Several scenarios are possible. the feds could hack into SR or otherwise take control of it. The customer sends the vendor his address with a privnote link. Feds intercept the link at the server, get the customers address, make a new privnote message that is identical and forward it on to the vendor. Now the vendor sends drugs to the address and the feds have already identified it, intercept the product and raid the customer. That seems like one of the most likely scenarios. I am still not used to these new javascript based website encryption services, they seem to be a slight improvement over how hushmail was doing things with javascript (in that Hushmail was still sent passwords to asymmetric private keys, afaik privnote is entirely symmetrical with single use keys that are hilariously presumably to be sent through cleartext channels), but I am sure they are full of holes. One hole in particular is that they are constantly sending the javascript app to the client using it and unless the client constantly verifies that it is legitimate they could send a bugged version. There is also the entire "you are presumably to send the symmetric encryption key through a non-encrypted channel" detail, which I find to be a bit hilarious. I mean, asymmetric cryptography is weak to MITM as well but I think not to anywhere near the same extent as something like privnote, especially considering vendors here can post public asymmetric keys publicly and verify them, but you cannot very well post a one time use (or any time use) symmetric key publicly. You assume that merely having your address go through privnote would be enough to get you raided. This is highly unlikely, although an address found from privnote may be note worthy it is certainly not enough by itself to warrant much. However, the real risk is that the attacker will take over SR server and do massive MITMing of privnote links in order to enumerate the addresses of all the customers using privnote. Considering protecting from an attacker who pwns the server is the goal of using asymmetric cryptography, it seems like a good indication that you should not use privnote as a replacement for asymmetric cryptography if privnote cannot protect from such an attacker. Prior to Hushmail handing over many DVDs worth of E-mails to the DEA, they had no such warning. They acted like they were invincible and were a proper implementation of and replacement for traditional user controlled asymmetric cryptography. Only after Raw Deal did they point out that they cannot actually protect from law enforcement level attackers. This is a common trend actually, you could look at the hidemyass VPN service as well (several VPNs have fallen into the same pattern actually). These services all offer weak protections that were never really intended to stand up against strong attackers, however they need to market their shit so they make really big claims or imply that they can offer strong security or anonymity. When the house of cards comes tumbling down, usually at the hands of law enforcement, these companies shrug their shoulders and call their users idiots for thinking that their company could really withstand law enforcement level attackers. Privnote is certainly not safer than properly used GPG. As I pointed out, an attacker who pwns SR server will intercept the privnote link, read it, copy the message, make a new privnote link to the copy of the message, and let that message get through to the vendor. Nobody can tell that the real message has been intercepted and read by an unintended party. Additionally, you cannot know shit with privnote either, all you can do is have faith in a company. There is no law of mathematics that says privnote must destroy their messages after they are read once. You sound like you may be somewhat interested in the Vanish network, it stores messages for some period of time and then makes them impossible to decrypt at a later date (of course you should additionally encrypt these messages with GPG yourself, Vanish is mostly theoretically useful for protecting from laws regarding encryption keys in countries like the UK). I have not looked at it for quite a while now, last I checked it fell victim (at least theoretically) to a Sybil attack , but they had plans to fix it up I think. Anyway I just throw that out there as something to look into. Anyway you just need to look at farmers market to see that people kept using Hushmail even after it was known that they will at the drop of a dime hand over as much information to law enforcement as is requested. There are always idiots willing to have faith in the promises of a company, even after the company has been debunked. VPNs turn on their users on a regular basis but they don't go out of business for doing so. The simple fact of the matter is, we have a decade of experience pointing to the fact that companies break under little pressure, the laws of mathematics and well thought out security policy do not buckle to anything. As I already pointed out, the feds / police will not use the address by itself as proof of anything. They may use it as an intelligence lead in itself, something leading them to watch the address perhaps looking for other signs of illegal activity. The more worrying thing is that they will intercept the link to the privnote post as it goes through SR server and MITM attack. When they see the customer place an order with the vendor, and then send the vendor the privnote link, that will be enough to use the address the privnote link posts to as evidence of a drug law offense. Also it is quite likely they will do a controlled delivery, and history has shown us that if you accept a package and open it , that is usually enough for them to prove that you ordered it in court. Seems to me that you are merely justifying to yourself the fact that you are too lazy to figure out how to use proper security measures. Either that or you are trying to lead others astray. The fact of the matter is that drugs are still illegal and ordering drugs via the mail is a federal offense. The feds probably do not care about the person ordering personal use cocaine from this site, but in the event that they obtain proof such a thing has happened, it is quite likely they will forward this intelligence on to your local police department. And they are likely to try to arrest you. Most people in prison over drug charges are there over personal use amounts. Don't worry, I wont.