Silk Road forums
Discussion => Security => Topic started by: phenbizz on August 08, 2012, 06:05 pm
-
I state it on my seller page and in all my listings that orders will be cancelled if the address is sent unencrypted. I could have had 3 times as much business as I've had so far if people would learn to read. Is this an extremely common thing for other sellers also? I am just getting annoyed with it.
-
As a vendor - YES! this is extremely common. :\
-
It shouldn't make any difference to you (as a seller) if the address is sent encrypted or not.
A buyer sending a seller an unencrypted address dosen't compromise the sellers security in any way.
The whole point of encrypting the address is to protect the buyer from having their address intercepted as it hops along the onion network nodes.
If it gets captured, it dosent effect you in anyway so I cant see why you would turn away customers who cant use PGP.
-
I just think it's lazy and if you are not smart enough or ambitious enough to learn how to encrypt your address than you don't deserve to buy on here. Plus most of the people that don't encrypt it just seem like they are giving fake names. Not always but it seems that I get a lot more interesting names and addresses when they come unencrypted. Plus I don't want my return address compromised by some idiot using a fake name.
-
Your loss.
-
Not everyone can pgp to work. No reason not to take the coin imo
-
Yeah OP you are being slightly stupid if you wont take their orders just because they wont use encryption. Makes absolutely no difference to your safety at all and really if they don't want to then that's up to them. Around only 20-25% of my clients use encryption which although is disappointing but it'd cost me a lot more if I turned them away just for that.
You are running a business dude, not a moral crusade.
-
suppose I should listen to you limitless
-
You're just being an elitist douche. Go work for a politician.
-
You're just being an elitist douche. Go work for a politician.
Lol PGP encryption = Elitism!
-
Vendors, there is a very simple browser-based PGP encryption service that you should instruct your buyers to use. Just direct them to this webpage and tell them to paste your public key and type their address:
http://www.hanewin.net/encrypt/PGcrypt.htm
It's going to allow even the laziest/stupidest buyers to encrypt their addresses since it's so simple to use. Also, please put in big bold letters "no PO boxes / no fake names" policy.
-
I state it on my seller page and in all my listings that orders will be cancelled if the address is sent unencrypted. I could have had 3 times as much business as I've had so far if people would learn to read. Is this an extremely common thing for other sellers also? I am just getting annoyed with it.
I don't require encryption but I definitely recommend it. Given the small quantities I sell, I work with a lot of noobs: if I turned away everyone who sent their address plaintext, I'd lose at least half my business. (That doesn't stop me from recommending GPG/PGP to anyone who sends their address unencrypted, but I figure it's their safety being compromised, not mine).
Speaking for myself, I don't send my address unencrypted anymore and I don't do business with vendors who don't have PGP/GPG. It's probably overkill but I figure if someone is cutting corners on the encryption what other shortcuts are they taking and how much can I trust them with my dox?
-
I'm sure you're trying to help them out, but if they're too stupid to encrypt their own info, then fuck 'em dude.
-
Vendors, there is a very simple browser-based PGP encryption service that you should instruct your buyers to use. Just direct them to this webpage and tell them to paste your public key and type their address:
http://www.hanewin.net/encrypt/PGcrypt.htm
It's going to allow even the laziest/stupidest buyers to encrypt their addresses since it's so simple to use. Also, please put in big bold letters "no PO boxes / no fake names" policy.
If they are going to use something like that, then they need to save the webpage onto their local machine and then open it with their web browser before using it. However somebody who is not competent enough to use PGP probably would find even that a difficult concept.
--
Re: the OP.
While I agree with the others that there's no reason to refuse business from naive customers, you ought to advise them to use PGP when they send unencrypted messages and explain how it is important to their safety (which you are already doing by the sound of it anyway).
Perhaps provide a link to PGP Club for them to read:
http://dkn255hz262ypmii.onion/index.php?topic=30938.0
After that, your work is basically done, there's a limit to what you can do.
If I were a buyer on SR and a vendor didn't use PGP I would not deal with them. However the onus is on the buyer to learn PGP, you can't help everybody, some people have no desire to be helped because they are arrogant and others are lazy, not ignorant. It's the ignorant and confused Club PGP is trying to help, we don't care for the rest.
The problem is that not everybody takes the time to look at the forums to do any research. Which given they are participating in a criminal activity is slightly insane.
Fact of the matter is that the PGP Club and PGP supporters are going to be just fine if SR comes under attack, but everybody else, the other half, are going to be quivering in their boots because their unencrypted data could be up there on the server or have been intercepted over a long period with a passive MITM attack.
Of course, if they're even too dumb to realize that could hypothetically be an issue, then they must be children, and therefore they can't be prosecuted to the same extent and anybody else could reasonably plead insanity. >:-)
Join Club PGP or Die!
-
I state it on my seller page and in all my listings that orders will be cancelled if the address is sent unencrypted. I could have had 3 times as much business as I've had so far if people would learn to read. Is this an extremely common thing for other sellers also? I am just getting annoyed with it.
Here the same..
thx msft1 for your recommendation we will add it in our next update!
-
The problem is that not everybody takes the time to look at the forums to do any research. Which given they are participating in a criminal activity is slightly insane.
Of course, if they're even too dumb to realize that could hypothetically be an issue, then they must be children, and therefore they can't be prosecuted to the same extent and anybody else could reasonably plead insanity. >:-)
Join Club PGP or Die!
Please merry me !
-
I'm tech-savvy, so PGP was a walk in the park for me to set up personally, and if you understand the reasons why you need PGP, and the mechanism that allows PGP to successfully encrypt your address, then it's a no-brainer. It's up to you whether you accept those addresses, or cancel those orders...
That being said, some buyers are children like 12 years old (I've spoken to one IRL--there *are* definitely children who use this service), and take every shortcut imaginable to do a transaction on SR. If you've ever been a teenager, you know that some real risks simply don't seem that risky to you. You feel invincible and the thought of consequences of your actions, or inaction, doesn't really cross your mind at all. I guess partly because as a child, you haven't been around long enough to have seen or thought through consequences, and the effects they can have. I look back on my childhood and am constantly astounded at my level of arrogance, stupidity, laziness, etc. It just takes time I guess for young people to realize that every action causes consequences, and to have the ability to recognize those consequences prior to taking action. I've never gotten into trouble with the things I've done when I was younger, but I still learned, and would certainly do things differently, and more carefully, if I could go back.
But back to the OP topic--you're the vendor, so you can cancel whaterver orders you want. But as others have said, it's not comprimising your security. The worst case scenario, I imagine, would be that since the address was sent in cleartext, it might possibly be intercepted, and then surveilled. Your package might be intercepted. As long as your packaging security is up to par, then there isn't a way that LE could track the package back to you the vendor. It's only the buyer that will get screwed.
Definitely advise your buyers who send addresses in cleartext to learn and use PGP. Some will take you up on it, and you will have taught them something new, and probably gained a good bit respect by proactively trying to do the right thing. I've taught a number of users how to use PGP one-on-one, and it's actually somewhat gratifying knowing that you are helping them with security, teaching them something valuable, and preventing many uncessary problems. I didn't ask for payments or anything--those things alone make it all worth it.
