a Vendor, and they are virtues I find in BlueG.
You might not believe as I believe - but my beliefs do not require you to.
So to you a vendor that protects his/her clients' security for a personal error is doing a virtuous act and not just what it MUST be done in that situation.
Good to know. For me it should be the norm.
And the fact that my view is the one that's right is proven by the fact that if you admit an error that can fuck other lives yes, you will be punished but possibly nothing much more will come of it (or at last you have a chance) but if you try to hide the thing when shit will hit the fan you will become a target and nobody will give you ANY chance (just because your dignity is lost). So, again, admitting the error is in itself the real way to preserve yourself from greater harm.
You might not believe as I believe - but my beliefs do not require you to.
Good. However stop pretending an SR admin to do a nonsensical thing just because you believe in it.
It is the error that's punished. Admitting or not the error doesn't repair the error itself.
Agreed on all. Communicating in full about this was simply a requirement. I do not consider it virtuous, but necessary in the circumstances (though am very grateful for your words Rocknessie). And I know that admitting the error does not repair it - it just allows more opportunity to manage it. There are still potential and very real consequences. That's my karma to eat...
So it's known, I will accept however this plays - whether I get to continue vending or not. Loosing vending privileges is trivial "punishment" compared to what I am going through emotionally right now.
BG
-
2. I very recently hired a new assistant to help me process orders. She is totally trustworthy and has access to all documentation. However she made a profound error of judgement a couple of days ago.
By the way, I'm honestly a little surprised nobody else has pointed this out: these statements effectively contradict each other. Every one makes mistakes and good help is hard to find and blah-blah-blah, but by (my) definition, her actions have placed her in the "untrustworthy" category. If your story is to be believed, she essentially judged it better to compromise customer security than to delay fulfilling her responsibilities. Of course she meant (mostly) well. So does almost everyone -- doesn't mean I'd trust them.
Just a thought; do with it as you please.
-
2. I very recently hired a new assistant to help me process orders. She is totally trustworthy and has access to all documentation. However she made a profound error of judgement a couple of days ago.
By the way, I'm honestly a little surprised nobody else has pointed this out: these statements effectively contradict each other. Every one makes mistakes and good help is hard to find and blah-blah-blah, but by (my) definition, her actions have placed her in the "untrustworthy" category. If your story is to be believed, she essentially judged it better to compromise customer security than to delay fulfilling her responsibilities. Of course she meant (mostly) well. So does almost everyone -- doesn't mean I'd trust them.
Just a thought; do with it as you please.
Received. I used trustworthy in the sense that she is perfectly honest and has impeccable integrity. What I did not gauge correctly was how "on it" she was around these kinds of things. I do not think she even judged her act fully in the moment - just did what she felt was adequate and appropriate. It was my mistake for creating a circumstance in which this could have happened. I placed her in a space that was out of her depth and I shouldn't have...
-
I don't think there should be any further punishment whatsoever If something happens to his clients or to himself this is already a punishment, (which is really unlikely considering this is only a list of names and addresses, there is much more detailed information about transactions, shipping methods etc on tormail if LE wants some action they will get it, this only the tip of the iceberg). Punishing BG punishes mostly his clients and has no effect on BG because he can start vending with a new account. Only thing we can do is to learn something from the situation - mainly that the rules of SR are meant to protect us all and must be always followed and by everyone, however meaningless or hard it might seem, this is the only way to keep the ship tight and running. I hope everybody learned something today GL and thanks for keeping us updated.
-
"Their" system is broken. That's why "we" go outside of it.
The Silk Road's system is not broken. That's why we shouldn't go outside of it.
BG, I said a prayer for you and yours.
-
Facepalm...
Mad respect for admitting your mistake, but this is scary as hell.
-
Also, I guess I'd like to add that it's not TOTALLY surprising that the Giraffe felt it necessary to guard against buyer scams and/or to be more efficient, (because vendors' feedback is based in part on shipping speed). It obviously wasn't the best of all possible ways, but when you look at the newly-implemented way way back buyer stats (which I find ridiculous) and the number of vendors saying things like "Oh hell no, I don't dare work with anybody who's not on my level," you can start to understand that the vendors are all running around scared to death of being scammed. If this was Blue's way of dealing with that fear, well, then, it sucks; but I get it.
The other fallout from this scandal is that now all kinds of people may be tempted to put in less-than-legit addresses. Let's be honest, the best way for your stuff to arrive safely in your hands is to have it sent to an address you've been receiving mail at for a while (or at least a bit). PGP encryption, stealthing of packages, the fact that (in the US at least) the post can't open anything without a warrant, the lack of proof of intention on the part of the recipient ... all of these are layers of defense insulating the human being at the end of the line. So it should work beautifully. Except now, we've all got our pants in a bunch; and I hope that all sorts of great things don't miss their intended targets because we, in fear, try to outsmart the very good system.
***footnote to that point: There is a story of a young man in New York who stored a lot of MDMA in a storage facility. Which would have been no problem, except he rented that storage unit with a false i.d. The facility sent a bill or something to the person's address that appeared on the i.d., and from there, things got fucked. It went something like this. That person contacted the facility saying he didn't have anything there, the facility got suspicious, the police got involved, the unit got raided, they found a bunch of pills, the police then waited for the guys to show up to pick up some or all of those pills, and one of the heroes (the E dealers) ended up panicking in jail and killing himself, in part because NY State has got some of the most draconian laws against consciousness-altering substances of which they do not approve. Let this tragedy not be in vain. My heart goes out to that kid, his partner, and their families; and here we see prohibition and the State implicated in yet another needless, horrible death. But let's remember: you can out-smart yourself.***
I guess it comes down to fear. We do tend toward a lot of freaking out here --over our legality, money, reputation-- and I could see how some of us could do stupid stuff, like keep all our addresses in case of reship, out of that ever-present anxiety.
But fear is the mind-killer. We've got to keep it together here, brothers and sisters! There are many ways to do it right, but let's do it right!
-
*Double facepalm* Doh, she's fired then.
-
Facepalm...
Mad respect for admitting your mistake, but this is scary as hell.
My thoughts exactly!
-
For future reference to all vendors reading this.
Please delay my order as long as needed in order to avoid sending it unencrypted through an unsafe email.
-
IMHO I think only his big buyers have anything to worry about. First of all tormail had a lot of accounts and will take a lot of time to sort through and second they don't have the time or effort to go after all the little guys. At worst I think the small buyers may just have their addresses forwarded to local authorities for possible watchout of suspicious deliveries but I would think that is it at worst.
Good form in coming public with it, I think most would not expect such truthful behavior from a drug dealer, however that was a pretty big fuckup.
-
can't imagine coming clean like you did. way to go there.
-
IMHO I think only his big buyers have anything to worry about. First of all tormail had a lot of accounts and will take a lot of time to sort through and second they don't have the time or effort to go after all the little guys. At worst I think the small buyers may just have their addresses forwarded to local authorities for possible watchout of suspicious deliveries but I would think that is it at worst.
Good form in coming public with it, I think most would not expect such truthful behavior from a drug dealer, however that was a pretty big fuckup.
The problem is that there will be no way for LE to know who was a big buyer and who got the smallest quantity. Somewhat ironically, this may work in favor of those whose name is on the list.
I don't mean to sound cocky, but I have a hard time picturing the FBI contacting local police departments all over the world to say: "hey, we found so-and-so's name in an email on a darknet server, would you mind putting them under surveillance and contacting the postal outfit to watch their mail?" Where would the money/justification come from to implement such costly investigations on nothing more than a hunch? For all we know, there could be thousands of similar lists, many of which could be total hoaxes.
None of this is meant to say this wasn't a huge screw-up, or to say that I'm sure that no harm will come of it. I hesitated for a long time before deciding to post in this thread. I'm a lot less confident today than I was 24 hours ago!
-
If those names and addresses are next to/linked to SR usernames you literally dox'd a good portion of SR users. I don't know how many customers you actually had but the FBI just got an erection reading this thread to begin with, and definitely will consider checking up on these people and the tormail server.
Sigh.
-
If it ever comes to pass, by a similar event this will be how SR goes down, not by external buggery but from within.
-
I'm not being funny here, BG kept all the addresses from way back. Now what if FH hadn't been compromised? He would be sitting there still with all that info in his system. Because he never got" round to deleting them." Yeah right, you had to tell people because the feds will come barging through their doors anyway. You had no choice, so sorry but how is that admirable. Your lying anyway. Reships, don't make me laugh, you have no right to "Assume" I'm still living in the address I give you. I will tell YOU if it's the address. Now you should be outright banned, BC got banned for a jenkem joke. Please don't act like you are doing us a favour, when you had no choice. All the people admiring BG's Honesty, yeah wait till you get kicked out of bed a 6am, and put in handcuffs.
-
Posting to subscribe. I'm sure every vendor I've ever ordered from has my name and address saved. I wish they didn't but there's no compelling reason (from their point of view) not to keep that info, so I presume they all do.
-
Hey, I just read your statement and have to say, respect for telling the truth, that is a honest move!
BUT
This is ridiculous, I just don't get, why you have to save the addresses for the reship stuff. Maybe it's because of scammers, but I think the safety of your non-scamming customers should be WAY more important than some scammers.
Furthermore, I really hope you instantly fired your new "employee"; if this would've happened outside this (at least we all thought) anonymous environment, she probably would've been killed or at least fucked up big time.
I always had the feeling that you are a very professional vendor, but - as I read in your statement - you seem to trust somebody with such sensitive information, even though the person seems not to have ANY clue about encryption.
Q: does this mean that we should close our accounts and have them deleted, or at least their history, by SR ?
I was thinking about that myself, but this would suck big time (at least if you are somebody that has an account with a lot of transactions).
What if the SR would change the username of everybody that ordered from BG? Or just transfer the history to another account?
Cheers
I hear you on all of it.
Re changing usernames, I asked DPR about this directly, considering my clients who's details I compromised.
His response (which he's also already sent to someone else who made the request):
"This is not easily done and our policy is to not do it. Normally you would need to start over with a new account. If you want to be 100% secure, that's what you'll need to do, because things like feedback can still be linked to you."
BG
That's weird coming from DPR, knowing how he seems to be so cautious about everything, that's actually quite a careless attitude. Depending on how many customers BG has dealt with, overlooking this issue might end in a severe blow to SR. Changing usernames being not easily done is one thing, but it being "not our policy" is another. So it's not Sr's policy to to do its best to protect customers and more importantly, to protect Silk Road ? Does DPR realizes that if Interpol decides to crackdown on all of BG's customers, this might result in extremely bad publicity for the Road ?
And how does starting a new account erases my previous account's history ?
-
That's weird coming from DPR, knowing how he seems to be so cautious about everything, that's actually quite a careless attitude. Depending on how many customers BG has dealt with, overlooking this issue might end in a severe blow to SR. Changing usernames being not easily done is one thing, but it being "not our policy" is another. So it's not Sr's policy to to do its best to protect customers and more importantly, to protect Silk Road ? Does DPR realizes that if Interpol decides to crackdown on all of BG's customers, this might result in extremely bad publicity for the Road ?
And how does starting a new account erases my previous account's history ?
I'm sure DPR understands that - hence the rule about storing addresses etc. The point is, the only way to be 100% secure is an entirely new account - no links at all with the old one. Changing names helps no one. So stats have to be lost.
If you need to prove an old login is yours, use your old private key to sign a PM to a vendor.
-
A new assistant who is totally trustworthy? First off it seems that the only method she know is Tormail. I think most people here know what happened to Tormail or Freedom Hosting.
I appreciate BlueGiraffe as a very honest vendor, thumbs-up for this. It is better to have a vendor blatantly point out his own shortcoming than a dishonest vendor who keeps addresses in an unsafe way, and gets busted without notice.
Hopefully BG doesn't commit the same mistake again. Good luck.
-
BlueGiraffe. Thanks for letting us know. This being said, I would still knock your teeth out, if I could.
