Silk Road forums
Discussion => Security => Topic started by: pitbully2000 on June 15, 2013, 06:55 am
-
I feel so stupid, was considering not even posting this question, but I have NEVER done that in my 6 months on the road, vendor hasn't read my messages yet, I'm kinda freaked..dealt with this vendor before, very cool, but exactly what did I COMPROMISE?
really sweatin this...
any ideas?
~PB2k
-
Apparently I forgot how to spell as well...lol
-
just learn from your mistakes and make sure you use pgp before completing an order
-
Activate the self destruct button
:P
-
Youll be ok dude.. Just dont make it a habit of not using PGP
-
I feel so stupid, was considering not even posting this question, but I have NEVER done that in my 6 months on the road, vendor hasn't read my messages yet, I'm kinda freaked..dealt with this vendor before, very cool, but exactly what did I COMPROMISE?
really sweatin this...
any ideas?
~PB2k
Many people have done that mistake the first time (myself included). Luckily SR already prevents outsiders to look at that info, so you are still fine, but encrypting is a must because SR can become corrupted or the vendor account can etc. etc.
So learn from this mistake and simply remember to encrypt your info next time. You cannot have too much security on your part.
-
1. Relax.
2. PGP provides a higher level of encryption over TOR. It further provides securities for vendors/consumers by preventing man in the middle attacks, occurring at TOR exit nodes. This requires a certain level of sophistication to capture, rehash, and then decipher your message(s). PGP adds another degree of encryption for this reason. Furthermore, with exaflop and petaflop computers available to every government (with the right price), TOR is really just a tight string and a few tin cups.
3. Order Prep Routine. When I am going to order something, I put in my cart, and visit the respective Vendor Page and study their recommendations. Some vendors have specific rules to follow. Then I use their public key, etc. PGP is by no means an absolute for vendors to process your order, but it makes this whole charade more secure to low-level investigations--investigative journalism, local LE, some FBI cases, etc.
4. Relax. Go over your exit strategy for when you are facing disaster. Delete. Deny. Deport. (Deport is optional, of course. It depends of you're going to go all Aaron Schwartz or not.)
Good Luck.
-
Ok,
thanks all...I was in panic mode lol
I've worked with vendor before, and he STILL hasn't read the message(s) I left.
Can't BELIEVE I did that...shouldn't SR implement some form of check system to assure that buyers/vendor is using some form of encryption?
I was an easy slip.
Thanks for making me feel better about it, i will take MUCH more care in the future.."learn from your mistakes"...SOLID ADVICE!
I've always believed the smart man learns from his mistakes, the WISE man learns from everyone ealses...still I was trying to hit the "back" button the second I sent it..total lapse of concentration...wasnt even stoned LOL
~PB2k
I like this community, lots of nice people here :)
-
LOL..I did that one time by accident just like you....I immediately contacted vendor to put in transit so I could finalize to get out of system an gave different addy. Im not paranoid just cautious. LOL 8)
-
BURN EVERYTHING!!!!!!!!!! :o
j/k
I've done it before.
-
2. PGP provides a higher level of encryption over TOR. It further provides securities for vendors/consumers by preventing man in the middle attacks, occurring at TOR exit nodes. This requires a certain level of sophistication to capture, rehash, and then decipher your message(s). PGP adds another degree of encryption for this reason. Furthermore, with exaflop and petaflop computers available to every government (with the right price), TOR is really just a tight string and a few tin cups.
I'm sorry, I really find it awkward to correct people, but this... is not correct. There are no exit nodes involved with Silk Road traffic. It's a Tor hidden service, the data never leaves the Tor network (which happens at exit nodes).
-
2. PGP provides a higher level of encryption over TOR. It further provides securities for vendors/consumers by preventing man in the middle attacks, occurring at TOR exit nodes. This requires a certain level of sophistication to capture, rehash, and then decipher your message(s). PGP adds another degree of encryption for this reason. Furthermore, with exaflop and petaflop computers available to every government (with the right price), TOR is really just a tight string and a few tin cups.