Good luck.
-
Theres also the fact that I dont know if the seller would like to spend the time decrypting the message from me every time. Sometimes I feel it is a hassle for them and unnecessary. If there was a "Please encrypt your address when buying" message on the listing I would though
-
Its their door that will get kicked in, not yours.
Its like telling people not to use bill phones or registered phones.......They wont realise how troublesome it is for them until they are already in the shit.
-
Vendors, there is a very simple browser-based PGP encryption service that you should instruct your buyers to use. Just direct them to this webpage and tell them to paste your public key and type their address:
http://www.hanewin.net/encrypt/PGcrypt.htm
It's going to allow even the laziest/stupidest buyers to encrypt their addresses since it's so simple to use. Also, please put in big bold letters "no PO boxes / no fake names" policy.
Errrrr hold on a minute there sports-fan. I don't think I will be "instructing" anyone to do anything. Why do we need to go from one extreme of making everyone use PGP which is silly to the other which is where it's now the vendors job to now babysit our customers and teach them how to wipe their own arses? We do not and I shan't be starting any time soon.
It is not now and never will be the vendors job to tell their customer whether or not to encrypt their address or not, we aren't your Dad and we definitely aren't here to hold your hand, especially when with some of you fuck knows where your hands have been lol. Yes, on the one hand I would prefer people to encrypt their addresses but it's certainly not my fuckin job to tell them otherwise. I might try and give out useful advice on here as a Mod but on the Road I'm a vendor and I'm there to sell magic powder and job ends at making sure my stuff is good and packaging it in such a way that it gets to the custy.
We don't need to hand over the responsibility we have for ourselves just because we can't be arsed to conduct ourselves responsibly. It's better to use PGP, it's advisable to use it and yeah people SHOULD use it but if you don't want to that's up to the individual and it's their choice that's all there is to it.
-
why do they keep sending you addresses unencrypted?
cuz they're lazy, sloppy, and naive.
-
why do they keep sending you addresses unencrypted?
cuz they're lazy, sloppy, and naive.
That may be the case, but it's up to them if they want to do that.
-
If my memory serves me isn't that how farmers market got taken down? By using a web based encryption service that just handed them all over to LE?????????????????
BAD BAD idea if u cant use pgp or get it to work u are still safer " in the wild here " then u are trusting and untrustworthy web based service. Does anyone ever wonder
to themselves why would anyone do this for free?
Go check out pines thread and learn something new!!
-
If my memory serves me isn't that how farmers market got taken down? By using a web based encryption service that just handed them all over to LE?????????????????
BAD BAD idea if u cant use pgp or get it to work u are still safer " in the wild here " then u are trusting and untrustworthy web based service. Does anyone ever wonder
to themselves why would anyone do this for free?
Go check out pines thread and learn something new!!
Ah Christie, I'm not sure if it's your common sense that makes you such a babe or your babeness that makes you such a babe.....but you're such a babe. :P
+1
-
Being new here, I thought pgp was gonna be a pain in the ass to get right, from all the forum topics of people asking for help and all the tutorials and what not, but it was easy as fuck. I don't know what's wrong with people.
-
Being new here, I thought pgp was gonna be a pain in the ass to get right, from all the forum topics of people asking for help and all the tutorials and what not, but it was easy as fuck. I don't know what's wrong with people.
Ah man I like you, you're a boss. As such welcome to the forum and thank you for taking the initiative on stuff and making the effort. Happy trails. :)
-
Being new here, I thought pgp was gonna be a pain in the ass to get right, from all the forum topics of people asking for help and all the tutorials and what not, but it was easy as fuck. I don't know what's wrong with people.
+1 for your first post! :)
-
Good call Cyphre, +1 to the new guy from me too. :)
-
Vendors, there is a very simple browser-based PGP encryption service that you should instruct your buyers to use. Just direct them to this webpage and tell them to paste your public key and type their address:
http://www.hanewin.net/encrypt/PGcrypt.htm
It's going to allow even the laziest/stupidest buyers to encrypt their addresses since it's so simple to use. Also, please put in big bold letters "no PO boxes / no fake names" policy.
That page is badly outdated, from the source code:
<script language="Javascript" src="rsa.js" type="text/javascript"></script>
<script language="Javascript" src="aes-enc.js" type="text/javascript"></script>
<script language="Javascript" src="sha1.js" type="text/javascript"></script>
<script language="Javascript" src="base64.js" type="text/javascript"></script>
<script language="Javascript" src="PGpubkey.js" type="text/javascript"></script>
<script language="Javascript" src="mouse.js" type="text/javascript"></script>
<script language="Javascript" src="PGencode.js" type="text/javascript"></script>
It uses AES128 instead of AES256 and only supports SHA1 hashing. The AES part isn't as much of a concern (but why bother with 128-bit when 256-bit is available), but SHA1 is a problem.
So I would not recommend this page to anyone.
-
LOL and this is what Vendors should be instructing people to be using? Almost makes ya sounds like the fucking Cozzers. ???
-
LOL and this is what Vendors should be instructing people to be using? Almost makes ya sounds like the fucking Cozzers. ???
Yep. Using sites like that is a way of effectively outsourcing your security. We all know how well that works with customer service, well it's worse with crypto.
-
There should get a bumper sticker made "Outsourcing your encryption.....a sure fire way of outsourcing your arsehole"
-
suppose I should listen to you limitless
Ok, first people trust each other to lend BC and pay them back, now people see other sides of an argument? What the hell kind of place is this? This isn't the internet I've come to know!
-
LOL and this is what Vendors should be instructing people to be using? Almost makes ya sounds like the fucking Cozzers. ???
The fuck? I said, this is what lazy fucking buyers should be using who aren't smart enough / don't care enough to set up PGP. I said it's better than no encryption at all. Didn't say that everyone should jump on this and replace their favorite PGP tool.
-
Erm....no ya didn't -
Vendors, there is a very simple browser-based PGP encryption service that you should instruct your buyers to use. Just direct them to this webpage and tell them to paste your public key and type their address:
http://www.hanewin.net/encrypt/PGcrypt.htm
It's going to allow even the laziest/stupidest buyers to encrypt their addresses since it's so simple to use. Also, please put in big bold letters "no PO boxes / no fake names" policy.
If we take a sentence-by-sentence analysis in the first one that vendors should tell their buyers to use that encryption service - Something that isn't our job to do and it's an encryption that uses Java and would most likely roll.
Second sentence you tell people how to use it.
Third sentence you then mention lazy/stupid buyers.
Fourth sentence you then start telling vendors that they shouldn't send to PO boxes or fake names. - What if vendors don't mind sending to PO boxes? I certainly don't for small items, bigger ones I don't so long as there is tracking. The whole "You shouldn't send to PO boxes" thing is massively overplayed and it's greatly effected by where the country of dispatch is from. For example if you are sending to PO box, don't shop from Holland.
So I guess my question is would you like to give out anymore bad or inaccurate advice or tell us vendors how to do our job?
