Silk Road forums

Discussion => Security => Topic started by: GetOutCuntFace on August 29, 2012, 12:04 pm

Title: Vendor had PGP now no longer does....what to do?
Post by: GetOutCuntFace on August 29, 2012, 12:04 pm
Hi all,

So I made an order from purogkush, don't think there is any shame in sharing vendor name as it is just an inquiry as to what to do, using his "old" PGP key to encrypt my address. I have dealt with the vendor on numerous transactions so there are no bad feelings or anything here.

I received a direct message on SR about the fact he needs my address as he doesn't use PGP anymore. Seems odd to me that someone would use PGP then decide to NOT continue to use it.

I want the wares I have ordered so want to get him my address somehow but am feeling very sketchy about just sending it through unencrypted.

Wondered if anyone has dealt with pureogkush lately and come across same problem and most importantly what their work around was?

Cheers!
Title: Re: Vendor had PGP now no longer does....what to do?
Post by: pine on August 29, 2012, 04:32 pm
JFUP!
Title: Re: Vendor had PGP now no longer does....what to do?
Post by: BigEasy on August 29, 2012, 06:14 pm
    JFUP   -   'jey eff up'

 =   Just Fucking Use PGP.
Title: Re: Vendor had PGP now no longer does....what to do?
Post by: pine on August 29, 2012, 09:03 pm
Just so you're aware "GetOutCuntFace", that was directed at your vendor, not you. More buyers should complain if their vendors don't have secure setups, it's the fastest way to unblock the wax from their ears when their cash flow dries up.
Title: Re: Vendor had PGP now no longer does....what to do?
Post by: psykhe on August 31, 2012, 07:10 am
Hey,

I've got the same problem here. I went to place an order but couldn't find a PGP key anywhere. PM'd pureogkush and received the response that "it's not in use any more as it had a virus that killed my hard drive".

I responded with: "Sorry to hear you've had some technical problems. Will you be making a new PGP key? Security is one of my top priorities and I'm not really comfortable with sending sensitive data unencrypted."

So now I'm just hoping they'll be willing to generate a new key, because I promised myself I wouldn't place orders without it.
Title: Re: Vendor had PGP now no longer does....what to do?
Post by: farmer1 on August 31, 2012, 07:53 am
If you don't use a vendor who uses PGP then soon none of us will. Make the marketplace what you want it to be. Buy from someone who does business how you want it done. Keep your promise.
Title: Re: Vendor had PGP now no longer does....what to do?
Post by: wretched on August 31, 2012, 10:31 am
no pgp=no sale if you want my money, you will protect my information period.
Title: Re: Vendor had PGP now no longer does....what to do?
Post by: BigEasy on August 31, 2012, 03:53 pm
If vendors can't get it together to have their security down pat and run PGP along with secure systems (laptop, etc) then they really don't deserve your business.

Why would you trust them with your personal info to send you drugs?!?!?!

I still see vendors (although not many) that don't have PGP and give my head a shake, that should one of your first priorities when setting up your business plan.

JFUP!
Title: Re: Vendor had PGP now no longer does....what to do?
Post by: wsg on August 31, 2012, 08:28 pm
If vendors can't get it together to have their security down pat and run PGP along with secure systems (laptop, etc) then they really don't deserve your business.

Why would you trust them with your personal info to send you drugs?!?!?!

I still see vendors (although not many) that don't have PGP and give my head a shake, that should one of your first priorities when setting up your business plan.

JFUP!

I was kinda thinking along these lines as I am a Newbie but have learn t PGP and just went to place an order but seen that the vendor didn't use PGP anymore and wanted info sent to a tor email or use WWW.PRIVNOTE.COM neither which I know enough to trust so I just can/won't order from this vendor at this time.  kinda sucks because I was at the order stage wwhne I noticed this
Title: Re: Vendor had PGP now no longer does....what to do?
Post by: pine on August 31, 2012, 08:46 pm
If vendors can't get it together to have their security down pat and run PGP along with secure systems (laptop, etc) then they really don't deserve your business.

Why would you trust them with your personal info to send you drugs?!?!?!

