Quote from: kmfkewm on September 08, 2012, 01:10 pmit means that it doesn't matter if there is no networking code in the distributed program, if there is code in the distributed program that launches whatever it decrypts as a script, provided it has a magic keyword in it ;). The entire code distributed has no hint of networking being done because it gets that from the plaintext after it decrypts the message. ...The only difference between a legitimate program for decrypting messages and showing the plaintext and a malicious program that could deanonymize you boils down to | #{[105, 114, 98].pack("c*")}Then the issue boils down to where is the encrypted data coming from? If there is encrypted data in my code (there isn't) then what you describe is possible. If the only encrypted data is coming from vendor's order page then it's really not.Not to mention the previous mention of using an air gap, which we've covered (if anyone else cares, go re-read from the start of the thread).To do that I would need to insert code which checked each decrypted address for a specific string and then generate the code.All it does is decrypt the files created from the CSV, decrypt them (as previously described), read the data and then rewrite that in another format to a new file. The reading and writing of files in Python is explained here:http://docs.python.org/tutorial/inputoutput.html