Silk Road forums

Discussion => Silk Road discussion => Topic started by: MetaD13 on April 08, 2013, 03:13 am

Title: Okay to use Privnote once?
Post by: MetaD13 on April 08, 2013, 03:13 am
I normally use PGP encryption for all my orders but a vendor is having trouble decrypting my message. He thinks it must be some sort of compatibility issue since his PGP key is very short and mine is much longer. Yes I know it sounds a bit odd but the vendor has solid feedback so I don't suspect anything. Plus I've been told that privnote puts the vendor at larger risk rather than the one sending the address. I know I might sound a bit paranoid but I've been on SR for awhile and know that security always comes first.

so would it be okay to use this one time?
Title: Re: Okay to use Privnote once?
Post by: thyme on April 08, 2013, 06:35 am
Maybe the vendor could come seek support from the astonishing array of free support resources available on the forum?  Because if this problem comes up with you, it seems like the kind of problem that is going to recur and could be addressed now while working with a friendly, patient client.

In a non-technical vein, I'll just say: Privnote freaks me the fuck out, so personally, I wouldn't. Not trying to foster paranoia, it's just... you know, you asked.

I'm just curious: is the vendor suggesting Privnote, or was that your attempt to come up with a solution?
Title: Re: Okay to use Privnote once?
Post by: sharonneedles on April 08, 2013, 08:02 am
I've used privnote before. Is there evidence that one shouldn't use it?
Title: Re: Okay to use Privnote once?
Post by: scout on April 08, 2013, 08:07 am
No.  You'll get pregnant and then you'll die.
Title: Re: Okay to use Privnote once?
Post by: colorblack on April 08, 2013, 08:08 am
No.  You'll get pregnant and then you'll die.
Hahahaha. nice.
Title: Re: Okay to use Privnote once?
Post by: Hungry ghost on April 08, 2013, 08:20 am
It always seems to me that Privnote (apart from trusting your details to third party) is kind of shutting the door after the horse has bolted. Sure you could tell if someone else had opened the link, but by then its too late; they have your address.
         Secondly, it seems incredibly vulnerable to a kind of MITM attack: LE opens the note, reads it, then just sends you a new privnote with the same data inside. You have no way of knowing that the link you recieve is different from the one sent. I don't know if I'm missing something obvious here...................
Privnote is a toy. You might as well just send your address in clear text.
Not sure how privnote exposes the vendor to more risk than the buyer? Have a little think about that one......whose address is in the note?
       
Title: Re: Okay to use Privnote once?
Post by: aussiepp on April 08, 2013, 11:39 am
I've used privnote once. I'd prefer to use privnote than no other security measure.
But yeah, it's not ideal.
Title: Re: Okay to use Privnote once?
Post by: yokes101 on April 08, 2013, 12:21 pm
I used Privnote once and it was the only ever time I had trouble with an order on the silk road.
I would never used it again.
Title: Re: Okay to use Privnote once?
Post by: Arcturian on April 08, 2013, 03:30 pm
No.  You'll get pregnant and then you'll die.

Dude i think you got your talks mixed up, one day when your having 'the talk' with your kids you'll be telling them to always use PGP encryption  ::)
Title: Re: Okay to use Privnote once?
Post by: Arcturian on April 08, 2013, 03:32 pm
Back on topic: Privnote cant be any more dangerous then sending it unencrypted, which is why i urge buyers to PGP encrypt or at least use privnote. The majority (especially newer members) dont encrypt so i instruct them to send via privnote
Title: Re: Okay to use Privnote once?
Post by: thyme on April 08, 2013, 05:22 pm
No.  You'll get pregnant and then you'll die.
ahahahahahahaha. yes, that.

Quote from: Arcturian
Privnote cant be any more dangerous then sending it unencrypted
Well, continuing from the above analogy, using Privnote is akin to using pinholed condoms.
The illusion of protection is NOT better.
At least if you throw caution to the winds and say, "Eh, I'll take the chance," you know when to sit there counting days on the calendar.
Title: Re: Okay to use Privnote once?
Post by: scout on April 08, 2013, 07:48 pm
No.  You'll get pregnant and then you'll die.
ahahahahahahaha. yes, that.

Quote from: Arcturian
Privnote cant be any more dangerous then sending it unencrypted
Well, continuing from the above analogy, using Privnote is akin to using pinholed condoms.
The illusion of protection is NOT better.
At least if you throw caution to the winds and say, "Eh, I'll take the chance," you know when to sit there counting days on the calendar.

