Silk Road Forums

All people need to do is stop being lazy and learn PGP. I know it seems intimidating at first but once you wrap your head around it it gets easier. Encrypting your emails with PGP is the way to go..

The crux of the matter. There's no reason NOT to use PGP other then sheer laziness or incompetence. If you're too lazy to figure it out, you will pay the price.
If you're too incompetent or your intellect is inferior to most.. then you shouldn't be involving yourself in things that could/will harm or penalize you legally.

Safe-mail could be be run by the top Mossad and CIA techs for all it matters. If you're using strong PGP encryption, it doesn't matter.. the contents of your communications are safe. And if you're logging into the service via TOR, your location can not be determined.

It is as simple as that.

Ok so Monday I mailed out 6 packages via fedex. All 6 packages were dropped off at different fedex drop boxes within the same city, and all 6 packages were mailed to different houses in the same city, so they should have the exact same tracking update as they were all sent via fedex express 2 day service. However 5 of the packages said they departed the sort facility today at the exact same time while 1 package updated about 1 hour later than the first 5 and it did not say departed, it just updated saying in transit. This seems kind of odd since all the packages came from and are going to the same town with the same 2 day shipping. why would one have a different update time and not say departed like the other 5 but say in transit... is this something to worry about or is it just standard fedex tracking update.
Generally what does the tracking update say if a package has been seized?

Not that it's my business.. but this post is quite revealing. Probably not the best idea to post specifics like this. It's a rather detailed scenario and given that LEAs are watching this forum like hawks..

ok so 5 out of the 6 packages left the superhub yesterday evening and updated that they are at my local sort facility as of early this morning. The other 1 didnt leave the superhub untill early this morning about 12 hours after the other 5. however is still says it is on time for delivery today which seems impossible if it is truly 12 hours behind the the first 5......

You're over-thinking it. Tracking is never perfect. Breathe, your packages will all arrive.

Yes, should be. Even non personal information should probably be encrypted. Doesn't take any more time on your part.. and you would be amazed the kind of identifiers even seemingly 'non personal information' might potentially reveal.

Your scenario is an acceptable method given both your safe-mail password is complex, your PGP password is extremely complex.

There's no point in even starting an email with "Hi.. sorry I've been busy with work/family (whatever). Here's my address and shipping information -----BEGIN PGP MESSAGE----- etc"

It should be more like:
-----BEGIN PGP MESSAGE-----..etc  and nothing else. Encrypt your pleasantries.. you'll be better served.

From the looks of this, seems to be a case of attempted cyber-squatting. How petty.

"transfer the accounts"? Meaning the OP took advantage of this entire unfortunate debacle and registered well known vendor names in hopes to sell them back their names? Please.

Just to put some perspective on how important it is to use PGP in conjunction with a TOR based email service (or email accessed via TOR) -

(taken from the old Cypherpunks mailing list)

"..if we assume that the NSA can factor any number with the speed of the special number sieve, and has 10^9 mips of computing power (doubling every 1.5 years) we can make the following estimations:_1_

Using these assumptions, the NSA could crack a 1024 bit key in ~11 days, a 1536 bit key in 10 years and a 2048 bit key in 26 years. _2_ Note that this would require the full resources of the NSA, however. Thus, even the mighty resources of the NSA could only crack 42 1024 bit keys in 1996

Now, comes 4096 bit. It would take the combined processing power of every computer in the world thousands of years to crack 4096-bit encryption."

Personally I never use anything below 4096 bit PGP encryption. This is in addition to TOR.

Here's the rub (devils advocate) - PGP encrypted data with 4096 bit encryption could still be compromised within seconds. How? Human stupidity. Easy pass-phrase, written down pass-phrase, re-used pass-phrase (lets say you use the same password to access your Gmail. If you're under such heavy scrutiny that some government is diverting resources and funds to find a way to see what you don't want them to see.. they WILL get your Gmail/Facebook/Hotmail/Twitter passwords one way or the other. And they will try those first. So don't), key-loggers, cameras, whatever. And if you're just so important.. then who knows, even thermal/heat detection technology to capture your finger movements on your keyboard from a short distance.
Not to mention decrypting and leaving the plain text lying around/saved...

(I'm by no means an expert in computer security, cryptography, RSA, password entropy etc.. but these stats are pretty basic).

Trust the technology, but never trust the weak link - the user.

tl;dr - no such thing as "secure email". use 4096 bit PGP for anything "secure" and don't fuck around with pass-phrases


edit: shitty grammar

dieAntwoord has posted some useful OPSEC information as well as links. He was kind enough to PM a few useful links a few days back.

Here (clearnet):

http://grugq.github.io/blog/2013/10/09/it-was-dpr/ is the orig post
http://grugq.github.io/resources/ has good info too


Well written and thought out.