Silk Road forums
Discussion => Security => Topic started by: lstermadden on August 08, 2013, 01:14 pm
-
So Now I am a PGP only operation.
I usually split the purchases 50/50 between privnote and pgp.
The only reason I still was using privnote was because of the option they gave to send you an email when the note was read. This lets me know when the seller has gotten my address and he is probably packaging it.
Obviously I used the mail service that has now been compromised, so now I see no reason to not use pgp.
Just wanted to speak my mind, since I never saw anyone else talking about the privnote feature to email you.
-
Yeah, fuck privnote. Whose to say they don't copy all messages the moment before encryption and forward them to the Man? ... Plus it's not a tor hidden service, and I'm sure a lot of people connect to it through Tor.
-
I've never used privnote, and cancel orders with vendors who can't / won't / don't use pgp. It's my address, I want it treated seriously!
-
Is there a onion version of privnote?
-
If you're using privnote on tor you have javascript turned on. After that FH shit I will not open a privnote.
-
If you're using privnote on tor you have javascript turned on. After that FH shit I will not open a privnote.
Exactly. Fuck THAT shit.
-
I finally made the switch, so glad I did!
-
The funny thing is, nobody had a reason to trust Privnote in the first place, with or without JavaScript. It's a clearnet web site. LE can identify the operators. LE knows that shit tons of sensitive info is posted there. LE could compel the operators to change the JavaScript to transmit messages back to the server in plaintext (along with serving an FH-style exploit to you, in case you are accessing Privnote over Tor).
Isn't it enough that you have to trust DPR with your bitcoins and the vendor with your address? Why unnecessarily increase your attack surface with third parties that require your trust, and don't deserve it?
-
funny i was just thinking the same thing
what if le sent you a link and they have there own site in place of privnote and log the whole thing ip and message
-
Or they just take over the Privnote server. It's hosted at Rackspace in San Antonio, completely vulnerable to whatever the FBI wants to do to it.
-
Or they just take over the Privnote server. It's hosted at Rackspace in San Antonio, completely vulnerable to whatever the FBI wants to do to it.
OR they(FBI) created Privnote as an experiment to see if drug dealers and terrorists would use it assuming privacy, but realistically it's been forwarding everything directly to their servers in plain text, and in real-time.
Anything is possible.