Silk Road forums
Discussion => Newbie discussion => Topic started by: jackie9191 on April 13, 2013, 04:30 pm
-
I tried to send info to a vendor but my PGP didn't work. He suggested SR's secure system or privatenote.com. I don't know about SR's system (would like to know where it is and how to use) and when I went to privatenote.com the page content failed to fully load so I couldn't get into the site to learn about it. If there are simpler to use alternatives to PGP I would prefer using them. Any education is greatly appreciated.
-
If you are confident enough to send a message to the person in clear and believe it will not be intercepted, it would be easy to create a one time pad, send them a copy of the pad, and use instead of PGP. Basically, a one time pad uses a substitution cipher each character with a different offset for each character. Realistically, it is inviolable unless the pad is compromised - if only depend on what you are absolutely sure you can get the one time pad (message containing a large amount of text that looks like garbage) without compromised.
-
Yes. You can actually prove that a one-time pad is perfect secrecy. I don't know how you can consider that easier than using gpg though... in other words, my advice is totally forget about that. The only reason you need to encrypt your address is in case the server is infiltrated. Your address when you order is encrypted all the way from your computer to the Silk Road site, then encrypted again all the way through when the vendor is sent it to ship you your package.
The only time it can be possibly be read by someone is on the Silk Road site itself. So if they find it, they can read it. Or the admins could, not that they'd be able to read them all even if they tried to for whatever reason... but my point is the security he was referring to is already in place. No need to implement anything more unless you're worried the police will seize the site.
This is also true of messages sent and received via SR.
-
Goooood to know!! :o
-
Why don't you just figure out why your PGP didn't work? It's not brain surgery.
-
From what I remember of reading the sellers guide, as soon as a deal has been marked "in transit" your address is shredded by SR.
So long as you're dealing with vendors who ship quickly your address is non-existent on the server.
-
From what I remember of reading the sellers guide, as soon as a deal has been marked "in transit" your address is shredded by SR.
So long as you're dealing with vendors who ship quickly your address is non-existent on the server.
Yeah. So they say. But my account history was showing for 4 months back at one point, when supposedly it was only kept for like a month or something -- so how's that possible unless a lie was told (or I'm totally wrong)? But that's not really the point, you don't need evidence to distrust SR.
You should never trust someone selling you something. SR sells us something -- we pay higher costs than we otherwise would because a percentage goes to SR. I just don't consider it acceptable to ever believe words coming from the mouth of someone trying to get money from me; not sure why anybody would feel differently.
-
I agree that with money comes corruption but since the SR admins have a hefty prison sentence if the place ever got busted I doubt they would keep any extra incriminating information on their server(s).
Maybe the account info that was showing after four months was just the product listings and personal addresses had been shredded.
-
I tried to send info to a vendor but my PGP didn't work. He suggested SR's secure system or privatenote.com. I don't know about SR's system (would like to know where it is and how to use) and when I went to privatenote.com the page content failed to fully load so I couldn't get into the site to learn about it. If there are simpler to use alternatives to PGP I would prefer using them. Any education is greatly appreciated.
jackie9191; if you take the time to figure out pgp, it will do you well. look at the top of the newbie discussion forum and you will see a PGP thread where you can send and receive pgp messages and people will help you out. Get a key, create a pass-phrase, share your public key, get someone public key, create a message, encrypt it and send it. It sounds harder then it is. If you would like to try it, drop me an email.
-
I tried to send info to a vendor but my PGP didn't work. He suggested SR's secure system or privatenote.com.
SR's secure system?
Privatenote.com?
Your vendor is a fucking jackass. Chances are extremely good the vendor doesn't know how to use PGP, you probably did it correctly. I'd stay away from a vendor like this.
-
I agree that with money comes corruption but since the SR admins have a hefty prison sentence if the place ever got busted I doubt they would keep any extra incriminating information on their server(s).
Maybe the account info that was showing after four months was just the product listings and personal addresses had been shredded.
We all assume SR's servers are hacked. It's not paranoia, it's a practical reality. I mean we hope they aren't. But it's better to assume that all communications that aren't encrypted on SR are logged by LE agents. Better safe than sorry.
The ideal is that SR could be completely compromised physically, but so long as you use Tor and Bitcoin and PGP, it doesn't matter, we're a permeable network, having surveillance status on our communications doesn't matter.
-
I assume that SR admin have some kind of "panic command" that will shut down and wipe all servers in the event of their location becoming compromised. Thus the option to have a dump bitcoin address in your account to send your remaining bitcoin to a specified address if it all goes wrong.
Then again, they would also need time to issue that command, which is no use if you're suddenly handcuffed and thrown into a cop car.
-
I assume that SR admin have some kind of "panic command" that will shut down and wipe all servers in the event of their location becoming compromised. Thus the option to have a dump bitcoin address in your account to send your remaining bitcoin to a specified address if it all goes wrong.
Then again, they would also need time to issue that command, which is no use if you're suddenly handcuffed and thrown into a cop car.
If DPR is doing things correctly he/she isn't within a thousand miles of SR's servers. There is no requirement to be physically nearby. They can login via the Tor network to change settings etc. The Silk Road is just data and data can live anywhere in the world. Intrusion detection of all sorts can be setup without ever visiting the location.
In practice when a SWAT team knocks on your door there is very little time to react and push buttons unless you want a bullet for your troubles.
-
Yep. Who's to say DPR hasn't got a very trusted friend with some kind of secure VPN access to the server from afar with which he could issue the server nuke command.
-
I tried to send info to a vendor but my PGP didn't work. He suggested SR's secure system or privatenote.com. I don't know about SR's system (would like to know where it is and how to use) and when I went to privatenote.com the page content failed to fully load so I couldn't get into the site to learn about it. If there are simpler to use alternatives to PGP I would prefer using them. Any education is greatly appreciated.
Send me a message and include your public key. My public key is in the first link in my sig. Import my public key and encrypt a message to me with it. Include your public key. Then if you decrypt the message I shall send you in return you'll have shown you know how to encrypt and decrypt.
-
I tried to send info to a vendor but my PGP didn't work. He suggested SR's secure system or privatenote.com. I don't know about SR's system (would like to know where it is and how to use) and when I went to privatenote.com the page content failed to fully load so I couldn't get into the site to learn about it. If there are simpler to use alternatives to PGP I would prefer using them. Any education is greatly appreciated.
jackie9191; if you take the time to figure out pgp, it will do you well. look at the top of the newbie discussion forum and you will see a PGP thread where you can send and receive pgp messages and people will help you out. Get a key, create a pass-phrase, share your public key, get someone public key, create a message, encrypt it and send it. It sounds harder then it is. If you would like to try it, drop me an email.
Thanks a lot. I don't know why my pgp message was unreadable but I was in a hurry so I just entered the info in the name and address block that comes up when you make the purchase. I do want to get pgp down, it is really the best way to go. I may have screwed up but I will send you my pub key and a message and if you can't decrypt it I know I have a problem on my end. I appreciate the help bro.