Silk Road forums
Discussion => Security => Topic started by: upthera on July 12, 2013, 08:36 pm
-
Am I wrong to think this is way fucked up. I don't know who is worse, the people buying from these vendors or the guy with 500 quid and zero brains who comes here with/out a PGP key or even Privnote(I wouldn't use it but at least he would be trying. this is from the most recent one. So, LE or just stupid? honestly, just want to hear opinions.
Snip from SR, Edited for privacy until vendor tells me why, will post name if no good explanation or fast change. What is going on with this place.
Hello.
been dying to make a purchase and didn't want to bother you as I fugured it would be up or at least mentioned but where is your PGP key or email so I can look for it on a keyserver. I've had one of your products in my cart for over a week, want to order. Sorry if i'm just being blind. Need your pgp key so I can give you money:)
Good luck and get me that PGP key, please:) Really want to sample the goods. 43 minutes read
delete
###########################
yea sorry i just have been so overwhelmed with orders to get around to setting it up 21 minutes read delete
(HE HAD TIME TO START A BLACK LIST)???
#######################################
you mean people are placing orders without using encryption??? If I want to place an order right now I have to give you my address unencrypted? I do want to place an order right now, but if you set up a vendor account w/out taking 5 min to create a keypair, ??? I don't even know what to say. I don't want to mis-interpret your comment, Is that what you are saying? 2 minutes unread
What do you guys think. I know its beyond dumb and reckless but other than that? Whats going on here?
-
OMFG!!! Listen to this response from "Keep Em Bouncing" when I asked about lack of PGP key because I wanted to place an order. Raise bond to 5000K + or something. AVOID THESE PEOPLE LIKE EHR PLAUGE. THEY ARE PLAYING RUSSIAN ROULETTE WITH YOUR FREEDOM!!!
After that amazingly stupid reply I would feel dirty not to Name and shame a dangerous vendor. Unreal dude? SEC folks, am I out of line?
#######################
Keep Em Bouncin(100) yeah? everyone else who uses this site sends their addresses in its proper box. your suppose to type your address in that box when you check out, the box is right above here you type your pin number in to confirm the purchase. not everyone PGP's their addresses. each address is destroyed after I place it out. 14 seconds unread delete
###########################
not posting this with anything but concern for SR community. I don't know vendor, just like to give new vendors a chance but after that comment my jaw is on the ground.
EDIT: mis spelled "vendors" name "Keep Em Bouncin"
-
Him not wanting to use PGP does not make him a Fed.... If a Fed did try to make a vendor account, whether or not they use PGP when receiving your address would not be the make or break point for admissable vs inadmissable evidence. If your address is encrypted and the 'Fed' has the key to decrypt it successfully, then it can still be easily used as evidence.
PGP only protects you in cases where a vendors account is hacked(by a Fed presumably) or if a vendor is compromised in the real world and they gain access to his SR account yet he refuses to provide decryption information. A vendor not wanting to use PGP is their own choice, but it's not very smart in the first place.
Edit: I wanted to add, there are a number of people, including myself, who have made bulk orders numerous times without using PGP....It won't kill you to not use it once or twice, but it's always smart to take the extra step for security.
-
Yeah, about 20% of vendors don't have PGP keys, and a majority of buyers don't encrypt their addresses.
Some vendors are pretty explicit about not using PGP. Here's what RxKing's profile says:
PGP:
If you want to use pgp...go to another vendor. If SR ever gets compromised they will want ME--NOT YOU!! And they sure as fuck won't look at orders and find your address and do something. I don't have the space to get into it...but it is the biggest myth on SR. I have heard so many lame reasons. But they all love to say it is an added layer of security. Total bullshit...but whatever...NO PGP FOR THE KING
He also says:
Privnote---
If you must be secretive(no need at all) with sending me your address and you believe all those morons in the forum ---- I ONLY USE privnote.com. You can use it for your address. Part of the reason my operation runs so fast is because I don't have to waste extra time trying to read secretive messages or use that stupid time wasting pgp. Don't be the one slowing the packaging and shipping down with your privnote last second after my time cut off time with a long message for me to read and respond to. I am very busy!
Privnote is safe, fast, and easy. And totally not needed. BUT if you feel you need to..then use it. I don't care. But don't use it to send me a question..A big waste of time. You are too paranoid and stupid... Go to another vendor or jump off a building.
-
Edit: I wanted to add, there are a number of people, including myself, who have made bulk orders numerous times without using PGP....It won't kill you to not use it once or twice, but it's always smart to take the extra step for security.
There was a guy named Sabu who was part of Anonymous. He connected to their IRC server over Tor. Did it every day for months. One time he misconfigured his IRC client and connected over clearnet, exposing his IP address... to the feds. That's how they busted him.
You only need to fuck up once to get screwed. You can do everything securely for years, but one fuck up and it's over. That's why you should do things securely every time. I encrypt my address every time, because I don't know when the SR server might be compromised, or a vendor gets phished and someone accesses his account. He sure as hell won't be reading my address.
-
Edit: I wanted to add, there are a number of people, including myself, who have made bulk orders numerous times without using PGP....It won't kill you to not use it once or twice, but it's always smart to take the extra step for security.
There was a guy named Sabu who was part of Anonymous. He connected to their IRC server over Tor. Did it every day for months. One time he misconfigured his IRC client and connected over clearnet, exposing his IP address... to the feds. That's how they busted him.
You only need to fuck up once to get screwed. You can do everything securely for years, but one fuck up and it's over. That's why you should do things securely every time. I encrypt my address every time, because I don't know when the SR server might be compromised, or a vendor gets phished and someone accesses his account. He sure as hell won't be reading my address.
Hadn't thought about that.... Good thinking, astor.
-
That is simply just asking to get caught...Must be a young teenager with no worries
-
Edit: I wanted to add, there are a number of people, including myself, who have made bulk orders numerous times without using PGP....It won't kill you to not use it once or twice, but it's always smart to take the extra step for security.
There was a guy named Sabu who was part of Anonymous. He connected to their IRC server over Tor. Did it every day for months. One time he misconfigured his IRC client and connected over clearnet, exposing his IP address... to the feds. That's how they busted him.
