Silk Road forums
Discussion => Security => Topic started by: livestr0ng on May 05, 2013, 09:43 am
-
I've never heard of somebody encrypting a privnote. Why's that? I don't understand why it's not common practice. It sounds great to me. Only the person you want to get the message can get it and they only get it once. I don't want to do it (in fear of pissing off a vendor) until I've heard a thorough discussion on it. Please help me, and maybe others, out by providing your thoughts and opinions on this topic.
Conclusion: Fuck Privnote. Only use PGP.
Thanks everybody :)
-
I can see the advantages of doing this, for added security for both buyer and seller. Personally, I think PGP is more than adequate as you need both the private and public key to decrypt a message. I think it would just add to the work load for the vendor, with one extra step in the process; all done over the Tor network, which isn't fast at the best of times.
I'd be interested in hearing other people's replies on the subject...
-
I think it's a bad idea, because clearnet sites can identify you more easily, and because they know they can know the key ID of the vendor, if they indentify you, it wouldn't be so good. Privnote has been suspected as being a honeypot so I would be wary in doing that. Putting your PGP encrypted address in the address field also makes sure your vendor can only see it once, he can save the message of course, but that's also possible with privnote.
I would trust onion sites more than clearnet sites for that kind of stuff...
-
I used to use privnote for private communications with well, non computer savvy people I knew. If privnote was a honeypot then a lot of people would be in prison for life, or they haven't went through the data yet. I think putting a PGP encrypted message in privnote is a good idea because then it isn't stored on a vendors machine or in the Silk Road database and therefore if the vendor ever got busted and gave LE his passphrase, you have nothing to worry about. Now without privnote, if a vendor gave his passphrase to LE, then LE has access to every buyers address.
-
Well PGP encrypted addresses are also deleted as soon as the vendor reads it, that's what silkroad says they do, and I wouldn't trust privnote's automated deletion more than silkroad's.
-
Hey Jack, just want to let you know that I am a vendor here on Silkroad and once you place an order and type your address in (does not matter if PGP encrypted, privnote or plain text. As SOON as I mark that order in transit, your address is deleted off of SR forever, it is impossible to recover....and trust me, if LE got a vendor and somehow got access into his/her account the last thing they would care about is who his buyers are, unless they are buying huge loads for resale or something but most people are just buying for personal use or for them and some friends.
-
If it is automatically deleted then there shouldn't be a big deal about people using PGP. I've seen too many posts about vendors saving addresses and such. I don't use privnote ontop of PGP, I was merely saying I would feel safer doing so. It isn't standard protocol around here so I don't. I really don't buy anything on here other than the occasional exotic smoke so it none of this really affects me.
-
This has been said a number of times now, but do not assume that they will simply destroy your note once it is opened, in fact, they now use PGP to encrypt your messages anyway so god knows if they are even using that line of reasoning anymore. So yes, there is a big deal about people using PGP in a Privnote for information pertaining to Silk Road. In order to be safe, it is important you do this.
Piece, Love, and Fuck Haters.
-
Thanks for posting everybody. Although, I don't feel we've completely come to a conclusion yet. Any more thoughts?
-
Privnote should NOT be used for a number of reasons. It's use requires Javascript to be enabled. Doing so leaves yourself open to having vulnerabilities in Java exploited, easily done by a competent attacker. When you send a Privnote to someone, it is stored on a 3rd party server in plain text. Should the server become compromised or accessed by the authorities, any stored information will be easily accessible.
Privnote shouldn't be used by those serious about protecting their identity. PGP (GPG) is the tool you should use to encrypt your info. Javascript, Flash, etc should not be enabled when using SR. There is no reason to give an attacker the opportunity to exploit a vulnerability and Java has many of them with more being discovered on a regular basis.
