Silk Road forums
Discussion => Security => Topic started by: flipside on March 27, 2012, 06:32 am
-
Mods: Wasn't sure if this belonged here or in 'Security'. Feel free to move if necessary. :)
------------------
Greeting's fellow Roader's!
As some of you may know, we are a new vendor here on SR. We have however been in business, online and otherwise, for nearly 20 years.
We have a question we would like to pose to veteran vendors here on the Road.
Our policy has always been to use GPG with (these days) Tormail. We also assign a unique GPG key and contact email to each new potential customer. We feel this increases security for everyone involved for many reasons, all of which are explained extensively in many of our vendor threads, as well as our "Welcome" email.
We take customer safety "very" seriously, and prefer to only accept shipping details via encrypted email. Yet we have now, of course, received our first direct order from one of our public listings, including the buyers shipping address. This is obviously in complete contrast to how we normally accept a customers personal shipping details.
We feel sharing personal info only with a trusted, knowledgeable, and competent vendor, using GPG encrypted email is the safest way to share one's personal information (and potentially protect your own freedom!). Correct us if we are wrong, but here on SR, a buyer's personal information is being stored on a server being actively pursued by multiple federal (and possibly international) law enforcement agencies?
I guess we are more curious about the encryption methods SR uses to protect a buyers personal information from this threat, because it was 'very' easy for us to obtain it. See what we mean? Being as we are new to the 'SR method' of doing business (which with the public listings and all is more similar to eBay than anything else), this is our dilemma. We feel posting feedback and product offers openly and publicly needlessly increases public exposure for both vendors and buyers alike.
Rest assured we are "well" aware of the protections a TOR-based market-site like SR 'can' provide. That is why we even considered doing business here in the first place. I suppose we might just be from another era when transactions were done in a more private manner. That is why we would appreciate any veteran SR vendor input.
We have been pondering this new method of doing business, and at this point, we could of course just ship their order without any further information being revealed, on our part at least, and everything would most likely go smoothly. And it is also our understanding a buyers shipping info is deleted from the SR server shortly after shipping has been "confirmed", correct?
We can start to see some of the reasoning now, but we still have our concerns about customer safety, as well as our own. Even if using GPG on SR, our communications would still be "out of our hands" if placed on the (actively pursued) SR server(s). As opposed to being downloaded via POP, therefore being deleted eternally from the Tormail server, and then encrypted and hidden on the portable medium of our choice, where ever we may choose. And all at our own discretion.
See the difference?
Does anyone have any thoughts on this matter? Any insight into the encryption methods SR employs vs. using GPG with Tormail?
We are anything but "Newbies" and post this truly only out of sincere concern. We appreciate any comments anyone in the community might have.
Thank you.
The Flipside Crew
-
Is the SR server being actively pursued by various LEOs? Nobody knows for certain, but you'd be foolish to think that they aren't, and you should act accordingly. IMHO, this means that you should not conduct any business in cleartext. If a buyer places an order and does not use GPG to encrypt his information, reject it. I know that means turning down what is quite probably legitimate business, but personally, I think it would be good practice for all vendors to require the use of GPG and to use it 100% of the time. When you're sending the DCN (if you use them) back to the buyer once his order has shipped, encrypt that message with GPG. No cleartext. Ever.
As to SR's current security practices ... I don't have any knowledge of that, so I can't comment ,.. but it's just common sense, I think, to adopt a policy of taking as much responsibility for your own security as possible. Encrypt everything, all the time, no exceptions, and you don't really have much to worry about. You're not 100% in the clear due to the possibility of timing attacks and deanonymization of Tor users and all of that sort of thing, but in the event that the SR server gets pwned and whatever security measures are in place on the site get broken, your ass is still covered.
-
You make a new key and email account for every customer? Lol how do you keep track of it all.
I wouldn't trust a vendor with hundreds of different GPG keys, how could you ever know it was really them and not somebody posing as them.
SR claims to wipe the buyer data, and store it mcrypt in the database though that isn't bulletproof by any means. Doesn't mean your buyer's can't encrypt their info first, then paste it into the shipping address text field when they order (some do). Also you have no guarantee that tormail isn't some sort of intelligence gathering honeypot, just because you delete emails there who knows what really happens to them.