You only need to fuck up once to get screwed. You can do everything securely for years, but one fuck up and it's over. That's why you should do things securely every time. I encrypt my address every time, because I don't know when the SR server might be compromised, or a vendor gets phished and someone accesses his account. He sure as hell won't be reading my address.
I hear you but did you read the guys comments? My god the stupidity. And I do not know enough to say privnote is not secure but I will not use it more because it is often used to threaten people here as it's 3rd party so how can you really trust someone who requests privnote. A very good person on here was just threatened tho have his/her details exposed if they didn't leave a perfect score and ST used privnote to bully and threaten someone last week and IIRC SR could or would not do anything as screenshots of threats, even if we all know ST would be happy to make threats, are still screenshots from 3rd party software. and the vendor who say's they'll be after him, he is probably correct but that doesn't mean I want to intentional make it easier for myself to make an inevitable mistake like the kind you mentioned. But the real threats, blackmail, and extorsion occur in privnote land more than anywhere else. Might be safe but not the right tool for SR. Thanks for the feedback . I'm pretty sure this vendor has no clue how to use PGP/GPG by his comments but not my problem. I did offer to teach him though with no strings attatched but I'm done with idiots like that willing to make a dangerous game even riskier. I work in a very very dangerous ocupation and I know you can never eliminate risk but that is not an excuse to not take every reasonable precaution in your power to stay alive. of in this case out of prison.
-
Yeah, about 20% of vendors don't have PGP keys, and a majority of buyers don't encrypt their addresses.
Some vendors are pretty explicit about not using PGP. Here's what RxKing's profile says:
PGP:
If you want to use pgp...go to another vendor. If SR ever gets compromised they will want ME--NOT YOU!! And they sure as fuck won't look at orders and find your address and do something. I don't have the space to get into it...but it is the biggest myth on SR. I have heard so many lame reasons. But they all love to say it is an added layer of security. Total bullshit...but whatever...NO PGP FOR THE KING
He also says:
Privnote---
If you must be secretive(no need at all) with sending me your address and you believe all those morons in the forum ---- I ONLY USE privnote.com. You can use it for your address. Part of the reason my operation runs so fast is because I don't have to waste extra time trying to read secretive messages or use that stupid time wasting pgp. Don't be the one slowing the packaging and shipping down with your privnote last second after my time cut off time with a long message for me to read and respond to. I am very busy!
Privnote is safe, fast, and easy. And totally not needed. BUT if you feel you need to..then use it. I don't care. But don't use it to send me a question..A big waste of time. You are too paranoid and stupid... Go to another vendor or jump off a building.
^^^^ :-0
Astor, I see you make very thoughtout and helpful posts here often, what is your thoughts on the quote you posted. Would you deal with either of these "vendors" if they had something you wanted. Just curious as I respect your opinion
EDIT: from re-reading your other post I see that we are on the same page. I mis interpreted you first post if my response seemed a bit off. I'm cringing reading it.
Just once, one tiny config file or non updated tails and on and on.
-
Yeah, about 20% of vendors don't have PGP keys, and a majority of buyers don't encrypt their addresses.
Some vendors are pretty explicit about not using PGP. Here's what RxKing's profile says:
PGP:
If you want to use pgp...go to another vendor. If SR ever gets compromised they will want ME--NOT YOU!! And they sure as fuck won't look at orders and find your address and do something. I don't have the space to get into it...but it is the biggest myth on SR. I have heard so many lame reasons. But they all love to say it is an added layer of security. Total bullshit...but whatever...NO PGP FOR THE KING
He also says:
Privnote---
If you must be secretive(no need at all) with sending me your address and you believe all those morons in the forum ---- I ONLY USE privnote.com. You can use it for your address. Part of the reason my operation runs so fast is because I don't have to waste extra time trying to read secretive messages or use that stupid time wasting pgp. Don't be the one slowing the packaging and shipping down with your privnote last second after my time cut off time with a long message for me to read and respond to. I am very busy!
Privnote is safe, fast, and easy. And totally not needed. BUT if you feel you need to..then use it. I don't care. But don't use it to send me a question..A big waste of time. You are too paranoid and stupid... Go to another vendor or jump off a building.
wow is all i can say. not only is the easiest thing to set up and use, but it gives your customers a sense
of security{even if you say it doesnt add any, wich it does). Not only that but you dont know what type of
stuff your customers are into maybe that one little slip leads LE on a trail they woudnt otherwise find.
being paranoid in this case keeps you safe! personally i would find another vendor! there has to be more than one vendor selling what your looking for.
-
Yeah, about 20% of vendors don't have PGP keys, and a majority of buyers don't encrypt their addresses.
Some vendors are pretty explicit about not using PGP. Here's what RxKing's profile says:
PGP:
If you want to use pgp...go to another vendor. If SR ever gets compromised they will want ME--NOT YOU!! And they sure as fuck won't look at orders and find your address and do something. I don't have the space to get into it...but it is the biggest myth on SR. I have heard so many lame reasons. But they all love to say it is an added layer of security. Total bullshit...but whatever...NO PGP FOR THE KING
He also says:
Privnote---
If you must be secretive(no need at all) with sending me your address and you believe all those morons in the forum ---- I ONLY USE privnote.com. You can use it for your address. Part of the reason my operation runs so fast is because I don't have to waste extra time trying to read secretive messages or use that stupid time wasting pgp. Don't be the one slowing the packaging and shipping down with your privnote last second after my time cut off time with a long message for me to read and respond to. I am very busy!
Privnote is safe, fast, and easy. And totally not needed. BUT if you feel you need to..then use it. I don't care. But don't use it to send me a question..A big waste of time. You are too paranoid and stupid... Go to another vendor or jump off a building.
wow is all i can say. not only is the easiest thing to set up and use, but it gives your customers a sense
of security{even if you say it doesnt add any, wich it does). Not only that but you dont know what type of
stuff your customers are into maybe that one little slip leads LE on a trail they woudnt otherwise find.
being paranoid in this case keeps you safe! personally i would find another vendor! there has to be more than one vendor selling what your looking for.