Don't bother pulling up a new PGP for your next vendor account. It's a total waste of time for all of us, obviously.
Would you be so kind and delete that fucking spreadsheet now? I couldn't inflict myself upon a 5 page read of congratulation to an honest move, that don't excuse blatant frivolous, thoughtless and light handed actions, to find out if you did delete that after all.
Thanks for all the hindsight, too.
Peace out.
Jason
-
I'm not being funny here, BG kept all the addresses from way back. Now what if FH hadn't been compromised? He would be sitting there still with all that info in his system. Because he never got" round to deleting them." Yeah right, you had to tell people because the feds will come barging through their doors anyway. You had no choice, so sorry but how is that admirable. Your lying anyway. Reships, don't make me laugh, you have no right to "Assume" I'm still living in the address I give you. I will tell YOU if it's the address. Now you should be outright banned, BC got banned for a jenkem joke. Please don't act like you are doing us a favour, when you had no choice. All the people admiring BG's Honesty, yeah wait till you get kicked out of bed a 6am, and put in handcuffs.
Thanks for the support but these are two separate incidents. I still don't really agree with getting banned, but this is some bad news.
-
I think everyone should be realistic. Im willing to bet at least half of all vendors keep records of their clientelle. Why wouldnt they? They have to watch their own ass just as much as you have to watch yours. This guy just happened to get caught with his pants down, and did everything in his power to keep everyo9ne informed of the incident. I say learn from it and carry on.
-
I think everyone should be realistic. Im willing to bet at least half of all vendors keep records of their clientelle. Why wouldnt they? They have to watch their own ass just as much as you have to watch yours. This guy just happened to get caught with his pants down, and did everything in his power to keep everyo9ne informed of the incident. I say learn from it and carry on.
Storing information that can incriminate both yourself and your clientelle doesn't sound like a good way to watch your own ass, more like a good way to be lazy. People are lazy though, so chances are that a lot of other vendors definitely do this as well.
-
I'm so glad BG admitted to his mistake. I don't know how many vendors would have admitted a mistake like that and it seems to be a totally unlikely chain of events. I agree that he shouldn't have kept addresses especially once the order had been finalised but then I understand that there are a lot of people scamming on the road and you need to protect your assets when dealing with so many people...
-
While admirable BG admitted his mistake, shouldn't this have been handled privately? Now that it has been talked about in the forum, it is guaranteed that someone is aggressively looking for it. If it hadn't been mentioned, LE might have not put 2 and 2 together.
-
If he hadn't then you can guarantee there would have been multiple threads about it. Someone who received the email posted the contents in a completely unrelated thread as soon as they got it, despite the contents of the message giving a link to this thread.
One way or another, it would have become public.
-
While admirable BG admitted his mistake, shouldn't this have been handled privately? Now that it has been talked about in the forum, it is guaranteed that someone is aggressively looking for it. If it hadn't been mentioned, LE might have not put 2 and 2 together.
I'm pretty sure the FBI knows who bluegiraffe@tormail.org is without having to look at these forums... There were probably unencrypted SR-related messages sent to his email too so the FBI will put 2 and 2 together anyway.
-
"Their" system is broken. That's why "we" go outside of it.
The Silk Road's system is not broken. That's why we shouldn't go outside of it.
BG, I said a prayer for you and yours.
Thank you.
-
*Double facepalm* Doh, she's fired then.
Actually yes. I placed her in the wrong position. This has been corrected.
-
I'm not being funny here, BG kept all the addresses from way back. Now what if FH hadn't been compromised? He would be sitting there still with all that info in his system. Because he never got" round to deleting them." Yeah right, you had to tell people because the feds will come barging through their doors anyway. You had no choice, so sorry but how is that admirable. Your lying anyway. Reships, don't make me laugh, you have no right to "Assume" I'm still living in the address I give you. I will tell YOU if it's the address. Now you should be outright banned, BC got banned for a jenkem joke. Please don't act like you are doing us a favour, when you had no choice. All the people admiring BG's Honesty, yeah wait till you get kicked out of bed a 6am, and put in handcuffs.
I'm being totally honest in my communication here - I have no choice. In the same way that I had no choice but to warn people. You're correct on that score. And whatever consequence might flow from that is secondary. If I'm banned I accept that, and I knew that was a likely possibility before I spoke.
Regarding keeping addresses for re-ships, I've already re-calibrated that point of view. An experience like this has a way of doing that. Were I to be allowed to continue vending here I would not keep any address for even a moment past printing the label - that you can be deathly certain of. Industrial strength lesson learned. Given what has just taken place, and the acute and painful responsibility I feel for putting so many people at risk, and even just for stressing them out, I feel I can say with certainty that I have become the vendor probably least likely to ever do this again.
And to be clear I'm certainly not "acting like I'm doing you a favour" nor am I feeling that. I fucked up. I had to make right and make a full communication. It was the only moral choice that could be made. And so I did. But I still feel like a total cunt for fucking up in the first place. Just so you know...
And JohnTheBaptist, I honestly thank you for what you have just written. Staying present and responsive and taking the heat is necessary for my own soul right now. Receiving each one's criticism without flinching (too much) is healing. And necessary in the circumstances. At heart you are all my crew - and this is very very personal for me...
BG
-
I'm not being funny here, BG kept all the addresses from way back. Now what if FH hadn't been compromised? He would be sitting there still with all that info in his system. Because he never got" round to deleting them." Yeah right, you had to tell people because the feds will come barging through their doors anyway. You had no choice, so sorry but how is that admirable. Your lying anyway. Reships, don't make me laugh, you have no right to "Assume" I'm still living in the address I give you. I will tell YOU if it's the address. Now you should be outright banned, BC got banned for a jenkem joke. Please don't act like you are doing us a favour, when you had no choice. All the people admiring BG's Honesty, yeah wait till you get kicked out of bed a 6am, and put in handcuffs.
I'm being totally honest in my communication here - I have no choice. In the same way that I had no choice but to warn people. You're correct on that score. And whatever consequence might flow from that is secondary. If I'm banned I accept that, and I knew that was a likely possibility before I spoke.
Regarding keeping addresses for re-ships, I've already re-calibrated that point of view. An experience like this has a way of doing that. Were I to be allowed to continue vending here I would not keep any address for even a moment past printing the label - that you can be deathly certain of. Industrial strength lesson learned. Given what has just taken place, and the acute and painful responsibility I feel for putting so many people at risk, and even just for stressing them out, I feel I can say with certainty that I have become the vendor probably least likely to ever do this again.
And to be clear I'm certainly not "acting like I'm doing you a favour" nor am I feeling that. I fucked up. I had to make right and make a full communication. It was the only moral choice that could be made. And so I did. But I still feel like a total cunt for fucking up in the first place. Just so you know...
And JohnTheBaptist, I honestly thank you for what you have just written. Staying present and responsive and taking the heat is necessary for my own soul right now. Receiving each one's criticism without flinching (too much) is healing. And necessary in the circumstances. At heart you are all my crew - and this is very very personal for me...
BG
-
BlueGiraffe. Thanks for letting us know. This being said, I would still knock your teeth out, if I could.
Don't bother pulling up a new PGP for your next vendor account. It's a total waste of time for all of us, obviously.
Would you be so kind and delete that fucking spreadsheet now? I couldn't inflict myself upon a 5 page read of congratulation to an honest move, that don't excuse blatant frivolous, thoughtless and light handed actions, to find out if you did delete that after all.
Thanks for all the hindsight, too.
Peace out.
Jason
I know dude. I would stand still for the punch. Everything sensitive is deleted.
-
I'm not being funny here, BG kept all the addresses from way back. Now what if FH hadn't been compromised? He would be sitting there still with all that info in his system. Because he never got" round to deleting them." Yeah right, you had to tell people because the feds will come barging through their doors anyway. You had no choice, so sorry but how is that admirable. Your lying anyway. Reships, don't make me laugh, you have no right to "Assume" I'm still living in the address I give you. I will tell YOU if it's the address. Now you should be outright banned, BC got banned for a jenkem joke. Please don't act like you are doing us a favour, when you had no choice. All the people admiring BG's Honesty, yeah wait till you get kicked out of bed a 6am, and put in handcuffs.
I'm being totally honest in my communication here - I have no choice. In the same way that I had no choice but to warn people. You're correct on that score. And whatever consequence might flow from that is secondary. If I'm banned I accept that, and I knew that was a likely possibility before I spoke.
Regarding keeping addresses for re-ships, I've already re-calibrated that point of view. An experience like this has a way of doing that. Were I to be allowed to continue vending here I would not keep any address for even a moment past printing the label - that you can be deathly certain of. Industrial strength lesson learned. Given what has just taken place, and the acute and painful responsibility I feel for putting so many people at risk, and even just for stressing them out, I feel I can say with certainty that I have become the vendor probably least likely to ever do this again.
And to be clear I'm certainly not "acting like I'm doing you a favour" nor am I feeling that. I fucked up. I had to make right and make a full communication. It was the only moral choice that could be made. And so I did. But I still feel like a total cunt for fucking up in the first place. Just so you know...
And JohnTheBaptist, I honestly thank you for what you have just written. Staying present and responsive and taking the heat is necessary for my own soul right now. Receiving each one's criticism without flinching (too much) is healing. And necessary in the circumstances. At heart you are all my crew - and this is very very personal for me...
BG
I understand, maybe I could of worded my reply a bit more empathetic. I'm sure you were a great vendor, and you have been an asset to the community. Until I open a vendor account, I have no idea of the stresses and measures that have to be taken on a daily basis. Like someone else pointed out I think you have been scolded enough, and there's nothing we can say,or bring to your attention you don't already know, or haven't already addressed. Shit happens, and we all make mistakes, you have lost enough for your mistake already. Hope fully you can build on this, as at least your prospective customers will know for a fact you're 100% honest.
-
I'm not being funny here, BG kept all the addresses from way back. Now what if FH hadn't been compromised? He would be sitting there still with all that info in his system. Because he never got" round to deleting them." Yeah right, you had to tell people because the feds will come barging through their doors anyway. You had no choice, so sorry but how is that admirable. Your lying anyway. Reships, don't make me laugh, you have no right to "Assume" I'm still living in the address I give you. I will tell YOU if it's the address. Now you should be outright banned, BC got banned for a jenkem joke. Please don't act like you are doing us a favour, when you had no choice. All the people admiring BG's Honesty, yeah wait till you get kicked out of bed a 6am, and put in handcuffs.
Thanks for the support but these are two separate incidents. I still don't really agree with getting banned, but this is some bad news.
Off topic but I missed this. Why were you banned for a joke? Seems overboard.
-
Not to make light of the situation, but I feel this is a salient point to make: GHB is Schedule IV in the US and class C in the UK. Aren't there going to be more interesting TorMail accounts to be trawling through, like someone selling Schedule I or Class A substances in large amounts? I would imagine US LE are more interested in stopping large amounts of Schedule I substances from crossing into their jurisdiction, especially since a Schedule I bust would gain them more brownie points. Just a thought.
-
While admirable BG admitted his mistake, shouldn't this have been handled privately? Now that it has been talked about in the forum, it is guaranteed that someone is aggressively looking for it. If it hadn't been mentioned, LE might have not put 2 and 2 together.
I thought about it and that should have been the more mature way to deal with it. But I guess BG thought that it would be better to let the whole community know at once instead of sending private messages to thoughts of customers.
The chances are that it might not have leaked and that is my only hope here.
I considered this point carefully, and understood that posting in the forum was double-edged. My primary motivation was that I wanted my clients to be notified as quickly as possible in case there was a high-speed response from LE. I knew that sending individual PM's would take some time and I wanted to act immediately. I did ask DPR if there was an option to do a mass mail but there was not. If there was I probably would not have posted in the forum at all.
But it's been done now - so be it.
-
While admirable BG admitted his mistake, shouldn't this have been handled privately? Now that it has been talked about in the forum, it is guaranteed that someone is aggressively looking for it. If it hadn't been mentioned, LE might have not put 2 and 2 together.
