Silk Road forums
Discussion => Security => Topic started by: kaliyuga on October 31, 2012, 05:56 pm
-
Hi,
I just placed my first order and forgot in my excitement to use PGP to send my address to the seller. I just entered the information into the address field like an idiot.
What should I do now?
Thanks
-
you should slap yourself in the first place and pray that your message doesn't get intercepted somehow.
-
Your address is now stored in the SR server. If something happens to the SR server now (it gets hacked or confiscated unencrypted by law enforcement), then they can see your unencrypted address. Then you'll probably receive a warning letter (unless you bought huge amounts of controlled substances, in which case you'll get a visit).
As long as Silk Road is in good hands, you'll be okay.
After your order is completed, your address will be wiped from the database (at least that's what the SR management says, we have to take their word on it).
In the future, please use PGP, it is highly recommended.
-
If I were you I'd complete the purchase then ditch the account and start anew. If you assume that someone has intercepted your address then they've only got evidence that you did one illegal act, but that may not be the case two years from now. You have very little to lose by starting fresh.
-
You are fine but never use that account again.
It is safest to assume SR is run by LE or has been compromised (there is some evidence of this or at least that SR has been very incompetent in the past).
1. ALWAYS use PGP/GPG.
2. ALWAYS aquire your BTC anonimously - Make sure your purchases use BTC that can not be proven to originate from you.
3. If you EVER mess up either step 1 or 2, retire your account and start a new one (alternatively retire from SR).
3. Do not trust anything SR says. Especially about data retention.
You are OK though. There are many many accounts out there with 100s if not 1000s of purchases which are potentially associated with personally identifiable data. I'm sure LE would be much more interested in these.
We are playing a new game here and the line between being careful and paranoid is unknown.
-
If I were you I'd complete the purchase then ditch the account and start anew. If you assume that someone has intercepted your address then they've only got evidence that you did one illegal act, but that may not be the case two years from now. You have very little to lose by starting fresh.
Well said. +1.
-
You are fine but never use that account again.
It is safest to assume SR is run by LE or has been compromised (there is some evidence of this or at least that SR has been very incompetent in the past).
1. ALWAYS use PGP/GPG.
2. ALWAYS aquire your BTC anonimously - Make sure your purchases use BTC that can not be proven to originate from you.
3. If you EVER mess up either step 1 or 2, retire your account and start a new one (alternatively retire from SR).
3. Do not trust anything SR says. Especially about data retention.
You are OK though. There are many many accounts out there with 100s if not 1000s of purchases which are potentially associated with personally identifiable data. I'm sure LE would be much more interested in these.
We are playing a new game here and the line between being careful and paranoid is unknown.
+1
I would only add that you also have to assume that the vendor is a congenital idiot. Look at how the The Farmers' Market got busted -- they were clueless, and moreover, careless. They were warned what they were doing wasn't safe, and they didn't care. Maybe now that they cooling their heels in jail cells, they will have developed a new appreciation for security.
Even in the last few months, a vendor here on SR was busted -- Trojan, out of Calgary. Apparently, this idiot, in addition to running a lab out of his house, was also dealing locally. His neighbors were made suspicious by the number of people coming and going at odd hours, staying for only a few minutes, then leaving. They called police, and the rest is history.
(Check out the threads on Trojan for more information.)
-
I think you guys are over-reacting.
You dont need to ditch the account. Just use PGP next time.
-
I think as a user, this is somewhat trivial. The point in authorities busting users is in the hope they will turn in their dealer. Well on SR, that leverage is gone because the dealer is unknown!
SR isn't really in the media spotlight everyday - and it also contradicts the old saying 'let's get drugs off our streets' - well SR does exactly that lolz.
-
Wow, you guys are over-reacting quite a bit. Once your order has completed the address is deleted, what you really need to worry about is vendors keeping logs and handing them over to authorities if they're compromised.
Just use PGP next time
-
Yes indeed. Once your address gets decrypted even with PGP at the sellers end, it can sit about unencrypted. Sellers I am sure are going to delete everything.
-
that sucks bud..
all u can do is hope SR NEVER GETS BUSTED..
hope and pray.. even if they do they cant do anything but send you a letter..
idk dont worry to much about it
it sucks but aint shit u can do now live and learn bro..
B E Z
-
honestly surely if whoever made this site is smart enough to set it up and keep it up for this long then they could work out how to have the addresses securely deleted once they're marked in transit. I mean a 7 pass erase with DBAN which can be downloaded for free cant be cracked by the CIA/FBI/NSA etc so whats stopping DPR from being competent enough not to have addresses stored on the server. Maybe somebody abit more technically-savvy could chime in?