Thank you also for the input. I expected to get speared. I know that my address can still be compromised by a vendor who uses PGP but as boosties pointed out it is simple and there are many people willing to help if you get stuck on something. And absolutely find another vendor, I never considered ordering after I contacted him and got his reply but as a practice I like to try to give new domestic vendors a shot with a small order and see how it goes. didn't have to order to see how it goes. lol I guess I was a bit wet behind the ears because I am shocked at the stats that Astor posted 20%?
thanks for the comment
-
^^^ I do the same thing i like catching new vendors, found a few really good ones that way.
but it can also be very nerveracking because there is no history or anything to go on.
the one's ive caught just starting out always used pgp tho. otherwise i wouldnt have ordered.
make's me feel safer. if you can get a little piece of mind on this black market, why not?
since reading this thread i have noticed more vendors not using it. for me i like it and dont see why
someone wouldnt use it. really it's not time consuming at all so i never understood why not.
for regular messages i wouldnt use it only for sensitive info like addy or track,etc. just my 2 cents
happy roading friend
-
It seems like all the *top* vendors use PGP. If they can stay on top while using PGP, I don't see how some of these mom-and-pop dealers of silk road can't. We aren't dealing with someone discovering you're gay by seeing unencrypted porn, where the fallout is social--this is ILLEGAL and for some amounts, might as well be equal to manslaughter in the eyes of the law.
No PGP = look elsewhere. If 5 minutes on the computer is too much for them, how good can their stealth be?
-
Attn mods:
Reading that vendors want to make money without any regard for the safety of their buyers simply out of laziness/stupidity I have an idea.
Could SR make it mandatory that vendors opening an account will be required to send their public PGP encrypted to SR admins who in turn will answer with a PGP encrypted message containing a question that has
to be answered by wannabe vendors encrypted again and only then will their sellers account be unlocked by SR staff?
I had a good source for one product at agood price but the vendor decided to switch to privnote, deleting his key and stating that it was too troublesome for him to use PGP.
Would it be possible that SR locks such acounts until the respective vendor has set up PGP and proven by aforementioned method that he knows how to use.
It is a miracle to me how vendors can not use PGP. There are tutorials all over the web and I think somebody unable of handing encryption should not be allowed to sell on SR.
Lazy asses and dumbshits can alway chase their drugs IRL, with all the risks that are asociated with it.
Please keep the road a safe place and reserve the right of admission for this model community. It is this minority that will tarnich the reputation of SR.
-
^^^^ :-0
Astor, I see you make very thoughtout and helpful posts here often, what is your thoughts on the quote you posted. Would you deal with either of these "vendors" if they had something you wanted. Just curious as I respect your opinion
EDIT: from re-reading your other post I see that we are on the same page. I mis interpreted you first post if my response seemed a bit off. I'm cringing reading it.
Just once, one tiny config file or non updated tails and on and on.
Obviously I would never buy anything from RxKing. The smarter vendors write scripts to automate the decryption process and lose no time. One vendor told me his script reduced his packaging time from 4 hours to 10 minutes, since all he has to do is manually scan the addresses to make sure they are formatted correctly, and he pre-packages the different amounts that he sells.
A vendor who is really pressed for time like that needs to figure out how to work smarter, not harder. Then he doesn't have to compromise on his customers' security.
-
^^^^ :-0
Astor, I see you make very thoughtout and helpful posts here often, what is your thoughts on the quote you posted. Would you deal with either of these "vendors" if they had something you wanted. Just curious as I respect your opinion
EDIT: from re-reading your other post I see that we are on the same page. I mis interpreted you first post if my response seemed a bit off. I'm cringing reading it.
Just once, one tiny config file or non updated tails and on and on.
Obviously I would never buy anything from RxKing. The smarter vendors write scripts to automate the decryption process and lose no time. One vendor told me his script reduced his packaging time from 4 hours to 10 minutes, since all he has to do is manually scan the addresses to make sure they are formatted correctly, and he pre-packages the different amounts that he sells.
A vendor who is really pressed for time like that needs to figure out how to work smarter, not harder. Then he doesn't have to compromise on his customers' security.
Exactly!! My favorite saying! work smart not hard!+1 astor. it helps them and if a vendor is that complacent with your info and your freedom
i would definitely go elsewhere!
-
Using pgp is just better. Vendors not using it for whatever excuses should not be bought from.
What is even worse is a vendor having for weeks in a row that a guy is going to set it up for him.
Then tells you that you can use privnote because they pressed confirm accidentally and missed your unencrypted credentials.
And then you send the vendor a privnote, where you asked for sending you an email once the privnote has been read. Then you get your order while the privnote has not been read. And after I told the vendor about that and that he obviously stored my unencrypted address which is 200% against SR's rules, he simply told me I was lying and that he did read the privnote and it has been safely destroyed. (Yeah after I contacted SR, they checked it and it was destroyed. After which they did completely nothing against it).
So 1. The vendor obviously stored my unencrypted address somewhere
2. Lied about losing my address
3. Lied about having visited the privnote and about it being destroyed and thought I was some sort of complete moron
and 4. SR does not seem to care about this.
SR also clearly states that asking people to FE is against the rules. I can understand this when vendors sell 1000xtc pills which means they did a major bulk buy and paid less than $0.6 for each pill and reselling it for about $2.7 each so they make aat the very least $2100 for each sale. And if they decide not to ship they make $2700.
Too bad charasbros also requires people to FE, I heard in India ketamine costs near to nothing and weed grows everywhere there. They ask people to risk losing many dollars while for them it's a small effort to let orders go into escrow because they would still lose nothing and would give their customers some protection.
If I would be a new buyer I would understand it since there are more and more people creating new accounts and try to scam vendors.
Hopefully they will change their minds. I will finally be willing to place an order then 8)
So just don't order from vendors offering perhaps very tempting products if they have aspects which you are against. If everybody would do that then they simply will have to. Otherwise they have no business here.
And what is your problem with posting the vendors name? You've got nothing to lose since you will not place an order without encryption.
People deserve to know which vendors not to buy from ;D
-
Using pgp is just better. Vendors not using it for whatever excuses should not be bought from.
What is even worse is a vendor having for weeks in a row that a guy is going to set it up for him.
Then tells you that you can use privnote because they pressed confirm accidentally and missed your unencrypted credentials.
And then you send the vendor a privnote, where you asked for sending you an email once the privnote has been read. Then you get your order while the privnote has not been read. And after I told the vendor about that and that he obviously stored my unencrypted address which is 200% against SR's rules, he simply told me I was lying and that he did read the privnote and it has been safely destroyed. (Yeah after I contacted SR, they checked it and it was destroyed.
