Silk Road forums

Discussion => Security => Topic started by: CarrieWhitesMother on August 09, 2011, 05:49 pm

Title: YIKES!!! I Think I Messed Up
Post by: CarrieWhitesMother on August 09, 2011, 05:49 pm
Very new to all this, and very nervous. I was attempting to make my second purchase ever on SR a couple of days ago when I inadvertently sent the mailing address unencrypted. How bigga deal is this? I'm trying to watch my P's and Q's on SR, I certainly don't want to annoy a Mexican Drug Lord or agitate a Dutch Hippy, and mostly I don't want to end up in the Black Maria. I immediately sent an ( encrypted) apology along with my Pub. Key but I haven't heard back from the vendor yet. 

Should I cancel my order? would that annoy the vendor even more? have I condemned myself to a life of paranoia and bad disguises. EEEK!!!

Like I said, I'm new to this, and while I was/am totally aware of the need for encryption when *messaging* — I just didn't make the same connection when inputting the shopping cart. "type address here" it said, not —"place *ENCRYPTED* address here" so I just typed in the address and hit send...then screamed.

I'll shut up now.
 
Title: Re: YIKES!!! I Think I Messed Up
Post by: envious on August 09, 2011, 06:09 pm
You're screwed. SWAT team enroute. BAIL BAIL BAIL
Title: Re: YIKES!!! I Think I Messed Up
Post by: CarrieWhitesMother on August 09, 2011, 06:42 pm
Pure Evil! — I believed you and jumped out my second story window in my nighty.
Title: Re: YIKES!!! I Think I Messed Up
Post by: bp on August 09, 2011, 07:06 pm
That was a minor blunder that probably will amount to nothing.
Messing up is doing something like sending a scammer your info unencrypted and your BTC directly to his wallet around escrow  >:(
Then you follow up by sending unencrypted info to someone who claims all of their outgoing was grabbed by LE  ???

THAT'S messing up.
Title: Re: YIKES!!! I Think I Messed Up
Post by: MrDdroMcGillacutty on August 09, 2011, 07:56 pm
You're screwed. SWAT team enroute. BAIL BAIL BAIL

+1 LMAO!! Hahahaha!!

Red team GO! Red Team GO!

Pull your cash out of the bank and run for the hills. Live off the land and build a tree fort. GOOD LUCK

Title: Re: YIKES!!! I Think I Messed Up
Post by: happytree on August 09, 2011, 08:20 pm
Encrypting addresses and messages via PGP is an "extra" layer of security that is "recommended" but not "required". I have read that if you're buying personal amounts, you're not selling and moving kilos of scarface cocaine, the security that SR offers in its anonymity and through Tor, is enough.
Title: Re: YIKES!!! I Think I Messed Up
Post by: un1v4c222 on August 10, 2011, 12:17 am
happytree

I'd like to clear up a misconception about TOR.  While it's anonymous, it is not necessarily "private".  Rogue exit nodes can sniff outgoing traffic, and possibly pick up plain text information.  Always using PGP prevents this possibility, remote as it may seem.
Title: Re: YIKES!!! I Think I Messed Up
Post by: CarrieWhitesMother on August 10, 2011, 12:27 am
happytree  — Thanx for the talk down.
univac222 — Thanx for the info ( very interesting )
envious — Bite Me
MrDdroMcGillacutty — Bite envious
Title: Re: YIKES!!! I Think I Messed Up
Post by: chronicpain on August 10, 2011, 01:22 am
At least you care and are trying to do it right. I would bet only 10 percent of my orders/customers actually use pgp. Im tired of telling everyone to use it. They always say, "Im trying to figure it out or Ill do it soon" Good for you for doing it right from the get go..

EVERYONE NEEDS TO USE PGP WHEN ORDERING!!! Not only does it give you a layer of anonymity, but also plausible deniability..

Don't worry about it...relax...
Title: Re: YIKES!!! I Think I Messed Up
Post by: un1v4c222 on August 10, 2011, 03:32 am
Buyers need to stop working with vendors who don't offer PGP.  That will force vendors to start using it.  Ultimately, the goal should be vendors not dealing with people who don't use PGP either.  While that goal seems unrealistic, it would create an almost near perfect system.   Once you get going with it, it's very simple to use.  It's also kind of magical to see all those random characters turn into a meaningful message that only I can decode.  I wish others would appreciate this side of it, instead of thinking of it as an inconvenience. Not only is it fun, it decreases paranoia and anxiety!
Title: Re: YIKES!!! I Think I Messed Up
Post by: happytree on August 10, 2011, 05:03 am
If PGP is going to be a requirement, or a wanted/needed requirement, it should be added to the Buyers & Sellers guide. I had no clue what it was, or had to do it, until I had spent quite a bit of time on the forums, and as a moderator has stated, 75% of buyers don't even come to the forum.

