Don't get too excited, this isn't the vendor audit or backup project (just yet). However, 3 issues on my mind which are really bugging me that we can all improve on.1: The use of mixersMixers are a good way of obfuscating bitcoin paths, they aren't perfect, but they do a good enough job for most people when used properly. However, the unfortunate truth is bitcoinfog has 1 error I have for a long time now suggested they correct because it leads to seriously misplaced confidence. Vendors often use bitcoinfog in their own username, go try it and create an account in your favourite vendors username and see if you can, even I have one although I don't think I've ever used it. Now, let's say the NSA can get into Bitcoinfog, with or without their knowledge, and associate the flow of coins through it. The blockchain won't help them, but internal server records will show which withdrawal matches which incoming deposit and therefore you are traceable.DO NOT use the same account for more than 1 deposit/withdrawal! Always make a new account for every withdrawal. Vendors I am aware of the auto-withdraw option, disable it and then just withdraw once a day or once every few days. 2. Tracking codesDON'T ever under any circumstances send a client their tracking code in plaintext. Use PGP or privnote if you need to. SR retains copies of mails for months after we delete them so if SR is compromised, you're in a world of trouble. Take this into account, in the UK the post office keeps footage of CCTV for 30 days, after than it is sent to HQ for storage for 5 years. A lot of tracking numbers means you are easy pickings so don't send them plaintext, you are endangering yourself and your clients.3. SilkRoad's mail retention policyOk, you need information to resolve matters, but tell me, what exactly do you need 6 months down the line from now? This goes hand in hand with the tracking code problem. If both buyer and sender press delete, remove it from the server as it is sending a clear message they don't want to keep it. Although it is good practice to encrypt sensitive info, several months worth of mails is still a very good tool to acquire writing style, small bits of data gathering over long periods of time etc. I see no reason SR keeps mail this long, or order history. Give us the ability to control our own data retention and if we delete it and we want something investigated we deleted, it's our own fault.That's all for now. Back in 24 hours with something cool for you all ;)