###################
After which they did completely nothing against it).
####################
That is Exactly why it is not the right tool for SR although it "might" be a secure technology. Thanks for the post.
So 1. The vendor obviously stored my unencrypted address somewhere
2. Lied about losing my address
3. Lied about having visited the privnote and about it being destroyed and thought I was some sort of complete moron
and 4. SR does not seem to care about this.
SR also clearly states that asking people to FE is against the rules. I can understand this when vendors sell 1000xtc pills which means they did a major bulk buy and paid less than $0.6 for each pill and reselling it for about $2.7 each so they make aat the very least $2100 for each sale. And if they decide not to ship they make $2700.
Too bad charasbros also requires people to FE, I heard in India ketamine costs near to nothing and weed grows everywhere there. They ask people to risk losing many dollars while for them it's a small effort to let orders go into escrow because they would still lose nothing and would give their customers some protection.
If I would be a new buyer I would understand it since there are more and more people creating new accounts and try to scam vendors.
Hopefully they will change their minds. I will finally be willing to place an order then 8)
So just don't order from vendors offering perhaps very tempting products if they have aspects which you are against. If everybody would do that then they simply will have to. Otherwise they have no business here.
And what is your problem with posting the vendors name? You've got nothing to lose since you will not place an order without encryption.
People deserve to know which vendors not to buy from ;D
another victim of privnote... Like I said it may be safe but it is not for SR. I'm glad this didn't turn into a shit throwing match. Thanks all for your comments anf feedback.
@astor lol I never thought you did. missed a bit of what you were getting at the first read but I get why you posted it and WOW what an example.
-
Love the mention of using scripts as how much it tears apart the arguments that it takes TOO much time and effort like that of "RxQueen".
of course I seriously doubt that if these fools cant figure out how to encrypt their emails and other correspondence using PGP then they most likely will not be writing many scripts. To be fair, a vendor like Keep Em Bouncin probably does not know what a shell script is. Thats ok, we are not all experts, I sure as hell am not, but his and others recklessless attitudes are not.
Great example about the shipping optimization that I believe some employ and many more should start.
+1 for the lot of ya
-
^^^^ :-0
Astor, I see you make very thoughtout and helpful posts here often, what is your thoughts on the quote you posted. Would you deal with either of these "vendors" if they had something you wanted. Just curious as I respect your opinion
EDIT: from re-reading your other post I see that we are on the same page. I mis interpreted you first post if my response seemed a bit off. I'm cringing reading it.
Just once, one tiny config file or non updated tails and on and on.
Obviously I would never buy anything from RxKing. The smarter vendors write scripts to automate the decryption process and lose no time. One vendor told me his script reduced his packaging time from 4 hours to 10 minutes, since all he has to do is manually scan the addresses to make sure they are formatted correctly, and he pre-packages the different amounts that he sells.
A vendor who is really pressed for time like that needs to figure out how to work smarter, not harder. Then he doesn't have to compromise on his customers' security.
I agree as well, I would never make a purchase from Rxking, For many reasons, one being he is blatantly argumentative and arrogant,Listens to nobody but himself and "calls people out" when they make points he does not agree with, all the noobs love him when they are new to the road, thinking he is some kind of SR legend, but they all wise up after they read a few of his bullshit posts. but now the fact that he does not use PGP as well, well, that would be the straw that broke the camels back. I cant believe he is saying PGP is a myth, I mean that shows you how daft he is being i hope to god nobody actually buys his "big talk". If sr was infiltrated he would be one of the first to go.
-
exactly. plus i dont understand why you wouldnt want to give your customers peace of mind?
-
BUMP
Attn mods:
Reading that vendors want to make money without any regard for the safety of their buyers simply out of laziness/stupidity I have an idea.
Could SR make it mandatory that vendors opening an account will be required to send their public PGP encrypted to SR admins who in turn will answer with a PGP encrypted message containing a question that has to be answered by wannabe vendors encrypted again and only then will their sellers account be unlocked by SR staff?
I had a good source for one product at a good price but the vendor decided to switch to privnote, deleting his key and stating that it was too troublesome for him to use PGP.
Would it be possible that SR locks such accounts until the respective vendor has set up PGP and proven by aforementioned method that he knows how to use it.
It is a miracle to me how vendors can not use PGP. There are tutorials all over the web and I think somebody unable of handing encryption should not be allowed to sell on SR.
Lazy asses and dumbshits can alway chase their drugs IRL, with all the risks that are associated with it.
Please keep the road a safe place and reserve the right of admission for this model community. It is this minority that will tarnish the reputation of SR.
-
I want to place an order RXKing even though I dont even want anything he sells. Yes he is arrogant, but everything he says is spot on. Ill guess there are zero buyers on this thread been a customer on here for 2 years or longer, pgp, privnote, thats all a joke i never use it unless the vendor is weird and paranoid like everyone else. No need to "encrypt" anything, NO ONE cares about your 200 dollar weed purchase.
-
This sucks badly. I think some people get into the trade becasue they think that they can be arrogant, boss people around, etc. IRL, it's a lot of work and doesnn't pay as much as some people think. I was in San Quentin one time (I'm somebody who thinks ending up in a penetitionary is a mark of stupidity rather than a bona fide) talking to this guy who got a long sentence. He was a cool guy, and said for the amount of work he put into his drug business, he could have made just as much money working at a regular job. I never forgot that)
Another creepy thing is while reading a lot of non fiction books about drugs (both by LE and users/dealers) that LE consistintcy acts arrogantly in order to get around rules that are set up in order to keep LE at bay. There was this one dude in a biker gang who got in with the Feds and he was taking pictures and movies of his biker buddies doing all kinds of illegal stuff. They thought nothing of it, because he was a member and was 'cool' (in reality he had a lot of balls, true) In fact when the feds 'rolled up' the whole conspiracy of people (another creepy thing in this day and age is that investigations can easily run over a year-how much money must that cost? Absolutely not hindered by money, the Feds) his biker friends absolutely refused to believe that he had 'turned'-from being a biker gang member to a biker gang member who will be testifying against them soon. It was kind of funny and kind of sad that was expressed in their initial disbelief of this guy's betrayal. The Feds of course can break any law in the book, do it openly, and still not pay a price (not these days-used to be the 'poisoned tree' of evidence from illegal activities, that's gone now (just read some recent newspaper articles) and not only can they not have to pay a price, they can enable ANYBODY who 'makes them happy' to not 'pay a price' too. Read about 'Whitey Bulger' and John Gotti if you don't think you can be excused from MURDER if you make the Fed's 'happy'. With that kind of leverage who can say if they'd turn or not? The Feds are like the modern day Gestapo, jack booted thugs. Of course now it's for CP (although I have nothing but contempt for CP and their users) and 'terroism') not for the average SR user. Surely they wouldn't spend all their time and money on 'drug users', right/sarcasm.
