Silk Road forums
Discussion => Security => Topic started by: shpongle on June 21, 2011, 09:57 pm
-
Hello fellow Silk Roaders,
I am noticing a disturbing trend among many of the new vendors on Silk Road - they don't have a GPG key, or one listed.
If you are a vendor, getting a GPG key and posting it on your SR profile should be mandatory.
I, for one, refuse to send out my address unencrypted - which means if you don't have GPG, I won't order from you. I'm sure a few other people feel the same way.
I understand GPG can be confusing, but if you can't spend the time it takes to learn how to use it - you probably shouldn't be selling drugs over the internet. That being said, there are many GPG tutorials posted around the 'net, and even on this forum.
No more ranting, that was my 2 cents ;)
-
Buyers: Do not do business with vendors without the protection of encryption.
Vendors: Please be proactive about destroying the addresses of your customers. It may be convenient, but please do not keep a "little-black-book" of your SR customers' addresses. This is extremely dangerous for both you, the vendor, as well as your customers.
-
I second what techlord said.
-
Yeah, I don't buy if I can't encrypt my adress as well, though I use post drops. It's just too fucking dangerous and yet not too hard for sellers to use PGP. man, srsly.
Greets, M
-
PGP for addresses should be a must. Any database can be hacked and having any identifying information outside of your won control is a huge risk.
Everyone should also put PGP code on their user page (even if nothing else). When I click on someone and their page comes up with a PGP public key, it's a great reminder to encrypt to them before messaging.
-
Couldn't we enforce PGP keys on all vendors somehow.
-
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
Agreed! I would never buy from an vendor that could not keep information private no matter what it is (digital books, hosting...etc). I am not anonymous on this profile.
===========
Do not get caught with your pants down on the next exchange hack!
Diversify your bitcoins wallets, diversify your digital holdings (ugrams, pecunix, bitcoin)
DIVERSIFY WHERE you hold exchange your bitcoins mtgox, Bitcoin7, tradehill
And ENCRYPT your wallet and data (Truecrypt, 7zip, something)
Backup backup backup!
If you choose to sign up to trade hill I would be honored if you used my signup code. You will get 10% off of all future transactions and I will get about 1/20th of a penny on those same transactions.
Tradehill code TH-R14654
Bitcoin7.com code 7393 (www.bitcoin7.com/?ref=7393)
We have had over a thousand registrations and quite a few donations so far which are going towards setting up an Open Source Torrent accessible Bitcoin and Digital Market.
the site will be at www.digitalcurrencyfoundation.com and be fully above board. Help us help ourselves! If we want a strong stable currency and exchanges that match as well as give a chance for totally anonymous trading through Open source, we have to build it! Every micro cent helps!
- -----BEGIN PGP PUBLIC KEY BLOCK-----
Version: GnuPG/MacGPG2 v2.0.17 (Darwin)
Comment: GPGTools - http://gpgtools.org
mQMuBE4B6SgRCACAh/CXsBxH28/86YXgA376JtglXLWMn87Kaq7UWCAAyKHNAwb5
G8gozqyWcya6Xy5odEYO/LWMmmwrZVSvYv+3eV6BELmBqXP5a4WUze6q4rG0z0K0
rDijv4mHIi6zGV2QxHjsFXH3dn5BDeoMJVo35N+nPlBxzLQ4d2HOBbqzMEcU127X
sRngEJ1GOnxi4H4LdcVOsG2gRljYcTqLIHbuAMcDucIpa/e88RCqTQJudebkfj8D
26o89AcET1gA14LrbNrD29LQzrai+RMo3B9gKkrDJhgWevJDhr7u6IxwVwviX05C
EVXJ9QGBuIoVO9SbFLIh6ZNtsNMpr9fStjgnAQDKXiTcRYN8TpOy4eOXL/3XK9Cl
K0+D/rSSvkYgFWf9Ywf/ebCfPU6HzgrqdI5MPM2d6mDHZp52Do5cb1riMhZ/WR1F
nVxXs0vD7E/bcBFOx3Gq1B7pGZyzkRuklLU4d1GMUduka+Yzo1UQAAC03Zy6R/Ib
i98DdaPrt0kN9K2NPH2E8vKScfQThb2RNBMhHTdd/NB1ax6ceMufDt+drQlW3Rxp
IFUDLfnD/LsPoBsHLuZGQavePcWdUcRRH6xXMxFtQ65OHNKaFGml8mNbzk/x0ebk
c0VeaR1MvDYMRCM4SWrjgWP48oodJXDnbM8DxMytzb39RPTcL32Ewu+eYE4ClYoN
Jj5pGcsz4Q+E16jCGR5nYNEgh/5Ng4Ia0q5GZx3uRgf+OXvrL/lUrmwL5xFxz+7O
fwrJQOl4sAsfsXl36tCWgRL2CSlZxFrWSof1npwoicLoCA40F66q3tjr92VPbdqV
9yndL4lbUjZxHg3u+pL2MwCwAft24S0NiffL2gmu/zMF6QLyVaH/QjrBMWLdEQbg
OYSRCur+gR+xHlsNd2xSUlp9VkfMDz8xsKgZTkfj5yEHOTm+jDeIFMwslxdjAAhx
TG1fegLvmcRFAy5/Rcctj7QCvvb76xgEDEMKIXFrMfmzY8OnmoQtK5IhmnUmCsDV