-
My thoughts are 'why bother sending an encrypted message to be stored on a different clearnet server?' there is no need to use privnote if you are using PGP encryption, just use the SR messaging system, all the SR private messages are purged after a few months anyway. If you are talking about sending a privnote link to the vendor during checkout that contains your encrypted address, same deal, there is really no need to store the message on another server if it's not necessary.
If you are talking about people that do not know how to use PGP encryption, then I think they should learn how to use it or not use SR at all.
As much as I would like to trust Privnote regarding their Privacy Policies, I will not use their service. Encrypted or not.
-
Exactly Fallkniven. There is absolutely NO reason to use Privnote if you have encrypted a message with GPG, providing the strength of the keys you generated are a minimum 2048 bits (RSA) and your password (pass phrase) is strong. :)
-
My suspicion is that some vendors, unfortunately DO save addresses. I think 1 vendor even admitted to it here once and said it was to streamline his operations.
And also to keep track of fly-by-night scammer buyer accounts. That sucks though. I'm not cool with that at all.
-
My suspicion is that some vendors, unfortunately DO save addresses. I think 1 vendor even admitted to it here once and said it was to streamline his operations.
And also to keep track of fly-by-night scammer buyer accounts. That sucks though. I'm not cool with that at all.
Indeed. Many do. Some also have to transmit names and addresses over clearnet to their supplier because they are merely a middle man.
-
Indeed. Many do. Some also have to transmit names and addresses over clearnet to their supplier because they are merely a middle man.
Do you know this to be fact or is it something you've heard from others? Any vendor engaging in practices such as this should be named and shamed.
-
Indeed. Many do. Some also have to transmit names and addresses over clearnet to their supplier because they are merely a middle man.
Do you know this to be fact or is it something you've heard from others? Any vendor engaging in practices such as this should be named and shamed.
I know specific suppliers that some vendors utilize. Those suppliers don't use PGP. One of them in particular uses hushmail. Many RC vendors utilize clearnet suppliers too. Particularly bulk RCs coming from China. I wont name any vendors. It's pretty easy to tell by looking at the locations they are shipping from and the price if you know many labs. There is also a particular South American source for pills that uses hushmail and I've seen vendors middle manning through him. I know it is through him because he is the last one in that country selling those particular products. There used to be five of them and I've used them all. Four of them work with the same people. I know this because of specific packaging and Western Union receiving information being identical from the four sources. Alas, there is only one of them left.
When you see a vendor shipping from several different countries you should obviously know that they are sending names and addresses to a third party. Whether that third party is using PGP or not is the real question. I've been in this scene for over a decade so I know some specific suppliers that do not use PGP.
As for saving shipping information. I've seen vendors admit to it by saying things like they have a list of scammers. Also the occasional time when someone receives an unexpected package where the vendor accidentally shipped them something after they have already received their order.
I actually messaged one vendor asking him if he feels comfortable transmitting his customers personal information over clearnet and over hushmail because I recognized his products from two suppliers. I even names his suppliers. I never got a response.
-
Using PGP to encrypt a privnote URL is like hitching a mobile home to a nuclear submarine to drive down the road. That it does not work is but the start of your potential problems.
--
It is not advisable for this reason:
Plaintext -> Privnote -> PGP encrypt Privnote URL -> SR is less secure than:
Plaintext -> SR.
Why do you believe what Privnote says? Maybe their service is legitimate. But you're depending on... trust. It's no good scouting about for privnote reviews or ascertaining how many people use privnote, those are not relevant metrics as to the service's reliability. Just as with the Feds and Hushmail's Java applet, you can have a special version of Privnote, just for you. They don't even need to get you to download anything, it can all be done at the backend. Nobody else has to be affected.