Actually I speculated wtih php/mcrypt, I assume that's what they are doing but for obvious reasons they don't give out a lot of info on the opsec here
-
You make a new key and email account for every customer? Lol how do you keep track of it all.
I wouldn't trust a vendor with hundreds of different GPG keys, how could you ever know it was really them and not somebody posing as them.
SR claims to wipe the buyer data, and store it mcrypt in the database though that isn't bulletproof by any means. Doesn't mean your buyer's can't encrypt their info first, then paste it into the shipping address text field when they order (some do). Also you have no guarantee that tormail isn't some sort of intelligence gathering honeypot, just because you delete emails there who knows what really happens to them.
Actually I speculated wtih php/mcrypt, I assume that's what they are doing but for obvious reasons they don't give out a lot of info on the opsec here
We apologize ahead of time for the long response, but we feel this stuff really matters.
mdmamail:
Yes. It indeed takes more effort on our behalf to set up and manage multiple customer accounts/keys, but we feel the potential benefits make the extra effort on our behalf more than worthwhile for everyone involved. For the most part (we have added a few of our own unique touches), it is a system myself and a tight-knit group of long-standing and very successful vendors have developed over the years. Many of the policies were designed to directly address some "very" serious problems we have encountered time from "real-world" experience. For example, it allows us to immediately drop anyone we feel may be aiding or abetting law enforcement, or any one who might attempt to extort us. This way, we can drop them without the risk of them spamming/hacking/attacking any publicly displayed 'primary' email account or spreading our email or public key around with malicious intentions, or even spreading a fake public key around to possibly attempt a MITM, in an attempt to attack, discredit, or possibly even arrest us.
One benefit of this policy is that it pretty much eliminates the possibility MITM attacks happening in the first place. And a MITM is one of the most likely ways an adversary might attempt to imitate a vendor, for whatever wacked out [or legal] reason they may have. Therefore, following our protocol significantly reduces the chances that our customers would even "ever" have to worry much about such a thing in the first place. If anything, designating individual keys makes a buyer MORE certain they are actually communicating with the actual vendor, as the unique public key/sig assigned to each customer is known only between the buyer and vendor. And again, by eliminating (or at least "significantly" reducing) the possibility of MITM attacks, you shouldn't have to worry about that issue anyways.
I agree there could always be the question as to the legitimacy of Tormail (and I'd be curious if anyone has any actual insight into this matter?), but the same can be said for SR too, or "any" website/email provider for that matter. We ultimately intend to have our own Tor hidden-mailserver (another great policy a few other vendors we know have adopted), eliminating the legitimacy concerns altogether, and giving one MUCH more control over monitoring any suspicious activity, potential intrusions, ect. into your email system. "if" you know what you are doing.
As all our messages are GPG encrypted, if any of our Tormail accounts were ever compromised (not likely), they'd still just be stuck with GPGiberish, and have ZERO leads to ANY other customer accounts, a concept that many of our potential new customers have expressed appreciation for. In "opposite-land", if a single "primary" email account/public key were to be compromised (by any number of methods, both online and otherwise), it could 'theoretically' compromise the accounts and emails of ALL other customers in the vendors inbox or contact list. Email hacks happen all the time. Using the methods we do, I would "personally" feel 100% confidant leaving ALL of my GPG encrypted emails on the Tormail server til the day I die, and it would still not concern me. Whether I would do the same on the SR server, I cannot say, as I am not familiar with the encryption methods they use. But simply for the reason that the SR server is a prime target for LE, I still highly doubt I would.
Trying to find our individual customer accounts or emails (although encrypted) on the Tormail server (if they could even legally seize it, let alone find it/them) would be like finding GPG encrypted needles in a Tor-flavored haystack of randomly generated email addresses. And even if they found just one, it would be "completely" useless without the corresponding GPG keys. I don't think we will ever be 'that' important for them to bother looking for even ONE of those needles. Especially if they read our threads and understand the security methods we use. There are quite simply FAR much easier targets out there for them, with far greater rewards. We retail. We don't sell in bulk. Yet we intend to limit our online presence as much as possible for this very reason regardless. However, we of course still (must) assume, at ALL times, that everyone we speak with could 'potentially' be LE. And act accordingly. As I'm sure most vendors here do (or should).
