Silk Road forums
Discussion => Silk Road discussion => Topic started by: legalbudz on September 10, 2012, 01:40 am
-
For the most part as a new vendor I'm noticing that every body realy dosent use pgp when the chat with me, and their not encrypting their addresses in their orders. It kind of gives me the idea that nobody really uses it. If you can get Bit coins on you account, get to SR than I think you can figure out how to use pgp. I think alot of new buyers dont use it as much from the stats of some of the buyers ide dealt with recently.
-
while its not required to use pgp, you should definitely encourage your customers to use it. there is a thread in the security forum that breaks it down pretty easy that you can point them to.
-
not enough i am afraid
-
now im your run of the mill dumb as they come fresh off the street thug.. and i barely learned to use PGP..
this was more because i thought i didnt need it, and was on a court watch thinkin' id never smoke again.. and was goin' to be put on probation
but low and behold.. i went to court n beat the charges....
after that.. i took about 3 maybe 4 days figguering which programs and how to use..
-
I always use gpg, but only for sending address info, i don't use it for PM's etc. pgp has a unique issue for new users, they can't always tell if they have done it right or not, and I'm guessing they don't want to risk delaying their order any
-
As you said, if you can get this far it isnĀ“t much harder to start encrypting your messages with PGP...
DO IT!
;D
-
Not to be a condescending prick, but...
If you're too stupid to realize the importance of using PGP everytime you're too stupid to appreciate good drugs. Please, go buy a few grams of oregano from your local gangbanger and leave us be.
Granted, for innocuous PM's (no real data), I understand plain text but name and address? Really?
-
I personally use PGP everyday of my life for the last ...im not even sure how long. YEARS.
As a vendor though a MAJORITY of the orders I get are sent clear text. I stopped even complaining about it.
If they don't understand it is for their own security, I cant help them anymore!
-
If the vendor says use PGP, use it for everything with them until they say it's okay not to. Some vendors specifically don't want it if you're just asking "Hey can you do ____?" or a simple question. Others will delete your message the second they see it isn't encrypted. It's all in their profile. If a vendor doesn't at least post their public key, I'd be mighty suspicious. PGP is good practice, but I admit it can be tedious to 'unzip' every damn message back and forth only to read "yeah, that's fine. go ahead" in a message.
-
I do, I have since the start. Found SR and took about 2-3 weeks to sit back and watch how things worked and learn to get coins and encryption. Weird thing is I have a hard time explaining how to use pgp, but can use it without a problem
-
LOL those that do not use PGP will be the ones that will be the first to be put in a database if the server is confiscated and cracked.
Please ppl in the security section there is so much info on how easy it is to use.
We even have a PGP Club that the members are more than happy to help.
:)
nomad
-
yeah really. if you can copy and paste and remember a password thats pretty much all there is to it after you get set up, which is pretty easy to do as well.
-
I think it's funny how some buyers try so hard to obfuscate their money trail, and keep their BTC as anonymous as possible, but end up not using PGP and sending personal correspondences to the vendor in the clear--not to mention their delivery address.
Anonymizing BTC is a fairly broad topic with a ton of discussion. Using PGP is *very* simple, and is really the only solution for keeping your communication with the vendor between you and the vendor. There is no comparable method that is also as effective and as simple.
Just learn it and use it. Take 1 hour to set it up and send a test message to someone. That one hour is well worth it, if only for the knowledge gained.
-
i dont get it why so many have trouble using PGP or are even considering not to use it! its as simple as fuck (yes everyone can do that no matter how dumb and even have kids HA!) so give it a shot. once you figured it out it takes you 3 clicks to compose an encrypted messages to a specific person.
dont dare trust SR admins or whoever might be able to read the messages you send through SR to sell you out once the right point in time has come...
-
I'm fairly new and use PGP after joining Pine's PGP club. What I've found is that a lot of vendors don't know how to use it, hence I ended up posting my address without it once. I've tried to "pass on the knowledge" and have shown at least 1 vendor how to use it.
That's my 2 BtC.
-
If they don't understand it is for their own security, I cant help them anymore!
So true. I found out the person who enlightened me about SR doesn't even use PGP! I was so shocked. It was a must, for me, before I placed my first order. It's so easy to use. I don't understand if people are either just too stupid or too lazy. I had trouble explaining how important it is, because the person just kept talking about how SR encrypts everything. Is the only risk of sending an address unencrypted if the site gets compromised? Or is there more to it?