I'm pretty sure the FBI knows who bluegiraffe@tormail.org is without having to look at these forums... There were probably unencrypted SR-related messages sent to his email too so the FBI will put 2 and 2 together anyway.
The mailbox concerned was not bluegiraffe@tormail.org, nor in any way related to it through sends/receives. That was deliberate on my part from the beginning. So that helps to a degree. That said, they will probably trawl through everything in time. I would if I was them...
-
I'm not being funny here, BG kept all the addresses from way back. Now what if FH hadn't been compromised? He would be sitting there still with all that info in his system. Because he never got" round to deleting them." Yeah right, you had to tell people because the feds will come barging through their doors anyway. You had no choice, so sorry but how is that admirable. Your lying anyway. Reships, don't make me laugh, you have no right to "Assume" I'm still living in the address I give you. I will tell YOU if it's the address. Now you should be outright banned, BC got banned for a jenkem joke. Please don't act like you are doing us a favour, when you had no choice. All the people admiring BG's Honesty, yeah wait till you get kicked out of bed a 6am, and put in handcuffs.
Thanks for the support but these are two separate incidents. I still don't really agree with getting banned, but this is some bad news.
Off topic but I missed this. Why were you banned for a joke? Seems overboard.
Yes. I was banned for a joke. My account was suspended for basically threatening to send a scammer a fermenting bag of shit with a Xanax bar in it. Considering if I was serious I would have done it secretly, and not posted a thread about it, I find my ban retarded and so do a good 90% of the community. But I'm not trying to thread jack. Just saw it come up.
Should my Account have been Banned?
http://dkn255hz262ypmii.onion/index.php?topic=193372.0
Anyway. BlueGiraffe you're a cool and knowledgeable dude/lady and I hope you can sort your affairs out. I never ordered from you but I like your harm reduction approach and posts and can tell you feel like a complete and total fuck-up. Much condolences considering your operation was more successful and larger than mine and I'm still trying to get my house in order. I would have taken a bunch of benzos and cried in a corner for two days in your situation.
-
I'm not being funny here, BG kept all the addresses from way back. Now what if FH hadn't been compromised? He would be sitting there still with all that info in his system. Because he never got" round to deleting them." Yeah right, you had to tell people because the feds will come barging through their doors anyway. You had no choice, so sorry but how is that admirable. Your lying anyway. Reships, don't make me laugh, you have no right to "Assume" I'm still living in the address I give you. I will tell YOU if it's the address. Now you should be outright banned, BC got banned for a jenkem joke. Please don't act like you are doing us a favour, when you had no choice. All the people admiring BG's Honesty, yeah wait till you get kicked out of bed a 6am, and put in handcuffs.
I'm being totally honest in my communication here - I have no choice. In the same way that I had no choice but to warn people. You're correct on that score. And whatever consequence might flow from that is secondary. If I'm banned I accept that, and I knew that was a likely possibility before I spoke.
Regarding keeping addresses for re-ships, I've already re-calibrated that point of view. An experience like this has a way of doing that. Were I to be allowed to continue vending here I would not keep any address for even a moment past printing the label - that you can be deathly certain of. Industrial strength lesson learned. Given what has just taken place, and the acute and painful responsibility I feel for putting so many people at risk, and even just for stressing them out, I feel I can say with certainty that I have become the vendor probably least likely to ever do this again.
And to be clear I'm certainly not "acting like I'm doing you a favour" nor am I feeling that. I fucked up. I had to make right and make a full communication. It was the only moral choice that could be made. And so I did. But I still feel like a total cunt for fucking up in the first place. Just so you know...
And JohnTheBaptist, I honestly thank you for what you have just written. Staying present and responsive and taking the heat is necessary for my own soul right now. Receiving each one's criticism without flinching (too much) is healing. And necessary in the circumstances. At heart you are all my crew - and this is very very personal for me...
BG
I understand, maybe I could of worded my reply a bit more empathetic. I'm sure you were a great vendor, and you have been an asset to the community. Until I open a vendor account, I have no idea of the stresses and measures that have to be taken on a daily basis. Like someone else pointed out I think you have been scolded enough, and there's nothing we can say,or bring to your attention you don't already know, or haven't already addressed. Shit happens, and we all make mistakes, you have lost enough for your mistake already. Hope fully you can build on this, as at least your prospective customers will know for a fact you're 100% honest.
Thanks bro.
-
I'm not being funny here, BG kept all the addresses from way back. Now what if FH hadn't been compromised? He would be sitting there still with all that info in his system. Because he never got" round to deleting them." Yeah right, you had to tell people because the feds will come barging through their doors anyway. You had no choice, so sorry but how is that admirable. Your lying anyway. Reships, don't make me laugh, you have no right to "Assume" I'm still living in the address I give you. I will tell YOU if it's the address. Now you should be outright banned, BC got banned for a jenkem joke. Please don't act like you are doing us a favour, when you had no choice. All the people admiring BG's Honesty, yeah wait till you get kicked out of bed a 6am, and put in handcuffs.
Thanks for the support but these are two separate incidents. I still don't really agree with getting banned, but this is some bad news.
Off topic but I missed this. Why were you banned for a joke? Seems overboard.
Yes. I was banned for a joke. My account was suspended for basically threatening to send a scammer a fermenting bag of shit with a Xanax bar in it. Considering if I was serious I would have done it secretly, and not posted a thread about it, I find my ban retarded and so do a good 90% of the community. But I'm not trying to thread jack. Just saw it come up.
Should my Account have been Banned?
http://dkn255hz262ypmii.onion/index.php?topic=193372.0
Anyway. BlueGiraffe you're a cool and knowledgeable dude/lady and I hope you can sort your affairs out. I never ordered from you but I like your harm reduction approach and posts and can tell you feel like a complete and total fuck-up. Much condolences considering your operation was more successful and larger than mine and I'm still trying to get my house in order. I would have taken a bunch of benzos and cried in a corner for two days in your situation.
Thanks for your very kind words BC. I did cry a lot actually - but stayed straight. I only get high when I'm already happy ;)
-
Hay BG.
Despite the fact that you were our only real competition (kind of, you sold the finished product & we only sell the fixin's), or maybe because of it? It's really sad to see you go.
Always wanted to try your GHB. And secretly hoped you were buying your GBL from us.
Kisses. Stay safe.
-
I'm not being funny here, BG kept all the addresses from way back. Now what if FH hadn't been compromised? He would be sitting there still with all that info in his system. Because he never got" round to deleting them." Yeah right, you had to tell people because the feds will come barging through their doors anyway. You had no choice, so sorry but how is that admirable. Your lying anyway. Reships, don't make me laugh, you have no right to "Assume" I'm still living in the address I give you. I will tell YOU if it's the address. Now you should be outright banned, BC got banned for a jenkem joke. Please don't act like you are doing us a favour, when you had no choice. All the people admiring BG's Honesty, yeah wait till you get kicked out of bed a 6am, and put in handcuffs.
this
-
Hay BG.
Despite the fact that you were our only real competition (kind of, you sold the finished product & we only sell the fixin's), or maybe because of it? It's really sad to see you go.
Always wanted to try your GHB. And secretly hoped you were buying your GBL from us.
Kisses. Stay safe.
Sadly we weren't - have our own supply :)
Maybe the Gods will smile and you will have the opportunity to try it some time - I hear it's pretty good ;)
Thanks for your blessing...
-
I'm not being funny here, BG kept all the addresses from way back. Now what if FH hadn't been compromised? He would be sitting there still with all that info in his system. Because he never got" round to deleting them." Yeah right, you had to tell people because the feds will come barging through their doors anyway. You had no choice, so sorry but how is that admirable. Your lying anyway. Reships, don't make me laugh, you have no right to "Assume" I'm still living in the address I give you. I will tell YOU if it's the address. Now you should be outright banned, BC got banned for a jenkem joke. Please don't act like you are doing us a favour, when you had no choice. All the people admiring BG's Honesty, yeah wait till you get kicked out of bed a 6am, and put in handcuffs.
Thanks for the support but these are two separate incidents. I still don't really agree with getting banned, but this is some bad news.
Off topic but I missed this. Why were you banned for a joke? Seems overboard.
Yes. I was banned for a joke. My account was suspended for basically threatening to send a scammer a fermenting bag of shit with a Xanax bar in it. Considering if I was serious I would have done it secretly, and not posted a thread about it, I find my ban retarded and so do a good 90% of the community. But I'm not trying to thread jack. Just saw it come up.
Should my Account have been Banned?
http://dkn255hz262ypmii.onion/index.php?topic=193372.0
Anyway. BlueGiraffe you're a cool and knowledgeable dude/lady and I hope you can sort your affairs out. I never ordered from you but I like your harm reduction approach and posts and can tell you feel like a complete and total fuck-up. Much condolences considering your operation was more successful and larger than mine and I'm still trying to get my house in order. I would have taken a bunch of benzos and cried in a corner for two days in your situation.
bruce you were banned for keeping a customers address...also for being a general dumbass
-
Does this mean we will never get to see the fancy full spectrum mescaline concoction you got us all excited about in the other thread? :'(
-
bruce you were banned for keeping a customers address...also for being a general dumbass
This leap everyone makes from not deleting an unsolicited message someone else sent with their address to keeping a customer's address is ridiculous.
If SR banned every vendor that didn't delete the address of their customer's the second they read it every vendor on SR would be banned.
Only difference here is BC admitted it in the forums.
Apparently this is the final straw for SR. Do anything you want as long as you don't tell the forums.
Tell the forums = instant ban both for BC and BG.
Way to set the precedent SR!!!
-
I don't like this Quazee gentleman. Please contract dysentery and have an underlying opiate addiction, suffer withdrawal and slowly shit yourself to death.
-
I think everyone should be realistic. Im willing to bet at least half of all vendors keep records of their clientelle. Why wouldnt they? They have to watch their own ass just as much as you have to watch yours. This guy just happened to get caught with his pants down, and did everything in his power to keep everyo9ne informed of the incident. I say learn from it and carry on.
Storing information that can incriminate both yourself and your clientelle doesn't sound like a good way to watch your own ass, more like a good way to be lazy. People are lazy though, so chances are that a lot of other vendors definitely do this as well.
As a vendor, why would I want to keep a list of all the crimes that I have committed? I would hope that most vendors realize that they are the person who is most implicated by keeping such a list and therefore choose not to do it.
-
Drug enforcement agency's wet dream right here boys.
-
bruce you were banned for keeping a customers address...also for being a general dumbass
This leap everyone makes from not deleting an unsolicited message someone else sent with their address to keeping a customer's address is ridiculous.
If SR banned every vendor that didn't delete the address of their customer's the second they read it every vendor on SR would be banned.
Only difference here is BC admitted it in the forums.
Apparently this is the final straw for SR. Do anything you want as long as you don't tell the forums.
Tell the forums = instant ban both for BC and BG.
Way to set the precedent SR!!!
Yeah I think the site admins can get far too jobs-worthy, banging the rule book while not looking at the bigger picture. In Bruce's case the guy was not a client or customer he sent his address unsolicited after blatantly scamming in the forums. AS for Blue Giraffe it's a different story entirely, s/he seems like a decent person but keeping a huge database of all-time customer addresses, well, it scares the living shit out of me. That said, you know what they say- act in haste, repent at leisure. Yes s/he manned up & admitted it both to DPR internally and here and I have no idea what emotional turmoil BG's going through right now but they should not be allowed to keep selling. It's a monumental abuse of trust and endangering SR customers' security in that way can and should not be overlooked. But hugs to BG and their customers.
-
Drug enforcement agency's wet dream right here boys.
SOD and the FBI got their little pink nubs all hot and frothy over this one...
But keep the Bruce drama in the numerous Bruce threads and let BlueGiraffe have his catharsis in peace and not clutter this thread up with some trivial drama guys. Sorry BG.