The only way customer keys could become compromised was if they located the (at least) 2 flash drives (stored separately) that MUST be used together to access "any" sort of useful information that could be potentially be used against us or our customers. And the chances of 'anyone' finding them are near ZERO. Plus they'd have to make us give up the passwords to both of our "hidden" TC volumes. And we KNOW how to drraaaggggggg...it...on....ya know? And if we were ever in "that" position in the first place, I'm pretty certain we would have a whole other, MUCH more serious set of problems on our hands anyways. Which is why we take as many extra precautions as we feel necessary to make sure this situation NEVER happens in the first place. We have spent time in jail before. And have no intention of ever going back. This is also why we do our best to separate nearly every aspect of our operation, over multiple states, with duties split among a competent team of trusted, long-time friends, 'family', and partners.
But legitimacy is indeed a very real concern, especially when considering the DZF issue, where it is my understanding that DZF (a drug-vending website like SR [minus the Tor] for those who dont know) was actually set-up by feds, eventually ending in multiple vendor and buyer busts. And compared to Tormail, a place like SR is FAR more vulnerable to "cyber-infiltration". Unfortunately, sometimes, "money talks". And the gov has no shortage of cash. Or psyops. That is but only one way they could infiltrate of course. Again we are just placing trust here in DPR and his selection of Mods (who for the most part definitely seem highly intelligent, more than qualified, and most importantly, loyal, "true believers"). One can still however never entirely rule out this possibility. Ever. It has happened before.
The SR security protocols seem great as far as i am able to tell so far. Tor alone makes is far superior to other similar site from the past, but I'd really like to know more details about the encryption SR uses for say, the SR PM system. Specifically when buyers choose to openly send their shipping address when placing an order thru a public listing. This is ultimately my primary concern with this thread. And of course we now have multiple orders placed in this manner with ZERO communication from the buyer beforehand. It's just a different method of doing business and exchanging personal information from what we are used to I suppose. And we'll just ship the orders I guess. It's just the security of the buyers personal info that truly concerns us at this point.
As I mentioned, much of our business/security model was developed based on years of "real-world" experience. Many here seem confused and at times even frustrated about it. We realize it can seem confusing at first. Just like GPG was for all of us when we first attempted to use it. But once we began to understand GPG, we realized the essential benefits it can provide for one's security. This is also how we feel about some of the methods we employ. Perhaps just let it's merit prove themselves over time? No one is making anyone email us. Yet over 50 members in the last week alone have agreed with our opinions and protocols, and have since gone on to become potential valued customers. Positive feedback should start rolling in over the next week or so as customers begin to receive their first samples and orders. So time will tell. I just really didn't want to dig up some other thread to say this part.
Also, just to clarify, we consider our methods mearly an "enhancement" to the security protocols that SR already employes, not a 100% secure system in and of it's own. Although we know many successful vendors who do use these methods alone in that manner, choosing to use public wi-fi over Tor, ect. And who can argue against using a few additional time-tested, proven, (completely optional) security precautions? We feel unless we can fully understand the details of the security and encryption SR uses to protect buyer and vendor security alike, we feel it is best to "compliment" SR's security with our own for now. Nothing wrong with that. We feel. :)
It is primarily the fact that some buyers are posting their shipping info without using GPG on the SR server that concerns us. A few of our customers so far have chosen themselves to "only provide us their shipping details via GPG/Tormail, which is what we recommend. But I suppose if a buyer chooses to purchase a listing from us, and post their address at their own discretion, there is no real threat on our end, so we will just ship them for now. I guess it's to each his own. And I suppose it ultimately just boils down to the fact that there's more than one way to safely play this game.
But thank you all for your advice. Any more input as to the specific encryption protocols that SR uses would be appreciated. And we are of course ALWAYS open to suggestions for changes and improvements to our system. Any thoughts or ideas that could potentially improve the security of ourselves, or our cusormers, are OF COUSE always more than welcome! :)
Thank you. :)
Peace
The Flipside Crew
-
You could download the privacybox.de source code, customize and host it as a hidden service. Then you'd have your own mailbox to interact with customers you don't trust and everything would be encrypted. Could fill it with snort and other IDS, disable the file uploading abilities. Then you have a barrier against spam nobody knows your real address at least the people you don't trust. Everybody goes to your hidden service and makes an account instead of Tormail.