I still see vendors (although not many) that don't have PGP and give my head a shake, that should one of your first priorities when setting up your business plan.

JFUP!

I was kinda thinking along these lines as I am a Newbie but have learn t PGP and just went to place an order but seen that the vendor didn't use PGP anymore and wanted info sent to a tor email or use WWW.PRIVNOTE.COM neither which I know enough to trust so I just can/won't order from this vendor at this time.  kinda sucks because I was at the order stage wwhne I noticed this

Just Say No!  (to non cryptographically secured drugs!) :)

-- Pine Reagan
Title: Re: Vendor had PGP now no longer does....what to do?
Post by: psykhe on September 01, 2012, 06:44 pm
Well, I received a reply from pureogkush regarding him obtaining a new PGP key.

"n pgp as it costs me 1000 £ for a new computer as the old pgp got a virus and killed my hard drive"

I have no idea how a PGP key could cause/spread a virus, but perhaps that's my ignorance(?) speaking or there's something I'm missing, But, even if a virus did "kill his hard drive", then surely it'd only cost pittance to get a replacement hdd. :/

 I have no idea what's going on here. Unfortunately I'm going to have to steer clear, which is a shame as he has some of the nicest looking hash listings available domestically. With his great reviews and competitive listings it was one I was quite excited about!
Title: Re: Vendor had PGP now no longer does....what to do?
Post by: wsg on September 01, 2012, 09:06 pm
So this seems like a thread to post vendors responses to no PGP. I am not doing this to bash vendors ( I am sure others will take care of that) but also to tell there side of the story and see if any of there concerns even hold a drop of water.

A reply I got

"if you think PGP is full safe thats fine the only problem is you need to wash your hard drive every week so the codes are not stored.
If you use privnote and it is open in SR there is no trace of the message since Tor-project wipes all traces of been searched your choice friend "
Title: Re: Vendor had PGP now no longer does....what to do?
Post by: pine on September 01, 2012, 09:56 pm
So this seems like a thread to post vendors responses to no PGP. I am not doing this to bash vendors ( I am sure others will take care of that) but also to tell there side of the story and see if any of there concerns even hold a drop of water.

A reply I got

"if you think PGP is full safe thats fine the only problem is you need to wash your hard drive every week so the codes are not stored.
If you use privnote and it is open in SR there is no trace of the message since Tor-project wipes all traces of been searched your choice friend "

Haha, wow.

1. You can run GPG software from a memory stick such that everything is stored on the memory stick. You don't need to "wash" your HD each week. Secondly, even if you were running GPG off your HD, any encrypted/decrypted messages are in RAM unless you explicitly save them to the HD. This means they stop existing period when you turn your machine off because RAM cannot store information without having access to electricity.

2. The 2nd sentence is barely English, but there is no evidence that exists that says Privnote doesn't delete encrypted text from their system. What is more, Privnote are *probably* a Law Enforcement honeypot, and so you shouldn't trust them at all. Finally "Tor-project", what it has to do with Privnote I have no fucking clue, because it's completely irrelevant to the subject matter.

tldr; Your so called "Vendor" is Fucking Retarded.

Not knowing X is one thing. That's plain and simple ignorance. But this stupid fuck is actually pretending to know shit that just isn't fucking true.
Title: Re: Vendor had PGP now no longer does....what to do?
Post by: pine on September 01, 2012, 09:58 pm
Ha, wait, let me guess, was that Montell Williams again? That guy has a single digit I.Q and is best avoided.
Title: Re: Vendor had PGP now no longer does....what to do?
Post by: jameslink2 on September 01, 2012, 10:30 pm
<Sigh> This is no longer funny.... it's literally become pathetic. It's not a question of you (psykhe)  being ignorant, it's a question of the vendor being ignorant to the point of computer illiteracy. Hard drives die, suddenly, often without warning. I've had it happen to me -- I've had a particularly bad string of luck over the last 24 months, when I've lost no less then SIX hard drives. The last one to die went to meet its maker 3 days ago, with absolutely NO warning.  Maybe the vendor's hard drive did die, and he just blames it on PGP and/or "a virus".  I've had more drives die on me in the last two years, than I had die on me in the last 30. I don't know if it's inferior technology, poorer manufacturing, or what -- I don' t know what the cause is. What I can state, in two decades of using PGP/GPG, that it almost certainly was NOT at fault.

