Silk Road forums

Discussion => Security => Topic started by: mrxempire on January 15, 2013, 07:55 am

Title: Is PGP really necessary?
Post by: mrxempire on January 15, 2013, 07:55 am
I know i'm gonna get shit on after this post but here goes...
I honestly don't see why PGP encryption is necessary on Silk Road. I tried to learn how to use it a few months ago, and I couldn't find clear concise instructions on how to get pgp and set it up properly. Maybe i'm just stupid, i dont know. Obviously, I don't ship things directly to my residence, but I don't encrypt the address that I use when I order something. AND, after scouring the internet I couldn't find any information about people getting arrested, or in trouble for not using PGP. In fact, I couldn't find any stories about people getting in any legal trouble whatsoever because of Silk Road. I swear to you guys the first thing i do if i ever get in trouble with the law because of not using encryption I would go on the forums and tell my story so that everybody knew how important it was to protect yourself, and I hope others like me would do the same. Ive heard of packages getting confiscated by customs, but the person who ordered it never got a visit from the police or anything, they just never received their package. It is worth noting here that I do not have bulk amounts of drugs shipped to me. I am simply a weekend warrior who likes to order a small amount of lsd or mdma once in awhile for me and my buddies. I do, however, know of someone who DOES use silk road for bulk purchases. And this person does not know how to use PGP encryption either, and just has his bulk packages mailed to his actual address. This person has not gotten in trouble either. Obviously I would use PGP if i could figure out how to set up the damn thing. Even if it wasn't necessary, it would make me feel smart haha. So to end this post, I have a couple questions:

1. Has anyone here ever gotten into any legal trouble whatsoever as a direct result of not using encryption, or from using silk road in general? Im not talking about getting pulled over with Silk Road drugs in the car, I'm talking more like the police intercepting your package, and then going to your house and arresting you.

2. Could anybody direct me to an easy "PGP installation for dummies" guide? The PGP guide on here didn't work, and when I asked on the forums, some uber leet forum master shit in his star wars pajamas and scolded me for not posting in the right spot. He then told me that the guide I was using was outdated, and showed me another guide which was WAY more technical and confusing. It involved me putting some program on a flash drive and then installing it in safe mode on my PC and a bunch of other crazy shit like that. I may not be the sharpest tool in the shed, but im certainly not the dullest, so I feel like if someone were to explain it to me in simple terms I would be able to install and use PGP with ease. Even if PGP is only truly necessary for people who order bulk, I would still like to learn it anyways just to be on the safe side, just in case my local government suddenly finds a hidden cave filled with forgotten nazi treasure from WW 2 and uses the fortune to give the police the budget necessary to individually hunt down and prosecute the thousands of people who use this website
Title: Re: Is PGP really necessary?
Post by: g01d3n on January 15, 2013, 08:24 am
Hello! I'm fairly new myself. When ever dealing with sensitive information (such as Real Names, Addresses, etc.) You can never be too safe from prying eyes. Even though you're on TOR, someone somewhere, if they really wanted to, may be able to see unencrypted text; I wouldn't say PGP is necessary, but I wouldn't send any information over text without encrypting.

I just recently figured out PGP myself, so it's still fresh in my mind. Where are you getting stuck at, what program are you using to encrypt text. Give me whatever problems you have, and I'll do my best to help you. We n00bys have to help each other out. :)
Title: Re: Is PGP really necessary?
Post by: Tessellated on January 15, 2013, 08:34 am
One of the reasons the Farmer's Market was busted was because they did not encrypt communication. Seriously, we have encryption that cannot be broken by the law enforcement of the world. Use it, stay out of jail.

I cannot fathom that about half of the addresses are sent to me in the plain.
Title: Re: Is PGP really necessary?
Post by: SorryMario on January 15, 2013, 08:37 am
Using PGP is an extra precaution so that only one person (the Vendor who's public key you encrypted it with) can read your name/address off the site's server and know what you ordered.

Any personal data that gets submitted in unencrypted text is going to be floating around on a server that could conceivably be the subject of forensic investigation somewhere down the line. Won't they be overjoyed to find a few real names and addresses in the mix of indecipherably encrypted information if that happens!

Will it happen? Who knows? Just because there's no shooters nearby is no reason to walk around with a target painted on your back. It's not so unlikely that LE wouldn't eagerly hassle anyone they possibly could who was clearly linked to buying/selling on SR. It would be worth it for them to do that and share info with your local fuzz just to set an example and cause extreme paranoia to ripple through the SR marketplace.