-
Huge props for admitting your mistake, BlueGiraffe. But you really really did fuck up. There is absolutely no reason you should have kept that data, encrypted or not. Pure fail. You obviously know that tho, and are taking every step to repair any damage you may have done. That is great to see - many certainly would have just kept their mouths shut.
I am sorry this happened, but BG made his own bed, and unfortunately its his customers that now have to lay in it.
-
I am one of BlueGiraffe clients. I did recieve this letter also...
BlueGiraffe is a good vendor with top quality products.
Im not exactly thrilled that an sr user name and my address would be in his bank but it is what it is.
I know he didnt do it because he is a bad guy or anything....I mean this guy bent over backwards for me.....this is a real big issue but I will purchase from BlueGiraffe again as long as I know hes changed his ways
he is a good guy. he made a mistake. it sux for all of us, and it directly affects me. With that being said I know that all we can do is keep on going ...
-
I'm not being funny here, BG kept all the addresses from way back. Now what if FH hadn't been compromised? He would be sitting there still with all that info in his system. Because he never got" round to deleting them." Yeah right, you had to tell people because the feds will come barging through their doors anyway. You had no choice, so sorry but how is that admirable. Your lying anyway. Reships, don't make me laugh, you have no right to "Assume" I'm still living in the address I give you. I will tell YOU if it's the address. Now you should be outright banned, BC got banned for a jenkem joke. Please don't act like you are doing us a favour, when you had no choice. All the people admiring BG's Honesty, yeah wait till you get kicked out of bed a 6am, and put in handcuffs.
Thanks for the support but these are two separate incidents. I still don't really agree with getting banned, but this is some bad news.
Off topic but I missed this. Why were you banned for a joke? Seems overboard.
Yes. I was banned for a joke. My account was suspended for basically threatening to send a scammer a fermenting bag of shit with a Xanax bar in it. Considering if I was serious I would have done it secretly, and not posted a thread about it, I find my ban retarded and so do a good 90% of the community. But I'm not trying to thread jack. Just saw it come up.
Should my Account have been Banned?
http://dkn255hz262ypmii.onion/index.php?topic=193372.0
Anyway. BlueGiraffe you're a cool and knowledgeable dude/lady and I hope you can sort your affairs out. I never ordered from you but I like your harm reduction approach and posts and can tell you feel like a complete and total fuck-up. Much condolences considering your operation was more successful and larger than mine and I'm still trying to get my house in order. I would have taken a bunch of benzos and cried in a corner for two days in your situation.
bruce you were banned for keeping a customers address...also for being a general dumbass
Who asked you? And FYI, Bruce wasn't banned for that The address was sent out of the system, unencrypted, and a joke spawned from that. But yes lets keep it about BG, I have already admitted BG has done more for the community than me, so who am I to criticize ? But he answered all of us, whether we are newbs or not. As I said at least he's honest and in the drug game that's a valuable commodity.
-
Does this mean we will never get to see the fancy full spectrum mescaline concoction you got us all excited about in the other thread? :'(
Collateral damage. Anyway, any of BG customers shouldn't be ordering anything for a while now...
-
Is it names, addresses and SR usernames?
Yes, they can be linked with minor effort.
Does that include the lottery winners or only paying customers?
To be honest, I'm not hugely worried, as abby says I reckon it would only be the repeat customers who'll receive a visit from LE (assuming your TorMail account is even of interest to LE, it might not be). Have you otherwise openly discussed your vending activities, unencrypted, on the account?
Lottery winners are listed but without any connection to a SR username.
Everything else is PGP encrypted in there - this is the only thing that is not.
Why the fuck would you keep an entire list of addresses and SR usernames of every single person who ordered from you? That is horribly insecure and fucking idiotic to say the least. Not only this but you share them with arbitrary other people who clearly don't even know what encryption is, and passed around the internet? Clearly nobody should ever do business with you ever again. After a vendor sends me something I expect my address to vanish instantly, never should it be stored unencrypted! At the very least you should have used a fucking salted hash list to store the addresses for confirmation and told people reships need to be to the same address. Then only a salted hash list would have leaked out.
-
Terrible that this had to happen like this and I'm sure it's more common than most people would like to believe. Complacency is the worst especially for a place like SR. I'd hope vendors that do what BG has done will learn from this experience and better protect both the customers and themselves.
-
AS for Blue Giraffe it's a different story entirely, s/he seems like a decent person but keeping a huge database of all-time customer addresses, well, it scares the living shit out of me. That said, you know what they say- act in haste, repent at leisure. Yes s/he manned up & admitted it both to DPR internally and here and I have no idea what emotional turmoil BG's going through right now but they should not be allowed to keep selling. It's a monumental abuse of trust and endangering SR customers' security in that way can and should not be overlooked. But hugs to BG and their customers.
This is not a Libertarian move. You are being Reactionary. Literally. BG is not a scammer (we can all agree) so any future orders should be permitted if his clients are aware of the situation.
I want this site to ban scammers and to inform customers of any problems with Vendors. But I want it to act in a Libertarian manner too.
Remember "Libertarianism" before calling for a ban. A ban should exist for premeditated MALICE not an act of INCOMPETENCE.
If YOU don't ever want to buy from BG that's YOUR decision and I respect it.
I do not need or require or want you to make that decision for ME on my behalf.
-
Is it names, addresses and SR usernames?
Yes, they can be linked with minor effort.
Does that include the lottery winners or only paying customers?
To be honest, I'm not hugely worried, as abby says I reckon it would only be the repeat customers who'll receive a visit from LE (assuming your TorMail account is even of interest to LE, it might not be). Have you otherwise openly discussed your vending activities, unencrypted, on the account?
Lottery winners are listed but without any connection to a SR username.
Everything else is PGP encrypted in there - this is the only thing that is not.
Why the fuck would you keep an entire list of addresses and SR usernames of every single person who ordered from you? That is horribly insecure and fucking idiotic to say the least. Not only this but you share them with arbitrary other people who clearly don't even know what encryption is, and passed around the internet? Clearly nobody should ever do business with you ever again. After a vendor sends me something I expect my address to vanish instantly, never should it be stored unencrypted! At the very least you should have used a fucking salted hash list to store the addresses for confirmation and told people reships need to be to the same address. Then only a salted hash list would have leaked out.
Harsh... but it needed to be said. Very bad news. I know tons of vendors do the exact same thing. Maybe not send it over tormail, but the vendors who have admitted it are huge volume vendors and it never seemed to be brought up again.
STOP KEEPING ADDRESSES FUCKERS!!!
-
Is it names, addresses and SR usernames?
Yes, they can be linked with minor effort.
Does that include the lottery winners or only paying customers?
To be honest, I'm not hugely worried, as abby says I reckon it would only be the repeat customers who'll receive a visit from LE (assuming your TorMail account is even of interest to LE, it might not be). Have you otherwise openly discussed your vending activities, unencrypted, on the account?
Lottery winners are listed but without any connection to a SR username.
Everything else is PGP encrypted in there - this is the only thing that is not.
Why the fuck would you keep an entire list of addresses and SR usernames of every single person who ordered from you? That is horribly insecure and fucking idiotic to say the least. Not only this but you share them with arbitrary other people who clearly don't even know what encryption is, and passed around the internet? Clearly nobody should ever do business with you ever again. After a vendor sends me something I expect my address to vanish instantly, never should it be stored unencrypted! At the very least you should have used a fucking salted hash list to store the addresses for confirmation and told people reships need to be to the same address. Then only a salted hash list would have leaked out.
I fucked up kmfkewm. For clarity: all data was stored encrypted, and always sent encrypted. Except this one time. My employee was familiar with PGP and used it all the time. This one time, for some reason, PGP would not encrypt, and so her well-intended work-around was to put it in a regular password protected document. She believed (most erroneously) that this was as secure as PGP.
I'm not saying this to excuse anything at all. The fuck up is of horrific proportions, and despite the fact that I am very security conscious and do things with extreme care, I am totally culpable for not training her adequately to know that that was definitely NOT an option to consider if PGP was not functioning (she had to re-install it in end to get it to work). I'm only saying this so that the details of what actually happened are known in truth.
I'm not defending any criticism at all though. How could I? This is deep and extreme. My apology, and my commitment to utterly rectify my protocols, is all I have left to offer. I'm surrendered to how this plays out even if it means I walk the plank, and I appreciate you being direct in your criticism of me (really).
BG
-
Is it names, addresses and SR usernames?
Yes, they can be linked with minor effort.
Does that include the lottery winners or only paying customers?
To be honest, I'm not hugely worried, as abby says I reckon it would only be the repeat customers who'll receive a visit from LE (assuming your TorMail account is even of interest to LE, it might not be). Have you otherwise openly discussed your vending activities, unencrypted, on the account?
Lottery winners are listed but without any connection to a SR username.
Everything else is PGP encrypted in there - this is the only thing that is not.
Why the fuck would you keep an entire list of addresses and SR usernames of every single person who ordered from you? That is horribly insecure and fucking idiotic to say the least. Not only this but you share them with arbitrary other people who clearly don't even know what encryption is, and passed around the internet? Clearly nobody should ever do business with you ever again. After a vendor sends me something I expect my address to vanish instantly, never should it be stored unencrypted! At the very least you should have used a fucking salted hash list to store the addresses for confirmation and told people reships need to be to the same address. Then only a salted hash list would have leaked out.
I fucked up kmfkewm. For clarity: all data was stored encrypted, and always sent encrypted. Except this one time. My employee was familiar with PGP and used it all the time. This one time, for some reason, PGP would not encrypt, and so her well-intended work-around was to put it in a regular password protected document. She believed (most erroneously) that this was as secure as PGP.
I'm not saying this to excuse anything at all. The fuck up is of horrific proportions, and despite the fact that I am very security conscious and do things with extreme care, I am totally culpable for not training her adequately to know that that was definitely NOT an option to consider if PGP was not functioning (she had to re-install it in end to get it to work). I'm only saying this so that the details of what actually happened are known in truth.
I'm not defending any criticism at all though. How could I? This is deep and extreme. My apology, and my commitment to utterly rectify my protocols, is all I have left to offer. I'm surrendered to how this plays out even if it means I walk the plank, and I appreciate you being direct in your criticism of me (really).
BG
Depending on the type of document and how she password protected it, could still be secure enough if it used actual symmetric encryption and the password exchange was done securely.
-
Quick overview shows most of the major text editing packages (word, openoffice) have at least attempted to implement symmetric encryption for password protected documents. Word uses RC4-128, in 2005 it had a seriously broken implementation but it looks like the flaw wouldn't have an effect in this specific case since it requires at least two different versions of the same encrypted file (there are probably other problems with their implementation but this is the big one). Open Office uses Blowfish-128 and looks like it was properly implemented as far as I can tell. In both cases I just did a quick glance. The thing to take from this though is that although it is horribly worse than using GPG, a password protected text document might not be the end of the world. The thing to ask now is, was the password exchange secure, and was the password highly entropic? If the password exchange was done securely and the password was strong, I would bring my concern level down from 10 to 5, now that I know it was in a password protected document at least. If she put it in an Open Office document and used a 128 bit password that she shared with you face to face, it seems unlikely that the feds can ever decrypt it even if they seize it. Looks like Libre Office uses AES-256, but it is a bit harder to find info for the open source ones (Microsoft Word is easy to find info for since it seems it has been attacked and defeated a few times, in specific circumstances).
In the case of Libre Office especially, followed by Open Office, followed by Microsoft Word, it is possible that the symmetric encryption is about on par with that used by GPG. But GPG does a few things besides symmetric encryption. For one it generates a truly random session key that is entropic enough to realize the maximum potential of the symmetric algorithm, and for two it uses RSA to secure encrypt the session key while it is in transit. So if we assume that whatever text editing program used actually has a good implementation of whatever symmetric algorithm it uses for data encryption, then the security falls to the two other things that GPG provides. So, if the password was really entropic then it could be close to the randomly generated GPG session key (unlikely that it is but it could be, it could even be just as entropic), and the exchange of the password. If she sent the password with the document then obviously it is fucked. If she used GPG to send you the password then actually the transfer of the session key (password) will have equal security to a regular GPG session key transfer, and if she used OTR the security will be that of OTR. If she told it to you face to face it is better yet. Assuming we are lucky and the text editing program uses a good implementation of its symmetric algorithm, and she sent you the password in a secure way, then the security is that of the password used to encrypt the document, hopefully it is at the very minimum 80 bits (over 100 would be better). If the heavens are smiling upon your customers, the feds may be able to obtain the document and not decrypt it. It looks like at least Libre uses a PBKDF with some iterations, so should stretch the password strength out a little.