Some people in this thread are exhibiting classic signs of selection bias in their thinking. Just because you don't know anybody that was busted by the use of Privnote does not mean this is information. That's like saying alpha team that went up ahead through the Vietcong infested jungle hasn't got in touch so they must not have met any Vietcong. Perhaps you don't know anybody busted through use of Privnote simply because they are in a prison, hence you have not been communicating with these people. I don't know if that is true, but it could easily be true. I note that outside of TV serials police do not explain how they caught the prep. The purpose of honeypots may not be what you imagine. Take Tormail for example. The rumor bird says it is operated by the FSB. Clearly Russian intelligence networks are unlikely to care excessively about the Silk Road, but perhaps they wish to monitor private chatter so they can make predictions about the use of tradecraft, various actors on the darknet, traffic analysis and so forth. Essentially they do not intend to spy on you specifically, they are simply hoovering up data for potential use later on e.g. blackmail, influence.
The majority of anonymous public proxies on the clearnet are governmental or commercial run enterprises aggregating data for similar reasons. Data is cheap, finding one good lead later on out of millions of users would be considered a good batting average. So stop thinking about interception of information in terms of "fishing" and start thinking "trawler". This is 2013, not 1950, mass surveillance is a here and now reality.
It is said by some that Wikileaks exploited Tor exit nodes and obtained millions of documents stolen by various hacker organizations, often working for nation states. This is a quite realistic threat since before that researchers obtained hundreds of emails and logins from diplomatic staff using Tor naively in the past (and if this is true then the US intelligence community ought to be thanking Wikileaks because the leaks must have surely made the stolen documents mostly worthless).
In short, we (not just SRians) are surrounded by spies, most of them electronic, working for a diverse range of interests. The only way to counter this is to use public key cryptography. If you depend on *any centralization*, you become a target. In fact it doesn't matter if the people who run Privnote are completely trustworthy. If you are any kind of aggregation, communications can be intercepted before they even arrive on the servers, you are said to be an information "watering hole", as in the place the giraffes and antelopes come to drink, and then there is the "watering hole attack", that's the lions/tigers or the Feds and the rest of the alphabet mafia. That is it, it is very simple. Fortunately the platypus and its other aquatic friends are impervious to such things since they are freshwater beasts that live near or in rivers, that is to say they are always using PGP encryption and cryptographic forms of trust only. Don't be a clunky wildebeest, become one of the sleek otter people instead.
tldr; Depending on any third party service without using *end to end* public key encryption is a total clusterfuck on general principals, Privnote is just one example.
--
I intended a while back to start a thread listing vendors stupid enough to be encouraging the use of Privnote for their customers. It's fine for the vendors, not so much the customers. Judging from this thread, I may have to revisit the concept of a witch hunt.
btw: Wadozo, although you're right JavaScript is a possible attack vector, Java is completely different to it, they only share the name in terms of similarity, nothing else. Java is infinitely more dangerous to use than JavaScript. The general point yourself and Fallkniven are making is spot on though.
-
Using PGP to encrypt a privnote URL is like hitching a mobile home to a nuclear submarine to drive down the road. That it does not work is but the start of your potential problems.
TL;DR lol Pine. That's ass backwards and stupid. Putting a PGP encrypted message in privnote. Not the other way around silly Pine. Even if privnote did store the data, it's all PGP encrypted.
-
I intended a while back to start a thread listing vendors stupid enough to be encouraging the use of Privnote for their customers. It's fine for the vendors, not so much the customers. Judging from this thread, I may have to revisit the concept of a witch hunt.
Lol @ this, "please don't use PGP."
No reship/refunds on this particular item.
We would prefer that you didn't use PGP to send your address for this particular item, but will accept it thus if you so choose.
-
Using PGP to encrypt a privnote URL is like hitching a mobile home to a nuclear submarine to drive down the road. That it does not work is but the start of your potential problems.
TL;DR lol Pine. That's ass backwards and stupid. Putting a PGP encrypted message in privnote. Not the other way around silly Pine. Even if privnote did store the data, it's all PGP encrypted.