GURU, the floods in Taiwan earlier this year took out the hard drive manufacturing. They have been trying to catch up and are just now starring to make head way into restocking. Seems they have dropped a lot of QC and are sending out crap at the moment. I have needed to expand my 6TB array for the last 6 months but have been waiting for prices to come down some more and quality to come back up.

My guess is the conversation went something like this

Computer tech: "Yep, the drive is dead. Have you been running any new software or downloading anything new?"
Vendor: "Well, I started using PGP just before it died"
Computer Tech: "That did it, PGP is known to carry viruses and trojans. What you need is XXXXXX Scanner and XXXX spyware blocker, and a new hard drive. It will fix your problem and only cost $XXX.XX"
Vendor: "Wow, I did not know it carried viruses, yes please fix it Ill take the software as well"

I can not count the number of times I have seen the above happen. Replace PGP with what ever the customer says they just installed. It is one way that some computer stores do add-on sales.

So this seems like a thread to post vendors responses to no PGP. I am not doing this to bash vendors ( I am sure others will take care of that) but also to tell there side of the story and see if any of there concerns even hold a drop of water.

A reply I got

"if you think PGP is full safe thats fine the only problem is you need to wash your hard drive every week so the codes are not stored.
If you use privnote and it is open in SR there is no trace of the message since Tor-project wipes all traces of been searched your choice friend "

Ill agree with Pine and add. Run! Run away from this vendor! I can not believe any vendor would say such a thing and the fact that he did scares me!
Title: Re: Vendor had PGP now no longer does....what to do?
Post by: pine on September 01, 2012, 10:59 pm
If the vendor is so clueless about computers, I have to question whether he's even qualified to be a vendor on here. (Obligatory disclaimer: This is my personal opinion only, and does not necessarily represent in any way the opinions of the management nor staff of Silk Road.)

Guru

Honestly you don't need to be reticent Guru and cage your response with disclaimers, if a vendor is a fucking idiot, then the vendor is a fucking idiot pure and simple. We know a *fuck ton* more than they do about proper security and that's all there is to it. We are right. They are wrong. It is simple. This is not arrogance, this is a straight forward observation borne out by the fact what we're saying is backed up by pretty much every resource there is on security/technology and they are just sprouting utter drivel (citation -> null).

There aren't really two ways about it. There is absolutely no need to be polite about it when these fuckwits are threatening SR customer's security with their inept "Jesus Wept" security practices. If anything we should be forcing them out of business completely by pillorying them.

This is SR, not Topix, we have a reputation to uphold here.

True enough, some are just ignorant and they change when they figure out that they're doing something wrong. I'm not really talking about those guys. Everybody is a newbie at some point after all.

In the cases of vendors mentioned, they're just unforgivable. There is no helping somebody that dumb. Really. People who make up dumb incoherent stories and bullshit myths to excuse their laziness and bloodymindedness should lose all their business, because they've lost all their credibility as serious vendors. Not only are they ignorant, but they refuse to realize they are ignorant. That's an altogether different kettle of fish. The appropriate response IS anger.

In RL, people like this routinely get put up against the wall and shot dead. We know it, LE knows it. Everybody on the streets knows it. These kinds of guys don't last five years on the block, and that's the truth behind the missing person statistics, it's practically a routine periodic black market activity like taking out the trash to get rid of these types of guys. Quite honestly they're not really welcome at SR either, they're also too inept to learn new tricks, but they should thank their lucky stars that they're at the end of an anonymous electronic tunnel because the worst that can happen here is they lose custom. That is another advantage of SR. Seldom genuinely appreciated here because many people here are new from the middle class consumer end of things and thus aren't familiar with the reality of the trade, but it's a highly 'non-theoretical' fact.

Trust me, SR has saved at the very least four or five lives by now by virtue of being an anonymous marketplace. And also in having relatively robust harm reduction with the feedback mechanism and facilitating communication via the forum,  but quite honestly it's mostly because it puts fuckwits like the ones mentioned at arms length from organized gangs with their enforcers. I mean I don't approve of coercion, but when given the choice I'm not exactly rooting for Team Fuckwit either. You don't need to approve of violence to understand why it happens. Fuckwits and their clumsy assumptions about the state of play are the main reason.