The rules at SR are to help both parties to the deal happy (and 'safe'-whatever that means in this day and age)
Anyway (in another story of Feds skirting rules), another guy (who was LE) quickly established his bona fides with organized crime by just buying a lot of dope, quickly. I mean, he started buying an ounce of blow, then in two weeks (or in a damm short time) he's buying mulitple pounds. He is telling the gangters, 'Fuck you, I'll go somewhere else to buy the drugs, if we don't do this deal' Of course you know how that turned out too.
I'm most hopeful in that with encryption and some work you can make yourself pretty anonymous, but it's obviously not just buy using Tor. The LE will 'weed' out the people who take shortcuts (although plain ole luck plays a part of course) and improve the breed. Make sure you're not the guy getting the 'Darwin award' by taking yourself out of the 'gene' pool.
Anybody who hasn't read the recent articles of NSAtoDEA info going to local police and the organized plan to provide 'alternate' explanations of probable cause (or hasn't seen Judge Napoleano on Fox explain how the 4th amendment has been completely eliminated, 'fait accompli' might be surprised too
It's not a question of politics (tho most here are IMO, libertarians) and 'whose' to blame for this structure which is steadily eliminating the bill of rights in US (and which many others in different countries never had) Every government is in on the 'game'.
Interesting times. Same symbol in Chinese as danger also means oppurtunity.
-
If you wont use PGP, at least use anon drops.
I feel secure using addy's not linked to me in any way because even if SR/PGP was compromised or LE got your address somehow, it wont be traced back to you.
There are plenty of PGP threads and tutorials, both on SRF and clearnet.
-
I have a few questions about this topic since on the last order I had problems with pgp:
It was my 6th order on SR and I did the same steps as any other order that worked well, but this time the vendor continued to say that he couldn't read the pgp message. This went on for 5 tries, and on the 5th I used a tool for pgp on a website, so that I was sure that whatever was wrong with my methods or pc could be bypassed. That worked, but in the meantime I began to wonder why the hell it didn't work this time, and the vendor continued to suggest using privnote.
So, the question is, could it be possible that it was a fault with the vendor's software (maybe not updated? or he doesn't know how to use it? ) or was it just me having big time problems?
You only need to fuck up once to get screwed. You can do everything securely for years, but one fuck up and it's over. That's why you should do things securely every time. I encrypt my address every time, because I don't know when the SR server might be compromised, or a vendor gets phished and someone accesses his account. He sure as hell won't be reading my address.
I get it if the SR servers are compromised, but if a vendor gets phished what exactly would prevent my address from getting read? How I am I protected if the person who catches the vendor has his same tools and has access to his keys?
-
You only need to fuck up once to get screwed. You can do everything securely for years, but one fuck up and it's over. That's why you should do things securely every time. I encrypt my address every time, because I don't know when the SR server might be compromised, or a vendor gets phished and someone accesses his account. He sure as hell won't be reading my address.
I get it if the SR servers are compromised, but if a vendor gets phished what exactly would prevent my address from getting read? How I am I protected if the person who catches the vendor has his same tools and has access to his keys?
Even if PGP is cracked; if a vendor were to get busted and LE was able to read all addresses(even encrypted ones) then they would still not be certain if the address they are reading corresponds to the rightful person who placed the order.
Example: I encrypt all addresses, and use a diff addy not linked to me each time.
To LE: go ahead break PGP/phish the vendor, my addy is nowhere to be found online.
tl;dr Even if your name/addy is listed in a vendors records, LE can't prove it is really yours. What's stopping DPR or each vendor for writing down 1600 Pennsylvania Ave.? That doesn't mean the White House ordered drugs just because their address is there.
-
Thanks for the explanation jackofspades!
-
Vendors should be forced to encrypt everything.
Why they are still allowed to send unsecured messages is a mystery to me.
-
And then we have...
Buyers who don't encrypt. Way more than 50% do not encrypt at all. I'd say about 25% to 33% use encryption. Figure varies from week to week. We've seen an uptick in encryption use this week. Likely because of the Tormail/Freedom hosting mess.
I can't knock a vendor who doesn't use any encryption simply because most buyers don't use it either. So you can say it's a match made in bizarro-heaven.
I'm not a fan of server side encryption like on Atlantis.
We provide buyers with a strong 4096bit RSA key.
So I guess the thing to say is if you require encryption, don't use vendors who don't. Don't even be tempted by price. StExo will be coming out with a name & shame audit of vendors who use weak (<2048bit key) to no encryption. Not sure what impact it will have other than to make enemies and maybe a few converts. But let that list be your guide.
-
It takes me like a few minutes top to copy and paste a list of encrypted addresses to a clipboard and decrypt them all at once. That being said, send me your fucking address unencrypted. I don't care. It makes my job easier and I've never seen more than 30% of buyers use it. I hear rumor of Tor nodes being able to read plaintext, so it's your security. Privnote requires javascript. There has been a recent javascript exploit. Anyone who uses privnote at the moment is fucking retarded.
Lavabit CEO just suspended operations and says we should never use an email service in the US again:
Lavabit's Ladar Levison: 'If You Knew What I Know About Email, You Might Not Use It'
Lavabit pulled the plug on their service rather than hand info over to the feds.