jIJUTeUxqah/e6m6yN8dOj8Esu0lrguIe9C8jhBj3t5zfRjcuH9hxsdiSXbNexeo
m7Q2U3VwcG9ydCBUZWFtIEQuQy5GIDxzdXBwb3J0QGRpZ2l0YWxjdXJyZW5jeWZv
dW5kYXRpb24+iHoEExEIACIFAk4B6SgCGyMGCwkIBwMCBhUIAgkKCwQWAgMBAh4B
AheAAAoJEAb6ij03VEtQdO4A/Ag0J7Ckw9eFhC5h0LuXfKXQUFkKsBu2jmmwcbqn
nZZwAP9bgH7iGpL7oiuOUvZfOoKvJF8VeYzS9LJwqw4fVUxGQrkCDQROAekoEAgA
n2Oz6KZOZKr6d77FIzWDwOi3D36sgOu+gfwysGEjqzTH2rdAW3QeTnsKtWFIzxvM
nnrj/zmFrvkksTq0Xu67/2zhnhEtrVV+xfwkifmqGqP1L8ss1fBW7xoT7hWp/mXu
d9yOnxeF5EXBUSn0P9Cf4a+CA/CKMmvTWZikDa168TTaTiVNGL0aj0MOu4ZNwU06
vg1EmDAkWgCi0poFUZG4I/FOJvhJo91ojAU0PWbOsb/hikBcvkiO15rhZI9l/Cwq
AIwNu6RYoE8i/8/seaEnfIEaD5+l8u5BmHdtA872NYKxcDk2XcHtNxIMGIAtFpgu
IniE0tgiwXEiUcBtk3YBtwADBQf/eHEp9izDrk5yfAl19VqxqsBc04ldaft+8SP6
XkfnNKK8yy6oJQ6MU45uU8ad2Ug3ZZZ2GY3ssJJhJSbnpjYwyQXj4P67TyfFuMxz
XV3Y/XeDzpI7sAFCU87rDCoMo59UiXszLZVyvDeZjd3N8e6OyDHJW38oYxo61kEC
GvJT6y4OFiGSvNbiyJKgsHmW2rdJhjw1CSDEX1mG9k4ebRe4Npc3xQITpHEPD/Z+
3WdszmAFI79Tjv04WMyc5xxnlU5VmsrD9ypidwCjJZhShRdtqwmfTSLcFJjELGTM
ZyzvXmRAgJIMGBtkraL1X8csqSFBGSxj4PCCgVpJFuw0lM31SohhBBgRCAAJBQJO
AekoAhsMAAoJEAb6ij03VEtQ1r4BAJGdsJT3tZ1klPrk0v7SoaQbmDgCuEq1l8WF
NYjkTwkWAP0czapdZlUhbIXnsP/bwYymYWAGy2FKVSC9Bzo0UM05JQ==
=JiVL
- -----END PGP PUBLIC KEY BLOCK-----
-----BEGIN PGP SIGNATURE-----
Version: GnuPG/MacGPG2 v2.0.17 (Darwin)
Comment: GPGTools - http://gpgtools.org
Comment: Use GnuPG with Firefox : http://getfiregpg.org (Version: 0.8)
iF4EAREIAAYFAk4B+t0ACgkQBvqKPTdUS1CdUwD7BANhFif6SgjykYiNIRsfWQqf
eOIR4OmWZe0LoszXXxABAIycqB7nuHBqCIBx8GEnQ2Ubd9JPtBqooyXFo4NRFMKA
=op98
-----END PGP SIGNATURE-----
-
I asked a seller if they have PGP, and they responded "nah as a seller i have never had to use one. i trust the security of sr." He otherwise has great feedback rating.
-
Here's a thread in Security forum where everyone can post there PGP public key, for those that care.
:D
http://dkn255hz262ypmii.onion/index.php?topic=174.0
-
This isn't about trusting SR. It's about protecting yourself against would-be attackers. SR has even warned us that he's received threats against us. Are you prepared for such an attack? If SR's server is compromised, would your address be available to anyone in plaintext, or is your sensitive data encrypted?
-
All great points.
I believe SR said addresses are not stored on any kind of database, and are only temporarily available to the vendor.
But as a buyer, a large portion of the risk is on your end. Using encryption reduces some of the risk, but I still think everyone needs to be aware of the potential dangers of buying. I really don't want to have to turn down any more vendors who refuse to use PGP.
-
Heh, even addresses stored temporarily is dangerous. GPG is as simple as knowing how to use your right mouse button. The choice is either learn to use GPG which is very easy, or go to prison. I think learning GPG is probably a lot less painful than Brutus having his way with your bung hole in prison.
-
Here is a great tutorial for encrypting messages, written by wicked420 of this very same forum -> http://p3lr4cdm3pv4plyj.onion/guides/kleotxt.html
Easy enough to follow for a complete newbie on PGP like myself, just follow it step-by-step and you are good.
-
Oh and YES, I also agree that using encryption should be mandatory.
-
GreenCo does not insist on PGP except for wholesale deals. Even if you trust Silk Road, you have to assume that information lasts forever and someone will eventually read anything not encoded. PGP addresses seems like a sensible step, though I am not sure about how much the cops of 2075 will care who bought weed on SR. If you plan on running for president you should absolutely use PGP to buy our weed.
-
Funnily enough, although I offer and highly encourage buyers to use encryption not a single one who has ordered from me has encrypted their address.
-
^ Thats sad g4bb3r , I will only use PGP when posting private/personal info
I've posted most of the guides I've seen for PGP on this site here:
http://p3lr4cdm3pv4plyj.onion/
If you need any help setting up PGP, just let me know, everything you need is on that page though.
-
Trust me, If I can figure it out, anyone can. GPG at first seemed quite confusing. But after a while, I got the hang of it and now it only takes me a few extra steps to send a secure message...