Silk Road forums
Discussion => Security => Topic started by: Railgun on August 04, 2013, 01:24 am
-
Assuming that SR deletes securely, users addies are deleted once marked in transit. However, if someone uses PGP, the seller has to C/P the document (now stored in ram), and most often save it (now to hard disk) to decrypt it.
How is PGP better in this case?
Also, can a vendor claim that they lost their password. It happens quite often, and they'd most likely be charged with a lesser offense than pushing weight.
-
Assuming that SR deletes securely, users addies are deleted once marked in transit. However, if someone uses PGP, the seller has to C/P the document (now stored in ram), and most often save it (now to hard disk) to decrypt it.
How is PGP better in this case?
The point of using PGP is to spread the risk, as it were. If the address is encrypted so only the vendor (and perhaps the buyer) have access to the data in the PGP encrypted block, then it really doesn't really matter how SR handles the data.
I would argue that using PGP adds little, if any, additional risk, as the vendor already has to capture the customer's address information and process it (e.g. print a label). Whether PGP is used or not, the address info nevertheless winds up on the vendor's system.
Now to answer your question: Can PGP be counterproductive?
Sure it can. There is no technology in existence (at least to my knowledge) that does not have a downside. For example: If the vendor doesn't take steps to keep their PGP keyrings pruned, should the vendor be raided and arrested, these could serve as a list of customers, both past and present. Prudent vendors will discard a customer's key at the conclusion of a transaction.
Also, can a vendor claim that they lost their password. It happens quite often, and they'd most likely be charged with a lesser offense than pushing weight.
I have heard of one criminal case where PGP was used, and those using it were charged with obstruction of justice. Whether this will turn out to be standard operating procedure (SOP) in future, is unclear at this time.
Nightcrawler
4096R/BBF7433B 2012-09-22 Nightcrawler <Nightcrawler@SR>
PGP Key: http://pgp.mit.edu:11371/pks/lookup?op=get&search=0xB8F1D88EBBF7433B (MIT clearnet keyserver)
PGP Key: https://keys.indymedia.org/pks/lookup?op=get&search=0xB8F1D88EBBF7433B (IndyMedia https: clearnet keyserver)
PGP Key: http://qtt2yl5jocgrk7nu.onion/pks/lookup?op=get&search=0xB8F1D88EBBF7433B (IndyMedia .onion keyserver)
PGP Key: http://dkn255hz262ypmii.onion/index.php?topic=174.msg633090#msg633090 (Silk Road Forums PGP Key Link)
PGP Key Fingerprint = 83F8 CAF8 7B73 C3C7 8D07 B66B AFC8 CE71 D9AF D2F0
-
The point of PGP is to prevent everybody in the middle of you and the customer from reading information. If SR is compromised there won't be a giant database to find of addresses. Do you absolutely trust DPR has properly deleted information? Maybe he doesn't know what he's doing and it's all still there. You have no clue so you have to worry about your own security.
It's unlikely they will find you, it's more likely they will plant surveillance on this server and use it to find you.
-
Assuming that SR deletes securely, users addies are deleted once marked in transit. However, if someone uses PGP, the seller has to C/P the document (now stored in ram), and most often save it (now to hard disk) to decrypt it.
How is PGP better in this case?
Also, can a vendor claim that they lost their password. It happens quite often, and they'd most likely be charged with a lesser offense than pushing weight.
Of topic, cause there are downsides. That said is and gets gpg better and better. Not telling your password to decrypt will the police powerless. In a big CP case in the Netherlands , the police could NOT see what for pictures there were on the pc, because all was behind pgp, and unreadable for the police.
In the end the suspect told the password hoping for less jail-time. He got 18 years!
Obstruction of justice can only be the case if you are a witness or something.
Never if you are suspected of a crime do you have to cooperate to your own conviction.
You may even lie, to get a lower sentence.
Only the witness has to tell the truth.