The only place PGP is mentioned on the Buyer's guide, is under the address/receiving section, and refers to it being for the "extra cautious".  Many threads mention PGP as something not necessary, more of an option, so at this point, it seems a matter of opinion. I don't mind doing it, but everyone should be on the same page.

http://ianxz6zefk72ulzz.onion/index.php/silkroad/buyers_guide
Title: Re: YIKES!!! I Think I Messed Up
Post by: MrDdroMcGillacutty on August 10, 2011, 02:41 pm
happytree  — Thanx for the talk down.
univac222 — Thanx for the info ( very interesting )
envious — Bite Me
MrDdroMcGillacutty — Bite envious

No thanks. Not my type and I am not sure where envious has been. But I've heard stories. Hahaha. J/K envious- respect.  :D

How is that tree fort in the hills working out for you? Your name and address will now be written in permanent marker in the blackmarket bathroom stall. So there, HA!
Title: Re: YIKES!!! I Think I Messed Up
Post by: uniwiz on August 10, 2011, 02:47 pm
If PGP is going to be a requirement, or a wanted/needed requirement, it should be added to the Buyers & Sellers guide. I had no clue what it was, or had to do it, until I had spent quite a bit of time on the forums, and as a moderator has stated, 75% of buyers don't even come to the forum.

The only place PGP is mentioned on the Buyer's guide, is under the address/receiving section, and refers to it being for the "extra cautious".  Many threads mention PGP as something not necessary, more of an option, so at this point, it seems a matter of opinion. I don't mind doing it, but everyone should be on the same page.

http://ianxz6zefk72ulzz.onion/index.php/silkroad/buyers_guide


+1


I'm with Happytree. Please add it to the buyers guide.
It was a pain in the butt to figure out something so simple.
Title: Re: YIKES!!! I Think I Messed Up
Post by: Gruzel on August 10, 2011, 04:15 pm
Remember, the seller obviously can decrypt your address, and what they do with it from them (purposefully or inadvertently) is completely up to them.  Using PGP on buyer-->seller communications hides your address from the SR system itself (can't be stored on the SR servers, SR admins can't get to it, a compromised SR account won't be able to read it).  That's what you are protecting yourself from by using PGP.  It's a GoodThing, and should be encouraged.
Title: Re: YIKES!!! I Think I Messed Up
Post by: theonetheonlyandy on August 10, 2011, 04:32 pm
but cant it be argued that yes PGP is an extra layer but what if the seller saves your address after they unecyrtpit the message with your address.
Title: Re: YIKES!!! I Think I Messed Up
Post by: envious on August 10, 2011, 07:48 pm
happytree  — Thanx for the talk down.
univac222 — Thanx for the info ( very interesting )
envious — Bite Me
MrDdroMcGillacutty — Bite envious

No thanks. Not my type and I am not sure where envious has been. But I've heard stories. Hahaha. J/K envious- respect.  :D

How is that tree fort in the hills working out for you? Your name and address will now be written in permanent marker in the blackmarket bathroom stall. So there, HA!

I've been to many a glory hole.
Title: Re: YIKES!!! I Think I Messed Up
Post by: CaptainJohnny on August 10, 2011, 11:58 pm
but cant it be argued that yes PGP is an extra layer but what if the seller saves your address after they unecyrtpit the message with your address.

A competent operator of gpg can display the encrypted message without it ever touching storage media. in Linux, the output can be directed to stdout. I will not print out the man page...  ;-)

If you're using Windows, I have no idea. I quit using that junk years ago...
Title: Re: YIKES!!! I Think I Messed Up
Post by: CarrieWhitesMother on August 11, 2011, 01:18 am
"...but cant it be argued that yes PGP is an extra layer but what if the seller saves your address after they unecyrtpit the message with your address."

RIGHT!!?!!...eek!!
Title: Re: YIKES!!! I Think I Messed Up
Post by: un1v4c222 on August 11, 2011, 01:26 am
For windows, I've heard that "GPA (Gnu Privacy Assistant) has a clipboard function that you can write in / encrypt/ decrypt all in RAM." 

