Quote from: truenull on July 22, 2012, 11:38 pmQuote from: LouisCyphre on July 21, 2012, 05:55 pmWhat I'd like to see is the message and order system released so that it can be independently audited to confirm there are no security flaws in it, that the encryption on the messages is up to par and that orders (e.g. addresses) are securely deleted when finished.If SR is doing encryption, they're doing it terribly wrong- EXCEPT if the database was kept on a TrueCrypt volume or similar, with a readily accessible way to permanently delete the key.They may or may not be doing it properly, but the problem is we have no way of knowing. Right now SR's actual security is like Schrdinger's Cat: it's both secure (alive) and insecure (dead) simultaneously.Quote from: truenull on July 22, 2012, 11:38 pmIf you're relying on SR to encrypt your address, you might as well start preparing your anus while you have time. The entire point of GPG is that SR can't read your address.Yep, I assume that Schdinger's Cat is dead and behave accordingly.