-
Erm....no ya didn't -
Vendors, there is a very simple browser-based PGP encryption service that you should instruct your buyers to use. Just direct them to this webpage and tell them to paste your public key and type their address:
http://www.hanewin.net/encrypt/PGcrypt.htm
It's going to allow even the laziest/stupidest buyers to encrypt their addresses since it's so simple to use. Also, please put in big bold letters "no PO boxes / no fake names" policy.
If we take a sentence-by-sentence analysis in the first one that vendors should tell their buyers to use that encryption service - Something that isn't our job to do and it's an encryption that uses Java and would most likely roll.
Second sentence you tell people how to use it.
Third sentence you then mention lazy/stupid buyers.
Fourth sentence you then start telling vendors that they shouldn't send to PO boxes or fake names. - What if vendors don't mind sending to PO boxes? I certainly don't for small items, bigger ones I don't so long as there is tracking. The whole "You shouldn't send to PO boxes" thing is massively overplayed and it's greatly effected by where the country of dispatch is from. For example if you are sending to PO box, don't shop from Holland.
So I guess my question is would you like to give out anymore bad or inaccurate advice or tell us vendors how to do our job?
Aanyway, here's a nice warm fuck you, mate ;) Looks like you got lots of time on your hand to argue on the internet.
Like I said, I'm suggesting, not telling, vendors to advise those buyers who can't be bothered to install PGP to use a simple webpage at the very least. Not using fake names and not sending to PO boxes is common sense that's been brought up many times on these forums.
And "us vendors"? LOL. Are you elected vendor spokesperson or something? Speak for yourself, Mr. "Don't tell me what to do on the internet 'cause I got attitude" ;)
-
No, nobody said I was a spokesman or anything of the like. We do get annoyed when jumped up kids tell us how to run our shop though, there's been a few threads about it in the vendor forum. :)
Also it's funny how you talk about time on your hands how you must have a fair few spare moments yourself to issue your msft1 ideal vendor code of conduct.
Noticed you didn't have anything to say about the encryption thing, gold star for that. :)
-
Noticed you didn't have anything to say about the encryption thing, gold star for that. :)
Ya, I got some time on my hands, but I don't go around nitpicking on others' sentences. From you, "I disagree msft1, here's why" would've been enough, no need to make shit personal.
As far as encryption - guess what? You are right! Two gold stars to you. That browser-based tool isn't the best choice! My point still stands, though. It's easy to use and requires no setup, so perhaps it'll catch on with those who don't bother to set up a PGP tool.
-
So you are still suggesting people use that then? Despite the fact it's a different company using it that could roll to the police and it uses Java? ??? Why would you want that catch on at all?
-
There should get a bumper sticker made "Outsourcing your encryption.....a sure fire way of outsourcing your arsehole"
Heheh. :)
-
suppose I should listen to you limitless
Ok, first people trust each other to lend BC and pay them back, now people see other sides of an argument? What the hell kind of place is this? This isn't the internet I've come to know!
This place continually proves sociologists wrong. Their constant argument is that anonymity and/or pseudonymity online breeds anti-social behaviour. Everyone here is pseudonymous and for the most part it is a decent place.
-
So you are still suggesting people use that then? Despite the fact it's a different company using it that could roll to the police and it uses Java? ??? Why would you want that catch on at all?
This sounds like trolling but I'll bite.
First of all, it uses JavaScript, not Java. Since you clearly don't know the difference, you have no business arguing about it.
Second of all, what the fuck do you mean by "outsourcing"? The JavaScript code runs in your browser on your computer. Outsourcing is when someone ELSE does the job for you remotely. Just 'cause you came up with some catchy phrase about asshole doesn't make you right.
Third of all, "it's a different company using it that could roll to the police"? I can't believe how ignorant you are. This shit is open-source! You can look right into the code and see what it's doing! And if you can't figure out what the code is doing, then what difference it is which tool you're using? Following your logic, Tor and PGP guys could be reporting you to police right now, you dipshit.
And what "police" exactly are they gonna "roll" to? LOL. The guy who wrote the tool is gonna go to his local police station and say "Hey, cops, guess what, I have some bad guys who are using my tool to encrypt stuff!" What's his motivation? And EVEN IF someone gets caught thanks to that happening, that kind of evidence is inadmissible in court because it amounts to warrantless wiretapping / search.
BTW, the guy who wrote the tool and runs the website lives in fucking GERMANY. Wiretapping there is illegal. Read http://www.nytimes.com/2005/07/28/international/europe/28germany.html
So, quit acting like you know shit, Limitless. You just like to argue and be a big know-it-all. Or a troll. Or both. The only "Limitless" thing is your ignorance.
-
So you are still suggesting people use that then? Despite the fact it's a different company using it that could roll to the police and it uses Java? ??? Why would you want that catch on at all?
While I don't agree that SR customers should use it for the reasons I think Louis mentioned, it is still better than using plaintext IFF (if and *only* if) they download the webpage onto local machine and run it using the browser.
However, while that is technically true, there is human psychology... to just do the lazy thing and use the online version of the service. Like I said before, somebody unwilling to learn PGP probably doesn't understand how to run a script locally using their browser either (not that this is rocket science!).
The more people who use an online service like that from SR, the greater the temptation for LEO to tamper with the online service.
--
On a slightly different subject, I don't think the people who are defiantly refusing to learn PGP are actually high schoolers. Some might be, but appearances on here are very deceptive I think. I think many of the apparent 'kids' are actually people in their 30s and 40s or older who are simply shaky with all these newfangled concepts. I noticed before, that a lot of the older generation on the Internet use txtspk for example. I mean, that was ok back when people were using leetspk partly due to bandwidth constraints and security, but the people I'm talking about aren't exactly aficionados of the pre-world-wide-web Usenet or bulletin boards.
Finally; Java != Javascript. They are two completely unrelated computer programming languages apart from the 'Java' in their names.
-
It uses AES128 instead of AES256 and only supports SHA1 hashing. The AES part isn't as much of a concern (but why bother with 128-bit when 256-bit is available), but SHA1 is a problem.
So I would not recommend this page to anyone.
I'm gonna comment on this one as well. You sound like a security expert of sorts. So tell me why shouldn't I trust SHA1? Yes, maybe SHA1 shouldn't be used in banking or military. But for encrypting personal communication it's just fine.
Here's a quote from Wikipedia for you.
SHA-1 is the most widely used of the existing SHA hash functions, and is employed in several widely used applications and protocols. In 2005, security flaws were identified in SHA-1, namely that a mathematical weakness might exist, indicating that a stronger hash function would be desirable.[2] Although no successful attacks have yet been reported on the SHA-2 variants, they are algorithmically similar to SHA-1 and so efforts are underway to develop improved alternatives.
-
I believe that if you are gonna order SR you do it facking right...you LEARN PGP!
The shit ain't hard. damn.
-
So, quit acting like you know shit, Limitless. You just like to argue and be a big know-it-all. Or a troll. Or both. The only "Limitless" thing is your ignorance.
Hey you two guys, let's keep this civil. Maybe it's the summer temperatures, but seems like people are losing their cool more frequently for less reason these days.
Relax! Angry people become impulsive people become less logical people!