I guess if they're on here, then at least they only get shot down figuratively speaking. But whether they're here or not, I'm not in the business of cultivating idiots and neither should any other member of SR. We should adopt tolerance for learning and mistakes, but zero tolerance for this stupid apathy.

In my view DPR should have staff hitting dumb vendors with temporary bans if they don't up their game. Dumb buyers are one thing, dumb vendors are another. I don't agree there should be a threshold for consumers, but there should be some kind of threshold for vendors. I mean, we've been hearing one dumbass in Austria got busted and he had all his customers records on file, addresses and all. I remember him from before, and I saw that coming a freaking mile away. By threshold, I mean some manner of exam on basic security procedures. Until then, we're going to get occurrences of vendors parceling weed up in shopping bags, half torn packaging etc.

Being an SR vendor should be something special, something to be proud of, held high.
Title: Re: Vendor had PGP now no longer does....what to do?
Post by: pine on September 01, 2012, 11:05 pm
Ha, wait, let me guess, was that Montell Williams again? That guy has a single digit I.Q and is best avoided.

You forgot to include the word "binary" between single and digit.

Guru

From here on out I shall refer to him as 'Amoeba' Montell. I doubt he knows what an amoeba is though.
Title: Re: Vendor had PGP now no longer does....what to do?
Post by: psykhe on September 02, 2012, 06:52 am
Well, I received a reply from pureogkush regarding him obtaining a new PGP key.

"n pgp as it costs me 1000 £ for a new computer as the old pgp got a virus and killed my hard drive"

I have no idea how a PGP key could cause/spread a virus, but perhaps that's my ignorance(?) speaking or there's something I'm missing, But, even if a virus did "kill his hard drive", then surely it'd only cost pittance to get a replacement hdd. :/ 

<Sigh> This is no longer funny.... it's literally become pathetic. It's not a question of you (psykhe)  being ignorant, it's a question of the vendor being ignorant to the point of computer illiteracy. Hard drives die, suddenly, often without warning. I've had it happen to me -- I've had a particularly bad string of luck over the last 24 months, when I've lost no less then SIX hard drives. The last one to die went to meet its maker 3 days ago, with absolutely NO warning.  Maybe the vendor's hard drive did die, and he just blames it on PGP and/or "a virus".  I've had more drives die on me in the last two years, than I had die on me in the last 30. I don't know if it's inferior technology, poorer manufacturing, or what -- I don' t know what the cause is. What I can state, in two decades of using PGP/GPG, that it almost certainly was NOT at fault.

*nod* The ignorance part was regarding viruses and PGP - personally I have no idea how you could contract a virus when using PGP unless the unencrypted messages link to websites/file downloads, but I am very new to PGP and have only started learning in the last few weeks, so that's the part that made no sense to me whatsoever.

However, regarding the HDD's (and hardware in general), I couldn't agree more. I still remember my old Dell, one of my first PC's when I was a child, with its 498MHz(!) CPU lasting a good 15 years! Nowadays it seems whether it's the HDD, the graphics card, the RAM... something always manages to balls up within a couple of years. The battery on my gaming laptop recently died within the one year warranty and we've just had to replace the SSD on my other half's brand new PC - only a week after receiving it!

I have no idea what's going on here. Unfortunately I'm going to have to steer clear, which is a shame as he has some of the nicest looking hash listings available domestically. With his great reviews and competitive listings it was one I was quite excited about!

You're making the right decision steering clear. If the vendor is so clueless about computers, I have to question whether he's even qualified to be a vendor on here. (Obligatory disclaimer: This is my personal opinion only, and does not necessarily represent in any way the opinions of the management nor staff of Silk Road.)