I'm sorry, I really find it awkward to correct people, but this... is not correct. There are no exit nodes involved with Silk Road traffic. It's a Tor hidden service, the data never leaves the Tor network (which happens at exit nodes).
Ah yes, thank you for the correction. Onion traffic is not designed to leave at exit nodes. Exit nodes are for connecting https and http addresses... "clearnet" links like http://www.cryptome.org
Thanks for error checking!
-
Unless the SR server is compromised before the vendor marks the order In Transit, you have nothing to worry about. The chances of that happening are extremely small.
The way I look at encrypting my address, it's like wearing a seat belt. The chances of being in a car accident in the next week or month or even year are pretty slim, but wearing a seat belt costs me nothing, and it could be extremely important in the unlikely event that I am in a car accident. So I wear a seat belt every time.
Same with PGP. It costs you almost nothing -- ok, about 30 seconds of your time -- but in the unlikely event that the SR server is compromised, they will probably go after the low hanging fruit, the people with plaintext addresses on the server. Might as well encrypt.
There are actually more dangerous aspects of this. Some vendors will send you a tracking code by SR message. That code has your address, of course, which completely nullifies encrypting it at the time of making the purchase. Further, the address is deleted from the SR server after the order is marked In Transit, so it is kept for only a day or two, but messages are stored for months after they are deleted. That's a big liability, especially for big orders that LE would be interested in. If a vendor sends tracking codes, you should instruct them not to do that, or to encrypt the codes with your public key.
-
Unless the SR server is compromised before the vendor marks the order In Transit, you have nothing to worry about. The chances of that happening are extremely small.
The way I look at encrypting my address, it's like wearing a seat belt. The chances of being in a car accident in the next week or month or even year are pretty slim, but wearing a seat belt costs me nothing, and it could be extremely important in the unlikely event that I am in a car accident. So I wear a seat belt every time.
Same with PGP. It costs you almost nothing -- ok, about 30 seconds of your time -- but in the unlikely event that the SR server is compromised, they will probably go after the low hanging fruit, the people with plaintext addresses on the server. Might as well encrypt.
There are actually more dangerous aspects of this. Some vendors will send you a tracking code by SR message. That code has your address, of course, which completely nullifies encrypting it at the time of making the purchase. Further, the address is deleted from the SR server after the order is marked In Transit, so it is kept for only a day or two, but messages are stored for months after they are deleted. That's a big liability, especially for big orders that LE would be interested in. If a vendor sends tracking codes, you should instruct them not to do that, or to encrypt the codes with your public key.
^^^THIS^^^ Nicely done with the seat belt analogy!
-
There are actually more dangerous aspects of this. Some vendors will send you a tracking code by SR message. That code has your address, of course, which completely nullifies encrypting it at the time of making the purchase. Further, the address is deleted from the SR server after the order is marked In Transit, so it is kept for only a day or two, but messages are stored for months after they are deleted. That's a big liability, especially for big orders that LE would be interested in. If a vendor sends tracking codes, you should instruct them not to do that, or to encrypt the codes with your public key.
WOW astor I have never even thought of this!!!!! you have a very very goood point there!!!! and that practice happens frequently infact I always am happy and hope that the vendor sends me a tracking # in a message!!!
I am definatly going to start asking for it to be encrypted ! thanks so much astor Im glad I read this (+1 ;D)
I think this point needs to be made loud and clear because this is something that is for sure over looked and a big flaw or back door to all these encryption efforts
-
I feel so stupid, was considering not even posting this question, but I have NEVER done that in my 6 months on the road, vendor hasn't read my messages yet, I'm kinda freaked..dealt with this vendor before, very cool, but exactly what did I COMPROMISE?
really sweatin this...
any ideas?
~PB2k
Buy some cyanide and keep it in a capsule. if you get caught up w a life sentence worth of drugs then chew that shit up!