Ladar Levison, 32, has spent ten years building encrypted email service Lavabit, attracting over 410,000 users. When NSA whistleblower Edward Snowden was revealed to be one of those users in July, Dallas-based Lavabit got a surge of new customers: $12,000 worth of paid subscribers, triple his usual monthly sign-up. On Thursday, though, Levison pulled the plug on his company, posting a cryptic message about a government investigation that would force him to “become complicit in crimes against the American people” were he to stay in business. Many people have speculated that the investigation concerned the government trying to get access to the email of Edward Snowden, who has been charged with espionage. There are legal restrictions which prevent Levison from being more specific about a protest of government methods that has forced him to shutter his company, an unprecedented move.
“This is about protecting all of our users, not just one in particular. It’s not my place to decide whether an investigation is just, but the government has the legal authority to force you to do things you’re uncomfortable with,” said Levison in a phone call on Friday. “The fact that I can’t talk about this is as big a problem as what they asked me to do.”
Levison’s lawyer, Jesse Binnall, who is based in Northern Virginia — the court district where Levison needed representation — added that it’s “ridiculous” that Levison has to so carefully parse what he says about the government inquiry. “In America, we’re not supposed to have to worry about watching our words like this when we’re talking to the press,” Binnall said.
“As a Dallas company, we weren’t really equipped to respond to this inquiry. The government knew that,” said Levison, who drew parallels with the prosecutorial bullying of Aaron Swartz. “The same kinds of things have happened to me. The government tried to bully me, and [my lawyer] has been instrumental in protecting me, but it’s amazing the lengths they’ve gone to to accomplish their goals.”
Hours after Lavabit announced its shutdown, encryption app Silent Circle said it was preemptively shutting down its email service. Silent Circle founder Phil Zimmermann, who created email encryption software PGP, said the company deleted all of its customers’ existing email when it did that. “We’ll try to do something nice for them to numb the pain,” he said. It’s not obstruction of justice if you do it before justice comes calling.
Levison plans to appeal the government’s request from him in the Fourth Circuit and has asked supporters to donate to his legal fund. As of Thursday night, hours after making the request, he had received $40,000. (Update, 8/10/13: As of Saturday morning, Lavabit’s legal defense fund is closing in on $90,000.)
Lavabit was created in 2004, in response to the Patriot Act, says Levison. He and friends from Southern Methodist University decided to create an email service by geeks for geeks. Levison was concerned that the FBI could send a company a national security letter (NSL) that would force them to turn over information about a customer without going through a court first. “I wanted to put myself in the position of not having information to turn over,” he said. “I didn’t want to be put in the position of compromising people’s privacy without due process.”
Levison isn’t an privacy absolutist. He has cooperated in the past with government investigations. He says he’s received “two dozen” requests over the last ten years, and in cases where he had information, he would turn over what he had. Sometimes he had nothing; messages deleted from his service are deleted permanently.
“I’m not trying to protect people from law enforcement,” he said. “If information is unencrypted and law enforcement has a court order, I hand it over.”
In this case, it is the government’s method that bothers him. “The methods being used to conduct those investigations should not be secret,” he said.
I asked Levison how his service works. He says his customers’ encrypted data is secured with a public key and private key, and that the private key is protected by a password. He doesn’t have the technological capability to decrypt his customer’s data but if someone could intercept the communication between the Lavabit’s Dallas-based servers and a user, they could get the user’s password and then use that to decrypt their data.
Lavabit has 40,000 people logging in every day and sending 1.4 million messages per week. Levison has just one full-time employee — a grad student based in Europe. “I couldn’t talk to him about shutting down because the same legal restriction that applies to our conversation applies with him,” said Levison.
“Some people have suggested moving the service overseas,” said Levison. “Even if I found somewhere secure overseas, it would be hard logistically. My life is here in the States. It would be hard for me to move to another city let alone another country.”
He says he’ll only start operating again if his case sets a precedent. “It needs to be clear that the government can’t do what they’re trying to do,” said Levison. “Otherwise the same request is going to come right back at us. Other big names aren’t able to shut down in protest. I’m one person without a bunch of employees to support. If we win, we win for everyone.”
He says that win would be important for other U.S. businesses. “If there were surveillance bugs in all products coming out of China, would you buy those products?” he asks.
If the shutdown is a permanent one, Levison would be walking away from $50,000 to $100,000 in annual revenue, his primary source of income. He also walked away from his personal email address, which was shut down along with all the other Lavabit accounts.
“I’m taking a break from email,” said Levison. “If you knew what I know about email, you might not use it either.”
-
Edit: I wanted to add, there are a number of people, including myself, who have made bulk orders numerous times without using PGP....It won't kill you to not use it once or twice, but it's always smart to take the extra step for security.
There was a guy named Sabu who was part of Anonymous. He connected to their IRC server over Tor. Did it every day for months. One time he misconfigured his IRC client and connected over clearnet, exposing his IP address... to the feds. That's how they busted him.
You only need to fuck up once to get screwed. You can do everything securely for years, but one fuck up and it's over. That's why you should do things securely every time. I encrypt my address every time, because I don't know when the SR server might be compromised, or a vendor gets phished and someone accesses his account. He sure as hell won't be reading my address.
Sabu got sold out by a member in LuLzSec..
and if i remember correctly.. Sabu was the leader of LuLzSec. :)
NOT ANONYMOUS.. NOT A BRANCH OF ANONYMOUS..
just a hacker group that wanted to be ANONYMOUS..
but yes.. another member of LuLzSec had Sabu go into an IRC channel..
and brag or admit to who he was.. and boom, gone.
cheers.
/thumbs
-
Attn mods:
Reading that vendors want to make money without any regard for the safety of their buyers simply out of laziness/stupidity I have an idea.
Could SR make it mandatory that vendors opening an account will be required to send their public PGP encrypted to SR admins who in turn will answer with a PGP encrypted message containing a question that has
to be answered by wannabe vendors encrypted again and only then will their sellers account be unlocked by SR staff?
I had a good source for one product at agood price but the vendor decided to switch to privnote, deleting his key and stating that it was too troublesome for him to use PGP.
Would it be possible that SR locks such acounts until the respective vendor has set up PGP and proven by aforementioned method that he knows how to use.
It is a miracle to me how vendors can not use PGP. There are tutorials all over the web and I think somebody unable of handing encryption should not be allowed to sell on SR.
Lazy asses and dumbshits can alway chase their drugs IRL, with all the risks that are asociated with it.
Please keep the road a safe place and reserve the right of admission for this model community. It is this minority that will tarnich the reputation of SR.
