Hello folks.Some people know this and some don't, so this is in the nature of a PGP public service announcement.As kmfkewm recently pointed out to a forum poster a ciphertext can have identifiers embedded into it. This is how it works, try this at home with your own PGP key on a test message to see for yourself.Example: This is a PGP ciphertext encrypted to myself using the PGP Club public key.-----BEGIN PGP MESSAGE-----hQGMA7pmVyGp4Z9uAQv/Y7fCVqUChMnji1g4Tm4zirTSoBvzoaoB8pmshcFVFYMhMx0W8fKVrMOU/TxzSjIhaUvVmxRTAF4MxMNrLg7ncTBWVDeBjrOQCNYUMCrGt//d0u/HqWn6EfUCADuaxLd52WmF1CIs2ezXJo6XXfwfJCStiel0tek0vpKINlllXwlxYdgvUZKB3BpE3K2abNfSkaeBHlPvRgUGWI+VAkNpwsNq+y1RXOIVyC0p38RcpxuvBp6iMKoxE30SPOVzYR29bCA8I/+/sRvlOSDTKnDEkiFl7/rezheBJT2+OiJlOIkx6wTv1HSeWNtrH9jnOGfGUKUgId0eEyKUgnHh1Z9IJlMqnvCNIUreTuylI4/v0izh5oqA6dHO7S2YPrm1TtDnihBsVrexq6/fv0mBApTR9LChP/0pkDHVKdfkuoUYXjg2E30Je4iyPSnfD1J597/Aqvv+cOlj5JyAkQ2vFnywYw5s6O/DB93h2jz4XU8KYZmZ3+slR6o1wV/kDEKg/iFe0lIBdHmum3nEzfSN8kFqRAT/1sMyDBPPs7g7phNPe7lPNACp4iUHdca8n419dDFDCoqJIXeM4gYqaj5njVvETt73car1l/p/h/GMKptK+CH/nzlv=tTJA-----END PGP MESSAGE-----If you store this as a text file such as encrypted_msg.asc somewhere, and then open the terminal/command line and type this code:gpg -v encrypted_msg.ascThe result is this information:gpg: public key is A9E19F6Egpg: encrypted with RSA key, ID A9E19F6EA9E19F6E is the key ID for my public key. Of course, normally we do not encrypt messages using our own public keys. But there are possible negative consequences for anonymity due to this feature of PGP.--Many PGP or GPG software products (most Macintosh software appears to be setup this way for example) automatically encrypt a message to yourself as well as the other person you're sending the message to. So if anybody knows an association between you and your public key e.g. you uploaded it to a key server, or you use the same PGP key for both life inside and outside of SR, then if they intercept your message they'll know it is from you. They won't know what is inside the message, but they'll know it is you who sent it. Not good.The point is that you really want 1 PGP key for SR, and only SR. Never use that key anywhere else otherwise you'll be linkable between those two places.Note: One thing that can catch people out is signing. Unless you sign a public key locally, the signature will be uploaded to a keyserver automatically as part of a Web of Trust deal. This is pretty standard among most PGP/GPG software. So, if you are signing people's public keys, ensure you only do this locally. There is an option for this. Otherwise you can be hypothetically traced back from the keyserver. Yes, you could Torify your GPG client, but that's a whole other discussion.--Finally, consider that if a message is encrypted to somebody else's public key, that if the Feds know the source of the message, then they have evidence for a connection between you and that person. Sometimes that is all that is required.-----BEGIN PGP MESSAGE-----hQGMA7pmVyGp4Z9uAQv9EvfKCl1k8lEDcfgQNR7t/iNg1RaGaQyEShmfgBFkFVWxr4wjOTxo2Pl5I826Rhzv8axbSom/+K41WRRV38LiHT65RNrPQmyozV/vWOmo18eEcoXqdBzmuOIVbqUkd/oV0bgSxESmbSVc/cTmXDrniZZ/svcD+jbd+oSUCl8yp4U7xor7ojdpAcL5QFPz8jy7sDU/+7fsDCsgoHW8OTPwcrPckqpFJUZFJd7/9qbbwdE6BuyJYDmvFgqQAjB8qecYcpzUMzQzvYEbzMP1QHZ1XaAPIy2mB2FYXF44Am4JNgXYsA7/FG27CPwd9RkxzPQrldMMgZuhs8x8/vVGxf7/tUusrQrSCMHnlRKE95vT5ffYf2NsDvs24dOLZjCx2jfrr9W1MREUkja0wZPWaIjzhjAuKTaPWRQFWFVjOzacz3ca6EYEzWFO09VRvb3RBBNIXJcJCM1HdfVcNtGSj7gspSlr1YWJSA1WuMmHzhy4KWNHnfGUzY/8rAzinhT3AG9jhQEMA5jmn5iuBkvEAQf/b6ZunD7Sfwu+N2UEujF2WQGkQsOfzAoy4bMSEt5l7bLLXzvjtsvCPWQIlbxQO2qZqUucGKH/rBwmakPtFoqNo03Sd/FCJts8Wtrxd5QNV8GhYSn3+fij6MHIkG2GjCSL344CAR/NQakQhEyvDPJNBUhHGmns7grYQXAWoG0ClIHrYIkFIH6L2pMvUBxfGXN2Hq2MiG735CLbKnT8aIUhIDib/b4SFQ74LqV5L7E5g9P5e7iX/95Cro+SYCkAchpXtJlqtTscWBXWC426bW+3Q2rPbPzLpageTiDiqGJJgWb8LzI2Zp3hKNbqLYm5vvSqfQAnh53K1Q0P6ZaDKPvKYtJLAXidPBUIYvzDpC3N/8mdM4GRXOenVeXVGc9SBfxcyoYxis4syC9UcQ7Regl7m7SilpOVHOnHR1mPMwiZbJxas1WBQWqcTTb7UUA4=D12u-----END PGP MESSAGE-----The above message is encrypted to my public key and some random member of Club PGP. The result is: gpg: public key is A9E19F6Egpg: public key is AE064BC4gpg: encrypted with RSA key, ID AE064BC4gpg: encrypted with RSA key, ID A9E19F6EWhich proves that Pine sent a message to the person with PGP key ID AE064BC4, in this case AnonymousMan. Now, if AnonymousMan knew Pine in real life, and the Feds knew AnonymousMan, they could beat on AnonymousMan to give up Pine. Fortunately this is not the case.The point remains though, that this embedded Key ID business is an unhappy affair for us denizens of the Darknet. The next post shall address how to circumvent this inconvenience.