Well... let's see if a little logic can help us out here... So we have several possibilities:1) DPR is still DPR.2) DPR is not DPR, because...2a) DPR is now Leo2b) DPR is now whoever the prior DPR handed the name off to2c) DPR was forcibly replaced because of the high income that requires zero work, basicallySo in what circumstances are these possible, and what actions do they necessitate on our parts:1) I have no idea. If he was as clueless when he tried to start this place as he has been the past month or two about basic security practices, I simply cannot imagine it ever working. To even know enough to trust a hidden Tor service to keep you hidden (or to even know they fucking existed), the man would need to know more than he's exhibited in the past month or two. Conclusion: I don't think this is possible. This is my personal opinion. If I've forgotten some critical piece of evidence, by all means, speak up. But I don't think I have. Solution: there isn't one. The old DPR did a great job. The new one can't even be bothered to answer a question here and there let alone do anything useful. The end.2a) The government has enormous resources. And contrary to what a number of people around here seem to think, there are a great many geniuses who play for their side. It wouldn't surprise me if they found a way to track down the server and just staked it out until somebody walked up to it. Conclusion: possible, but unlikely. Occam's razor would suggest that linguistic forensics and profiling identified him, but really, it doesn't matter. We all agree -- there's lots of ways Leo could be running the site. Solution (buyers): do not order from anyone who uses a PGP key with less than 2048 bits. And for God's sake, don't ever send your address to the site unencrypted. My favorite vendor uses a 1024 bit DSA for his primary key (DSA cannot encrypt, it can only sign) and a 512 bit ElGamal subkey (which is what's used if you encrypt with his public key). This means I can no longer order from him. Fuck. I suggest you all take a quick look at your own vendors and decide if you want to risk it or not. Once you make that decision, it's business as usual. Solution (sellers): use better fucking keys God damn it; 2048 bits minimum. Use a DSA/RSA or RSA/RSA primary key/subkey combination. Again, DSA cannot encrypt, it can only sign. Whichever of your keys CAN encrypt is what's used to do so, so if your subkey is 512 bits and it's used to encrypt, our "encryption" of our addresses is virtually useless. Bad for us, bad for our freedom, therefore bad for your profits. This needs to be fixed if your key is broken. Then it's business as usual.2b) the replacement was not properly vetted. Conclusion: he's not competent to protect himself let alone anyone else. Solution: Act according to 2a, the situation is no different. If he can see your address, consider it a threat (whether out of maliciousness or ignorance doesn't change the fact that in both cases, it's a threat). After that, though, it's -- yet again -- business as usual.2c) DPR deserved better, but maybe he let it slip one night in a bar to the wrong guy. Who knows. Conclusion: The new replacement is incompetent. Solution: see 2a. Then business as usual.... see what I'm getting at here? Expand your precautions if you aren't acting according to 2a. It's a small hassle that's well worth it. You're investing in your own continued freedom. This is dangerous business we all conduct every single day here. It gets comfortable, we laugh about it, but they're trying -- right this second -- to stop all of us from laughing for many, many years to come. They are out to get me. They are out to get you. And yes, they're working together. You are not paranoid. Protect yourself. No one else will.And then... as far as I'm concerned, it's business as usual. Critiques?