Silk Road forums
Discussion => Security => Topic started by: jack2324 on September 26, 2013, 03:46 pm
-
Bought some product yesterday from a vendor that will remain nameless at the moment and received a message this morning saying:
Hello friend,
Unfortunately I am unable to decode your pgp message. I have found that a small percentage of my customers possess pgp key sets that are incompatible with my own. For situations like these I recommend sending your address info via SR message or a one time private note service such as privnote.com.
If you would still like to try another PGP message, you can use the iGolder website PGP freeware tools, and create a messsage by going to PGP Encrypt message. It will allow you to enter my public PGP key and your message, which will then be encrypted. These messages are compatible with my PGP key set. The link is here: https://www.igolder.com/PGP/encryption/
Thank you for your patience and understanding in this matter. I will have your order out as fast as possible as soon as I receive your address info.
All the best,
(Vendor Name)
On the off chance I messed up encrypting, I deleted the vendor's keychain from my GPG Access Tool and re-imported it from their SR profile. Then re-encrypted my address and sent it to them again.
This is a fairly new vendor (about 2 weeks old with 30 transactions) so I'm definitely suspicious.
EDIT: lol fail on wording
-
Yeah... I personally would take my business elsewhere.
It doesn't matter what your key-sets are... you're encrypting in his key when you write to him, not yours.
-
Ask for a refund and take your business elsewhere.
-
I wouldnt risk anything with such a vendor. But thats me.
-
Sounds like he set up a public key but without the secret key. Ya I would go with another vendor.
-
The vendor's explaination makes no sense. You are using his key to encrypt so your key does not matter one bit.
I would find a vendor who understand the basics of security, do NOT send your address unencrypted.
PGP is to protect you not the vendor, some vendors take that to mean it is not important. Other vendors realize that security is a two way street and your customer needs to be protected.
Tell that vendor that you want 100% refund/order cancelled. Once you have tell them that they need to learn their job because their customer's safety depends on it.
-
last yesterday
made me laugh...thx :D
He is very friendly, that is a good thing BUT
I especially don't like these shitty alternatives he recommends. Newbie buyers shouldn't get those risky tips from him. Send him the link to this thread, he should educate himself before he starts to be a vendor.
I wouldn't trust someone, struggling with easy things like PGP, in terms of secure packaging and destroying evidence of the transaction on his system after shipment.
-
last yesterday
made me laugh...thx :D
I especially don't like these shitty alternatives he recommends. Newbie buyers shouldn't get those risky tips from him. Send him the link to his thread, he should educate himself before he starts to be a vendor.
I wouldn't trust someone, struggling with easy things like PGP, in terms of secure packaging and destroying evidence of the transaction on his system after shipment.
+1 My thoughts exactly.
Nightcrawler
4096R/BBF7433B 2012-09-22 Nightcrawler <Nightcrawler@SR>
PGP Key: http://qtt2yl5jocgrk7nu.onion/pks/lookup?op=get&search=0xB8F1D88EBBF7433B (IndyMedia .onion keyserver)
PGP Key: http://dkn255hz262ypmii.onion/index.php?topic=174.msg633090#msg633090 (Silk Road Forums PGP Key Link)
PGP Key Fingerprint = 83F8 CAF8 7B73 C3C7 8D07 B66B AFC8 CE71 D9AF D2F0
-
He still couldn't decrypt so I sent him a link to this thread and asked him to cancel my order. Which really sucks though because he has some product I wanted :( oh well, better safe than sorry!