Quote from: jsmithy123 on October 22, 2012, 06:33 amhonestly speaking IMO nothing is THAT wrong with privnoteIt is fine to be uber cautious and avoid it, perhaps the admins of privnote have turned and are keeping a log of everything that the feds are voraciously reading however note that the feds would ALSO have to have hacked SR and thus be connecting orders to privnotes. In my book it is very unlikely privnote is currently operated by the government and multiply that by SR being busted as well? if so it would be the law enforcement hack of the century.It's not as straightforward nor as difficult as you're making it sound. They don't need to hack into the Silk Road specifically, they just need to arrange for an "alternative" code module to be run when accessed via a node from the Tor network. The exit nodes are publicly known. Uninteresting notes would be filtered from those which are from 'persons of interest'. Stop thinking of it as a 'targeting system' specifically created for the sole purpose of destroying SR, it's more like part of a 'trawling system'.Don't think of Privnote being used as a source of evidence all by itself per se, but as a source of intelligence gathering. Privnote itself is merely an obvious *archetype* of something that could be a honeypot, there are many potential similar suspect services, such as Tormail, Anonfiles or Freedom Hosting. The majority of these services must be honeypots, or it is pragmatic to assume such. We are not believing that they are all DEA honeypots, that would be quite remarkable even though the DEA undoubtedly must have a significant presence judging from its bizarre geographical distribution (it's... not exactly a drug enforcement agency, reports from wikileaks say it is actually part of an intelligence network for a larger concern). In fact we live in a digital jungle we need to navigate, where the DEA's and SOCA's e-crime divisions are merely some of the smaller minnows darting about. This world has literally thousands of private and public intelligence agencies with different agendas, who would be willing to trade data for data.In fact, LEO does not need to intercept communications to a particular gathering place for information directly (unless it's part of the exploit), they just need to compromise the ISP.In such a jungle, there is only 1 real defense, and that is public key cryptography. Bitcoin, Tor and PGP come from this.You have to remember that the ethos of SR is the following:1. Everybody on SR is an agent.2. SR is hacked, and is in fact run by a hacker LEA.3. Conclusion: Don't trust anybody, including Agent Pine.The strength of our network depends on the understanding that all security is not foolproof, that anything can be hacked, and the only thing it is possible to trust is cryptographic trust. While we may have fellowship in this new universe, this is the cornerstone, so let's not get confused and start imagining "The Hack" of SR would be a notable development. It would not make any fucking sense to close SR if you got control of the servers. I mean the actual hardware could be anywhere on the planet. So any logical adversary is most likely, barring the influence of populist politics, to become a passive adversary and watch all our goings-on and record them all. That is why PGP is our most important weapon. It's not really an optional thing. Far from being a disadvantage to be this paranoid i.e. paralysis by analysis, the paradox is that this result will give us extraordinary freedom and power. This cornerstone is solid.But you must all heed the principals I've explained and not trust in obfuscation as a technique, obfuscation is an Old World technique, in a digital universe cryptography takes precedence.Quote from: kitkat82 on October 22, 2012, 04:08 amCan someone tell me what is wrong with privnote? Does it leave evidence once it is destroyed?It is known to be used by naive SR users who don't attend to their security, which makes it an attractive target, which means it should be considered compromised. I would not do business with anybody known to use such a service (or anybody who relies on 3rd party encryption services). Privnote is not more secure than plaintext, it is less secure. The concept of Privnote is so laughably insecure it's amazing anybody is credulous enough to fall for it. Even ignoring the probability of it being a method of intercepting information, one of our programmers read the code and found a major flaw in the crypto implementation in about five minutes. Crypto should be left to the experts, or people will get hurt. Whether that flaw was intentional or not is irrelevant. I can't really make it any more clear than I have already done.