More self control = more control period.
-
I like how you are using semantics to argue the toss when either way you have suggested something really insecure and haven't addressed that.
Also I think it's quite clear what I mean by outsourcing, by using that site you are using someone else, in this case a website, a website to encrypt data and they could quite easily flip and give up that info if asked and utter naivety to think they don't keep records.
Anyway I'm done arguing with you, better things to do with my time.
-
Anyway I'm done arguing with you, better things to do with my time.
Haha, that's funny. The moment I got fed up with the shit you wrote and dug up some facts you suddenly found better things to do with your time ;)
-
I'm gonna comment on this one as well. You sound like a security expert of sorts. So tell me why shouldn't I trust SHA1? Yes, maybe SHA1 shouldn't be used in banking or military. But for encrypting personal communication it's just fine.
Louis is right for several reasons, but one of them is that it is used in banking.
If you think your typical banking operation has decent uptake on the latest tech outside of a single digit number of investment banks in the planet, you're badly mistaken. In terms of security they are total dinosaurs. In secret they have lost billions of dollars because of this, but they are loathe to update due to entrenched management structures, false economy cost savings measures and poorly paid technical staff who aren't exactly at the cutting edge of tech. Also they are terrified of fucking it up because current management doesn't' understand the technology at all.
This aspect, and the big pile of money they are sitting on, make them the canary in the coal mine.
This means if banks are using SHA1, we had better be at least 1 version ahead, indeed we ought to update ASAP when SHA3 comes out later this year I think.
-
This means if banks are using SHA1, we had better be at least 1 version ahead, indeed we ought to update ASAP when SHA3 comes out later this year I think.
I disagree that just because a particular PGP implementation uses SHA1, it's easy/trivial to crack. When security folks talk about an algorithm being insecure, they mean that it's _feasible_ to crack it given lots and lots of computing resources. Feasibility means months or years of work.
Besides, PGP doesn't _just_ use plain SHA1. It uses a combination of a few crypto methods, so even if SHA1 was trivial to crack (which it's not) there are still other pieces to deal with.
Now, put this in the context of an SR buyer ordering a few grams of some illegal substance. Who in their right mind would throw a supercomputer and then wait months to _hopefully_ get a result?
So my point stands. For the purpose of encrypting destination address in SR transaction, this tool is pretty good. It has two huge advantages - easy to use, easy to access. I don't see what's all the fuss is about.
-
Damn!! If i had know this was gonna cause a shit storm i woulda kept my mouth shut.....
Play nice kids :P
-
This means if banks are using SHA1, we had better be at least 1 version ahead, indeed we ought to update ASAP when SHA3 comes out later this year I think.
I disagree that just because a particular PGP implementation uses SHA1, it's easy/trivial to crack. When security folks talk about an algorithm being insecure, they mean that it's _feasible_ to crack it given lots and lots of computing resources. Feasibility means months or years of work.
Besides, PGP doesn't _just_ use plain SHA1. It uses a combination of a few crypto methods, so even if SHA1 was trivial to crack (which it's not) there are still other pieces to deal with.
Now, put this in the context of an SR buyer ordering a few grams of some illegal substance. Who in their right mind would throw a supercomputer and then wait months to _hopefully_ get a result?
So my point stands. For the purpose of encrypting destination address in SR transaction, this tool is pretty good. It has two huge advantages - easy to use, easy to access. I don't see what's all the fuss is about.
msft1, I did not say SHA-1 was easy or trivial to crack.
It is however, compromised and has been compromised for 7 years according to Symantic and others. That's not an inconsiderable length of time and enough for me to think there are organizations with the ability to crack it quickly (if you read about the history of crypto you'll see that the government's intelligence services have long had a tendency to keep the best goodies to itself and sponsor deprecated encryption standards in order to obtain an edge).
I don't see why you would choose a potentially weak algorithm over a newer stronger version which there is no opportunity cost to updating your system. You download a new copy of PGP which uses SHA-2. You then import your private key from before. Bang. You are good. Problem gone.
Cryptography is an arms race, there is no good reason to fall behind in it. It's not as if we're replacing expensive machinery or something. The most you ever will have to do in any kind of update situation is generate a new PGP key pair and inform your contacts of that change using a message signed with the old private key if they email you with an encrypted message using the old public key. That's like a maintenance job you do once every two or three years, hardly time consuming or eternally frustrating.
--
On the issue of feasibility, it is a matter of time, computer power and motivation. We currently have time on our side, but the government's memory is long, so why take any chances.
I mean, SR is not a huge target *right now* this minute.
But what about in 2020? In 2030? By then quantum computing and powerful cloud networks will be in vogue and available to nearly anybody (quantum computing halves the strength of a PGP key which is why some people are using keys twice as long as normal e.g. Liberte's 8192 bit encrypted volume for example). SR itself probably won't be around by then if for no other reason than DPR retiring to some tropical island, but my point is that the relative importance of darknet black markets is likely to rise considerably in the next decade or two to put it mildly. People who are not targets today, could become targets tomorrow in a world of less expensive CPU cycles and more motivation. To make an example of those dudes who started off the whole thing. Doesn't sound like science fiction to me.
-
Why cant we all just use MSN ? :'(
-
Why cant we all just use MSN ? :'(
ROFLMFAO!!!
That was a good one lol
-
I don't see why you would choose a potentially weak algorithm over a newer stronger version which there is no opportunity cost to updating your system. You download a new copy of PGP which uses SHA-2. You then import your private key from before. Bang. You are good. Problem gone.
_Myself_, I would use the best PGP tool and choose a strong, recent, proven method of encryption :) Please don't forget that I'm suggesting hanewin.net as an alternative for buyers who currently use NO means of encryption and can't be bothered to learn. For example, if some vendor decides to require 100% encryption from buyers but doesn't want to lose 50% of his business, posting simple step-by-step instructions on how to encrypt by going to a simple webpage will likely get the job done.
Please also consider that there's more to encryption than using the right tool - for example, covering your tracks, using an encrypted volume to store information, etc. For example, if a user simply installs PGP tool on their computer and then imports a seller's private key to it, BAM - there's evidence that the user has contacted or had an intention of contacting said seller. In some countries, simply having an encrypted volume that authorities can't get to is enough to land you in jail. So, using a tool like hanewin.net is beneficial in that NO information is stored on the computer other than an entry in browser's history.
I'm going to repeat myself 100th time. I'm not suggesting everyone to jump on this hanewin.net which apparently uses outdated algorithm. I do suggest it as an alternative to NO encryption for buyers who are too lazy/non-technical to learn how to install and use one of PGP tools.
I'd like to thank all the contributors to this thread - there's a bunch of great easy-to-understand technical information that I've learned and I hope others will too by reading this.
-
Actually, I'd say that it does compromise your security a bit. Not enough for me to cancel orders, but there's definitely some, albeit small, additional risk.
What if the pigs are already on to you and somehow intercept unencrypted addresses that are headed towards you. They watch you as you drive to the blue box, pull you over, search you, and find the packages that have the names that they intercepted on them. That'd be enough to get a warrant and then you'd be fucked.
