Silk Road forums
Discussion => Security => Topic started by: jameslink2 on June 30, 2012, 06:29 pm
-
Sorry, had to regurgitate the subject line but there is something that I think all buyers should know.
We vendors do not save your address and SR removes it once the package is marked as confirmed/shipped. HOWEVER, we do maintain the DNC's until you finalize showing your received the package. We have to, it is our proof that we shipped it and proof that you received it.
Now, I have several people who received their package almost a week ago and have not finalized the escrow. I have to hold on to the DCN's, that means there is a risk until you finalize. I may not have your address but that DCN is proof of a sale and can be tracked!
Please, when you receive your package, finalize the deal. That way we can shred the one link that remains and is traceable to you!
-
Thank you.....
I'm a vendor as well. First of all, I respect buyers and the fact that they want to use pgp, but SR takes care of encryption/cryptography. Yes, it is true as soon as you provide us vendors with a name and addy and when we OK the order we can no longer see it. That is all.
The dcn is true as well. So please trust SR. You buy drugs off here and even log on, so I think you can trust it enough to believe us vendors when we tell you this. Sesampino doez this same thing. Read his profile amd hewill say everything we stated.
-
all communication between buyer and seller should be with pgp, whether it is conducted through sr or another medium. there is no such thing as being too careful, and it is foolish to trust a website (sr in this case) to provide a secure communication. the encryption software is free, it takes next to no effort to use it, and there absolutely no reason not to use it.
-
So assuming that sr cannot be trusted what happens when another person gets your pgp key? Answer that with a definable cure to paranoia and ill submit. There isn't an answer.
Same as email. Anyone can get your key at any given point when you give it to another person outside encryption.
The only reason why I followed up on the op response is because I know how it works on the vendors end. Buyers don't.
-
So assuming that sr cannot be trusted what happens when another person gets your pgp key? Answer that with a definable cure to paranoia and ill submit. There isn't an answer.
The vendor's key or the buyer's key? I'm going to assume, for this thread that you mean the secret key of anyone to whom the address in encrypted (i.e. definitely the vendor's key and possibly the buyer's).
If the vendor's account and key is completely compromised (e.g. LE use a trojan to plant a keylogger on a vndor's system), then all the buyers using that vendor are screwed.
If the secret key is leaked in some way, the secret information is still encrypted. That can only be accessed with the corresponding passphrase. Thus OpenPGP provides a two-step authentication process which the SR system does not.
Same as email. Anyone can get your key at any given point when you give it to another person outside encryption.
If the buyer's key is compromised (other than by foolishly posting the secret key publicly) then it is likely that other information belonging to the buyer is already compromised, including their address. Even if the secret key is available, there still remains the passphrase.
If a buyer wishes to use GPG when sending their address then they should only encrypt to the buyer's key and use the "for your eyes only" option:
gpg -ea --for-your-eyes-only -r $VENDORKEYID address.txt
The vendor will only be able to decrypt the file manually using the --output flag.
If either the buyer or the vendor is concerned about key security (especially if the vendor has done something inane, like post their secret key or create a key of 1024-bits or less) or the vendor does not have a public key available (but can access GPG) there is the option to use symmetric encryption only:
gpg -ca [--for-your-eyes-only] address.txt
The buyer will need to enter a passphrase specific to that message (*NOT* their normal passphrase). The issue then is to transmit the passphrase for the encrypted address to the vendor by some other secure method. Good old-fashioned spy tradecraft is good for this: a book code (where both parties have the same edition of a book and the reference uses numbers to indicate a line on a page), an anonymous message sent through a relay, or some other online reference not related to SR.
Public key cryptography was designed specifically to solve the problem of transmitting the above information. In fact, a regular PGP message is encrypted with a symmetric cipher and the passphrase for that message is encrypted with the recipient's public key. If you want to bypass it, though, you can as described above (and yes, you can extract a session passphrase from a message and then manually decrypt just that message with it, but that's a topic for another time and another thread).
This is all simple to demonstrate:
-----BEGIN PGP MESSAGE-----
jA0ECQMCqyfjGKzDQCdg0sBVASaK9IWlnbqPulqaGWJdxYRFePXWMvNyRh2dUZzt
SPdXMQGQOZjGtNIs22FFMrOSHmge8G6mWu5Qi2aHhCaBMgsEoX8pu7eNbv5h5If0
OB22dKoMonUG1rmc6fIOrSWhdsosCwHwfYBPluxa1eZGI4ahLieZty098wy9Lqe7
2cRwiSARVtDuGHuKnLPD6b4s4ffwQl3Cwju1UOh4X9wxQYGOYjrzrcIsAtpzkEcL
Lu/BodSUMY07WGqaXWBZmR0KyMsr1US2DMwzWRtjC5EmpsX+hiQpNjGzjYlW2SEO
WSZ6nIJ3UjtPXmCFmH6ym5twZS+AGx/PoFVAEYelCWha+Rh4/9AV/UC+IaijmFpn
Blh5vN9Lrw==
=pNCm
-----END PGP MESSAGE-----
In this example the passphrase is your username.
