After starting to visit the shipping sub forum a bit more I have become aware of a worrying trend. This trend is vendors buying vendor specific products (tracking stamps, MBB and other shipping supplies) from other vendors. I think that this is extremely worrying from a security perspective. In the case of MBB it is worrying simply because the vendors ordering these supplies are getting them sent to boxes that can of course be put under surveillance. Even if they order the bags from throw away accounts, it wont matter, because only vendors are going to order those and they leak their geolocation anyway so it is simply a matter of matching up the geolocation to the vendors known to operate out of that area. If one of the big MBB vendors turns out to be a fed, or is later compromised, that could lead to the busts of all of the vendors who ordered from them, and it seems that a LOT of vendors are ordering these bags from a select few suppliers selling them on SR. This is extremely worrying to me. Even more worrying is the fact that apparently several vendors are buying tracking stickers from vendors on SR who specialize in selling them. This to me just seems so dumb that anyone could think this is a good idea. Now not only do these tracking sticker vendors get the box information of the vendors they are shipping them to, but they can trivially get the addresses of all customers sent anything with those tracking numbers! This means they can easily send a vendor a hundred tracking stickers, put the box they ship them to under surveillance, identify the vendor, wait for them to send out 100 packs, identify all 100 of the customers addresses, intercept some of the now very easy to locate shipments, find they have drugs in them and raid the vendor. That is just fucking horrible security and I am blown away that any vendors are stupid enough to be doing this! I don't want to point any fingers at anyone, if there is one thing I know it is that a lot of people trying to offer services are not well versed in security , but really to me this full situation just looks like an operation unfolding. They cannot get through our technical security measures so instead they try to get at vendors and customers by tricking vendors into ordering shit from them, in some cases ordering shit from them that allows them to enumerate their entire client bases addresses and locate their packages at will! Now is this certainly happening? No, but it sure as fuck could be, and that is extremely concerning.