As for Tormail the IPs all resolve to Russia, and here is a tinfoil hat discussion on the Russian PGP forums where they suspect it is some sort of FSB trap http://www.pgpru.com/forum/politikapravorealjnyjjmir/proekttormailnetgrandioznajaprovokacijaspecsluzhbrossii?p=last#Comment51468 If you translate that they claim the Moscow tel numbers like +7495221xxxx belong to the federal security service. That said, they probably don't give a shit about drugs it's all to track down democracy activists.
I like the old method of receiving mail encrypted through a nym mixmaster to alt.anonymous.messages http://www.quicksilvermail.net/help@nym.alias.net.html#YOUR_MAIL_TO_NYM_ALIAS_NET
Since SR is anon we can only take their word at whatever security they have set up. In reality it could be a rack sitting in somebody's living room for all we know. I hope not :)
If you are building your own tormail clone you can configure postfix to strip out IP numbers but I would assume you are sending from your hidden mail server through a nym server because it wouldn't be anonymous otherwise.
-
I don't see why you would be fine with having encrypted e-mails in tormail and not be fine with having encrypted addresses and messages in SR. It's basically the same thing.
Instruct your users to always use PGP (if you want that) and ignore the once who don't (or send them a polite message that they must resend/reorder using PGP).
Now, for you one-key-per-customer policy: not only does it not prevent MITM attacks (it makes it slightly harder, maybe), but depending on how it's implemented it's probably less secure. You would have to store every private key somewhere. If they are stored on the same encrypted volume, there's not really a point of having multiple (when I can access one, I can access all). If they are stored in different places and/or protected by different passwords, you would have to remember all those places and all those passwords. It's VERY easy to remember one or two very good passwords, it's very hard to remember 100 really bad passwords (let alone 100 good ones). You can't use a system where the passwords are linked, because when that's found out all your keys are compromised. Although multiple keys is good, because you protect the privacy of other customers, don't overdo it.
Lastly: in your long post you tell some stuff about your security (how you need certain hardware and what not). I would keep that a bit more vague or not post it at all. Although you can't rely on 'security through obscurity' to be completely secure, it does help in slowing down anyone who wants to compromise you.
-
mdmamail:
Thank you for your very informative post. As we mentioned, one of the next areas we had intended to look into is establishing our own hidden mailserver. And your advice is sure to prove invaluable. Thank you. :)
We will also look into the Tormail issues/links you mentioned. It has always been a "back burner" concern for us too, but since all of our messages are GPG encrypted, even if Tormail were run by LE intent on abusing Tor to harvest IPs, emails, ect, they still would find our emails giberish, and our IP completely untraceable, as we regularly cycle between using various random "off-camera" public wi-fi hotspots and other unique methods to obtain portable anonymous hot-spots (think anon pre-paid smartphones), changing our MAC each time. Among many other precautions too of course.
As we have expressed to an extent, we feel ALL of this "combined" quite frankly just makes us an "undesirable" target for LE to pursue. Too much manpower and technology involved for such a little potential reward. Compared with the tons of contraband coming over the Mexican border daily, the public outcry over cartels, inner-city drug gangs, and many other issues of public concern, I feel most here on the Road that with an ounce of security knowledge who follow industry-standard protocol will continue to simply be nothing more than "undesirable" targets. As "desirable" as we trult may be.
This is our time. This is our era. We have the technology. But we have to finish building it, before we can "rebuild" it... ;)
Unless of couse GPG is eventually cracked. Then we'd be just "wide-open" targets during drug-dealer hunting season.
I think the SR crew has far too much as $take to simply have a server sitting in a living room. We can only assume there are multiple, anonymous servers, geographically disperesed, with back-up's ready to take over at a moments notice, while using all other industry-standard apps and methods to securely run such a clandestine operation as SR.
I can only hope that with the help of the highly intelligent 'geeks' that help this place go-round, and the significant amount of $ the Road is pulling in, that a significant potion of that $ is being put towards developing and ensuring the highest level of security for the benefit of all members of the Road.
Or maybe DPR is just blowing it all on Thai prostitutes, Taco Bell, and NMDA-Antagonists? Who knows? :)
Indeed, we can only hope. :)
Thank you again for your advice.