Apart from the fact there's no point in doing this, you gave LE the ability to count orders per vendor so they can prioritize. and you just shifted the location of data storage from servers LE don't know the location of, to servers which they do, thus creating a centralized location to leverage an exploit [NEW! Privnote app for your Mobile!]. Order transaction participants [vendor, customer] pairs are kept hidden by SR, but since GPGTools encrypts using both the source and recipient's public keys, LE now have a source of information they didn't before. I can think of dozens of ways to exploit this kind of information. If you're using a third party with secure communications, it's on you to explain why you'd do such a thing.
People use Privnote because they are idiots. If they knew how to use it anonymously, they wouldn't be using it in the first place.
-
Okay. But privnote isn't used for only illegal things. It's a PGP encrypted message. No one would ever know what it was. Unless the vendor saved the message from privnote, then if the vendor gave their pass to LE, they have no messages of yours to read.
When I'm not on SR I still use privnote with PGP so the PGP messages are not logged on a chat or database depending on how I am transmitting my data.
-
My suspicion is that some vendors, unfortunately DO save addresses. I think 1 vendor even admitted to it here once and said it was to streamline his operations.
And also to keep track of fly-by-night scammer buyer accounts. That sucks though. I'm not cool with that at all.
Indeed. Many do. Some also have to transmit names and addresses over clearnet to their supplier because they are merely a middle man.
Yes if this is true please name and shame the vendor, If for any reason so nobody buys from them ever again, I would hate to think this was happening to my details.
-
Okay. But privnote isn't used for only illegal things. It's a PGP encrypted message. No one would ever know what it was. Unless the vendor saved the message from privnote, then if the vendor gave their pass to LE, they have no messages of yours to read.
When I'm not on SR I still use privnote with PGP so the PGP messages are not logged on a chat or database depending on how I am transmitting my data.
Pine may be woozy from the heat, but I don't think it's worth it.
Your intention is to prevent the recipient from storing PGP encrypted messages, fine. But there is nothing to stop them storing the plaintext, which seems a considerably worse option.
Most PGP users are not adept enough at this stage to pay attention to anonymizing their PGP encrypted messages to defy traffic analysis, so I think it is best to concentrate on having an encrypted channel with which to deliver the message. Instead of using Privnote, I'd use OTR messaging. https://en.wikipedia.org/wiki/Off-the-Record_Messaging -> with OTR messaging you can deny you sent any message and any intercepted messages would be inadmissible.
-
Okay. But privnote isn't used for only illegal things. It's a PGP encrypted message. No one would ever know what it was. Unless the vendor saved the message from privnote, then if the vendor gave their pass to LE, they have no messages of yours to read.
When I'm not on SR I still use privnote with PGP so the PGP messages are not logged on a chat or database depending on how I am transmitting my data.
Pine may be woozy from the heat, but I don't think it's worth it.
Your intention is to prevent the recipient from storing PGP encrypted messages, fine. But there is nothing to stop them storing the plaintext, which seems a considerably worse option.
Most PGP users are not adept enough at this stage to pay attention to anonymizing their PGP encrypted messages to defy traffic analysis, so I think it is best to concentrate on having an encrypted channel with which to deliver the message. Instead of using Privnote, I'd use OTR messaging. https://en.wikipedia.org/wiki/Off-the-Record_Messaging -> with OTR messaging you can deny you sent any message and any intercepted messages would be inadmissible.
I completely agree with pine about privnote, it can only be less safe than using SR, as I said before.
And I was wondering when you'd first start talk about OTR pine. It seems way better than PGP to me... There are also other forms of deniable encryption that just seem better than PGP. Why isn't anyone recommending them?
-
I completely agree with pine about privnote, it can only be less safe than using SR, as I said before.
And I was wondering when you'd first start talk about OTR pine. It seems way better than PGP to me... There are also other forms of deniable encryption that just seem better than PGP. Why isn't anyone recommending them?
