Quote from: Bridgehead on May 11, 2012, 08:34 amAs for your other question about sending your address as plain text - don't worry too much about it, it's still encrypted over Tor*, and once your vendor gets it, it's "deleted" from SR's servers (I quote deleted because I don't know if they are over-writing deleted data or not, but I assume they are).Using PGP is just another layer of protection, and good a good practice to follow.*Edit: Actually it may not be encrypted over Tor, depends if SR is using SSL, I don't know if they are. It will be encrypted from your computer to the Tor exit relay, at a minimum. It may have been an unencrypted transmission from the Tor exit relay to the SR server. Someone would have to have been sniffing the data from the exit relay to the SR server to see your address. I'm not sure if this is 100% accurate information I am giving you, as I'm no expert, but this is my understanding from what I have gleaned from some very knowledgeable people on this forum.Bottom Line: Don't be paranoid about your purchase, just use PGP going forward.Thanks Bridgehead,Just to clarify a couple of points:- SR doesn't use SSL as the connection is already encrypted through Tor. - Using SSL is necessary if accessing "clearnet" sites but is not necessary for accessing SR. As a hidden service, there is no exit relay per se as the site is located within the Tor network.V.