Peace
The Flipside Crew
jochem: Just saw your post. You make some very interesting points which I would like to diccuss further. Once I awake in the morning. ;)
Peace
-
Encrypting mail with GPG and using the built in encryption of SR is not the same thing. 99% chance SR is just running things out of an encrypted mounted container. Mounted is the key word here. It is pretty much worthless to use encryption in this way without also having tamper resistant systems protecting the servers memory as well as physical intrusion detection systems. Even if SR also has these systems in place, it still isn't as good considering if the server is rooted an attacker can get the messages in plaintext, unlike with GPG encrypted messages where they would need to root the clients they are interested in.
-
kmfkewm,
what are your thought on the key per customer approach as it pertains to deniability? I can't get past the thought that having a "public" key that only customer A has access to would be quite damning if public key A were found on John Smith's computer. Doesn't that kind of prove that John Smith is customer A, since nobody else has access to the custom "public" key created just for them? now individual emails...meh I understand how that would help to cut off scam buyers to avoid spam to the main account, but it also kind of makes it easy to scam and run, by just shutting down email account B. but the public key thing seems to be a way to take away the "anyone could have sent that to me" defense.
-
Although we still have a few thoughts in response to some of the comments and questions posed by some members in this thread, for now, after much research, thought, and debate amongst our team members, we have updated our policies to address this issue.
We feel it is a very fair compromise for all SR members which still follows all rules and regulations the Road requires of us as a vendor. In fact, it is really not all that different from the policy that most other vendors regularly employ in regards to this matter. We just prefer to put ours in "writing" for public review.
And as always, we appreciate any comments or concerns you may have regarding this issue. Our "Welcome" email, which explains the majority of our business policies, has also been updated to reflect this addition.
Thank you
The Flipside Crew
----------
Our new policy RE: Your personal information and using the SR Private Messaging and Ordering system:
If you send us your shipping details via the SR public ordering system, you do so at your own risk. If your shipping details and/or order becomes compromised due to a seizure or cloning of the SR server, we cannot be held responsible as we have no control over the encryption methods SR uses to protect your private information. We do however stand behind the security that GPG encrypted email provides 100%, and feel this is the safest way for you to provide us, or any reliable vendor, with your shipping details.
If you intend to soley buy from us thru our public listings, and have no need to discuss any "sensitive" matters with us, then you can place your orders as normal thru SR, and contact us via PM.
However, if you would prefer to use GPG contact yourself, feel you need to discuss "sensitive" matters, would like to place a custom order, plan to be a regular customer, or would simply like to receive our (highly recommended) "Welcome" email and full price list (including many items not listed publicly), then we must insist that we first be in GPG encrypted contact before proceeding, for everyone's safety.
As this policy allows all members to continue to use their preferred method of doing business here on the Road, we feel it is a fair compromise for all customers wishing to do business with us, while still allowing us to keep our own security up to the standards we feel necessary.
Thank you for your understanding.
Peace
The Flipside Crew
-
@flipside: First, are you aware that PGP can be used without e-mail? You can encrypt anything using the same methods as used in PGP + e-mail. Most people tend to encrypt their address before they submit it through the SR order form, because they also don't want to rely solely on whatever SR is doing regarding encryption. Just post your public key in your profile and people will use it (in fact, there are people who won't order from you until they can encrypt their address using your key).
Second, you should know that out-of-escrow is not permitted under the current rules of SR. What you suggest ("send us an e-mail for full price list") is probably fine, but you'd probably want users to buy the public listed stuff through SR.
-
jochem:
Thank you for your concern. For some reason some people seem to keep thinking that we sell outside of escrow. Every time I have asked these members to explain "why" they felt this way, we have received no response. Could you perhaps offer us some insight so we can address this issue? We have NEVER "once" implied, intended, attempted to, and most importantly, EVER sold "anything" outside of escrow, and never intend to. Ever.
As long as we are here on the Road, we intend to follow of the ALL rules required of as a vendor.
We are very aware of the variety of ways that GPG can be utilized, however it is those members NOT well versed in GPG, sending us their shipping details using the SR ordering system alone, and relying on their (as of now) "unknown" specific encryption methods that concerns us. And it is from years of experience that we have found it to be much easier to manage multiple customer orders, questions, and requests if they are all kept in one place. In our case, this would be our preferred method of communication, GPG encrypted Tormail accounts within our email-client. But again, this is not a requirement.