The final argument from your end, of course, is that if the address is encrypted to the vendor then the vendor will be able to save the address data off somewhere if they want to. This is true, but the argument is a bit of a straw-man because there's nothing preventing a vendor keeping a record of any address when they first receive it. At the end of the day buyers have to trust vendors not to do that.
The only reason why I followed up on the op response is because I know how it works on the vendors end. Buyers don't.
What we don't have, though, is transparency on the methods used by the SR order system to destroy this data when it is no longer needed or how effective it is. Not encrypting in the order leaves a single point of failure: the vendor's login details (presumably that's password and PIN, but possibly just the password).
We have no idea, for example, whether the SR admins have the ability to view that data and I'm guessing you don't know that for sure either. One of the reasons GPG is as trusted as it is is because every line of code has been subject to peer review. There are no backdoors. SR, however, is a black box and no one is able to review anything.
Now I am definitely not saying that there is something dodgy going on with SR, I'm inclined to think that DPR and the rest of the SR team are *not* pulling a LE-backed long con. I am, however, saying that it is possible that there may be some as yet unknown flaw or vulnerability in the system which LE (or others) might find some way to exploit in the order system. The security through obscurity model employed by SR prevents the kind of review which would reveal such a vulnerability.
Taking all of the above into account, it is quite reasonable for a buyer to choose to add a layer of security that they can verify.
-
Nice reply. Than you for clearing that up for me.
-
Nice reply. Than you for clearing that up for me.
No problem. :)
It would be fair to say that I'm a bit of a privacy advocate and am certainly interested in promoting the use of GPG everywhere. I hope there are at least some SR members who start using it for their regular email as well because every encrypted message sent on the clearnet, no matter how spurious the contents may be, adds to the background normalcy of doing so.
-
oh my god lol i'm so confused. one person says one thing and then someone else makes me think another thing.
it's tough out here for a lonely newb. D:
-
oh my god lol i'm so confused. one person says one thing and then someone else makes me think another thing.
it's tough out here for a lonely newb. D:
It can be a bit intimidating and confusing. I suggest taking it slowly and carefully rather than just rushing in for the quick fix, as it were.
When it comes to GPG there have been some conflicting statements posted on the forum, but most of that stems from people who have only just discovered it. The best way to get a grip on GPG is probably out in the clearnet, in particular with some of the mailing lists. There are a *lot* of very technically savvy people on the gnupg-users mailing list and also on the Enigmail mailing list (which is for the plug-in for Thunderbird and Seamonkey).
In places like that the promotion of effective use of GPG is for numerous reasons (all of which make great excuses for covering up the use of it here), including (but not limited to and in no particular order): general privacy concerns, political organising, activism, protecting commercial material, managing human rights organisations, minimising data mining, national security (not everyone is American and therefore have understandable objections to the NSA reading everything), etc.
It's also essential to practice with it before diving into using it to potentially keep you out of jail. I've practiced a lot and continue to do so.
-
louis you're only like the third person i've seen on these forums who actually knows how gpg works :P
Cheers. I have been using it for a while, but I'd rather not say precisely how long because the further back you go, the smaller the number of people who've used it. It's safe to say that I've been using PGP and/or GPG for more than a few years. ;)
-
URGENT WARNING TO ALL BUYERS needs to be reserved for ACTUAL FUCKING EMERGENCY'S!
i dont fucking care how bad you want everyone to read your message, unless your saving people from being caught or worse. DON'T FUCKING POST "URGENT WARNING TO ALL BUYERS" so people read your bitchin
please go die, love m4lw4r3
-
Why do vendors think it's okay to threaten buyers with their personal information on the forums? this is extremely disconcerting for legitimate buyers, because now I need to think ot myeslf: "are my favorite vendors *really* destroying my address once it's shipped?"
Look, guy, sometimes, buyers can't check their mail at the delivery location every single day, and sometimes, buyers can't securely access SR every single day. I'm sorry--I know it's the buyers responsibility to log on to finalize, and it's proper ettiquette to finalize ASAP once the item is received--but really, threatening with DCNs or addresses (which you claim you've deleted, but you probably haven't) just makes you look like a disrespectful ass.
