Silk Road forums

Discussion => Security => Topic started by: lstermadden on August 08, 2013, 01:14 pm

Title: I have no reason to use privnote instead of PGP
Post by: lstermadden on August 08, 2013, 01:14 pm

So Now I am a PGP only operation.

I usually split the purchases 50/50 between privnote and pgp.

The only reason I still was using privnote was because of the option they gave to send you an email when the note was read. This lets me know when the seller has gotten my address and he is probably packaging it.

Obviously I used the mail service that has now been compromised, so now I see no reason to not use pgp.

Just wanted to speak my mind, since I never saw anyone else talking about the privnote feature to email you.

Title: Re: I have no reason to use privnote instead of PGP
Post by: Praetorian on August 08, 2013, 03:16 pm

Yeah, fuck privnote.  Whose to say they don't copy all messages the moment before encryption and forward them to the Man? ... Plus it's not a tor hidden service, and I'm sure a lot of people connect to it through Tor.

Title: Re: I have no reason to use privnote instead of PGP
Post by: spanky loc on August 11, 2013, 04:21 pm

I've never used privnote, and cancel orders with vendors who can't / won't / don't use pgp. It's my address, I want it treated seriously!

Title: Re: I have no reason to use privnote instead of PGP
Post by: anonypunk on August 18, 2013, 07:50 am

Is there a onion version of privnote?

Title: Re: I have no reason to use privnote instead of PGP
Post by: BruceCampbell on August 18, 2013, 07:56 am

If you're using privnote on tor you have javascript turned on. After that FH shit I will not open a privnote.

Title: Re: I have no reason to use privnote instead of PGP
Post by: Praetorian on August 18, 2013, 08:27 am

Quote from: BruceCampbell on August 18, 2013, 07:56 am

If you're using privnote on tor you have javascript turned on. After that FH shit I will not open a privnote.

Exactly.  Fuck THAT shit. 

Title: Re: I have no reason to use privnote instead of PGP
Post by: VHSplayer on August 18, 2013, 06:49 pm

I finally made the switch, so glad I did!

Title: Re: I have no reason to use privnote instead of PGP
Post by: astor on August 18, 2013, 09:24 pm

The funny thing is, nobody had a reason to trust Privnote in the first place, with or without JavaScript. It's a clearnet web site. LE can identify the operators. LE knows that shit tons of sensitive info is posted there. LE could compel the operators to change the JavaScript to transmit messages back to the server in plaintext (along with serving an FH-style exploit to you, in case you are accessing Privnote over Tor).

Isn't it enough that you have to trust DPR with your bitcoins and the vendor with your address? Why unnecessarily increase your attack surface with third parties that require your trust, and don't deserve it?

Title: Re: I have no reason to use privnote instead of PGP
Post by: darryl45 on August 19, 2013, 03:05 am

funny i was just thinking the same thing
what if le sent you a link and they have there own site in place of privnote and log the whole thing ip and message

Title: Re: I have no reason to use privnote instead of PGP
Post by: astor on August 19, 2013, 03:48 am

Or they just take over the Privnote server. It's hosted at Rackspace in San Antonio, completely vulnerable to whatever the FBI wants to do to it.

Title: Re: I have no reason to use privnote instead of PGP
Post by: Praetorian on August 19, 2013, 07:33 am

Quote from: astor on August 19, 2013, 03:48 am

Or they just take over the Privnote server. It's hosted at Rackspace in San Antonio, completely vulnerable to whatever the FBI wants to do to it.

OR they(FBI) created Privnote as an experiment to see if drug dealers and terrorists would use it assuming privacy, but realistically it's been forwarding everything directly to their servers in plain text, and in real-time.

                                     Anything is possible.