-
What if the pigs are already on to you and somehow intercept unencrypted addresses that are headed towards you.
Spot on. I was gonna bring this up in a separate thread. SR website doesn't use SSL. Why the hell not? Thanks to that it's quite trivial to intercept SR traffic for anyone owning a TOR exit router. Of course you'll need to own a lot of exit routers to increase chances of intercepting the traffic you want. I've read somewhere that government(s) own a significant chunk of exit routers just for that purpose - to intercept unencrypted traffic. Whether it's true or not, we don't know. But why wouldn't they? Many governments already go to great lengths to block TOR and I'm sure every government sees TOR as a big danger to itself.
So, buyers who don't encrypt their destination addresses are almost certainly giving said addresses away to whomever might be out there intercepting SR traffic. Of course, big government agencies that can pull this off won't use that information to go after small fish, like buyers themselves, but to bust a few major vendors or even the SR operators - hell yeah.
-
What if the pigs are already on to you and somehow intercept unencrypted addresses that are headed towards you.
Spot on. I was gonna bring this up in a separate thread. SR website doesn't use SSL. Why the hell not? Thanks to that it's quite trivial to intercept SR traffic for anyone owning a TOR exit router. Of course you'll need to own a lot of exit routers to increase chances of intercepting the traffic you want. I've read somewhere that government(s) own a significant chunk of exit routers just for that purpose - to intercept unencrypted traffic. Whether it's true or not, we don't know. But why wouldn't they? Many governments already go to great lengths to block TOR and I'm sure every government sees TOR as a big danger to itself.
You've some misconceptions about the Tor network. I don't know everything about it either, but I do know that:
SR doesn't use SSL because SR is a hidden service. SSL is only relevant for webpages on clearnet and SR is not on the web. Inside the Tor network itself everything's already encrypted so using SSL makes no sense.
Is it trivial to analyze and intercept regular HTTP traffic at an exit node, yes. Which is why you should prefer SSL when accessing the web from Tor.
It is however, very non-trivial to intercept and decode traffic to a hidden service. You can use timing attacks etc to try and figure out where the traffic might be going, but it's not 100% and it doesn't help you on the contents of the packets.
A passive adversary who managed to obtain most of the exit nodes/relays is not going to waste all that effort on busting SR, any such entity needs to show that trump card to aid traditional LE like they need a hole in the head.
Finally, every last government that has tried to block Tor for good has completely failed. Even the Chinese couldn't do it, and they threw a lot of resources at it in terms of manpower too. They did manage to drop the number of users considerably at one point, but the network lives on in China.
I'm not claiming that Tor is invincible by any means, but I think you're overestimating the powers that governments have against strong cryptography. If you have a sufficiently strong cipher or you were using a one time pad, then all the power in the world couldn't decrypt your message. In the case of the one time pad, it's actually theoretically impossible. That is why the cryptoanarchists are so pleased with themselves, because there are things the strong cannot break and the weak can easily use in defense. Strong crypto genuinely takes existing presumptions about power away from the state and puts it in the hands of anybody.
All hail to the geeks! :D
-
Vendors, there is a very simple browser-based PGP encryption service that you should instruct your buyers to use. Just direct them to this webpage and tell them to paste your public key and type their address:
http://www.hanewin.net/encrypt/PGcrypt.htm
It's going to allow even the laziest/stupidest buyers to encrypt their addresses since it's so simple to use. Also, please put in big bold letters "no PO boxes / no fake names" policy.
If they are going to use something like that, then they need to save the webpage onto their local machine and then open it with their web browser before using it. However somebody who is not competent enough to use PGP probably would find even that a difficult concept.
--
Re: the OP.
While I agree with the others that there's no reason to refuse business from naive customers, you ought to advise them to use PGP when they send unencrypted messages and explain how it is important to their safety (which you are already doing by the sound of it anyway).
Perhaps provide a link to PGP Club for them to read:
http://dkn255hz262ypmii.onion/index.php?topic=30938.0
After that, your work is basically done, there's a limit to what you can do.
If I were a buyer on SR and a vendor didn't use PGP I would not deal with them. However the onus is on the buyer to learn PGP, you can't help everybody, some people have no desire to be helped because they are arrogant and others are lazy, not ignorant. It's the ignorant and confused Club PGP is trying to help, we don't care for the rest.
The problem is that not everybody takes the time to look at the forums to do any research. Which given they are participating in a criminal activity is slightly insane.
Fact of the matter is that the PGP Club and PGP supporters are going to be just fine if SR comes under attack, but everybody else, the other half, are going to be quivering in their boots because their unencrypted data could be up there on the server or have been intercepted over a long period with a passive MITM attack.
Of course, if they're even too dumb to realize that could hypothetically be an issue, then they must be children, and therefore they can't be prosecuted to the same extent and anybody else could reasonably plead insanity. >:-)
Join Club PGP or Die!
+1
billion!
i would only turn customers away if their buyer stats were like 0, 0, 0, 0, 2 days.
i really don't like people who have been here for less than 2-3 months.
i would accept people but direct them to a paranoid pine page.
we were all newbs once!
i remember browsing this site for a month, learning. learning pgp.
talking to vendors, trying to figure out where i wanted to go.
good choice, IMO. PGP is GOD.
:)
GOOD DAYS!
-
I've been sending my address in plain text for a few orders now and I've never had anyone decline me for it.
I was just too lazy to learn, simple as that.
On the bright side, I taught myself a couple of days ago and will use it from now on.
-
im a buyer and im having the worst time trying to lern how to pgp. i have never been a computer nerd(i wish i was) so any way thats probabley why most buyers dont encrypt cause we stupid LOL
-
Come to me oh gentle newblets like rufus666 :-)
Here are some supporting references:
Our friend Pine is using PGP the same way a religious leader uses a turban or burqa to indoctrinate his followers. What is his obsession with getting people to use PGP as if it's the law?
Pine reminds me of a cult leader. Today it's PGP Club" and tomorrow it'll be the "Lunar Brotherhood of the PGP Crypto-Collective".
So you see you are in good hands. It's not creepy or strange at all. :-)
Send me a PM or join the PGP paralysis thread if you want to be lured into enlightened by my mysterious darknet secret society!
http://dkn255hz262ypmii.onion/index.php?topic=30938.0
The thread is long, but if you search for my posts in it you'll find PGP explained in a mostly jargon free way. Then once you have lost your innocence, the PGP high priests of Guru and Cyphre will corrupt your souls with vile machinations using the ancient secrets and dark magicks of the cryptographers guild.
-
Come to me oh gentle newblets like rufus666 :-)
Here are some supporting references:
Our friend Pine is using PGP the same way a religious leader uses a turban or burqa to indoctrinate his followers. What is his obsession with getting people to use PGP as if it's the law?
Pine reminds me of a cult leader. Today it's PGP Club" and tomorrow it'll be the "Lunar Brotherhood of the PGP Crypto-Collective".
