Silk Road forums
Discussion => Security => Topic started by: sWEED on September 11, 2012, 08:21 pm
-
What do you guys think about PM's. how safe is plain text? what makes it not safe. and how long do you hold onto address? i guess right after they finalize? any help would be great. thanks.
-
<removed>
-
thanks for that. i read it all just wanted some other opinions
-
Encrypting addresses is probably the single most important thing for customers to do in order to increase their security, considering that Tor is already a requirement.
-
If your sending a message like "man it's sunny out today" I wouldn't worry about encrypting it, but if you PM is something like "Remember when I ordered that kilo of MDMA and 1000 pills, you told me you were gonna send my cram of Xtal LSD along with it to my address in Bumsville, Idaho. I got the Molly, but couldn't find the xtal in the pack. are you sure you sent it? If you resend it, can you address it to my grandmother this time, her name is edna smith, and she lives in the retirement home four houses down from me on the left, so it shouldn't raise any flags" I would encrypt that one, because I don't mind hearing how it was sunny one september afternoon while sitting in a defendants chair after the SR server is compromised, but Fuck I dont want that other message read to a jury of my peers.
And the only plaintext address you should have stored is the one printed on the envelope, and you should ditch that copy into a blue box (don't shred it though as you might find yourself going through a resolution for shredded product)
-
It is a bit of a balance though between keeping LE in the dark about whats important and wasting vendors time. I know it isn't much time, and is pretty seamless, but I bet some vendors have inboxes that are overflowing already, and when you add ~30 seconds (high estimate) to each message, the sunny day message being encrypted might just cheese the guy off, but anything that deals with drug transactions i.e. asking about delivery, or special prices, or reagent test results, etc, I 100% agree that even though it isn't the smoking gun of a trial, it builds circumstantial evidence about interest in...
on a side note, I would like to see ene or joots defense attorney ask an investigator to read cyphertext messages out loud during their trial to ask "where in this message does it reference the sale of a scheduled substance. Not on topic at all, but it makes wretched smile thinking about a DEA agent sounding this out on the stand
-----BEGIN PGP MESSAGE-----
Version: GnuPG v1.4.10 (GNU/Linux)
hQIMAwAAAAAAAAAAAQ//QPHZI9zzefDmEpkCm+6addZ2Sazon0Vakprro7FFGtWc
gWaBMloohLyUj82KUwogcgNvP8q4QlAw5duvLNexnJcSxhHeIyZUim6MB1hzQMIj
3eGvnLCYtgfGNIPPdkbfQyVFfQnTldMpmpyIBmmWvus34xeCLaWiv0cHY0BkAN7S
sPXTdp+S5fcqJE4Zp3z0O2FXcFGaEXk0SJUDB0TxDkTwZZ5EtJXLcZ69LmQK0aHY
XJTTYTJ/Mil1RY5jwrWmni2NqazC+9wU1wd9nbc4BOFZn5Fps5ZlrkHjSmBi+QGs
W83iOR0Hsgif1Lj3EQyqpvMX0OjFNQGmBYWiaOB4q2ZAEs7o45rBCu6dyJyP2gRX
Akn1NcR+wFmsGMvHETeJWjlpfS5+Ew3TB9FsGR3YUIzq3QocCObIOuTmHhxOREfI
ymAY9Y1muwSAPbeoEpaYWQvs1HnPbE7Gh7ryxJW6ofhR76UCNRiHko+c7BfDpzOP
kEq7fDxhv6NixZkHy7bKGINjSIiJwtK3nbkgcRPV3vVBunxZjJIAJRB4RDt6S6c4
imxxi5bGtBu556DHgsBawhM02TkukvjhlN21bVq4Dse7SmViza5Zehd1EAh2sqAf
a0MMKFCuurxNCaaDkmnfBkbs2mb0Llio7UuJSfXP5gRXsa0/OrDUWBo1PDBH/N/S
nQEBJJxpsmDoSrdZeOERCIEQzYPAkLy432JrelFancRQiSNf3XqahUsPggF6EIcd
TiR17yy7BwqYeQg1hj3BZg3t7ve4Ylu9497QDaDLSj0GxOvbQjHNovpNQv2jrYY5
nsZzAQofqFGdP1tbIELj/kacHC4xU636mQV+Z+CvDqsTIjCqXOEnOfdGrvyfHdxt
CQuzxrttNF2lAtwR/Gk=
=hwKv
-----END PGP MESSAGE-----
-
I used to encrypt ALL of my PM's until reputable (but busy) vendors started ignoring the encoded messages. Now all I encrypt is the address. Yes it's not as safe and I would prefer to encrypt everything especially when discussing business, but if vendors won't take the time to read them, then I'm just wasting my time on SR...
-
I would tolerate a vendor who only wanted me to encrypt my address and leave everything else plaintext, even though it is preferable to encrypt as much as can be. On the other hand, I would tell a vendor who wants me to send my address in plaintext that they are out a customer.
-
yea i guess there is a fine line between speed and time. maybe if i have repeat customers we can use pgp for everything. will just have to play this by ear.
one question though. say worst case SR is seized. can they read deleted messages? so if i keep my inbox and sent PM clean out will that erase the evidence?
also same question with BTC if i have any money on the SR will i lose those BTC?