Couple of points, if I may...
First off, the mods have no real power other than in the Forums. DPR is pretty much the sole authority on whatever goes on here.
Many moons ago, I got into an argument with someone over policy here on SR, and I asked DPR to clarify. As I interpreted the vendor contract,
vendors were required to use PGP. The party I was having the argument with said otherwise. DPR waded-in and stated that the use of PGP by vendors
was entirely optional, and that customers could choose not to do business with a vendor if they refused to use PGP.
That is where it stands currently, as far as I am aware. Therefore, unless and until DPR changes this policy, PGP will never be a requirement on Silk Road.
Nightcrawler
4096R/BBF7433B 2012-09-22 Nightcrawler <Nightcrawler@SR>
PGP Key: http://pgp.mit.edu:11371/pks/lookup?op=get&search=0xB8F1D88EBBF7433B (MIT clearnet keyserver)
PGP Key: https://keys.indymedia.org/pks/lookup?op=get&search=0xB8F1D88EBBF7433B (IndyMedia https: clearnet keyserver)
PGP Key: http://qtt2yl5jocgrk7nu.onion/pks/lookup?op=get&search=0xB8F1D88EBBF7433B (IndyMedia .onion keyserver)
PGP Key: http://dkn255hz262ypmii.onion/index.php?topic=174.msg633090#msg633090 (Silk Road Forums PGP Key Link)
PGP Key Fingerprint = 83F8 CAF8 7B73 C3C7 8D07 B66B AFC8 CE71 D9AF D2F0
-
Edit: I wanted to add, there are a number of people, including myself, who have made bulk orders numerous times without using PGP....It won't kill you to not use it once or twice, but it's always smart to take the extra step for security.
There was a guy named Sabu who was part of Anonymous. He connected to their IRC server over Tor. Did it every day for months. One time he misconfigured his IRC client and connected over clearnet, exposing his IP address... to the feds. That's how they busted him.
You only need to fuck up once to get screwed. You can do everything securely for years, but one fuck up and it's over. That's why you should do things securely every time. I encrypt my address every time, because I don't know when the SR server might be compromised, or a vendor gets phished and someone accesses his account. He sure as hell won't be reading my address.
Sabu got sold out by a member in LuLzSec..
and if i remember correctly.. Sabu was the leader of LuLzSec. :)
NOT ANONYMOUS.. NOT A BRANCH OF ANONYMOUS..
just a hacker group that wanted to be ANONYMOUS..
but yes.. another member of LuLzSec had Sabu go into an IRC channel..
and brag or admit to who he was.. and boom, gone.
cheers.
/thumbs
That is not what I read. I read that a member posted a link to a website in the IRC channel while feds were in it that he registered with his real information and he got pissed and bitched in the channel and that is how they figured out who he was.
-
Attn mods:
Reading that vendors want to make money without any regard for the safety of their buyers simply out of laziness/stupidity I have an idea.
Could SR make it mandatory that vendors opening an account will be required to send their public PGP encrypted to SR admins who in turn will answer with a PGP encrypted message containing a question that has
to be answered by wannabe vendors encrypted again and only then will their sellers account be unlocked by SR staff?
YAY!!!!
-
FIRST TELL ME THESE VENDORS SO I CAN ORDER FROM THEM, then end this stupid topic, because yes it is stupid. There doesnt need to be anymore rules, to get more secure, everyone is safe, stop looking out the shades, no one is coming for you because u didnt encrypt ur mailbox number
-
FIRST TELL ME THESE VENDORS SO I CAN ORDER FROM THEM, then end this stupid topic, because yes it is stupid. There doesnt need to be anymore rules, to get more secure, everyone is safe, stop looking out the shades, no one is coming for you because u didnt encrypt ur mailbox number
You're obviously mentally defective or need to go back to topix and using yahoo to get your drugs. You literally have absolutely no idea what you're talking about.
-
Edit: I wanted to add, there are a number of people, including myself, who have made bulk orders numerous times without using PGP....It won't kill you to not use it once or twice, but it's always smart to take the extra step for security.
There was a guy named Sabu who was part of Anonymous. He connected to their IRC server over Tor. Did it every day for months. One time he misconfigured his IRC client and connected over clearnet, exposing his IP address... to the feds. That's how they busted him.
You only need to fuck up once to get screwed. You can do everything securely for years, but one fuck up and it's over. That's why you should do things securely every time. I encrypt my address every time, because I don't know when the SR server might be compromised, or a vendor gets phished and someone accesses his account. He sure as hell won't be reading my address.
I have a vendor, for performance enhancing drugs, that says he cannot use PGP because the SR system keeps "breaking it." This vendor has a near perfect rating and many happy customers. I have to confess that i did on one occassion send him my address in clear text, taking some solace in the security of the SR system. First, what the hell is the vendor referring to when he says his key is being broken? He even has on his profile page that he is open to suggestions on how to fix this. I won't use this vendor again, as it is compromising my security. I sent him a PM asking why he is not using PGP, as i noticed that the message about the key being 'broken' has been removed. Now there is simply space for a key, but no key.
-
Surprisingly id say 90% of our orders of late have all been encrypted, which is extremely good. Or maybe the people who dont care to use it just dont order from us. PGP is free so that alone really leaves no excuse not to use. I would say alot of people often dont use it properly causing delays etc. but thats not enough of a headache to stress against it. No one should rely on SR for their personal safety.
-
FIRST TELL ME THESE VENDORS SO I CAN ORDER FROM THEM, then end this stupid topic, because yes it is stupid. There doesnt need to be anymore rules, to get more secure, everyone is safe, stop looking out the shades, no one is coming for you because u didnt encrypt ur mailbox number
I respectfully disagree...
Blue Giraffe. I rest my case.
Had info been encrypted, then maybe a lot more SR members wouldn't have lost sleep.
-
FIRST TELL ME THESE VENDORS SO I CAN ORDER FROM THEM, then end this stupid topic, because yes it is stupid. There doesnt need to be anymore rules, to get more secure, everyone is safe, stop looking out the shades, no one is coming for you because u didnt encrypt ur mailbox number
I respectfully disagree...
Blue Giraffe. I rest my case.
Had info been encrypted, then maybe a lot more SR members wouldn't have lost sleep.