But if it's not worth for you to learn to use a simple totally free message encrypter (that has many more uses BTW) and you'd rather just take a chance on it possibly coming back to bite you in the ass, then be my guest.  ???
Title: Re: Is PGP really necessary?
Post by: windmillz on January 15, 2013, 09:15 am
If you can't figure out GPG/PGP, to protect yourself from trouble, than I feel like you really haven't thought about the concequences of not using it. When I think about it I want to know I went through every step to ensure my state of anonymity. It takes more than a life time to begin to crack these encryptions. If you become lazy, your chances greaten dramatically. And to what point do you have to fold the cards...
Title: Re: Is PGP really necessary?
Post by: lb man on January 15, 2013, 11:44 am
QUESTION :The problem or risk not using pgp /GPG is what exactly ?( ANSWER): The vendor knows your address or is it ?. Silk road knows your address or is it on your computer or what ? Please tell as i dont know for sure .
Title: Re: Is PGP really necessary?
Post by: LickTheSun on January 15, 2013, 12:19 pm
2. Could anybody direct me to an easy "PGP installation for dummies" guide?

It's available on HakBB and The Underground Market Board. Check the market board first and then buy Nomad a beer : )
Title: Re: Is PGP really necessary?
Post by: peeweed on January 15, 2013, 01:42 pm
Personally I don't see why you wouldn't use it... It is simple, very simple once you understand how it works...

Here is a good guide by our very own Astor: http://32yehzkk7jflf6r2.onion/gpg4usb/

The risk PGP protects is if LE ever gets access to the servers, they maybe able to see what you ordered but if encrypted they will never know where it was sent to or your communications.  If you properly made a separate online identity for SR, as you should then those encrypted communications are the only way to find out about your address etc.
Title: Re: Is PGP really necessary?
Post by: Nightcrawler on January 15, 2013, 03:14 pm
One of the reasons the Farmer's Market was busted was because they did not encrypt communication.

Technically speaking, that is not correct. The people who ran The Farmers' Market  used Hushmail, which had been compromised by the authorities since at least 2007, when the DEA's Operation Raw Deal (ORD) went down.

Hushmail's implementation of PGP was (and is) broken by design -- anyone with a decent general understanding of how public key cryptography works could figure this out. These flaws have been discussed at length for the last 10-12 years. I'm frankly astonished that anyone would place any faith in Hushmail at all. The sad part of The Farmers' Market saga is that there apparently were people who tried to warn the owners/operators that what they were doing was unsafe, yet they chose to ignore that advice.  They are now paying in spades for their ignorance and arrogance.

Seriously, we have encryption that cannot be broken by the law enforcement of the world. Use it, stay out of jail.

I cannot fathom that about half of the addresses are sent to me in the plain.

Fortunately for law enforcement, laziness and ignorance are no less prevalent in the criminal population than in the population at large. When Phil Zimmermann originally released PGP, the heads of law enforcement agencies in Canada, the U.S., and the United Kingdom literally lost their minds.
They were all absolutely convinced that widespread adoption of strong cryptography would stop criminal investigations dead in their tracks. (They were right -- if crypto _had_ been widely adopted, it would have stopped investigations dead in their tracks.) 

However, they needn't have worried. Many of the criminal element, who could have benefited from this, were too lazy or ignorant to learn, just as the rest of the general public.

Nightcrawler <Nightcrawler@SR>
PGP-Key: 4096R/BBF7433B 2012-09-22
Key fingerprint = D870 C6AC CC6E 46B0 E0C7 3955 B8F1 D88E BBF7 433B
PGP Key: http://dkn255hz262ypmii.onion/index.php?topic=174.msg633090#msg633090


Title: Re: Is PGP really necessary?
Post by: melatonin3 on January 15, 2013, 04:58 pm
Does anybody know how to use PGP on an apple computer?

I don't have access to a PC and everything I've tried seems to be for windows only :-[
Title: Re: Is PGP really necessary?
Post by: SpaceAce on January 15, 2013, 05:40 pm
there are so many scenarios where pgp will help you...it's frankly dumb to not use it.

I wouldn't be hanging around your friend getting bulk packages sent to his address and not even using pgp. what!? lets say the vendor gets busted while he's got silk road open. He probably tried to reach and turn the lapoff and now guesss what? he's in pain on the floor from the pig that just bashed his head in because he was reaching for his invisible weapon. Nothing wrong here right? well guess what they have your address now cause that browser window was open and you just orderd a shit load of drug. Everyone who used pgp probably won't have to worry about it as much. Do you really want some piggys having your address and know there are drugs sent?