-
I put in my profile that buyers should use pgp for their own protection. I don't have a problem with pming simple questions though. I hope sr servers are never compromised, but it's always better to be safe, especially for something so simple.
-
Is the only risk of sending an address unencrypted if the site gets compromised? Or is there more to it?
My understanding was you could also claim ignorance if the person you were buying from was LE. Once you get the package and they pounce on you, you could say you had no idea why it was sent to you, and all your convo's with them would be encrypted so they couldn't prove that you had actually been the person speaking to them. Of course, you'd want to make sure there's no shortcuts to Tor or GPA on your desktop, and no txt files with certain .onion addresses saved in it, and your private PGP key is backed up someplace very secure (or just don't forget the damn password). There's still the option of them subpenaing your password from you, but only if they could prove you were indeed the creator of the PGP key (and you'd have to be buying yellow cake or something for them to care that much).
This is why a lot of people use Liberte on USB and public Library computers for sending bitcoins, etc. And it's usually recommended to wait 3-4 days before opening a package from someone. Anyone can send anything in the mail to anyone, it's not your fault for living at an address.
-
I find this website gives me enough anxiety even when doing everything properly. If I knew that even one time in the past I put the letters together which refer to my identity in plain text and sent it out into the world of Tor, I would never go to sleep again. Anyone who does not use pgp and has entered their name and address into a web form on this site should panic immediately and never stop because there is nothing they can do about it now, except for minimize the number of crimes which theoretically can be attributed to them in the future by using pgp from now on.
-
Not to over simplify but after the install it really is just copy and past. Open GPA make your own key to match your SR username and a TORMail address. Make a creative password. Hell make it into a sentence you say all the time and replace the letters with some numbers and punctuation.?!@ Copy & paste your fellow SR keys into your address book. Encrypt and Decrypt away. It is about protecting yourself and your fellow SR members.
-
If a vendor doesn't use PGP I don't use the vendor, there's really no excuse. Fine if buyers don't want to use it, but for a vendor to not offer it because they're too lazy to take <30 second to decrypt your address just screams "I'M A SHITTY BUSINESSPERSON THAT CUTS CORNERS".
-
I didn't order a thing until I understood PGP and all the other necessary anonymity procedures. I almost always use it for my address, although once or twice I was in a hurry to get the product and sent my address unencrypted, but this was for grey market products ordered domestically so I wasn't worried.
It's definately a good habit to get into and if it's too much trouble for you to do an encryption for each order then you are a troubled person lol.
-
I couldn't agree more. To me it also says "I don't give two $hits about your safety on SR." I've only had 13 buyers, 11 feedback so far, but rounding that down to 10...judging by those who've used PGP to order from me, only 1/10 use it. Less than that as it's technically 1 out of 13. However, a lot did use privnote. Guess it's not the same but better than nothing.
If a vendor doesn't use PGP I don't use the vendor, there's really no excuse. Fine if buyers don't want to use it, but for a vendor to not offer it because they're too lazy to take <30 second to decrypt your address just screams "I'M A SHITTY BUSINESSPERSON THAT CUTS CORNERS".
-
I couldn't agree more. To me it also says "I don't give two $hits about your safety on SR." I've only had 13 buyers, 11 feedback so far, but rounding that down to 10...judging by those who've used PGP to order from me, only 1/10 use it. Less than that as it's technically 1 out of 13. However, a lot did use privnote. Guess it's not the same but better than nothing.
If a vendor doesn't use PGP I don't use the vendor, there's really no excuse. Fine if buyers don't want to use it, but for a vendor to not offer it because they're too lazy to take <30 second to decrypt your address just screams "I'M A SHITTY BUSINESSPERSON THAT CUTS CORNERS".
Privnote is not the same as PGP at all really. The problem with Privnote is that Privnote has all the raw data before any encryption takes place. Also, once the website says that your message has been destroyed, there is no true way to be sure that it actually has been. Privnote could be perfectly fine to use at the moment, but there are too many unknowns about it. Is it run by LE as a honeypot? Is it currently compromised by LE? Will it be compromised 5 minutes from now? Does my message actually delete after it's been read?
PGP on the other hand guarantees you that only the keyholders that the message was encrypted with can see your message. There is no risk of being compromised except for one of the keyholders being compromised, but that is a risk that can't be avoided as the information eventually has to reach someone for you to get anything in the mail. Privnote is also high profile and wouldn't surprise me in the least if LE did end up compromising it in the future, or is even holding it now. I have to say that, especially if you are American, I strongly advise against using Privnote because the US government has the money, the will and the people (DEA) to target privnote and gather all information passed thru it.