So you see you are in good hands. It's not creepy or strange at all. :-)
Send me a PM or join the PGP paralysis thread if you want to be lured into enlightened by my mysterious darknet secret society!
http://dkn255hz262ypmii.onion/index.php?topic=30938.0
The thread is long, but if you search for my posts in it you'll find PGP explained in a mostly jargon free way. Then once you have lost your innocence, the PGP high priests of Guru and Cyphre will corrupt your souls with vile machinations using the ancient secrets and dark magicks of the cryptographers guild.
be careful how you talk to Cyphre though, he's a dick. don't ask simple questions, he'll most likely bite your head off.
gurru is awesome. ask him anything you want and he'll show you the way.
two all around good people. i would choose the latter. intelligent dick - intelligent mind.
-
be careful how you talk to Cyphre though, he's a dick.
:(
Still, you're entitled to your opinion.
don't ask simple questions, he'll most likely bite your head off.
I try not to. I do try to discourage insecure practices and I certainly get annoyed at people encouraging insecure practices in others. Those people I'll get into a fight with, as you've seen.
I do get that a lot of people will never have encountered GPG before, let alone been using it for a decade or so. I also try not to bite people's heads off for asking questions. I'm not so old that I've forgotten being a newbie to this too, it was just some time before finding SR.
gurru is awesome. ask him anything you want and he'll show you the way.
Yep.
two all around good people. i would choose the latter. intelligent dick - intelligent mind.
Fair enough.
Still miffed about the "dick" thing, but don't mind the "intelligent" part. :)
-
I don't think vendors should Demand PGP usage... I for one have never used it... Why? Because I don't give a shit..... and If I get my safe addy busted somehow by some super elite police work catching addies off of silk road, then well they deserve to bust my safe addy :P But they wont find anything... My safe addies consist of friends that do not use drugs, and would never have drugs in their homes..
I buy small orders of product off people on a weekly basis.... change my address almost everytime I order.
If this is for my protection then why give a shit if I decide I don't want that sort of protection?
-
be careful how you talk to Cyphre though, he's a dick.
:(
Still, you're entitled to your opinion.
don't ask simple questions, he'll most likely bite your head off.
I try not to. I do try to discourage insecure practices and I certainly get annoyed at people encouraging insecure practices in others. Those people I'll get into a fight with, as you've seen.
I do get that a lot of people will never have encountered GPG before, let alone been using it for a decade or so. I also try not to bite people's heads off for asking questions. I'm not so old that I've forgotten being a newbie to this too, it was just some time before finding SR.
Speak for yourself, ya young whippersnapper! You young folk today, you got NO IDEA of what it was like when WE started! I had to use PGP on an abacus! Do you have any idea how long it took bead 'flippin just to generate a measly 512-bit key? It took like two weeks!
Ha! You're still suffering PTSD from the Crypto Wars.
Still miffed about the "dick" thing, but don't mind the "intelligent" part. :)
But you're a nice dick...
There is that. :)
-
There should get a bumper sticker made "Outsourcing your encryption.....a sure fire way of outsourcing your arsehole"
+1 Fucking priceless!
Guru
Haha glad ya liked it. :P
-
i do respect Cyphre, even though he came off as rude, he did explain himself(something he didn't have to do.)
AND.. he helped, in a cocky way, but he threw his knowledge about the subject out there.
i didn't mean to misspell Guru's name... gonna go fix that. IDK why it says gurru lol.. sorry pal.
i am still very new to the whole "crypto" scene.. but i do think it is a good "scene".. and i try to tell people about encryption on a daily basis.. just to help them better their privacy.
-
aye aye cap'n.
i talk and i talk! until people start looking away like "uh huh".. haha.
some people could care less about hearing these kinds of things.. but they are the people who are the first to claim that we still have 110% of the rights when we were first founded, or whatever you want to call it.
and yes, i have started reading a bunch of liberal books... and looking into cryptoanarchy and what not as much as i can.
pgp/gpg is fun to me.. just a lot of learning to do!
i envy the people whom are a decade deep.. :) you guys/gals are the bomb.com! :)
Cyphre means well, i know.. and being as intelligent as he seems.. i am sure he gets tired of answering biased-based questions.
i'll try and elaborate more.. but as i said, i am still new to all of this.. so i do not know all of the rights things to say or ask about..
so, i am sure i will remain to seem noob-ish for awhile. =/
just know i am trying, unlike a lot of people. :)
a.k.a the people still sending drops unencrypted.
q.q
-
Happens to me all the time.
If a buyer is so stupid as to post his address in plaintext in an order form then meh, I feel no guilt shipping him his product and taking my money just cuz their not very smart :P
-
true that. ^^
it's just so sketchy getting an order from someone who doesn't use pgp.. and has been a member for 12 hours.. let alone, 4 days. :x
-
true that. ^^
it's just so sketchy getting an order from someone who doesn't use pgp.. and has been a member for 12 hours.. let alone, 4 days. :x
I hear ya, but I also get a sort of sick high off of taking money from loser LE who make brand new accounts and try and 'buddy buddy' me into something as stupid as F2F, or sensitivie information because 'he was kind enough to FE' lol (or whatever BS these trainees have).
As long as i've packaged it correctly (for my own sake, eg. DNA, prints, etc.) I love LE money, it's the dirtiest kind :P
-
As a newbie to SR, one of the first things I did was visit the security forum and read as much as I possibly could. Perhaps I'm overly paranoid, but I felt worried just visiting the site on my regular laptop, let alone ordering anything!
I've been around reading things for a month or two, but have only set up a new account since getting a new USB drive, installing Liberte etc. So it is possible that some newbies who appear to have very new join dates have in fact done their research and are simply signing up on their new secure system :) I have yet to place an order with any vendors simply because I am taking my time researching security further including the best methods to buy BTC, etc. I'm definitely excited about it though and I do hope that my lack of feedback/recent join date won't put off too many vendors!
The biggest help I've had so far is from Pine. He/She is a total sweetheart and a stand-up person for helping newbies like me with something as vitally important as PGP. I found it incredibly daunting at first, despite being computer literate, security was never something I had to worry about before. Thanks to Pine's tutorials and willingness to devote time and energy to dealing with newbie queries via PM, I've learnt the very basics and it has even sparked an interest for me to learn about cryptography to a more in depth level.
Massive kudos to Pine!
-
As a newbie to SR, one of the first things I did was visit the security forum and read as much as I possibly could. Perhaps I'm overly paranoid, but I felt worried just visiting the site on my regular laptop, let alone ordering anything!
I've been around reading things for a month or two, but have only set up a new account since getting a new USB drive, installing Liberte etc. So it is possible that some newbies who appear to have very new join dates have in fact done their research and are simply signing up on their new secure system :) I have yet to place an order with any vendors simply because I am taking my time researching security further including the best methods to buy BTC, etc. I'm definitely excited about it though and I do hope that my lack of feedback/recent join date won't put off too many vendors!
The biggest help I've had so far is from Pine. He/She is a total sweetheart and a stand-up person for helping newbies like me with something as vitally important as PGP. I found it incredibly daunting at first, despite being computer literate, security was never something I had to worry about before. Thanks to Pine's tutorials and willingness to devote time and energy to dealing with newbie queries via PM, I've learnt the very basics and it has even sparked an interest for me to learn about cryptography to a more in depth level.
Massive kudos to Pine!
