Quote from: Mr. Fluffles Schrodinger on April 26, 2013, 04:00 amYou also have idiots like me who have encrypted all sensitive information since day one and then decide one day to place an order without encryption....not so much decide as just go braindead for a minute. :/ It was with a major vendor who is a serious proponent of PGP, as well. Still waiting for my order and hoping to DPR that they don't decide to teach me a lesson. Trusting they won't though. Luckily, they don't seem to be that type. I think SR should have a giant 4 fingered cartoon hand that comes out and smacks you upside your head or punches you in the face before you do something that stupid. Probably would have helped my splitting headache. That would mimic government brutality as well, but hey, that's the price we pay for greatness.This is the reason why I once suggested that DPR put a simple message with a link (to PGP Club!) about PGP on top of the the order box. Forcing all buyers to learn PGP to make their first order would probably drop volume by at least 75%, but I see no reason not to cajole people into doing the right thing with every possible means short of coercion. Some newbies blissfully dismiss PGP because they haven't heard of it and think it's Just Another Technology Acronym, and others occasionally make slips as you've had the misfortune yourself.Quote from: RxKing on April 26, 2013, 05:44 am@ PINEThere is NO NEED at all to make FE go away. It is a choice. NO ONE forces you to do FE. In fact the buyers control that. The buyers CHOOSE to use a vendor that requires their customers to FE. And each person has the option...yes option.... to do it or not. As a vendor I do not require it and never would. But there have been times on an order of say 10k that I wanted those coins right away...as I was going to trade them for cash and I wanted the rate right then and there...and even waiting 24 hours would have cost me 5k. So in that case the FE was needed. And my customer had no issue with it at all. The fact is the buyer needs to make that decision.You're presenting it as a choice for more freedom, but I don't think it really is, I think it's more about a lack of options. The reality is that several times scammers have stolen more capital than SR's entire cut per month. This undermines the market's confidence, it doesn't help it. In a free market participants have the choice to transact, but that should not be in conflict with doing business appropriately. I understand your point about market volatility, but the solution is not FE, it's too blunt an instrument, it gives cover to scammers as well as honest vendors. The solution is using BTC option derivatives to control volatility for vendors. As soon as that structure comes into existence, FE has no reason for existence any more and that's the end of FE scammers. Then everybody gets what they want. Quote from: RxKing on April 26, 2013, 05:44 amAs to the pgp...that is another thing that only affects the buyer...and it only affects the buyer if you believe at one point SR will be compromised and you also believe when compromised that the SR servers will in fact have all the information from messages and from the orders available Even though DPR has stated that information is not saved and even if the servers were compromised that information would not be available.I think we have to believe that. Even if it's not true, we need to believe it, due to the consequences of being wrong. An attack by a passive adversary is much more dangerous than an aggressive takedown. The only reason to do a "takedown" is to score political points.It is most important for buyers to use PGP because it creates market confidence. It is secondly important for SR because it makes it less of a target for hackers.It is lastly important because vendors inboxes could be used as evidence against them.Any one of those reasons is enough reason to use PGP!Quote from: RxKing on April 26, 2013, 05:44 amThe truth is, the bigger issue is if a vendor keeps the information or not. That is something that would come back to hurt a buyer a lot more then SR being compromised.Sure, but it's a separate variable and cannot be controlled for. It's a different problem. I'm also willing to put money down on a PGP aware vendor being less likely to have plaintext addresses on his hard drive.Quote from: RxKing on April 26, 2013, 05:44 amAlso any second year law student can tell you that messages alone are worthless in a criminal case, especially ones from the past, and that even if SR was compromised and they could get messages with addresses and what you ordered from say 1 year ago...or even 1 month ago...that information alone would not get you in trouble.I don't believe that for a second. You have not studied the Farmer's Market case study?! I don't understand why you think this.Quote from: RxKing on April 26, 2013, 05:44 amPGP is another layer of security...BUT it is not something that is this big lifesaver. And FE is not something that is a problem. The problem is getting people to understand how things work and what not to d to and what to do.?Quote from: RxKing on April 26, 2013, 05:44 amIn over 1 year here I can tell you I have witnessed things that buyers do that would blow everyone's minds. If I didn't have these things happen to me...I would never believe people are that dumb. THEY ARE.Perhaps, but increasing hidden services like SR are going to appeal to a broader consumer demographic, one which is middle class, middle aged and much more likely to buy from SR. Those people are going to be much more likely to use PGP than the traditional product consumer demographic you're used to. You'll have to get used to it, we're moving up the value chain! :)Quote from: RxKing on April 26, 2013, 05:44 amAnd you would have to be a total idiot if you believed that PGP alone will in any way protect you. There are 10 other things that are more important then PGP. And as to the FE...that is something that will never go away and actually it really can't. And the beauty of how it now..is YOU HAVE A CHOICE. And I for one like when I have the freedom to choose. And as a buyer if you choose correctly and you have an IQ over 90 you should be able to order and receive your goods on SR with no problem 100% of the time. And in fact I think most buyers do just that.And the freedom to choose to go to jail, do not pass Go, is not