There is no Javascript on SR itself last time I checked, but there is on the forums. However, many of us have Javascript disabled, and there is no requirement at all for anybody to be using it in order to use the forum.I think we would rest a little easier if there was a ban on scripts entirely, including on this forum. They serve no useful purpose for us and there is potential for various exploitations.Nonetheless, I think the real danger is not XSS or other hacker tricks, but 'the human element'.Privnote for example, the human element being laziness or simple ignorance at very best. Privnote is the essence of a side channel attack, where the security of SR and other services are not compromised directly, but by parasitical services that sidle up to SR users, hoping to gain their dependance before pulling the rug from beneath their feet. I have even heard of some vendors using it. Those vendors ought to be pilloried.Perhaps I am some kind of PGP Puritan, but I would warn once, and then ban, anybody who continued to use such a service. If not that, then more awareness of the dangers of using such a service ought to be crystal clear to every member of the forum, there is no excuse for laxity. To that end I shall begin a witchhunt for its users, a name and shame campaign.You cannot be kind to stupidity, it must be reviled. And ignorance, well there is a cure for that is there not.I'm aware that vendors fear losing custom if they enforce every buyer to learn basic cryptography. However, there is also safer solutions than the use of 3rd party services, they are simply less commonly understood than the pernicious "Fuck yeah Privnote" grassroots campaign that has apparently been orchestrated in the last two or three months.. It is also the case that SR's customers will only increase in volume over the course of the next year, so one must put a foot down at some point. If you allow buyers to behave as if this is truly a normal website, then you are putting down the seeds for a campaign of "John Busting" among a swath of the more naive customers. The law in many countries e.g. Australia, is barbaric, their enforcement officials barbarians and their civilians innocent of what the rules really say. So it seems to me we have a duty to help them, help themselves. If they do not want, then fine, but they should be well aware they are driving without a seat belt.Of course such a side channel attack from Privnote and other 3rd party services will not affect experienced SRarians in the slightest, but it will cause reputation damage to SR and lower profits as a result. Finally, more than a few people are beginning to imagine LEA as impotent, LE agents as mystical creatures in some faraway land. Out of sight, out of mind. I will continue posting extracts from DEA educational fodder they supply to their ground troops, in order to illustrate how they really conceive of you all. Because they think we are rats, and stupid ones at that. The enemy really exists, it is really out there, and it is malevolent. I say bulletproof SR's security, harden your personal security setups and prepare in every way you can with backups, alternative systems of communication, every available trick in the crypto-anarchic book, so that when we come under attack they shall be finding it like striking a hornets nest. Futile, and painfully expensive.