If you have any questions, don't be afraid to ask, eh? I don't bite (well, not hard anyway.)
Guru
Thanks Guru, I appreciate it!
Will probably PM you at some point so I don't feel guilty PM'ing Pine so much! Haha. Spreading the newbie love around!
-
true that. ^^
it's just so sketchy getting an order from someone who doesn't use pgp.. and has been a member for 12 hours.. let alone, 4 days. :x
I hear ya, but I also get a sort of sick high off of taking money from loser LE who make brand new accounts and try and 'buddy buddy' me into something as stupid as F2F, or sensitivie information because 'he was kind enough to FE' lol (or whatever BS these trainees have).
As long as i've packaged it correctly (for my own sake, eg. DNA, prints, etc.) I love LE money, it's the dirtiest kind :P
true that.. shit's still sketchy as hell though. :x
not to mention... someone tried to get me to call them on the phone for some codeine.. LOL.
couldn't remember if i stated that in this thread or a different one.
either way, it happened, on these forums... so fuhhh dat fuhhh dat fuhhh dat.
money is money.. but i am sure they try to "mark" their btc.. just like they have their money "marked"...
so it's all traceable. :x
-
true that. ^^
it's just so sketchy getting an order from someone who doesn't use pgp.. and has been a member for 12 hours.. let alone, 4 days. :x
I hear ya, but I also get a sort of sick high off of taking money from loser LE who make brand new accounts and try and 'buddy buddy' me into something as stupid as F2F, or sensitivie information because 'he was kind enough to FE' lol (or whatever BS these trainees have).
As long as i've packaged it correctly (for my own sake, eg. DNA, prints, etc.) I love LE money, it's the dirtiest kind :P
true that.. shit's still sketchy as hell though. :x
not to mention... someone tried to get me to call them on the phone for some codeine.. LOL.
couldn't remember if i stated that in this thread or a different one.
either way, it happened, on these forums... so fuhhh dat fuhhh dat fuhhh dat.
money is money.. but i am sure they try to "mark" their btc.. just like they have their money "marked"...
so it's all traceable. :x
Tried to get you call them on the phone for some codeine?
That's hilarious! That's evidence of no small amount of desperation -- I guess their ordinary methods just aren't working....
Guru
yah.. they said it was "easier than texting."
and i was like "uhh... who is texting? we're sending private emails over an anonymous network. want my social network links?"
i mean, seriously. someone vouched for him too and said it was just a good friend of his.. being "new".
idgaf how "new" you are. I never asked anyone to call me, text me, social network me, NOTHING.. i mean.. srs bsns gais.. srs bsns..
-
true that. ^^
it's just so sketchy getting an order from someone who doesn't use pgp.. and has been a member for 12 hours.. let alone, 4 days. :x
I hear ya, but I also get a sort of sick high off of taking money from loser LE who make brand new accounts and try and 'buddy buddy' me into something as stupid as F2F, or sensitivie information because 'he was kind enough to FE' lol (or whatever BS these trainees have).
As long as i've packaged it correctly (for my own sake, eg. DNA, prints, etc.) I love LE money, it's the dirtiest kind :P
true that.. shit's still sketchy as hell though. :x
not to mention... someone tried to get me to call them on the phone for some codeine.. LOL.
couldn't remember if i stated that in this thread or a different one.
either way, it happened, on these forums... so fuhhh dat fuhhh dat fuhhh dat.
money is money.. but i am sure they try to "mark" their btc.. just like they have their money "marked"...
so it's all traceable. :x
Tried to get you call them on the phone for some codeine?
That's hilarious! That's evidence of no small amount of desperation -- I guess their ordinary methods just aren't working....
Guru
yah.. they said it was "easier than texting."
and i was like "uhh... who is texting? we're sending private emails over an anonymous network. want my social network links?"
i mean, seriously. someone vouched for him too and said it was just a good friend of his.. being "new".
idgaf how "new" you are. I never asked anyone to call me, text me, social network me, NOTHING.. i mean.. srs bsns gais.. srs bsns..
Easier than texting... to put your ass in a jail cell. I guess they just forgot the mention the latter part, eh?
Guru
lol.. i forgot their existence as soon as i read all of that nasty jive and jazz.
it's always good to see the levels "people" stoop to when trying to destroy another "person".
pewpew.
-
As a newbie to SR, one of the first things I did was visit the security forum and read as much as I possibly could. Perhaps I'm overly paranoid, but I felt worried just visiting the site on my regular laptop, let alone ordering anything!
I've been around reading things for a month or two, but have only set up a new account since getting a new USB drive, installing Liberte etc. So it is possible that some newbies who appear to have very new join dates have in fact done their research and are simply signing up on their new secure system :) I have yet to place an order with any vendors simply because I am taking my time researching security further including the best methods to buy BTC, etc. I'm definitely excited about it though and I do hope that my lack of feedback/recent join date won't put off too many vendors!
The biggest help I've had so far is from Pine. He/She is a total sweetheart and a stand-up person for helping newbies like me with something as vitally important as PGP. I found it incredibly daunting at first, despite being computer literate, security was never something I had to worry about before. Thanks to Pine's tutorials and willingness to devote time and energy to dealing with newbie queries via PM, I've learnt the very basics and it has even sparked an interest for me to learn about cryptography to a more in depth level.
Massive kudos to Pine!
I was in the same position as you when I first accidentally learned about SR two months ago, but I ordered some bud a week after reading the forums and wiki. The paranoia I felt after my first order was intense, but I digress. The guides on the forums and SR's site are very useful. When it came to bitcoins, I happened to run into BlueSkyTrader (USA only), a very helpful vendor, who deposits bitcoins in your SR account/wallet immediately after you anonymously deposit money to their account at a Bank of America.The bitcoins are in my SR wallet before I get home from the bank.
I support vendors who want to at least make their buyers aware of PGP. I don't trust any vendor who doesn't have at least a public key posted in their description page.
The unfortunate drawback of more exposure (especially from mainstream media) for a site like SR is the influx of inexperienced computer users who want to do the bare minimum in other to acquire drugs. Before I read this thread, I imagined most people who use SR are, at the very least, have moderate computer skills/knowledge and use PGP.
Btw, do you guys use PGP all the time, regardless if the message is sensitive or not?
-
As a newbie to SR, one of the first things I did was visit the security forum and read as much as I possibly could. Perhaps I'm overly paranoid, but I felt worried just visiting the site on my regular laptop, let alone ordering anything!
I've been around reading things for a month or two, but have only set up a new account since getting a new USB drive, installing Liberte etc. So it is possible that some newbies who appear to have very new join dates have in fact done their research and are simply signing up on their new secure system :) I have yet to place an order with any vendors simply because I am taking my time researching security further including the best methods to buy BTC, etc. I'm definitely excited about it though and I do hope that my lack of feedback/recent join date won't put off too many vendors!
The biggest help I've had so far is from Pine. He/She is a total sweetheart and a stand-up person for helping newbies like me with something as vitally important as PGP. I found it incredibly daunting at first, despite being computer literate, security was never something I had to worry about before. Thanks to Pine's tutorials and willingness to devote time and energy to dealing with newbie queries via PM, I've learnt the very basics and it has even sparked an interest for me to learn about cryptography to a more in depth level.
