Silk Road forums

Discussion => Security => Topic started by: g00se on May 12, 2013, 05:37 pm

Title: View feedback - DANGEROUS - WTF?!?!!
Post by: g00se on May 12, 2013, 05:37 pm
http://silkroadvb5piz3r.onion/account/view_feedback

What the hell? How far back does this history go? This could be VERY dangerous and incriminating as hell! Fix it NOW, DPR! Let us at least delete each manually!
Title: Re: View feedback - DANGEROUS - WTF?!?!!
Post by: astor on May 12, 2013, 06:12 pm
It disappears after 3 months. Presumably, it's actually deleted from the server at that point.

It would be nice if you could delete it yourself, but I suspect there are two reasons that you can't.

1. Each of those items is associated with another account, the vendor that you purchased from. It would be unfair if they wanted that info and you could delete it from their account. And it would be shady on DPR's part if he allowed you to "delete" it from your account while keeping it on the server and making available to the other party. So I think it's best that neither party can delete it until some standard amount of time (currently 3 months), and you are both made aware that the info exists, because you can see it in your account history.

Of course, the act of deleting it could simply anonymize the data, unlinking it from your account while keeping it in the other account, which leads me to:

2. It protects against scammers. Otherwise, a vendor (or buyer) could scam a bunch of people and erase the evidence with the click of a button. They need to keep the info for some amount of time to identify patterns associated with scammers.
Title: Re: View feedback - DANGEROUS - WTF?!?!!
Post by: smokecrack on May 12, 2013, 06:26 pm
y u trippin?
Title: Re: View feedback - DANGEROUS - WTF?!?!!
Post by: Libertas on May 12, 2013, 09:11 pm
It disappears after 3 months. Presumably, it's actually deleted from the server at that point.

It would be nice if you could delete it yourself, but I suspect there are two reasons that you can't.

1. Each of those items is associated with another account, the vendor that you purchased from. It would be unfair if they wanted that info and you could delete it from their account. And it would be shady on DPR's part if he allowed you to "delete" it from your account while keeping it on the server and making available to the other party. So I think it's best that neither party can delete it until some standard amount of time (currently 3 months), and you are both made aware that the info exists, because you can see it in your account history.

Of course, the act of deleting it could simply anonymize the data, unlinking it from your account while keeping it in the other account, which leads me to:

2. It protects against scammers. Otherwise, a vendor (or buyer) could scam a bunch of people and erase the evidence with the click of a button. They need to keep the info for some amount of time to identify patterns associated with scammers.

Thank you for posting the above, astor. It was very informative and exactly what was needed to be said!

Libertas
Title: Re: View feedback - DANGEROUS - WTF?!?!!
Post by: g00se on May 12, 2013, 09:21 pm
It should at least require the security pin to access this feedback. I just don't want to get 3 months of activity on my ass in case something goes wrong...
Title: Re: View feedback - DANGEROUS - WTF?!?!!
Post by: Libertas on May 12, 2013, 09:29 pm
It should at least require the security pin to access this feedback. I just don't want to get 3 months of activity on my ass in case something goes wrong...

Your username and passphrase are already required to access your account so there is no need for a PIN entry system to access the feedback you've left. Every member is responsible for their own security and actions, and should be taking the necessary precautions to prevent falling victim to phishers and hiding their Tor Browser Bundle on a hidden encrypted volume if they desire no one to have access to it.

Silk Road already does MORE than enough to protect buyers that choose to purchase from vendors here. People, both buyers AND vendors, need to employ a modicum of personal responsibility when using Silk Road!

Libertas
Title: Re: View feedback - DANGEROUS - WTF?!?!!
Post by: scout on May 12, 2013, 09:37 pm
It disappears after 3 months. Presumably, it's actually deleted from the server at that point.

It would be nice if you could delete it yourself, but I suspect there are two reasons that you can't.

1. Each of those items is associated with another account, the vendor that you purchased from. It would be unfair if they wanted that info and you could delete it from their account. And it would be shady on DPR's part if he allowed you to "delete" it from your account while keeping it on the server and making available to the other party. So I think it's best that neither party can delete it until some standard amount of time (currently 3 months), and you are both made aware that the info exists, because you can see it in your account history.

Of course, the act of deleting it could simply anonymize the data, unlinking it from your account while keeping it in the other account, which leads me to:

2. It protects against scammers. Otherwise, a vendor (or buyer) could scam a bunch of people and erase the evidence with the click of a button. They need to keep the info for some amount of time to identify patterns associated with scammers.


This.  Thank you for the great response as usual, astor.
Title: Re: View feedback - DANGEROUS - WTF?!?!!
Post by: mrlavish on May 13, 2013, 06:59 pm
It should at least require the security pin to access this feedback. I just don't want to get 3 months of activity on my ass in case something goes wrong...

It actually used to be your whole history, within the last year or so it was shortened down to 3 months. I actually liked having my whole history as it gave me perspective on what I had done and allowed me a way to track my usage.

I'm not worried at all about someone finding out I use SR as I am the only one that knows I do it. I have no passwords/usernames written down anywhere. No bookmarks saved, nothing.

The only way someone is going to get access to your SR account is if you give it to them.