Quote from: Guru on August 10, 2012, 12:04 amQuote from: LouisCyphre on July 03, 2012, 03:52 pmRecently there have been a couple of threads started by people concerned that if they encrypt something to a vendor, like their address in an order, there is the risk that the encrypted file might be used against a buyer if LE manages to get the message. This is a brief explanation of how to encrypt a message that cannot be checked to see who it is encrypted to. Excellent post, Louis. However, one risk that you haven't addressed arises because of the way PGP/GPG works. I'm referring to the fact that, in order to encrypt to someone's key, that key has to reside on the sender's PGP/GPG keyring. While the existence of particular keys on a person's keyring does not prove anything, in and of itself, it nevertheless provides evidence of possible contact between individuals. Traffic analysis of intercepted messages, based on PGP/GPG Key-IDs: is a minor risk, and as you correctly pointed out, can be avoided through the --throw-key-ids directive. In my view a much larger risk potentially arises from insecure storage of PGP/GPG keyrings on the part of vendors. If a vendor is raided, and his or her keyrings are not securely stored, then the authorities, by merely listing all the keys in the vendor's public keyring, can obtain a list of whom he or she has potentially been communicating with. Vendors therefore need to take appropriate precautions to secure their keyrings from exposure. I agree. We should all be storing our GPG home directories (containing keyrings and config) in an encrypted volume of some kind. Vendors especially need to do this, of course.