Massive kudos to Pine!
I was in the same position as you when I first accidentally learned about SR two months ago, but I ordered some bud a week after reading the forums and wiki. The paranoia I felt after my first order was intense, but I digress. The guides on the forums and SR's site are very useful. When it came to bitcoins, I happened to run into BlueSkyTrader (USA only), a very helpful vendor, who deposits bitcoins in your SR account/wallet immediately after you anonymously deposit money to their account at a Bank of America.The bitcoins are in my SR wallet before I get home from the bank.
I support vendors who want to at least make their buyers aware of PGP. I don't trust any vendor who doesn't have at least a public key posted in their description page.
The unfortunate drawback of more exposure (especially from mainstream media) for a site like SR is the influx of inexperienced computer users who want to do the bare minimum in other to acquire drugs. Before I read this thread, I imagined most people who use SR are, at the very least, have moderate computer skills/knowledge and use PGP.
Btw, do you guys use PGP all the time, regardless if the message is sensitive or not?
I use PGP as much as possible. Think of it this way... if you reserve PGP for only the 'important' stuff, you are telling any observer just what is important, at least to you. This then tells them which communications channels to concentrate on . If you encrypt everything, then they have no idea which messages (or people you correspond with) are important.
Guru
touche'.
it's fucking shark week!!!!1111
-
I love that some fuck stains think there is a positive correlation between those using PGP and higher intelligence.
Some of us know how to encrypt, use it for work purposes....but who just dont give a flying fuck about LE/hackers/axe murders/ gang affiliates intercepting our address and names.
GonzoRx: saying 'get some' well and truly in advance ' Apocalypse Now '
-
I love that some fuck stains think there is a positive correlation between those using PGP and higher intelligence.
Some of us know how to encrypt, use it for work purposes....but who just dont give a flying fuck about LE/hackers/axe murders/ gang affiliates intercepting our address and names.
GonzoRx: saying 'get some' well and truly in advance ' Apocalypse Now '
the meek shall perish!!
-
I just think it's lazy and if you are not smart enough or ambitious enough to learn how to encrypt your address than you don't deserve to buy on here. Plus most of the people that don't encrypt it just seem like they are giving fake names. Not always but it seems that I get a lot more interesting names and addresses when they come unencrypted. Plus I don't want my return address compromised by some idiot using a fake name.
Absolutely! I used to not encrypt my address because I was lazy and scared of PGP.
I felt really uncomfortable using it.
-
I just think it's lazy and if you are not smart enough or ambitious enough to learn how to encrypt your address than you don't deserve to buy on here. Plus most of the people that don't encrypt it just seem like they are giving fake names. Not always but it seems that I get a lot more interesting names and addresses when they come unencrypted. Plus I don't want my return address compromised by some idiot using a fake name.
Absolutely! I used to not encrypt my address because I was lazy and scared of PGP.
I felt really uncomfortable using it.
you should NEVER be scared of PGP... be scared when NOT using it.
-
I just think it's lazy and if you are not smart enough or ambitious enough to learn how to encrypt your address than you don't deserve to buy on here. Plus most of the people that don't encrypt it just seem like they are giving fake names. Not always but it seems that I get a lot more interesting names and addresses when they come unencrypted. Plus I don't want my return address compromised by some idiot using a fake name.
Absolutely! I used to not encrypt my address because I was lazy and scared of PGP.
I felt really uncomfortable using it.
you should NEVER be scared of PGP... be scared when NOT using it.
Fear not! I think he has repented of his evil ways, and returned to the path of righteousness! Praise Phil!
Guru
the path of "righteousness" lol.
-
It's more risk for the buyer if they decide to not use encryption. You'll be fine yourself as a seller.
-
I just think it's lazy and if you are not smart enough or ambitious enough to learn how to encrypt your address than you don't deserve to buy on here. Plus most of the people that don't encrypt it just seem like they are giving fake names. Not always but it seems that I get a lot more interesting names and addresses when they come unencrypted. Plus I don't want my return address compromised by some idiot using a fake name.
Absolutely! I used to not encrypt my address because I was lazy and scared of PGP.
I felt really uncomfortable using it.
you should NEVER be scared of PGP... be scared when NOT using it.
Fear not! I think he has repented of his evil ways, and returned to the path of righteousness! Praise Phil!
Guru
the path of "righteousness" lol.
Hey, it's worked for Bronze Age religions for almost 6,000 years now. Why not use what has a proven track record, eh?
Come to think of it now, we've been doin' this all wrong -- it's not Club PGP -- it should be the Church of PGP!
There is no god but Crypto, and Phil is his prophet!
Guru
ahaha.. you make my day/night every time i come in here!
the Church of PGP... lul.
Rev. Pine!
-
ahaha.. you make my day/night every time i come in here!
the Church of PGP... lul.
Rev. Pine!
Several forum members have mentioned ecclesiastical experiences to me recently. For example, one fellow said the lights grew brighter in his room when he discovered PGP. I am currently waiting on somebody to find 'the face of Phil' in an ASCII PGP message or public key block. So we have God, a Devil, and even Eve if you read the crypto literature. It feels like we're still missing something though.
-
I was talking to a high profile vendor recently who doesn't even have a public key. What the hell is that about?
-
I was talking to a high profile vendor recently who doesn't even have a public key. What the hell is that about?
Awesome, I'm having a witchhunt later. So el grande Inquisition will need victims to persecute. The name, sir?
Edit: I just had a premonition. It wouldn't begin with 'M' would it?
-
LOL
Maybe y'all could setup a "PGP War Crimes Tribunal"....like the Hague! ;-)
".....your Honour, we the SR jury, find that..Vendor (A) , in failing to utilize appropriate security measures for their clientele, is hereby sentenced to life in 'SR camp for lost souls'....here they will be required to undergo hourly experimental physical manipulations and invasive medical procedures conducted by faceless behemoths recruited from the worlds finest cartels and families...."
-
I was talking to a high profile vendor recently who doesn't even have a public key. What the hell is that about?
Awesome, I'm having a witchhunt later. So el grande Inquisition will need victims to persecute. The name, sir?
Edit: I just had a premonition. It wouldn't begin with 'M' would it?
That 'M' vendor (i'm 90% sure I know who you're referring to .. he's a new vendor) cracks me up.
First he tries throwing me whacked out/messed up deals on the forum and then get's upset at me when I ask him for his pub key. He told me he 'doesn't like computers' but has to serve his customers ... all his customers are computer users lol.
So I write him a quite in depth tutorial on PGP (I don't claim to be an expert, but I know how it works and how to explain it the easiest way, eg. using a windows front-end like GPG4WIN) and he responded by telling me he doesn't want to take the time to type each individual key (as in he thinks he needs to type character by character), even though almost every other sentence in my tutorial was to highlight the entire key with (ctrl-a), copy (ctrl-c) it to your clipboard and import/encrypt/decrypt/smoke pole lol.
Ma ... if you're reading this, please start using PGP, we all want you to :D