For reasons we have explained many times, we do not have a single email or public key. The unique precautions that we take, including sending a series of encrypted emails from multiple Tormail addresses, we feel, better preserves the future integrity of all communications with our customers in ways not obtainable by using a single "primary" email and key. Our reasons for this have been explained numerous times, and are also outlined in our "Welcome" email. In order for our methods to work, it is only necessary for us to have our customers public key to begin the process, as each customer is assigned their own unique public key to communicate with us in the future. Again, the merits of this policy, we feel, have been explained extensively both on these forums, and in our "Welcome" email.
I will happily elaborate if you like, however over 60 members in the last week so far have agreed with our additional protocols designed to further enhance the security of both buyers and vendor alike, and proceeded to sign up as potential customers. No one is being forced to buy from us, or follow our security protocols, which again, we feel are simply an "enhancement' to those already in place by SR. Everyone is welcome to buy directly thru our public listings using the SR system alone if they so choose. It is just not our recommendation that members rely on SR's security alone.
The choice is up to the individual customer entirely, and is why we feel it is a fair compromise. And most members we have spoken with since have seemed to agree.
And, as we also have explained, our price list is mainly to give customers the freedom to design their own "custom orders', which we will then post individual custom listing's for. Each of our products also has an associated "product code". Our price list also allows customers to reference the associated product codes upon receiving their order. This can be particualrly helpful if one were to receive two or more equal amounts of similar looking "white powders" in an order.
And additionally, just to clarify, there are many products we tend to have in stock, that are not currently at this moment (and are therefore not listed publicly either). Providing a full price list also lets a potential customer know about certain products that may become available in the near future.
I think this is "perhaps" this is one of the reasons many feel we may sell out side of escrow? Please correct me if I am wrong.
Thank you for your concern.
Peace
The Flipside Crew
-
kmfkewm,
what are your thought on the key per customer approach as it pertains to deniability? I can't get past the thought that having a "public" key that only customer A has access to would be quite damning if public key A were found on John Smith's computer. Doesn't that kind of prove that John Smith is customer A, since nobody else has access to the custom "public" key created just for them? now individual emails...meh I understand how that would help to cut off scam buyers to avoid spam to the main account, but it also kind of makes it easy to scam and run, by just shutting down email account B. but the public key thing seems to be a way to take away the "anyone could have sent that to me" defense.
Well it goes both ways. If they see you have a public key from a vendor who uses the same public key for every customer, they can link you to that vendor. If the vendor has a different public key for every customer, they can't link you to the vendor. But you should have your entire drive encrypted anyway. And it makes it far more likely for MITM attacks imo, good luck authenticating every single key with every single customer versus just posting a single static key publicly. I don't understand how a different key for each customer is supposed to protect from mitm attacks?
-
And it makes it far more likely for MITM attacks imo, good luck authenticating every single key with every single customer versus just posting a single static key publicly. I don't understand how a different key for each customer is supposed to protect from mitm attacks?
kmf:
We have addressed this to an extent and I would like to address our reasons for this even further. However, there are many variables involved in our theory that will take some time to explain. We do feel however many of the primary reasons why this policy reduces the chances of MITM attacks are self-evident.
Being a new vendor, we are very busy at the moment. It is however a topic we would very much like to share our theory behind, and also receive further input from the community and knowledgable members such as yourself about, at a later point when we have a little more time.
But thank you all for your input. We look forward to continuing this disscussion at a (sooner rather than later) point. :)
Peace
The Flipside Crew
-
I guess my thought was, IF flipside were LE, and used the key per customer policy, then finding that public key on your computer (if stored unencrypted) would more than prove that you had an association with the vendor, but more that YOU actually placed the order encrypted with that key, since you are the only one who had it. if it were a public key posted on a profile owned by LE, the only thing they could prove is that you saw their profile, and imported their key. I don't know why I can't get past that idea when thinking about his policy.
-
wrethed,
I can see your point and understand your concern completely. Seriously. I can.
However, it is the general consensus that it is FAR more likely for LE to pose as a buyers to bust vendors here, than the other way around. There are many threads dicussing this matter. In all reality, WE have FAR more to worry about then buyers in this concern. Which, as explained, is one of the primary reasons we implement this policy in the first place.