a choice that any aware customer would choose to make because it is irrational. The consequences of being wrong are not you get a disappointing product or service, they are that you become a guest of the state.By suggesting that we adopt professional protocols I am not suggesting that we adopt soviet economic planning! People who really want to FE can always PM their vendors and conduct business entirely outside SR as well, that is also an option for them. People use SR are doing so because it streamlines business transactions in the same way as Ebay brings buyers and sellers together. You can always send CIM to a vendor on Ebay, but nobody thinks this is a good idea! SR is a value added service, that is how to see it.LE has historically tried to infiltrate on a network basis, usually moving up the distribution chain, using either communication networks or financial networks. We have the opportunity to kick the ladder out from under them, which is both hilarious and profitable. Read PolyFront!Anyway, you are free to develop your own opinions. There is all kinds of risk taking, mine is more conservative than most admittedly, but I find the tradeoffs worth it. For one thing, PGP is repeatedly cited by LE agents as a frustration in regard to SR.Quote from: Blksheep on April 26, 2013, 04:44 amPine...your one smart chick! lol Hot too, it sounds. :) (going by the picture of a woman by your name, I'm assuming your a chick) I am amazed by the intelligent people who roam the road. I only admit to being a monotreme, which LE agents do not consider useful information (it's the perfect cover).Quote from: eddiethegun on April 26, 2013, 01:48 pmNot true that PGP only affects the buyer. More importantly it protects the vendor.If SR gets compromised and no one used PGP, LE could intercept EVERY package Mr. Vendor sends out.Dust for fingerprints, swab for touch DNA, photograph and profile the shit out of those packages.That's a whole lot of evidence of a whole bunch of felonies.More importantly for the vendor! But yes, it's all true. You've suddenly gone from 1 in 200 average chance of interception to a 1 in 1 chance.Quote from: 1455992 on April 26, 2013, 05:04 amI believe everyone is entitled to their own decision regarding PGP. I for one am not one of those SUPER paranoid people that think the feds will come for me over my 10$ stamp bag of heroin. If ANYTHING i'll get a customs letter at most, or a request to come sign for my package at the PO, which i will ignore obviously. There are bigger fish to fry. There are two problems with this.1. You probably live in the United States. At a guess something like a third of SR's customers don't. Different rules apply elsewhere.2. They aren't going to be catching thousands of vendors any time soon. So anybody they do catch, will get a disproportionate amount of attention. If you get just a few grams of heroin across state lines, they could in theory decide to put you in prison for decades.So caution is the better part of valor.Quote from: Ticket on April 26, 2013, 02:57 pmQuote from: pine on April 26, 2013, 03:31 amLearning PGP is essentially an IQ test. Seriously. That's why vendors should be especially committed to it. If you are captured and the Feds open your SR account somehow, and they have nothing but encrypted messages, many of their strategies fall flat on their face. Exactly. As a vendor, I explicitly state that I will cancel any order for which the submitted address is unencrypted. Most people comply. For those that don't, I look at their buying history. Those with no history do NOT pass the IQ test, and I cancel the order. Those that have a substantial order history with no refunds or auto-finalizations pass the IQ test by other metrics, so I simply send them a message notifying them of my policy, and go ahead with the order just this once.Yes, the cryptography does offer legitimate protection. But as a vendor, I'm also trying to ascertain if I'm dealing with someone who will be able to properly receive the package. PGP is not that difficult. If a buyer can't follow simple instructions listed in full caps on the listing page (as well as my vendor page), then I simply can't do business with them, for my own safety.Yes. There are all kinds of extra benefits to using PGP that are not strictly cryptography related. Throughout history, it is always the "high priesthood" and their arcane symbols that ruled. Elites have always used a different language to everybody else. Today we have one global language for business, but the same concept is still woven into society. The elite of the information age use cryptography. Montell Williams, who is a moonbear, says PGP Club is a cult. In a way he's superficially right, but also wrong because it exists for a real reason.Quote from: RxKing on April 26, 2013, 02:35 pmHe has a program to erase ll information that has already gone through the system. So you would have to believe that all of that is not true and if you believe that all of that is possible...then yes the messages that were pgp protected could not be found...But also at that point...SR is down...meaning they would not be able to intercept the packages at all.As SR would be down at this stage... And so they wont have anything to finger print, photograph and file.If a LE agency finds or has found the physical location of SR's server(s), I assure you they will take every precaution to capture "live" servers.I, some people think I'm aiming for PGP utopia, don't believe everybody has to use PGP. I *do* believe that we cannot expect to win forever in a linear fashion. Our growth is likely to follow that of bacterial growth in an agar dish.https://en.wikipedia.org/wiki/Bacterial_growthIn the death phase, a small number of the bacteria survive to fight another day due to their adaptive properties. Surrounded by waste and lack of food, they remain dormant until the environmental conditions renew themselves. These more evolved bacteria are super soldiers in comparison to their dying neighbors, because they have a special wall to protect against external environmental conditions. In the case of our system, I believe that protective wall to be secure communications. PGP is a form of disaster insurance, not a panacea. Everybody, including DPR, can have this protection by choosing to use PGP all the time and encouraging its adoption. It's a blue pill, red pill decision.