*nod* I do feel quite bad speaking about it publicly, because the vendor in question does have very, very positive feedback and obviously has a lot of happy customers; but I did want advice regarding the lack of security and to see whether it was a common occurrence (sadly it seems more common amongst vendors than I'd hoped, from some of the other responses here).
Title: Re: Vendor had PGP now no longer does....what to do?
Post by: LouisCyphre on September 02, 2012, 01:46 pm
Ha, wait, let me guess, was that Montell Williams again? That guy has a single digit I.Q and is best avoided.

You forgot to include the word "binary" between single and digit.

From here on out I shall refer to him as 'Amoeba' Montell. I doubt he knows what an amoeba is though.

Reading his posts, like ingesting amoeba-infested water, tends to lead to dysentery.

Well he certainly gave me the shits.
Title: Re: Vendor had PGP now no longer does....what to do?
Post by: LouisCyphre on September 02, 2012, 02:00 pm
In my view DPR should have staff hitting dumb vendors with temporary bans if they don't up their game. Dumb buyers are one thing, dumb vendors are another. I don't agree there should be a threshold for consumers, but there should be some kind of threshold for vendors. I mean, we've been hearing one dumbass in Austria got busted and he had all his customers records on file, addresses and all. I remember him from before, and I saw that coming a freaking mile away. By threshold, I mean some manner of exam on basic security procedures. Until then, we're going to get occurrences of vendors parceling weed up in shopping bags, half torn packaging etc.

I agree with pretty much everything you've said in this post, but there's one very good reason why DPR won't be using temporary bans or other mechanisms to set even a minimum standard for vendors: it directly contravenes the agorist principles on which the site is founded.  It would be, in effect, a form of regulation beyond the terms of becoming an SR vendor because in theory a minimum standard is set by the SR software (from DPR's point of view).

The agorist approach is that the market will self-regulate.  If one party to a contract (buyers) value the security of their information greater than the product they're purchasing then they will seek to use a different vendor.  The self-regulation of the market occurs when the vendors with lax (or non-existent) security protocols lose business.

This really is the best way to address the issue.  Take your business to the vendor with the best business model: comprising of quality product, secure business practices, decent communication and a degree of customer service.  These are the vendors that will flourish over the long term and they are also the vendors that will last for that longer term.  Buyers also need to be aware that value comes from more than just the product that is delivered, but also the means by which it is delivered.

Team Fuckwit, as you so eloquently put it, will go out of business.  Either because they get caught from one of their fuck ups or because buyers choose to use vendors that are less likely to fuck up.  It really is economic darwinism (or just economics).
Title: Re: Vendor had PGP now no longer does....what to do?
Post by: GetOutCuntFace on September 02, 2012, 02:24 pm
Holy shit.

Been off here for a couple of days and come back and see this whole thread has exploded.

Needless to say pureogkush has cancelled my order for 25i tabs which again is a shame as I have dealt with him before when he had PGP so know is wares are good.

I just cannot fathom why when you had it once you wouldn't set it up again. It is piss easy to do, so why not do it!

I got the same response as someone else in this thread basically that his hard drive had been screwed because of PGP, which sound unlikely and that the didn't want to risk it again but that he would try and get one as his custom was waning.

So let's hope he creates a new key as I would still like to buy his items!
Title: Re: Vendor had PGP now no longer does....what to do?
Post by: LouisCyphre on September 02, 2012, 03:04 pm
Holy shit.

Been off here for a couple of days and come back and see this whole thread has exploded.

Heh.  :)

Needless to say pureogkush has cancelled my order for 25i tabs which again is a shame as I have dealt with him before when he had PGP so know is wares are good.

You're better off in the long run.

I just cannot fathom why when you had it once you wouldn't set it up again. It is piss easy to do, so why not do it!

That's easy to answer: laziness and wilful ignorance.

See also: all of the above on Team Fuckwit.

I got the same response as someone else in this thread basically that his hard drive had been screwed because of PGP, which sound unlikely and that the didn't want to risk it again but that he would try and get one as his custom was waning.

So let's hope he creates a new key as I would still like to buy his items!

The only way people like that will learn is when the money talks.  That is, when they have to learn about and employ appropriate security measures in order to make any money.
Title: Re: Vendor had PGP now no longer does....what to do?
Post by: superhippie on September 02, 2012, 03:59 pm
if i were you i'd.........................RUN AWAY FAST!!!!!!