He still would have saved the cleartext addresses in the same database after he unencrypted them just as he did with his customer's addresses who chose to use PGP when they sent their shipping address. Just saying.... <---That is what RxKing is always talking about when he says it is a false sense of security. And sometimes it is. As it was in Blue Giraffe's case. He had a PGP key. Some customers encrypted their shipping address and felt safe. He still saved them in a database...
-
Surprisingly id say 90% of our orders of late have all been encrypted, which is extremely good. Or maybe the people who dont care to use it just dont order from us. PGP is free so that alone really leaves no excuse not to use. I would say alot of people often dont use it properly causing delays etc. but thats not enough of a headache to stress against it. No one should rely on SR for their personal safety.
There has been a strong push on the forum in the last few months to get people to use PGP. Looks like it's paying off.
-
FIRST TELL ME THESE VENDORS SO I CAN ORDER FROM THEM, then end this stupid topic, because yes it is stupid. There doesnt need to be anymore rules, to get more secure, everyone is safe, stop looking out the shades, no one is coming for you because u didnt encrypt ur mailbox number
You're obviously mentally defective or need to go back to topix and using yahoo to get your drugs. You literally have absolutely no idea what you're talking about.
hahahah dude if your a vendor, Ill bet money I have placed more orders than you made sales, i've been here over 2 years making purchases, you show me someone with a track record that long and maybe you wont be retarded
-
FIRST TELL ME THESE VENDORS SO I CAN ORDER FROM THEM, then end this stupid topic, because yes it is stupid. There doesnt need to be anymore rules, to get more secure, everyone is safe, stop looking out the shades, no one is coming for you because u didnt encrypt ur mailbox number
I respectfully disagree...
Blue Giraffe. I rest my case.
Had info been encrypted, then maybe a lot more SR members wouldn't have lost sleep.
whatever i lost plenty of sleep, i got two orders processing, never used even privnote since maybe back in 2011. Placed well over 300 orders. But i respect your regard to be better safe than sorry mainly because you were nice about it. The other dumbass Ill gaurantee has been a member for 3 months and has less than 50 transactions. hes the fag that gets people losing sleep
-
FIRST TELL ME THESE VENDORS SO I CAN ORDER FROM THEM, then end this stupid topic, because yes it is stupid. There doesnt need to be anymore rules, to get more secure, everyone is safe, stop looking out the shades, no one is coming for you because u didnt encrypt ur mailbox number
You're obviously mentally defective or need to go back to topix and using yahoo to get your drugs. You literally have absolutely no idea what you're talking about.
hahahah dude if your a vendor, Ill bet money I have placed more orders than you made sales, i've been here over 2 years making purchases, you show me someone with a track record that long and maybe you wont be retarded
Yeah. I had about 140 transactions on my old account, and while you have placed 190+ orders, I've spent your entire accumulated amount as a buyer on Silk Road in less than a month. Multiply your total amount spent by about 5, in a little more than a year and a half, learn encryption and the concept of humility and get back to me. Also, I find that people who go around bragging about their buyer stats and are stupid enough to post them on the forum actually have the shittiest buyer stats. The big players like to be discrete. So... Your orders on average are about $28 USD a piece given your buyer stats. So yeah. You're fucking Tony Montana incarnate.
Lol.
8)
-
FIRST TELL ME THESE VENDORS SO I CAN ORDER FROM THEM, then end this stupid topic, because yes it is stupid. There doesnt need to be anymore rules, to get more secure, everyone is safe, stop looking out the shades, no one is coming for you because u didnt encrypt ur mailbox number
You're obviously mentally defective or need to go back to topix and using yahoo to get your drugs. You literally have absolutely no idea what you're talking about
hahahah dude if your a vendor, Ill bet money I have placed more orders than you made sales, i've been here over 2 years making purchases, you show me someone with a track record that long and maybe you wont be retarded
Yeah. I had about 140 transactions on my old account, and while you have placed 190+ orders, I've spent your entire accumulated amount as a buyer on Silk Road in less than a month. Multiply your total amount spent by about 5, in a little more than a year and a half, learn encryption and the concept of humility and get back to me. Also, I find that people who go around bragging about their buyer stats and are stupid enough to post them on the forum actually have the shittiest buyer stats. The big players like to be discrete. So... Your orders on average are about $28 USD a piece given your buyer stats. So yeah. You're fucking Tony Montana incarnate.
Lol.
8)
dude just stop, you werent here back in 2011, unless you arent located in US.
Ill end this so as not to embarrass you. Im in debt and broke, maybe your rich, i dont know, re-read my statement, you havent been on SR as long as me, nor placed as many orders. Lets say you did place 140, thats half the number I placed, and you havent been a member longer than 8 months maximum. Are your orders HUGE? could be. Are many pathetically small, YES. probably around $28.00 each. So im guessing your not debating my original statement?
(this wasnt clear to you in our private conversation? if u didnt get it ill repeat, all you have is waaaay more posts on the forum as me)
and perhaps much more money spent. Now go back and read what I originally said. I wont even insult you, because I don't wanna drive up "drama" on the forums. ;) now there are people who have been here when I first joined, but not you, I dont know how you can debate that. its not bragging, its just stating, you spend a lot of money, but dont know what your saying.
Im broke and and beg long time vendors to cut their prices by 5 bucks so i can place an order.
You can (and will respond will sunglasses) but Ill just end it because theres nothing to argue about.
(dont worry I wont embarrass you by posting our private conversation, where you didnt mention this ancient account)
-
I never said I joined in 2011. I've been on Silk Road for roughly a year and a half. There's nothing in that gobbledyfuck of a spam PM you sent to my market account that I wouldn't mind being posted in the open forum or am ashamed of and I literally have nothing to prove to anyone. I get treated like fucking royalty most of the time when I place an order under my buyer account and definitely don't need to beg vendors to lower prices on listings by $5. And I'm definitely not rich. So what in the hell are you going on about man? You've placed more unencrypted orders than me? Super. Have a cookie. I'd rather place a few dozen high value orders with a few well researched vendors than go about Silk Road sending my unencrypted address to dozens of vendors. So if you've been here 2 years and have placed 300 orders... you're averaging a Silk Road delivery roughly three times a week? You sound like you need to google the word discretion along with the word humility.
:3