Once I start back up it's going to be a requirement! everyone should learn how to use it or else you really shouldn't be on here...
Title: Re: Is PGP really necessary?
Post by: Tessellated on January 15, 2013, 07:22 pm
There is also the danger of the silk road itself getting busted and taken over by law enforcement, they could run it as a honeypot and collect all the non-encrypted addresses to do one big bust.
Title: Re: Is PGP really necessary?
Post by: Monty Cantsin on January 15, 2013, 08:08 pm
Watch and learn,it's not that hard: http://www.youtube.com/watch?v=SywCI91kfq0
Title: Re: Is PGP really necessary?
Post by: Oompaloompa on January 15, 2013, 08:20 pm


How can law-enforcement or anyone else tell what product you ordered ?  There are perfectly legal and legit products on silk Road.  If anything ever happens, couldn't you just say you purchase the vibrating pussy off sr And not any drugs?

How could anyone including law-enforcement how specifically what product you purchased without getting into your account details?

They don't need to prove you bought drugs. If they get your name & address its because SR servers were compromised and you used unencrypted communications.

If they compromised SR servers then they've got probable cause to believe that you were buying drugs - what with SR being a big well known drug market and all.

Its then very easy for them to get a warrant to raid your house. Now if you don't have any drugs - or any other trace of illegal activity - then that's not a big deal, but personally I'd want to avoid the hassle of being raided by the simple technique of encrypting your name & address.

Seriously everyone use PGP, it really isn't that difficult. What system or software you decide to use will depend on your operating system but I'd recommend you check out Tails  *** https://tails.boum.org/ ***

It's a whole operating system, including TOR & PGP, that's bootable from a usb stick & easy to use out of the box. That way you can anonymously use SR & keep your PGP encryption keys hidden on a discreet usb stick.
Title: Re: Is PGP really necessary?
Post by: verderer on January 15, 2013, 08:30 pm
Does anybody know how to use PGP on an apple computer?

I don't have access to a PC and everything I've tried seems to be for windows only :-[
Give this a try: https://www.gpgtools.org/ [clearnet]
Title: Re: Is PGP really necessary?
Post by: mrxempire on January 15, 2013, 09:36 pm
Watch and learn,it's not that hard: http://www.youtube.com/watch?v=SywCI91kfq0


the video here shows how to download GPG...is that the same thing as PGP?
Title: Re: Is PGP really necessary?
Post by: verderer on January 15, 2013, 09:47 pm
Watch and learn,it's not that hard: http://www.youtube.com/watch?v=SywCI91kfq0


the video here shows how to download GPG...is that the same thing as PGP?
Not exactly, but they are compatible with each other. GPG is an open-source version of PGP.

So, for all intents and purposes, yes: you can use either to "PGP encrypt" your info.
Title: Re: Is PGP really necessary?
Post by: BreakOnThrough on January 15, 2013, 10:10 pm
The most likely risk is that SR is compromised by hackers who might then release names and addresses 'for teh lulz' or some such.  That or LE.

Get GPG4USB.  Pretty idiotproof if you ask me.
Title: Re: Is PGP really necessary?
Post by: mrxempire on January 15, 2013, 11:07 pm
think I just figured the whole thing out! Thanks to whoever posted that youtube link. Most guides i've read on here are overly complicated, but that video made the process simple. Now...the reign of Mr.X can begin, and  I shall bring the police of the world to its knees.....muahahahahahaHAHAHAHAHAHA jk im just trying to trip balls in secret
Title: Re: Is PGP really necessary?
Post by: rosannebar on January 15, 2013, 11:53 pm
Here is my 2 cents.     I have gpg4usb and use plan on using it for orders.     Pretty simple and a extra step in security is never a bad idea.

However.......    I keep thinking,  I'm using a vendor that I don't know's key to encrypt my address.   Who is to say that vendor isn't LE and me using his key would make it pointless. 
So, in conclusion.   If I encrypted with my key, great, i trust me.    If I use a vendors key, then they know my addy, anyone that gets a hold of their key or computer can know my addy.  In the long run I guess you can't make anything 100% safe, but you do the best you can.   And if you don't, then you are more at risk then you need to be.     PgP because.... why not?       *one love*