-
I see no other way but PGP honestly
-
I am a new vendor, but have been a buyer for nearly 7 months, and I was shocked this morning when I logged on and saw someone send me their info unencrypted. Especially since they had nearly 200 transactions! I just don't get it, when something that simple can essentially keep you from going to jail in the long run if something goes wrong, it seems like a no brainer. I even have a link on my page where they can go to a site and just copy and paste my key, and encrypt their message! To each his own I guess.
-
These accounts are bittersweet to me.
Of course I would love everyone to use PGP for their own safety but if something ever happens on these servers LE will go for the low-hanging fruit (i.e. those with unencrypted shipping info) over those who have theirs encrypted. (Of course PGP is utterly pointless if LE acts locally i.e. on a vendor if they never purge customer information).
I think the best way to make sure everyone uses PGP is for vendors to post exactly how to do it (in practical terms applying to TSR) in their profile.
It really is so simple, and it is such a shame that the percentage is so low, but as I said above, lower hanging fruit is not a bad thing to me or the other 10% of PGPers
-
Riddle me this: If SR were to actually become hacked into and all PM's exposed. Don't you think if they were smart enough to crack into SR in the first place they would be smart enough to decrypt all encrypted messages. After all, you must provide your PgP key in the message. Apparently when orders are marked: In Transit, all that personal info is deleted from their database. That's what provided me with peace of mind. If I'm missing something please enlighten me. Maybe it will motivate me to begin using the program. :o
-
For the most part as a new vendor I'm noticing that every body realy dosent use pgp when the chat with me, and their not encrypting their addresses in their orders. It kind of gives me the idea that nobody really uses it. If you can get Bit coins on you account, get to SR than I think you can figure out how to use pgp. I think alot of new buyers dont use it as much from the stats of some of the buyers ide dealt with recently.
I've used GPG (and PGP before it) for longer than SR has existed, but then I'm one of these freaks who thinks even the jokes you send your mates on the clearnet should be encrypted.
-
I do, I have since the start. Found SR and took about 2-3 weeks to sit back and watch how things worked and learn to get coins and encryption. Weird thing is I have a hard time explaining how to use pgp, but can use it without a problem
That's not weird, it's just the difference between understanding a thing and being able to frame what you understand in such a way as to teach people in ways they understand.
-
I couldn't agree more. To me it also says "I don't give two $hits about your safety on SR." I've only had 13 buyers, 11 feedback so far, but rounding that down to 10...judging by those who've used PGP to order from me, only 1/10 use it. Less than that as it's technically 1 out of 13. However, a lot did use privnote. Guess it's not the same but better than nothing.
Actually there's a fair argument for privnote being *worse* than sending unencrypted addresses through SR. Specifically if privnote is logged or a honeypot. There's no way to know what they really store.
-
Riddle me this: If SR were to actually become hacked into and all PM's exposed. Don't you think if they were smart enough to crack into SR in the first place they would be smart enough to decrypt all encrypted messages. After all, you must provide your PgP key in the message. Apparently when orders are marked: In Transit, all that personal info is deleted from their database. That's what provided me with peace of mind. If I'm missing something please enlighten me. Maybe it will motivate me to begin using the program. :o
To crack a single message law enforcement would either need to crack the symmetrically encrypted message (usually encrypted with AES256) or the asymmetric encryption of the key or keys for the recipients. The technical details behind such cracking gets rather ugly and complex, but if you really want to know then read this (clearnet) link:
http://sixdemonbag.org/cryptofaq.xhtml#agencies
Make sure you read all the way down through the thermodynamics and quantum computing sections. Part of the way through some advice is offered for when you're brain starts to hurt. The advice is valid. Although you may wish to replace the actual advised item with something from SR. ;)
-
I sure use it do you?
-
The first time I didn't use it. Then after reading some (IMO) over-complicated guides to PGP.....I found one that was easier to follow and realized it was pretty simple.
After getting past the initial getting your key, etc...All you need is 1 lightweight program, and the rest is copy/paste, importing keys, and encrypting messages...which are all easy with the program at that point.
The biggest thing that gets new users is that there's no instant gratification aka you don't know if it worked right, right away. Well the first time you use it (like encrypting their address with venders key), you'll know because vendor will message you if anything was wrong regarding the key information.
Actually getting BTC can be more difficult.
-
I use PGP have been since 2009 ;)