-
Quick overview shows most of the major text editing packages (word, openoffice) have at least attempted to implement symmetric encryption for password protected documents. Word uses RC4-128, in 2005 it had a seriously broken implementation but it looks like the flaw wouldn't have an effect in this specific case since it requires at least two different versions of the same encrypted file (there are probably other problems with their implementation but this is the big one). Open Office uses Blowfish-128 and looks like it was properly implemented as far as I can tell. In both cases I just did a quick glance. The thing to take from this though is that although it is horribly worse than using GPG, a password protected text document might not be the end of the world. The thing to ask now is, was the password exchange secure, and was the password highly entropic? If the password exchange was done securely and the password was strong, I would bring my concern level down from 10 to 5, now that I know it was in a password protected document at least. If she put it in an Open Office document and used a 128 bit password that she shared with you face to face, it seems unlikely that the feds can ever decrypt it even if they seize it. Looks like Libre Office uses AES-256, but it is a bit harder to find info for the open source ones (Microsoft Word is easy to find info for since it seems it has been attacked and defeated a few times, in specific circumstances).
Password exchange was solid, but my research indicates that the document (in an unusual and quite different format than those you mention) can be cracked by persistent attempt. Will drop you a PM as I don't want to give the feds the details.
BG
-
Client here;; never got a message from you about this, PM'd you on here last night and SR today, haven't heard back. Have some questions. Please check your PMs.
-
Client here;; never got a message from you about this, PM'd you on here last night and SR today, haven't heard back. Have some questions. Please check your PMs.
Apologies. Everyone should have received. Yours must have slipped through. Minor(!) PM overload but will get to it.
Just read your forum PM - it looks like your order may have been in the batch immediately after the fuck up - which would explain you not getting a mail. Please PM me your SR account name and I will verify.
BG
-
I really respect you for admitting this. I would order from you again if you don't keep any of my information. It would be really anti-libertarian for DPR to ban you for something like this because it's not like you're a scammer or something and if people decide that they are going to order from you again, it is their decision, not anyone else's. There really aren't any other vendors with GHB even close to the quality you have, so I'd really hate to see you go.
Do you still have the document stored somewhere? You should probably overwrite it with DOD or something if it's on a hard drive. CCleaner can do it if you add it to the included files list and then go to settings and choose secure deletion. I think a good way to keep everything pretty safe would be to install a virtual machine and put the virtual hard drive file on a fast USB 3 flash drive. Then install a minimalist OS like even windows XP on the VM along with Tor, PGP, etc. Then if there is ever a problem, none of that shit has ever touched your hard drive, so if you need to you can just burn the USB and keep your computer as if nothing was ever installed on it.
At least you said it was a password protected document. That's much better that just in the email or attachment like I originally thought.
-
So I read about the program used, it is far from ideal, uses an old symmetric algorithm that has some known weaknesses but none of them seem to break it in common usage yet. It looks like it is a dying symmetric algorithm that will probably be broken in more practical situations some time in the fairly near future. It is already broken in specific edge case scenarios but I don't think from my quick glance over it that this situation will be one of those. So pretty much not a symmetric cipher that you want to use, had problems yesterday, has a lot more today and will probably have a lot lot more tomorrow, but it is not ROT-13 or something and can still probably provide some level of security if it is properly implemented.
The second issue is that the security it can provide is very implementation dependent. It seems like it needs to be extremely carefully implemented to avoid it being easily crackable, and there are many systems using this algorithm that have implemented it incorrectly such that they are quickly crackable. As far as this particular text editing program goes, I have no idea if they implemented it properly, I can find very little information about this editor as it is quite obscure. I would lean toward thinking that they probably fucked it up just to be on the safe side, but it is possible they implemented it correctly.
The third issue is that they limit the password size to such a low number of characters and such a small selection of characters that without a PBKDF (which I cannot find if they use) the very most entropy the password is going to have will be just under 100 bits, but that assumes that the password is actually randomly generated and not some words or something human created.
All of these things together paint a pretty bleak picture, but not as bad as no encryption at all being used. It is possible still that the heavens will smile on your customers, and the symmetric algorithm has just enough life left in it to be strong enough in this scenario, it was implemented properly by the people who made the text editing program and the password was pseudorandomly generated or very close to random and human created, and hopefully there is a PBKDF as well to give it a bit more strength. But honestly I wouldn't get my hopes up very high.
-
So your account is suspended. Will you buy your vendor's account back? Make a new account and start over?
Surely SR Admins cannot prevent you from doing business again.
What are your plans now?
You are not the only one who kept records, but just the only one who has admitted it.
-
Remember "Libertarianism" before calling for a ban. A ban should exist for premeditated MALICE not an act of INCOMPETENCE.
An error is an error, no matter if from malice or incompetence (and then from whence incompetence is a good trait? Actually stupidity is worse than malice just because the second is a choice - so submitted to possibly change - the first is usually not).
I do not need or require or want you to make that decision for ME on my behalf.
Then don't join a community where some people obviously have to take decisions for the safety of all, included yourself. And how can it be otherwise, until you naturally don't think YOUR decision to matter more than anybody's else (because if you don't then it's obvious that there will be contrasting results and a decision cannot be good for everyone and so in any case somebody in whatever community will decide something also for you).
-
It would be really anti-libertarian for DPR to ban you for something like this because it's not like you're a scammer or something and if people decide that they are going to order from you again, it is their decision, not anyone else's.
OMG.
People of what the hell are you talking about?
So it would be "not Libertarian" for DPR to ban a vendor that broke the rules s/he submitted him/herself WILLINGLY (that's YOUR decision) to follow when joining? Of what the hell are you babbling about?
You are in a community, somebody will ALWAYS decide something for yourself, do you understand it, do you? It's not possible it can happen otherwise. Even if this would be a democracy and DPR would ask for the opinion of everybody before making a decision there will be, in the majority of cases, contrasting views on the decision to take. So what would you do? You do nothing because some will be naturally "forced" to accept a decision that's not theirs? Will it be "anti-Libertarian" if someone decides to do something you don't like in a context that doesn't pertain only to yourself? Stop pretending you are the center of the universe and your opinion is the only one that matters and then maybe you will be able to see how idiotic what you say is in this circumstance.
If you really cannot accept somebody to take a decision that you don't like then simply don't join a community where this will obviously happen no matter what. A community is not YOU, do you understand this, do you? You can do what you want of yourself and what it concern only yourself, but things change dramatically when the point of view enlarges.
-
There are two things going on here. Stupidity and integrity. We should not discourage the latter through punishment of the former. Had BG not said anything then there would be NO heads up AND most likely he could continue going on. Now, through account demotion, if anybody makes the same fuckup in the future, they're much more likely to keep mum about it.
Allowing this to happen was a dumb decision. The very first conversation with a new employee in this scenario should have been OK EVERYTHING IS ALWAYS PGP ENCRYPTED NO EXCEPTIONS WHATSOFUCKINGEVER. It was not.
We've all made bad decisions, hopefully not ones that put other people at risk though, but it happens. Does that make it "excusable"? No.
However, the full disclosure shows integrity. BG did not have to say anything, and most would not have. That took a lot of sack, and pride-swallowing, and owning up. Revoking his account pretty much guarantees that the next guy won't do the same, even if he would have been otherwise predisposed to.
-
I think everyone should be realistic. Im willing to bet at least half of all vendors keep records of their clientelle. Why wouldnt they? They have to watch their own ass just as much as you have to watch yours. This guy just happened to get caught with his pants down, and did everything in his power to keep everyo9ne informed of the incident. I say learn from it and carry on.
Storing information that can incriminate both yourself and your clientelle doesn't sound like a good way to watch your own ass, more like a good way to be lazy. People are lazy though, so chances are that a lot of other vendors definitely do this as well.
As a vendor, why would I want to keep a list of all the crimes that I have committed? I would hope that most vendors realize that they are the person who is most implicated by keeping such a list and therefore choose not to do it.
My point exactly! You're only doing bad by storing anything. As soon as a shipment has gone out I'd expect nothing less than all info regarding that shipment being gone, and as you said that is not just for the buyer's sake but for the vendor's sake as well. Keeping a list of all the sales you've made? Great way to give LEO proof that you made sales.
-
bruce you were banned for keeping a customers address...also for being a general dumbass
This leap everyone makes from not deleting an unsolicited message someone else sent with their address to keeping a customer's address is ridiculous.
If SR banned every vendor that didn't delete the address of their customer's the second they read it every vendor on SR would be banned.
Only difference here is BC admitted it in the forums.
Apparently this is the final straw for SR. Do anything you want as long as you don't tell the forums.
Tell the forums = instant ban both for BC and BG.
Way to set the precedent SR!!!
I wasn't aware of this...I just don't like Bruce lol
He is completely incompetent of the dangers on using tracking(essentially keeping a customers address for law enforcement) and sends annoying hateful messages to me.
-
Then install a minimalist OS like even windows XP on the VM along with Tor, PGP, etc.
Yes, install probably the most hackable OS of all - Windows XP. That will make you super secure!!!!
Much better than using tails for sure...
-
Then don't join a community
I can't join a community without someone running around being the police on my behalf?
Stop being a social conservative and experiment with libertarianism, and intelligent forgiveness. Kicking BG out of the "community" only motivates Vendors to bite their tongue and say nothing when they screw-up, get raided, whatever.
-
Had BG not said anything then there would be NO heads up AND most likely he could continue going on.
Had BG said nothing s/he would have been a piece of shit. S/He would have WILLINGLY put all his/her clients to a risk knowing it for a PERSONAL mistake. THIS would have meant being a piece of shit, and not doing the contrary being an hero or one of a kind.
Is possible that people really cannot understand that what BG did here (albeit demonstrating s/he cares for his/her clients, naturally, so I myself thank BG very much for standing for what was right) is not an heroic act but what it should be the norm if you are a person with some dignity and/or a vendor that can be really called such?
I understand that in the world we live in we are in contact in the majority of cases with pieces of shit but this doesn't change the fact that a thing like this should be the norm and NOT to be considered an heroic act or something that takes a special kind of person to do, because it is not so.
Now, through account demotion, if anybody makes the same fuckup in the future, they're much more likely to keep mum about it.
And if you do you are a piece of shit, and so anyway a person that anybody can rely upon. It doesn't matter if a person like that keep shout or not about something like this because anyway if one is prone to do something like this you can rest assured that this is not the only thing against the community s/he does, has done or will be prone to do.
If SR admins rightly punished you because you broke the rules you did willingly AGREE to when joining, and for this even in front of a fact that can put your clients' security IMMEDIATELY at risk (because let's be real: keeping addresses is already a security risk to the buyers, even if you are now pretending it isn't and nothing risk worthy was really done) you willingly keep shut because you don't want to lose the account (irreparable trouble! I mean what having people that trusted you losing liberty is in comparison to this?) then you can rest assured that you have done or will do even worse because you are an absolute piece of shit and a disgrace to this place.
Is not certainly just because SR admins banned a vendor that talked about an error committed that will make a vendor that can be really addressed with that name shut up in case of a security risk of his/her clients (because a vendor that can really be called such respect the trust put in him/herself and will never willingly disgrace that trust if s/he can avoid it), and in the same way it will certainly not be the no-ban to another vendor that you would turn a piece of shit in an individual with some dignity and that cares for his/her clients; a person like that cares only about him/herself, s/he will do the exact same thing with or without an incentive.
