Dear all, Many of you know in recent days I have been crawling SilkRoad as well as having several other key users (SelfSovereignty, astor etc) work with me to extract and analyse the data we managed to crawl. Remember we have access to no special tools, powerful machines or data scraping specialists, just what skills we possess and basic .html downloads from the marketplace.Having analysed all of the pages now, we have found disturbing results. Here are just some of the problems we uncovered and the tag [FIXED] indicates this particular case/problem has now been addressed as I would not be comfortable posting it until it had.1. Vendors using their real e-mail address on clearnet e-mail hosts, some of which dating back to 2003 which kind of prove they are their personal accounts, many with names or specific years in them indicating personal details. These e-mails are registered on some other public services and I have found 9 of you on Facebook so far. Those who have been found know who they are and I hope you realise the danger you're in when I send you your profile picture and mention where you live, your telephone number, family etc. All of the Facebook ones have been corrected now, but not all clearnet PGP keys have been fixed.2. Buyers posting their tracking numbers in their feedback. Big no-no especially when it is still en-route to you! Somebody in particular posted their tracking number in public for a delivery from the US to Australia and when I seen it the feedback was 3 hours ago who had FE'd so it was obviously still days or weeks from arriving. Don't ever post this publicly. [FIXED]3. A case where a vendor stated where about in the country he was posting from. I searched the suburb of the city he named and in that suburb, it has a population of 1,000-1,200 in a small city. Don't make it so easy for law enforcement to profile you. [FIXED]4. Weak PGP keys seem to be in use everywhere. Don't use them! Anything below 512-bit keys are not futureproof. 1024 bit [Read end annotation] is the established standard, use that or greater to ensure your security and everyone else who messages you. My key is 4096-bit. Paranoia is probably a good way to describe that, but I am one of the highest value targets on SilkRoad along with some of the larger vendors and SilkRoad staff so I am not taking risks with the safety of myself or fellow users.[NOTICE OF CORRECTION] - The more knowledgeable members have agreed my assumption that 1024 bit keys are an established standard was too mild as these are not future-proof. Therefore, my recommendation has changed for all users to use a key which is at least 2048 bits and of course I'd still recommend everybody uses 4096 bit if they are given the oppotunity to use it as I personally do. Remember astor has posted a very helpful and easy to use guide for those wanting to learn PGP or find an easier to use program which is a bit more straightforward to use (you can find it at http://32yehzkk7jflf6r2.onion/gpg4usb/).5. A vendor publicly maintaining a blacklist and published a postcode/ZIP code of the user next to their username. Seriously? [FIXED]6. A buyer was kind enough to post a photo of the product with a reagent test. However, the file still contained meta-data on the camera type, time/date of the photo being taken and info like that although no GPS data. In addition, there was a small reflection of a face in the photo but it was very vague and many identifiable house features and property in the photo such as car keys (indicating model/brand), a local newspaper, cigarette packet and several magazines which on research, are paid subscriptions to your door and indicate very clearly what line of work they were in, with no obvious method of payment other than by card. [FIXED]7. Vendor posting they will be on vacation going to a particular city between specific dates. The city was not a huge tourist destination so I can't imagine it being more than 1 or 2 flights a day from the country mentioned. Don't get profiled so easily! [FIXED]8. A buyer who linked to their forum review message in the description and in their signature, a link to their Facebook account. This needs no further explanation. [FIXED]These are only some of the things I have found in the past few days and I have no doubt there will be more I haven't spotted or have happened in the past. Remember I am not the only person crawling SilkRoad and with another 5 things I could add to the above list, this is not a threat avoided at all, some users here are still in serious danger of being identified as the worst of them all is not published in the above, but so you know, it took ~6 seconds for me to find who this person was and his full house address and telephone number.I was going to publish this information in a weeks time but tonight I learned some very sobering bits of information which I cannot discuss and have been sent directly to DPR for his eyes only, or as he replied, "intel". SilkRoad has enemies who are the enemies of freedom and privacy and if we are to overcome the threats to our freedom we have to be responsible and take precautions to avoid landing ourselves in prison.Vendors - you are some of the worst offenders in the above list. In point 1 where I talk of being able to personally identify you through your Facebook, 4 of those were vendors, 1 of them was a top 3% vendor and I am amazed how you haven't been caught yet. This is not only compromising your own security, but all of your customers and with some of them having 300+ sales, it is not a minor issue, especially seeing as I can imagine at least 1 or 2 of them keeping customer addresses as that seems to go hand in hand with poor awareness.SILKROAD - GET YOUR ACT TOGETHER. This isn't a game, this is a struggle and we will not prevail when many of you are almost offering yourselves up as bait! I hope this warning is heeded before more people are caught in expressing their freedom.Your loyal servant,StExoNB: Signature removed, formatting is messing up the post for some reason.Edited 05/06/13: I have added a note of correction to point 4 as some of my knowledgeable colleagues have pointed out my recommendation to use a 1024 bit key was too mild, so my recommendation has changed to 2048 bit keys instead so many thanks to those who have highlighted this to me. If anyone needs help making a new PGP key, wanting to learn how to use PGP or simply find an easy to use program which offers the same security benefits as GnuPG but is much more user-friendly, try Astor's PGP guide here: http://32yehzkk7jflf6r2.onion/gpg4usb/