I can tell you straight up that as a buyer, I've had my money tied up in "Processing" for days, or marked In Transit, but not shipped for days. I never got all up in arms about it--we're all just people here and none of us is perfect. I never came to the forum and created a thread that threatened to expose the vendors packaging techniques in detail. I could have done just that--but all that would accomplish would be to make me look like an ass, and probably get flamed like crazy.
Unless you're getting scammed, you're gonna get paid. Period. So STFU or GTFO.
-
If someone doesn't understand this:
What we see here is a very butthurt vendor. His anus was penetrated hardly by the fact that he has not received the money for his products.
OP is whining because he was probably scammed by some buyers and now he is trying to get his money by blackmailing you with the DCN. He could just save the DCN encrypted, so there would be no risk for you at all. He is just trying to blackmail you to get his money. He is probably saving not only your DCN but also your adress. Never ever send money to this disgusting piece of shit.
There is no threat here and I am not hurt by the fact that some people take longer to finalize than others. The rest of your crap about blackmailing with a DCN is just trolling. I have never blackmailed anyone and never will, there are despite resolution measures in place by SR and if anything ever did happen, I would use them.
It is however a weak point in the system and a risk that can be easily mitigated. As well as one that I have not seen discussed on the boards. There are a lot of people here who do not know how it works on the vendor's side and the hopes were that this would inform and enlighten them.
It dose not lower my rating if a buyer orders and then never comes back, the system will auto finalize and mark the buyers rating which looks bad to the other vendors. I am paid when it auto finalizes so there is no scam involved.
-
So assuming that sr cannot be trusted what happens when another person gets your pgp key? Answer that with a definable cure to paranoia and ill submit. There isn't an answer.
Same as email. Anyone can get your key at any given point when you give it to another person outside encryption.
The only reason why I followed up on the op response is because I know how it works on the vendors end. Buyers don't.
Study up bro. The ONLY thing you get from any vendor of intelligence is a public key. I really don't think you know what you say.
-
"Now I am definitely not saying that there is something dodgy going on with SR, I'm inclined to think that DPR and the rest of the SR team are *not* pulling a LE-backed long con. I am, however, saying that it is possible that there may be some as yet unknown flaw or vulnerability in the system which LE (or others) might find some way to exploit in the order system. The security through obscurity model employed by SR prevents the kind of review which would reveal such a vulnerability.
"
That is my biggest concern.
-
Are you a vendor Dwight? You're not paid to think. I am, so ill listen to me over you and those who state intelligent information that trumps what vendor knows on his end of the SR spectrum(and I fully know the superiority of pgp). I was just stating that SR is within tor which has 4 layers of security and the information is erased from our viewing once item is marked in transit. Whether SR stores it is another thing.
You haven't provided anything useful. All you did was jump on the goddamn bus with the others to sound relevant. Feel free to comment bcause I don't give a fuck. You have nothing to say that I haven't studied on this board already.
Nuff said
-
My IQ exceeds 155 and I venture to say you have a lot to learn to even break into the triple digits.
Besides, who the fuck are you to tell me not to post what I think or what I may think or know. You are certainly mentally inferior to me and of this, I am totally certain.
Also genius, we were discussing "Whether SR stores it is another thing" which is exactly what you said moron. GPG never came up in my comments.
-
Sorry for the on-topic question, but why doesn't OP encrypt the DCNs?
-
Sorry for the on-topic question, but why doesn't OP encrypt the DCNs?
The DCN is a physical piece of paper.
-
Sorry for the on-topic question, but why doesn't OP encrypt the DCNs?
The DCN is a physical piece of paper.
the fact that you think you have to save the actual piece of paper, rather than just encrypting the number, makes me never want to order from you
-
So assuming that sr cannot be trusted what happens when another person gets your pgp key? Answer that with a definable cure to paranoia and ill submit. There isn't an answer.
your public key is what encrypts messages to you, it can't be used to decrypt them. additionally your public key should be spread to as many people as possible so there's a web of trust in place when you need to sign something.
SR is within tor which has 4 layers of security
lolwhut
Shannon is dead on.
-
louis you're only like the third person i've seen on these forums who actually knows how gpg works :P
C'mon, spill the beans... who are the other two? :-)
Well, I assumed that one of them was you, but I haven't worked out the other. ;)
-
An addendum to this. I've added another GPG HOWTO which specifically deals with sending an address encrypted in an order.
http://dkn255hz262ypmii.onion/index.php?topic=29235.0
This shows how to encrypt a message to anyone (including yourself) without leaving any data available that could be analysed to see who the message is from and who it is directed to.
This should thoroughly settle the issue of encrypting data in an order while preserving anonymity, even if the vendor keeps the encrypted file after the order has been finalised. As long as it is not saved in a decrypted form then all bases are covered.