However, the full disclosure shows integrity.
Yes, it does. However it is a sort of integrity that every vendor here should have. If one doesn't have it then there's not even point on being a vendor (that you can be able to call as such) and you can rest assured that sooner or later this lack of integrity will come out, in one way or another.
BG did not have to say anything, and most would not have.
So are you really saying that a vendor had not to say anything about his/her clients (that are his breadth and life) having being put at risk for a PERSONAL fuck-up? If there is a MUST circumstance I don't know what more conform to it can one be.
Revoking his account pretty much guarantees that the next guy won't do the same, even if he would have been otherwise predisposed to.
You are wrong. BG would have done the same even if they would have banned him/her 20 times prior (and naturally it will not happen because s/he has learned from this mistake). Why? Because s/he is not a piece of shit and s/he is a vendor that cares for his/her clients (as every TRUE vendor should) and only a complete piece of shit would put his/her clients at a danger WILLINGLY and knowingly for a personal error, no matter the consequences on revealing the error itself.
-
Stop being a social conservative and experiment with libertarianism, and intelligent forgiveness.
I know already what both are and, differently from you, I'm not an hypocrite on following the two only when it is convenient.
When BG joined SR s/he willingly DECIDED to adhere to some rules. When you joined, in the same way, you DECIDED to join a community with those rules.
You want to live with the liberty to be free to make your own decisions and adhere to the responsibility of them, isn't it? So now there's your DECISION that you made, and here (in the fact that some outcomes can be decided for you) it is the responsibility of the same. But now instead you would like to make it pass that that decision was in some way less important than other decisions you can make inside and you don't want to abide to the responsibility of that decision by saying you have no freedom to do what you want even when you willingly decided yourself to go in that direction; now that it's not so much convenient for your "liberty" (or what you suppose liberty is) the responsibility of that decision then it counts no more, isn't it? This is not Libertarianism, this is hypocrisy.
Your liberty to make a decision on which vendor to use or not use is NOT more important than the decision you made at beginning by willingly joining a community that had rules you did know to make decisions for the good of all the members even in the case the decision you (or anybody's else) would not agree upon. It doesn't make any sense to say "where is my decision in there" when you are already abiding by that decision and your liberty to take it.
Or you abide to your decisions and the responsibility of them or you don't do it. You cannot have responsibility for what you like and not responsibility for what you don't like.
Kicking BG out of the "community" only motivates Vendors to bite their tongue and say nothing when they screw-up, get raided, whatever.
Refer to the post above for why what you say makes no sense.
-
Stop being a social conservative and experiment with libertarianism, and intelligent forgiveness.
I know already what both are and, differently from you, I'm not an hypocrite on following the two only when it is convenient.
When BG joined SR s/he willingly DECIDED to adhere to some rules. When you joined, in the same way, you DECIDED to join a community with those rules.
You want to live with the liberty to be free to make your own decisions and adhere to the responsibility of them, isn't it? So now there's your DECISION that you made, and here (in the fact that some outcomes can be decided for you) it is the responsibility of the same. But now instead you would like to make it pass that that decision was in some way less important than other decisions you can make inside and you don't want to abide to the responsibility of that decision by saying you have no freedom to do what you want even when you willingly decided yourself to go in that direction; now that it's not so much convenient for your "liberty" (or what you suppose liberty is) the responsibility of that decision then it counts no more, isn't it? This is not Libertarianism, this is hypocrisy.
Your liberty to make a decision on which vendor to use or not use is NOT more important than the decision you made at beginning by willingly joining a community that had rules you did know to make decisions for the good of all the members even in the case the decision you (or anybody's else) would not agree upon. It doesn't make any sense to say "where is my decision in there" when you are already abiding by that decision and your liberty to take it.
Or you abide to your decisions and the responsibility of them or you don't do it. You cannot have responsibility for what you like and not responsibility for what you don't like.
Kicking BG out of the "community" only motivates Vendors to bite their tongue and say nothing when they screw-up, get raided, whatever.
Refer to the post above for why what you say makes no sense.
OK we get the point now, give it a rest please, pretty please, ? You know sometimes people just say what they think in that moment, we don't have to analyze everything, and spend all day picking apart someone's point, just to try and make them look, irresponsible, or plain stupid. Have you ever even posted a moderately humorous reply, everything so depressing with you. BG has learnt their lesson, they won't employ incompetent people anymore, so you droning on is not going to help anyone. No Offence.
-
BlackIris
You're wrong. You're a cop in a user's trousers. The slightest different life path and you'd have been a narc and you'd have loved it.
Your rant is just conservative pull-your-socks-up gibberish. Suffice to say we don't see eye-to-eye so there's no point continuing the debate.
Peace, though.
-
rut roh Raggy...
/thumbs
-
BlackIris
You're wrong.
Typical.
"You are wrong but I cannot say why you are or prove why it is so". I know, I'm "wrong" because I proved point for point that what you said made no sense and you didn't like it so I must obviously be an anti-Libertarian for saying something that contradicts what you are saying.
I see in fact how you were so good at providing counters to my points intelligently and politely instead of jumping to the usual ad hominem wagon so much used by people with a shattered ego syndrome.
Let me understand: I'm a "conservative" and a "missed-cop" because I said to you that you WILLINGLY decided to join a community in which you KNEW certain people would take decisions based on rules made on the interest of the community itself and independently from individual or personal opinions and agendas, and you should take responsibility of this decision. For this I am a "conservative" and a "missed cop" and all the other kind insults you throw at me. Good to know. You always learn something new.
If you are Libertarian I would much prefer to be a Nazi instead.
-
Have you ever even posted a moderately humorous reply, everything so depressing with you.
I can have humorous conversations or make joke when the discussion warrant it, but in this case the discussion was not humorous or joking, or it was?
BG has learnt their lesson, they won't employ incompetent people anymore, so you droning on is not going to help anyone.
Excuse me but where on my reply have you see me saying something negative about BG or blowing fuel on fire? I just said that banning his vendor account was the right thing to do (and BG also agreed on this) and motivated why it is so because some people are insisting that SR admins should have not done it on points that make no sense imo, only this.
I actually talked very good of BG in the last paragraph if you read what I said.
-
Well I'll have a look through your post's and see if I agree.
No, but castigating a member on a thread started as an important announcement, sort of detracts from the purpose don't you think. I think BG needs to hear positive things now rather than you contradicting someone by pointing out BG agreed to the rules. I think he knows full well he agreed, but how is that helping. If we can't offer constructive criticism, than why should we comment?
I don't mean to be obtuse or offensive.
-
No, but castigating a member on a thread started as an important announcement, sort of detracts from the purpose don't you think.
;)
Don't exagerate now. I'm castigating anybody (or at last this is not my intention), I'm just having a debate on a point that I think it's important.
I think BG needs to hear positive things now rather than you contradicting someone by pointing out BG agreed to the rules. I think he knows full well he agreed, but how is that helping.
On this I can agree. I replied because what was being said I couldn't let pass without saying anything, but I understand that this thread is more meant either for comfort to BG or for further announcements by him/her and so I will stop here this debate.
Thanks for letting me know.
If we can't offer constructive criticism, than why should we comment?
"Constructive criticism" however is surely not saying that SR admins should have no demoted BG for the error s/he made just because s/he was honest because this just adds insult to injury. The mistake of BG (while being done with no malice) really did put many buyers at risk and this is not something you can let pass just because the vendor did what s/he should by having those people know the risk they incurred.
And even less saying that SR admins are not "Libertarians" just because they demoted a vendor that broke a rule and so this supposedly goes against "the liberty of doing what I want" when those people before joining and using this community and the vendors therein knew perfectly (and willingly and freely decided themselves to abide to this) that there was a staff that employed certain rules for the good of the community independently from individual considerations and agendas (and how could it be otherwise in a community? No matter the type of decision employed and the way to come up with that decision there will never be a way to take a course of action that will fully accommodate every single individual).
Now however that I've made these points clearly (or so I hope) I will stop to debate on this for respect of BG and his/her announcement and people that want to help him/her with their support.
Best regards.
-
This is a shitty situation all around.
I just have to wonder about how many people have flushed their stashes because of this, though...
-
No, but castigating a member on a thread started as an important announcement, sort of detracts from the purpose don't you think.
;)
Don't exagerate now. I'm castigating anybody (or at last this is not my intention), I'm just having a debate on a point that I think it's important.
I think BG needs to hear positive things now rather than you contradicting someone by pointing out BG agreed to the rules. I think he knows full well he agreed, but how is that helping.
On this I can agree. I replied because what was being said I couldn't let pass without saying anything, but I understand that this thread is more meant either for comfort to BG or for further announcements by him/her and so I will stop here this debate.
Thanks for letting me know.
If we can't offer constructive criticism, than why should we comment?
"Constructive criticism" however is surely not saying that SR admins should have no demoted BG for the error s/he made just because s/he was honest because this just adds insult to injury. The mistake of BG (while being done with no malice) really did put many buyers at risk and this is not something you can let pass just because the vendor did what s/he should by having those people know the risk they incurred.
And even less saying that SR admins are not "Libertarians" just because they demoted a vendor that broke a rule and they think this goes against "their liberty of doing what they want", when those people before joining knew perfectly (and decided themselves willingly to abide to this) that there was a staff that employed certain rules for the good of the community independently from individual considerations and agendas.
Now however that I've made these points clearly (or so I hope) I will stop to debate on this for respect of BG and his/her announcement and people that want to help him/her with their support.
Best regards.
My sentiments entirely. best wishes to you and BG.
-
Should have a list of addresses of police chiefs and judges on hand to skew any info they might seize.
-
http://dkn255hz262ypmii.onion/index.php?topic=198845.0
-
"You are wrong but I cannot say why you are or prove why it is so". I know, I'm "wrong" because I proved point for point that what you said made no sense and you didn't like it so I must obviously be an anti-Libertarian for saying something that contradicts what you are saying.
You're just making "think of the kids", or, worse, "protect the adults", arguments. This is the mind-set that drives both social conservatism and for that matter the more authoritarian strains of socialism.
A Libertarian would give BH *liberty* to continue Vending and a Libertarian would give *me* the *liberty* to purchase from them, which I am still very keen to do.
Let me understand: I'm a "conservative" and a "missed-cop" because I said to you that you WILLINGLY decided to join a community in which you KNEW certain people would take decisions based on rules
Precisely.
If you are Libertarian I would much prefer to be a Nazi instead.
Clearly.
Nah, I'm prodding you with language because that's the way I roll. The rules are there for protection. But when the rules are broken the penalty should reflect both the community, and any sections of the community that are interested in the topic.
I mean, even if BG is re-listed you're not going to buy from him - right? So what do YOU care if *I* do?
That's the reason for the "insults". They're not intended as such (well, they are a little bit because I'm an utter cock). But they are also presented to you to make you reconsider your position.
-
Had BG not said anything then there would be NO heads up AND most likely he could continue going on.
Had BG said nothing s/he would have been a piece of shit. S/He would have WILLINGLY put all his/her clients to a risk knowing it for a PERSONAL mistake. THIS would have meant being a piece of shit, and not doing the contrary being an hero or one of a kind.
Is possible that people really cannot understand that what BG did here (albeit demonstrating s/he cares for his/her clients, naturally, so I myself thank BG very much for standing for what was right) is not an heroic act but what it should be the norm if you are a person with some dignity and/or a vendor that can be really called such?
I understand that in the world we live in we are in contact in the majority of cases with pieces of shit but this doesn't change the fact that a thing like this should be the norm and NOT to be considered an heroic act or something that takes a special kind of person to do, because it is not so.
Now, through account demotion, if anybody makes the same fuckup in the future, they're much more likely to keep mum about it.
And if you do you are a piece of shit, and so anyway a person that anybody can rely upon. It doesn't matter if a person like that keep shout or not about something like this because anyway if one is prone to do something like this you can rest assured that this is not the only thing against the community s/he does, has done or will be prone to do.