Never any need to write to disk.
Title: Re: YIKES!!! I Think I Messed Up
Post by: CaptainJohnny on August 11, 2011, 01:38 am
If you use the triple algorithm cascade feature of TrueCrypt, you can encrypt your entire drive in an absolutely invincible fashion with little to know effort. NOT doing it is the mark of a truly lazy and stupid person. It won't matter what gets saved or written to media if done in this fashion. There is absolutely no excuse, it's far too easy to do. You can even make portable file containers that you can make backups on, copy to flash media, stick it in one of those keychain pill holders, and geocache your backup.... Even if someone finds it, it's encrypted beyond the means of anything even science fiction can dream of.
Title: Re: YIKES!!! I Think I Messed Up
Post by: CrunchyFrog on August 11, 2011, 01:56 am
> For windows, I've heard that "GPA (Gnu Privacy Assistant) has a clipboard function that you can write in / encrypt/ decrypt all in RAM."
> Never any need to write to disk.

True about the GPA clipboard.  But don't forget to clear your pagefile.sys, as various things "in memory" end up there as well.  Hibernating your system copies memory to disk (hiberfil.sys) by design, too.  (Neither of which are of great concern if they reside on an encrypted partition.)
Title: Re: YIKES!!! I Think I Messed Up
Post by: chronicpain on August 11, 2011, 02:10 am
Speaking of encryption. You can encrypt a windows HD without hurting or deleting existing files, correct? but what about Mac? I am under the impression that if you try to encrypt the whole HD it will wipe everything, right?

IS there a way to encrypt a mac's hd without losing any info? and without backing it up first?
Title: Re: YIKES!!! I Think I Messed Up
Post by: CaptainJohnny on August 11, 2011, 02:13 am
I know crap about MACs. But I do know that TrueCrypt will encrypt a Windws Partition in place without doing any damage, even replacing the MBR with it's own boot loader... You could always check their website and see. Seems people who are such badasses as the TrueCrypt people are, would be better able to answer that question. I give you one guess what the URL is...  :-p
Title: Re: YIKES!!! I Think I Messed Up
Post by: chronicpain on August 11, 2011, 02:50 pm
Damn! if you try to encrypt your entire drive with trucypt it will erase the entire drive. I wish I would have known about it before all this.  I gues I can make up encrypted partitions and then move all sensitive material into the encrypted areas..

Next hd that I get is going to get the entire thing trucrypted (will be the first thing that I do.)
Title: Re: YIKES!!! I Think I Messed Up
Post by: profspudhed on August 11, 2011, 03:59 pm
i messed up in a similar way myself yesterday, if you order multiple things and pay out the cart all at once you only put the address in once, so encrypting it for one seller means the others wont be able to decrypt it, sure its nice and convenient to only have to punch your address in once but maybe we should consider an individual checkout per seller

on the subject ive been trying to get pgp working on my phone through apg and k9mail, although i can encrypt and send messages no problem when i get them back i get a message telling me there is no suitable secret key to decode the message, i thought we used public keys for that? they were good enough to encrypt the message first and to decrypt it on my pc. its not a major issue though, my laptop goes EVERYWHERE with me so i can always tether and get it that way (yes im a nerd)
Title: Re: YIKES!!! I Think I Messed Up
Post by: CaptainJohnny on August 29, 2011, 07:32 pm
Damn! if you try to encrypt your entire drive with trucypt it will erase the entire drive. I wish I would have known about it before all this.  I gues I can make up encrypted partitions and then move all sensitive material into the encrypted areas..

Next hd that I get is going to get the entire thing trucrypted (will be the first thing that I do.)

What is your OS?

TrueCrypt WILL encrypt any current Windows System drive in place without doing any harm to your data. I have done it many times. It can take days, but it has features to suspend it and pick up where you left off. When I tripple cascaded a 2tb drive, it took over a week.

Yes, TrueCrypt absolutely can do this. Please do not spread FUD to discourage people from doing it. It makes you look like LE. Who else would discourage encryption that does indeed do exactly this?
Title: Re: YIKES!!! I Think I Messed Up
Post by: anarcho47 on August 29, 2011, 10:31 pm
Use truecrypt.  Even just have a flash drive where you would keep anything sensitive or a small 100mb partition or something.  It's a fantastic program.