Quote from: malcontent344 on December 26, 2012, 06:30 amSo I was trying to get some questions answered by a vendor called "La Fuente" about whether or not I could use a p.o. box with his service. He responded with a simple, "send me your pgp key, thanks." I didn't really think anything of it, so I gave him my personal key, along with my encrypted shipping address. Now looking back on things, the whole thing seems kind of sketchy. Why would he want my pgp key before I even ordered anything from him? Could this be some sort of trap to attempt to incriminate me as soon as I order? I'm worried.What I find somewhat troubling in what you have described is the fact that you said you supplied him with your "personal" key, as well as your shipping address. Supplying a vendor with your shipping address, unless it is in connection with an order, is a mistake. It might also be helpful to describe what you mean by your "personal key." I hope it did not have any of your real information on it. If you are dealing with someone untrusted, my inclination would be to provide them with a throw-away key, generated for just that purpose. While vendors are not supposed to retain buyer information, there is no way to ascertain that they comply with this practice. Even if they do delete your address information, do they also prune their PGP keyrings, removing buyers' keys, after the conclusion of the transaction? Bear in mind that, if a vendor were to be busted, their PGP keyrings would reveal who they have been doing business with. NC