If SR admins rightly punished you because you broke the rules you did willingly AGREE to when joining, and for this even in front of a fact that can put your clients' security IMMEDIATELY at risk (because let's be real: keeping addresses is already a security risk to the buyers, even if you are now pretending it isn't and nothing risk worthy was really done) you willingly keep shut because you don't want to lose the account (irreparable trouble! I mean what having people that trusted you losing liberty is in comparison to this?) then you can rest assured that you have done or will do even worse because you are an absolute piece of shit and a disgrace to this place.
Is not certainly just because SR admins banned a vendor that talked about an error committed that will make a vendor that can be really addressed with that name shut up in case of a security risk of his/her clients (because a vendor that can really be called such respect the trust put in him/herself and will never willingly disgrace that trust if s/he can avoid it), and in the same way it will certainly not be the no-ban to another vendor that you would turn a piece of shit in an individual with some dignity and that cares for his/her clients; a person like that cares only about him/herself, s/he will do the exact same thing with or without an incentive.
However, the full disclosure shows integrity.
Yes, it does. However it is a sort of integrity that every vendor here should have. If one doesn't have it then there's not even point on being a vendor (that you can be able to call as such) and you can rest assured that sooner or later this lack of integrity will come out, in one way or another.
BG did not have to say anything, and most would not have.
So are you really saying that a vendor had not to say anything about his/her clients (that are his breadth and life) having being put at risk for a PERSONAL fuck-up? If there is a MUST circumstance I don't know what more conform to it can one be.
Revoking his account pretty much guarantees that the next guy won't do the same, even if he would have been otherwise predisposed to.
You are wrong. BG would have done the same even if they would have banned him/her 20 times prior (and naturally it will not happen because s/he has learned from this mistake). Why? Because s/he is not a piece of shit and s/he is a vendor that cares for his/her clients (as every TRUE vendor should) and only a complete piece of shit would put his/her clients at a danger WILLINGLY and knowingly for a personal error, no matter the consequences on revealing the error itself.
Yeah, he would've been a piece of shit. Like the guy who vanished after $250k worth of FEs on 4/20. Pieces of shit abound, and the underground Internet drug trade is certainly no exception, community or no.
I love DPR's espousing of libertarian principles as much as the next guy, but to assume that ethos is held by all vendors, or even a majority, is in my opinion unlikely. Maybe I'm alone in that, maybe I'm a newb and I haven't absorbed the deep cameraderie that exists here on SR, but...
This is a black market. Nobody knows who the other is (or at least that's the way it's supposed to work on a good day). Aside from the escrow process there is absolutely nothing other than moral compunction binding a seller to be above-board with a buyer.
BG knowingly issued an advisory based on his mistake that effectively put a halt to what had to be a very lucrative income stream. That's why I don't think every vendor would do it. People might love the community, but in my experience, vendors are in it for the money. They might rah-rah about the idealism of it, and even believe in it, but it comes secondary to the money.
You say things like "then that person is a piece of shit" and "you can rest assured it would have come out in other ways" and other nebulous statements about why being forthright about this is simply acceptable and not commendable. Maybe I'm a cynic but here's what I think: Vendors, even (especially) good ones, with fast shipping/great stealth/great product, work hard on their reputations; if faced with the choice of losing both that and their money in one fell swoop to "do the right thing" versus saying "fuck it, let's roll with it, if they do get that data nobody will ever know it's me." I am skeptical. People kill each other over money. Family members hate each other over money. People steal for money. Bankers cripple entire national economies knowingly for the money. People do this every day, in real life, to people they know.
Are they pieces of shit? Maybe, but it happens every day. So to think that it's just the norm for somebody to come clean in this situation seems to me to be naiive. It sucks for his customers, but at least people have a chance to clean house and prepare for the worst.
Everybody always says "never FE even if they have great reviews." Well, people who don't deliver on FE are pieces of shit, right? How often does it happen? More often than it should? But how many reviews do you see that say "FE 5/5"? Tons and tons. And the vendor that stiffs has his 5*, and the buyer is fucked. Sure, they can take it to the forums or /r/SilkRoad, but most people will still just see VENDORNAME(99) and buy anyway and many of them will FE like the last guy. Are those people dumb? Maybe. But there's no popup message that says DO NOT FINALIZE UNLESS YOU HAVE RECEIVED YOUR SHIPMENT. IF THE VENDOR TELLS YOU THIS IS REQUIRED YOU SHOULD FIND ANOTHER VENDOR. The system itself has no clear disincentive for fraud (except of course for escrow but my point is the only place FE is actively discouraged is on the forums and not in the actual SR UI).
My point: it's an amazing, unprecedented, awesome thing, this market. It's also got its share of fraud and dishonest people, and there is no real punishment for those people if they persist in their behavior unless they're especially blatant - and even then they get the EXACT SAME PUNISHMENT BG GOT. It's Tor. They can spin up a new vendor account, and DPR himself wouldn't know. So to see somebody step up publicly and take their lumps, cut off their revenue, and actively participate in the mitigation of the problem, solely based on their concern for people who could never identify them, that they will never meet, is commendable.
TL;DR: I respectfully disagree with you and think that many people would not have done what BG did in this situation. Because money.
And good on DPR for encouraging BG to rejoin the community without hiding the fact that he is "BG reloaded", which renders this all pretty much moot. But debating is fun.
-
Bummer....
Mr.Black
-
BlackIris
You're wrong. You're a cop in a user's trousers. The slightest different life path and you'd have been a narc and you'd have loved it.
Your rant is just conservative pull-your-socks-up gibberish. Suffice to say we don't see eye-to-eye so there's no point continuing the debate.
Peace, though.
No one is going to give a shit about your libertarian ideals when the cops show up for a knock and talk because your address was found in an internet drug dealer's email. Get a grip on reality, it's a big deal and I don't think for a second you ever ordered from this guy or you would be a lot more worried. I've never ordered from him, but had an experience with a vendor recently saving addresses. He was the type that if you pissed him off he would start using it as a threat. You need to wise up to the risks. Cops don't care about your political views when you break the law.
You are just as guilty of trying to police the community anyway. That's great that you forgive and forget. That why vendors here feel safe using these practices. They know they'll get a pass for being "honest". Good for you if you don't mind jail, but don't speak for the rest of us. We have opinions as well that may differ from yours and you need to respect that.
-
Is it names, addresses and SR usernames?
Yes, they can be linked with minor effort.
I don't get it. I use different addresses every time I have something imported... so it wouldn't even make sense for a vendor to save my shipping info. Or anyone's, honestly...
Don't we all encrypt and input our address each time we purchase?
That's twisted man. I'm really fortunate to not have done business with you. I'd probably be livid.
-
Yeah, he would've been a piece of shit. Like the guy who vanished after $250k worth of FEs on 4/20. Pieces of shit abound, and the underground Internet drug trade is certainly no exception, community or no.
I love DPR's espousing of libertarian principles as much as the next guy, but to assume that ethos is held by all vendors, or even a majority, is in my opinion unlikely. Maybe I'm alone in that, maybe I'm a newb and I haven't absorbed the deep cameraderie that exists here on SR, but...
This is a black market. Nobody knows who the other is (or at least that's the way it's supposed to work on a good day). Aside from the escrow process there is absolutely nothing other than moral compunction binding a seller to be above-board with a buyer.
BG knowingly issued an advisory based on his mistake that effectively put a halt to what had to be a very lucrative income stream. That's why I don't think every vendor would do it. People might love the community, but in my experience, vendors are in it for the money. They might rah-rah about the idealism of it, and even believe in it, but it comes secondary to the money.
You say things like "then that person is a piece of shit" and "you can rest assured it would have come out in other ways" and other nebulous statements about why being forthright about this is simply acceptable and not commendable. Maybe I'm a cynic but here's what I think: Vendors, even (especially) good ones, with fast shipping/great stealth/great product, work hard on their reputations; if faced with the choice of losing both that and their money in one fell swoop to "do the right thing" versus saying "fuck it, let's roll with it, if they do get that data nobody will ever know it's me." I am skeptical. People kill each other over money. Family members hate each other over money. People steal for money. Bankers cripple entire national economies knowingly for the money. People do this every day, in real life, to people they know.
Are they pieces of shit? Maybe, but it happens every day. So to think that it's just the norm for somebody to come clean in this situation seems to me to be naiive. It sucks for his customers, but at least people have a chance to clean house and prepare for the worst.
Everybody always says "never FE even if they have great reviews." Well, people who don't deliver on FE are pieces of shit, right? How often does it happen? More often than it should? But how many reviews do you see that say "FE 5/5"? Tons and tons. And the vendor that stiffs has his 5*, and the buyer is fucked. Sure, they can take it to the forums or /r/SilkRoad, but most people will still just see VENDORNAME(99) and buy anyway and many of them will FE like the last guy. Are those people dumb? Maybe. But there's no popup message that says DO NOT FINALIZE UNLESS YOU HAVE RECEIVED YOUR SHIPMENT. IF THE VENDOR TELLS YOU THIS IS REQUIRED YOU SHOULD FIND ANOTHER VENDOR. The system itself has no clear disincentive for fraud (except of course for escrow but my point is the only place FE is actively discouraged is on the forums and not in the actual SR UI).
My point: it's an amazing, unprecedented, awesome thing, this market. It's also got its share of fraud and dishonest people, and there is no real punishment for those people if they persist in their behavior unless they're especially blatant - and even then they get the EXACT SAME PUNISHMENT BG GOT. It's Tor. They can spin up a new vendor account, and DPR himself wouldn't know. So to see somebody step up publicly and take their lumps, cut off their revenue, and actively participate in the mitigation of the problem, solely based on their concern for people who could never identify them, that they will never meet, is commendable.
TL;DR: I respectfully disagree with you and think that many people would not have done what BG did in this situation. Because money.
And good on DPR for encouraging BG to rejoin the community without hiding the fact that he is "BG reloaded", which renders this all pretty much moot. But debating is fun.
[/quote]
good read. +1 if i could!
-
no matter how much you say your sorry this is still against policy and you should never keep a file of address to houses you have shipped to whether its encrypted or not. what would you do with those address's after your finsiehd bussiness with them ? maybe you or someone connected with you is selling those address to the RC people in china who send random letters to random ship address asking for business. which is bullshit,.. you dont know where its going whos house, or who lives there. could end up wrong the person who was suposed to have his contact info deleted RIGHT after it was copied or written down. sorry but i dont agree with how that was done. you people should have known better and this even got you published in a wired or some sort of website article with your name specificaly used because this happened. ;D dont pay people so much if they dont know whats up. i would never pay someone to take care of something in "my name" unless they have started it with me or they have been taught and know. sorry for the novel lol
-
Its like he kept a big blackmail list,im still in shock at the stupidity of this cunt.
I reckon theres more to this than he is telling us,why would u keep something so dangerous over something as trivial as a reship?Doesnt make sense.
Im one of the people on that list and i dont feel any better knowing theres a 20 page thread about on the forums,its not like i can do anything to protect my self since you sold me out.
To be allowed to open a new vendor account is a fuckin disgrace,the only thing you should be getting is a baseball beating Los Zetas style,stupid motherfucker.
-
yes very stupid but like i said have you ever heard of buyers from a seller getting random mail in the letter a few months/maybe weeks later for no reason talking about RC chemicals and all that from china. they have to get those address from somewhere you know what im saying ? some vendor is giving or selling probablly selling information like that very cheap to another vendor to get more sales. i could be paranoid and i prolly am but its just a thought that came to mind. why would you want or need to keep address after youve done bussiness with them ?? it does not make sense at all unless you supsect a scammer but then why would you have a whole pdf file full of addresses. the clearnet link or some link i seen said anyone who bought gbl or ghl of him should be under concerne no matter what because it could be in the wrong hands with LE because it wasnt encyrpyed. who honestly hires someone that dumb to take off your work. this gets to me lol
-
Motherfucker, MOTHERFUCKER!