Hahaha, but really, it's a good analogy.  I would actually rather use cleartext than to use privnote.  Better yet, if a vendor told me he couldn't use PGP and wanted privnote, I'd find another vendor.
Title: Re: Okay to use Privnote once?
Post by: caman420 on April 08, 2013, 10:37 pm
maybe the vendor could generate a new pgp & start over.  What software you using? gpg4usb is nice & easy.

Anyone using bitmessage
Title: Re: Okay to use Privnote once?
Post by: UK Stealth on April 08, 2013, 10:43 pm
privnote is safe used it since it came online. its even safer using through tor browser. sure as hell beats pgp which has be hacked apparently,

http://www.theregister.co.uk/2012/12/20/elcomsoft_tool_decrypts_pgp/

And if the way things are going this might be an alternative

http://www.theregister.co.uk/2012/06/14/pgp_seal_encrypted_communications/.....

So ferget all that shite keep it simple privnote and tor browser.

Thats all i use or ever will. my thoughts only1.

Title: Re: Okay to use Privnote once?
Post by: UK Stealth on April 08, 2013, 10:46 pm
https://bitmessage.org/wiki/Main_Page


checking it out now thanks fer mentioning bitmessage
Title: Re: Okay to use Privnote once?
Post by: axeman on April 08, 2013, 10:49 pm
No.  You'll get pregnant and then you'll die.
ahahahahahahaha. yes, that.

Quote from: Arcturian
Privnote cant be any more dangerous then sending it unencrypted
Well, continuing from the above analogy, using Privnote is akin to using pinholed condoms.
The illusion of protection is NOT better.
At least if you throw caution to the winds and say, "Eh, I'll take the chance," you know when to sit there counting days on the calendar.

Hahaha, but really, it's a good analogy.  I would actually rather use cleartext than to use privnote.  Better yet, if a vendor told me he couldn't use PGP and wanted privnote, I'd find another vendor.

BRAVO!
********False security is much worse than no security at all!!!!!**********
Title: Re: Okay to use Privnote once?
Post by: Arcturian on April 08, 2013, 11:38 pm
Sorry but i may be missing something, is there a particular reason privnote is more dangerous? If law enforcement were to gain access to all the addresses going through SR, they'd have no more trouble simply reading an unencrypted message then trying to get hold of the contents of an already self-destructed privnote. And lets say privnote do keep some record, it would still take more effort to get hold of that address. And if it tracked IP addresses than we've got to hope people have the sense to use privnote via Tor. :)
Title: Re: Okay to use Privnote once?
Post by: BenJesuit on April 09, 2013, 12:06 am
SR peeps is overly paranoid without thinking something through or worse, over thinking it.

Privnote over TOR; If LE intecepts it, guess what? All they got was an address. Weee! The IRS has your address. Junk Mailers have your address. Your doctors have your address. Your utility companies and banks have your address. Your friends have your address. On so on and so forth. So what?

Your Privnoted address shouldn't say:

Yes, send that bulk order of molly to:
J. Dumbass Mofo, Jr.
1 dumbfuck way
Dumbassville, Bumfuck, 00000-0000

Thanks! can't wait to be the life of the party.
I'm going to sell so much I'll be back next week for moar!

That's just fucking dumb.

But if it's just your address, what exactly does LEO have but an address? They don't know what's going to it. They really don't give a shit because you're just not that special no matter what mommy told you.

They have nothing to go on except that someone over TOR gave someone else what may or may not be your address. They don't even know it's you or not who did. They don't even care. It's a dead end for them if it's just an address. They don't know why you gave it out. Without that, they're not going to waste a second on a visit. And they don't even know who read it as vendors will read it over TOR. So they really have zippo to go on.

I don't mean to have you to underestimate LEO, but damn you people are overly paranoid and overestimate their abilities with their strained budgets. LEO's favorite food is low hanging fruit. AKA the dumbass. Jails full of dumbasses. They make up the the main constituency of the population.   

Remember, possession is 9/10ths of the law = slam dunk for police and prosecution.

So unless they know for sure what's at your address or on its way to you, getting a warrant if you have no criminal record will be next to impossible. They wouldn't even try.

PGP ain't shit if your vendor gets compromised. Do you really think he/she wouldn't cop a plea deal and give up the passcode to the encryption? Really?

The good news is that unless you're buying massive bulk from a compromised vendor, the odds of LEO coordinating with other LEOs to come and getcha is low. So learn to hide your stash well or move it fast if you're a massive bulk buyer. And if you're a massive bulk buyer, hopefully you have a drop. I know high rollers don't need to be told that. But some of you are straight up geeks all wet behind the ears.