It's partly because they often aren't easy to anonymize. Instant messaging that is encrypted is a particular problem due to timing attacks (the enemy can see a message appearing at point A and a reply from point B, and correlate the two to deanonymize the participants). Take BitMessage for example. If it works as planned, then it also provides some kind of deniability and some defense against timing attacks since you're not downloading a specific message for you. But it also has to be ideally anonymized such that nobody can detect the use of BitMessage using traffic analysis. This is because since relatively few people are using it, there is a lack of anonymity. Tor suffers from a less severe version of the same problem, but most geeks also have dozens of ways around that to prevent detection of Tor traffic e.g. bridges, obfuscation proxies, steganography.
PGP, used correctly, can be anonymous. It is similar to how Bitcoin is assumed to be anonymous.
-> edit the gpg.conf file to remove PGP key id for sender and recipient with either hidden-encrypt-to or throw-key-ids
-> edit the gpg.conf file to remove software version and operating system information
-> use public keys that use standard encryption algorithms like RSA and standard sizes like 2048 or 4096 bit. Stay in middle of crowd.
-> use separate nyms and separate public keys (with same nyms i.e. public key, nym pairs that are different) for the forums and SR
If you analyze one of Pine's encrypted messages using the gpg -v flag, there is only 1 linkable piece of information, which is my name. If I was posting an encrypted message using a different account nym there would be no way to tell it was me.
On the other hand if you used the same public key for work as you for SR, then you really are fucked. The Feds will extract the GPG key ID from any one of your messages at work and pair it up with any of your encrypted messages on SR. It's similar to letting them know you post on the Bitcoin Talk forums as well as on SR, they can use your writing style to deanonymize you unless you've been using Tor all along on that forum too.
So, as much as I like PGP, I do not like people treating it as a magic bullet like yourself Tree.
Edit: The above sentence was badly configured, I meant to say "Like yourself Tree, I do not like people treating it as a magic bullet".
The other not-so-insignificant reason for lack of adoption of other encryption technology is simply that people haven't heard of them. The Tor Project people have Tor Project evangelists going around the place for a reason. This is probably the bigger reason even if I haven't dedicated as much text to it.
-
So, as much as I like PGP, I do not like people treating it as a magic bullet like yourself Tree.
Edit: The above sentence was badly configured, I meant to say "Like yourself Tree, I do not like people treating it as a magic bullet".
That edit did change a lot of the meaning! If you don't have a public key yourself, the PGP message you send to people don't have any information linkable to you right? And how do you edit the gpg.conf in gpg4usb? There isn't much to change in the gpg.conf of gpg4usb... Only one option
-
does not matter if PGP encrypted, privnote or plain text. As SOON as I mark that order in transit, your address is deleted off of SR forever, it is impossible to recover
As Jack noted, this is flat out BS. I messaged a vendor yesterday about an order that shows as being in transit and he asked me for my name so he could check and see if it actually already shipped! WTF? Oh, maybe he just kept my name and trashed the address? I doubt it.
-
No squirell, you understood it wrong. This is (kind of) common.. A new vendor also asked me for my name to give me the tracking number, of course I started getting paranoid but it turns out he had it in memory. It seemed obvious he wasn't aware of the automated deletion (maybe he should've read the wiki ::) ). The order arrived with no probs afterwards. But yeah, addresses are deleted off of silkroad after it's marked in transit, or at least not made available to vendors. PGP makes sense in case they don't actually delete it, or don't securely wipe it, in case SR servers are seized or someone somehow intercept the communication between you and SR (I don't think it's very plausible).
-
Encrypting your personal information is just common sense. Those who don't are either lazy, complacent or don't understand the potential consequences of their actions if they were ever arrested. Everyone should be MINIMIZING their risks when using SR. Sending any information as plain text is at a higher risk of being read by anyone who has access to it compared with sending it encrypted. Why take the added risk of your info. being seen should something happen which is out of your control. We can't predict what will happen in the future, but we can do all in our power to protect our sensitive information from being seen by the Authorities/Hackers should something go down.