-
I guarantee you half the vendors on SR keep a list. Half of them have looked up the facebook of the person on the address.
-
Its like he kept a big blackmail list,im still in shock at the stupidity of this cunt.
I reckon theres more to this than he is telling us,why would u keep something so dangerous over something as trivial as a reship?Doesnt make sense.
Im one of the people on that list and i dont feel any better knowing theres a 20 page thread about on the forums,its not like i can do anything to protect my self since you sold me out.
To be allowed to open a new vendor account is a fuckin disgrace,the only thing you should be getting is a baseball beating Los Zetas style,stupid motherfucker.
Koonta,
I know my apologies don't count for shit in this moment. There is nothing I can say or do to excuse what I did nor make it right. The potential consequence to each of my client's safety (and actual consequence to their state of mind) is real and I know it, and I will have to live with the karma of that fuck-up.
But, there's not more to this than I'm telling you. It is as I've described it. The addresses were kept initially for verifying re-ships. We had an unconditional re-ship guarantee and I felt it prudent to keep this on hand until the order had been confirmed delivered. It would allow me to verify if the address had been given correctly in the first place, and also deal with any questions that might come up while the order was "open" (I often split orders across multiple addresses, people ordered to one of many different drops they had, and often enough I was asked to confirm what was coming where as the buyer had forgotten). In retrospect it's clear, that weighed against the risk, it was not right to keep the details. Furthermore I intended to harvest the "volume by country" stats for my own interest and delete the personally identifiable detail subsequently. I did not get around to that.
I also addressed the detail of how it happened here: http://dkn255hz262ypmii.onion/index.php?topic=198845.msg1431124#msg1431124
None of this is excuse or defense or justification. I know I fucked up, and were my identity known, I know I likely would be fucked up. And it would be fair.
I'm responding to this for one reason only, and that is to at least let everyone know that things are not as twisted as the suspicion in your post suggests. I see there is a gathering conversation expressing concerns about vendors being dodgy in one way or another. I made a grave error of judgement, but there was nothing underhanded going on. For what it's worth...
And for what it's worth Koonta, I'm sorry. Your anger is justified, and for my soul, I'm trying to eat it all. Yours and everyone else's.
BG
-
I guarantee you half the vendors on SR keep a list. Half of them have looked up the facebook of the person on the address.
Not to make light of the issue or your post.. but the Facebook thing made me chuckle. Imagine getting a friend request from your vendor-of-choice. LOL
-
I started a thread just over a month ago after i made a purchase off BG by mistake because i didn't realize my domestic filter was off. I ended up getting a letter from Homeland security inside the package.
http://dkn255hz262ypmii.onion/index.php?topic=178433.0
I never mentioned in that thread it was from him because I figured the package got busted by chance since he had such a good rating and history on SR. He offered to reship and I eventually took him up on it and he asked for my address again. I had used my usual address but on the reship I decided to send him another address to be cautious. The package did arrive successfully but regardless that was going to be the last time I ever ordered from him. I told him that it was a mistake to begin with because i never order from overseas.
I received 2 PMs from him about the tormail issue. I assume I got one for each address he had for me even though they were both related to the same account.
All things considered I'm pretty pissed that any of my addresses were saved when I made it very clear I never meant to even order from him. The homeland security letter is just icing on the cake.
-
I've made a new account, both here on on the main site. I'm quite disappointed to lose my good buyer stats, and have to start over as a newb.
I do believe the likelihood of anything happening as a result of my old account becoming compromised is low, but it's still disturbing and frightening to see a potential run-in with LE in my future.
BG sure fucked up big time, I'm sure many people have a lot more to worry about and a lot more to lose than I do.
-
Had BG not said anything then there would be NO heads up AND most likely he could continue going on.
Had BG said nothing s/he would have been a piece of shit. S/He would have WILLINGLY put all his/her clients to a risk knowing it for a PERSONAL mistake. THIS would have meant being a piece of shit, and not doing the contrary being an hero or one of a kind.
Is possible that people really cannot understand that what BG did here (albeit demonstrating s/he cares for his/her clients, naturally, so I myself thank BG very much for standing for what was right) is not an heroic act but what it should be the norm if you are a person with some dignity and/or a vendor that can be really called such?
I understand that in the world we live in we are in contact in the majority of cases with pieces of shit but this doesn't change the fact that a thing like this should be the norm and NOT to be considered an heroic act or something that takes a special kind of person to do, because it is not so.
Now, through account demotion, if anybody makes the same fuckup in the future, they're much more likely to keep mum about it.
And if you do you are a piece of shit, and so anyway a person that anybody can rely upon. It doesn't matter if a person like that keep shout or not about something like this because anyway if one is prone to do something like this you can rest assured that this is not the only thing against the community s/he does, has done or will be prone to do.
If SR admins rightly punished you because you broke the rules you did willingly AGREE to when joining, and for this even in front of a fact that can put your clients' security IMMEDIATELY at risk (because let's be real: keeping addresses is already a security risk to the buyers, even if you are now pretending it isn't and nothing risk worthy was really done) you willingly keep shut because you don't want to lose the account (irreparable trouble! I mean what having people that trusted you losing liberty is in comparison to this?) then you can rest assured that you have done or will do even worse because you are an absolute piece of shit and a disgrace to this place.
Is not certainly just because SR admins banned a vendor that talked about an error committed that will make a vendor that can be really addressed with that name shut up in case of a security risk of his/her clients (because a vendor that can really be called such respect the trust put in him/herself and will never willingly disgrace that trust if s/he can avoid it), and in the same way it will certainly not be the no-ban to another vendor that you would turn a piece of shit in an individual with some dignity and that cares for his/her clients; a person like that cares only about him/herself, s/he will do the exact same thing with or without an incentive.
However, the full disclosure shows integrity.
Yes, it does. However it is a sort of integrity that every vendor here should have. If one doesn't have it then there's not even point on being a vendor (that you can be able to call as such) and you can rest assured that sooner or later this lack of integrity will come out, in one way or another.
BG did not have to say anything, and most would not have.
So are you really saying that a vendor had not to say anything about his/her clients (that are his breadth and life) having being put at risk for a PERSONAL fuck-up? If there is a MUST circumstance I don't know what more conform to it can one be.
Revoking his account pretty much guarantees that the next guy won't do the same, even if he would have been otherwise predisposed to.
You are wrong. BG would have done the same even if they would have banned him/her 20 times prior (and naturally it will not happen because s/he has learned from this mistake). Why? Because s/he is not a piece of shit and s/he is a vendor that cares for his/her clients (as every TRUE vendor should) and only a complete piece of shit would put his/her clients at a danger WILLINGLY and knowingly for a personal error, no matter the consequences on revealing the error itself.
Yeah, he would've been a piece of shit. Like the guy who vanished after $250k worth of FEs on 4/20. Pieces of shit abound, and the underground Internet drug trade is certainly no exception, community or no.
I love DPR's espousing of libertarian principles as much as the next guy, but to assume that ethos is held by all vendors, or even a majority, is in my opinion unlikely. Maybe I'm alone in that, maybe I'm a newb and I haven't absorbed the deep cameraderie that exists here on SR, but...
This is a black market. Nobody knows who the other is (or at least that's the way it's supposed to work on a good day). Aside from the escrow process there is absolutely nothing other than moral compunction binding a seller to be above-board with a buyer.
BG knowingly issued an advisory based on his mistake that effectively put a halt to what had to be a very lucrative income stream. That's why I don't think every vendor would do it. People might love the community, but in my experience, vendors are in it for the money. They might rah-rah about the idealism of it, and even believe in it, but it comes secondary to the money.
You say things like "then that person is a piece of shit" and "you can rest assured it would have come out in other ways" and other nebulous statements about why being forthright about this is simply acceptable and not commendable. Maybe I'm a cynic but here's what I think: Vendors, even (especially) good ones, with fast shipping/great stealth/great product, work hard on their reputations; if faced with the choice of losing both that and their money in one fell swoop to "do the right thing" versus saying "fuck it, let's roll with it, if they do get that data nobody will ever know it's me." I am skeptical. People kill each other over money. Family members hate each other over money. People steal for money. Bankers cripple entire national economies knowingly for the money. People do this every day, in real life, to people they know.
Are they pieces of shit? Maybe, but it happens every day. So to think that it's just the norm for somebody to come clean in this situation seems to me to be naiive. It sucks for his customers, but at least people have a chance to clean house and prepare for the worst.
Everybody always says "never FE even if they have great reviews." Well, people who don't deliver on FE are pieces of shit, right? How often does it happen? More often than it should? But how many reviews do you see that say "FE 5/5"? Tons and tons. And the vendor that stiffs has his 5*, and the buyer is fucked. Sure, they can take it to the forums or /r/SilkRoad, but most people will still just see VENDORNAME(99) and buy anyway and many of them will FE like the last guy. Are those people dumb? Maybe. But there's no popup message that says DO NOT FINALIZE UNLESS YOU HAVE RECEIVED YOUR SHIPMENT. IF THE VENDOR TELLS YOU THIS IS REQUIRED YOU SHOULD FIND ANOTHER VENDOR. The system itself has no clear disincentive for fraud (except of course for escrow but my point is the only place FE is actively discouraged is on the forums and not in the actual SR UI).
My point: it's an amazing, unprecedented, awesome thing, this market. It's also got its share of fraud and dishonest people, and there is no real punishment for those people if they persist in their behavior unless they're especially blatant - and even then they get the EXACT SAME PUNISHMENT BG GOT. It's Tor. They can spin up a new vendor account, and DPR himself wouldn't know. So to see somebody step up publicly and take their lumps, cut off their revenue, and actively participate in the mitigation of the problem, solely based on their concern for people who could never identify them, that they will never meet, is commendable.
TL;DR: I respectfully disagree with you and think that many people would not have done what BG did in this situation. Because money.
And good on DPR for encouraging BG to rejoin the community without hiding the fact that he is "BG reloaded", which renders this all pretty much moot. But debating is fun.
Sorry, just wanted to see this quote quoted in quoted quote!
-
I didn't read the whole 11 pages of this thread...but please correct me if I'm wrong:
"if using encryption when sending your info - there's no need to worry".
Well, if I'm right (and I damn hope I am) it's just 1 more VERY strong incentive to you all to learn to encrypt and to NEVER not use it when sending personal info...
-
Yes, RaFael5 - although lists should not be kept under any circumstances, had everything been encrypted, including the customer list and the email communication between sender and recipient, although against the rules, there would not have been an issue that would compromise users.
I believe this is the tip of the iceberg. Many vendors are doing this and simply don't acknowledge it. I recently made two separate orders to the same vendor, days apart, to two separate names and delivery addresses - but both orders went to the recipient on the first order. The vendor assumed because both orders were from the same user, that they should both have been the same name & address. However, what it also proved, was that the vendor is keeping usernames, with associated names and addresses, otherwise the shipment error could not have occurred. It is very worrying that vendors are continuing this practice.
-
Yes, RaFael5 - although lists should not be kept under any circumstances, had everything been encrypted, including the customer list and the email communication between sender and recipient, although against the rules, there would not have been an issue that would compromise users.
I believe this is the tip of the iceberg. Many vendors are doing this and simply don't acknowledge it. I recently made two separate orders to the same vendor, days apart, to two separate names and delivery addresses - but both orders went to the recipient on the first order. The vendor assumed because both orders were from the same user, that they should both have been the same name & address. However, what it also proved, was that the vendor is keeping usernames, with associated names and addresses, otherwise the shipment error could not have occurred. It is very worrying that vendors are continuing this practice.
Similar has happened to me
and I agree with you, Leukart,
but I thought this thread was about BG's mess-up...
maybe a good idea to start a general topic about this problem?
-
but I thought this thread was about BG's mess-up...
maybe a good idea to start a general topic about this problem?
have we not now learned that even the vendors who seem to have our best interests at heart are really only concerned about themselves and will not be inconvenienced for our safety...? the buyers won't win this one. the data protection act can't even protect us irl.