And in that light, we feel the benefits of this policy outweigh the concern of LE possibly posing as a vendor, then using this policy to bust small time buyers. It is our outright policy that we do not (and cannot) sell in bulk. And bulk buyers are the only buyers that federal or international agents would be interested in.
That is our opinion.
Peace :)
The Flipside Crew
-
Good luck with your business.
I am a fairly new vendor as well but have completed enough transactions that I can say without a doubt that you have an uphill battle getting all buyers to use encryption. less than 1/4 of my transactions so far used any... insisting they do is fine but you are going to be spending an inordinate amount of time msging and waiting for replies while orders set in your inbox going unfilled.
and whoever started the thread about LE being a vendor is an idiot... i am not saying LE wouldn't send drugs to someone but it would only be under the context of a controlled delivery. Imagine LE sets up a vendor account and ships drugs all over the country for the sole purpose of identifying buyers... ridiculous.
TJ
-
TrustusJ:
In the a little over a week or so we have been open for business here on the Road, it has indeed been nothing short of an uphill battle! :)
I mean seriously. Like who's back do ya' have to scratch around here to prove your not LE? Seriously? ;)
But we're not too concerned about members using GPG anymore. We would obviously prefer they do, for their own safety, but we can only express our recommendation too them. We cannot control their actions. That will be their choice entirely, and their choice will not effect our own security in any way. This policy allows customers to purchase from us using our public listings without using GPG if they choose, while still allowing those do wish to use GPG for their purchases, to do just that. So it's a 'win-win' for everybody! ;)
And we're really not too concerned about how fast we grow or get new customers. This isn't a race, and an undertaking such as ours is certainly not something to EVER be rushed. Ever. The Flipside is also in all reality more of a "side-project" for many of us anyways (although with "full-time" dedication!); basically truly nothing short of a blatant, $elfless/ish attempt to bring some of the most unique and (hopefully) strange and desirable offerings, at very competitive prices, to the Silk Road community at large. As many vendors went "stealth" a couple weeks ago, there was considerable outcry from some members (and still is to an extent) about that lack of availability of certain items since that time. We are in a position to do something to address that issue by possibly helping these, and all other members find certain items they may be having a harder time finding lately, at the prices they would like to pay. I mean over $20 for a hit of LSD? Over $80 for an 80 mg. oxy? Just....Wow!
But our sincere desire and attempt to do 'something' to change this has been expressed to us numerous times as being very much appreciated. And that makes us smile. And we like to smile. :)
And we are truly honored to have the opportunity to do just that here on the Road! It has always been one of our basic business principles and intentions to offer a wide-variety of ever-changing, well priced products for all Roaders to enjoy. Not everyone lives in a Best Coast city, or has the connections to get whatever it may be they might be seeking at any given time. That is why it is quite simply a miracle I am sure for MANY buyers here that an secure, Tor-based marketplace like SR even exists. It furthers the ultimate goal of spreading the love to the masses, no matter where the masses may be! ;)
And good luck with your venture as well my friend! And thank you for your advice!
Peace
The Flipside Crew
-
And it makes it far more likely for MITM attacks imo, good luck authenticating every single key with every single customer versus just posting a single static key publicly. I don't understand how a different key for each customer is supposed to protect from mitm attacks?
kmf:
We have addressed this to an extent and I would like to address our reasons for this even further. However, there are many variables involved in our theory that will take some time to explain. We do feel however many of the primary reasons why this policy reduces the chances of MITM attacks are self-evident.
Being a new vendor, we are very busy at the moment. It is however a topic we would very much like to share our theory behind, and also receive further input from the community and knowledgable members such as yourself about, at a later point when we have a little more time.
But thank you all for your input. We look forward to continuing this disscussion at a (sooner rather than later) point. :)
Peace
The Flipside Crew
Well you were wrong they are not self evident. In fact it seems self evident that your policy greatly increases the chance of MITM not being detected.
-
kmf:
When I get a chance I will put together a reply specifically addressing our opinion regarding our policies, MITM attacks, and also how they address a number of other security threats. I look forward to your input at that time. :)
Thanks you.
The Flipside Crew