Silk Road forums

Discussion => Security => Topic started by: sWEED on September 11, 2012, 08:21 pm

Title: Plain text in messeges
Post by: sWEED on September 11, 2012, 08:21 pm
What do you guys think about PM's. how safe is plain text? what makes it not safe. and how long do you hold onto address? i guess right after they finalize? any help would be great. thanks. 
Title: <removed>
Post by: StExo on September 11, 2012, 08:42 pm
Title: Re: Plain text in messeges
Post by: sWEED on September 12, 2012, 06:49 pm
thanks for that. i read it all just wanted some other opinions
Title: Re: Plain text in messeges
Post by: kmfkewm on September 12, 2012, 10:19 pm
Encrypting addresses is probably the single most important thing for customers to do in order to increase their security, considering that Tor is already a requirement.
Title: Re: Plain text in messeges
Post by: wretched on September 12, 2012, 11:00 pm
If your sending a message like "man it's sunny out today" I wouldn't worry about encrypting it, but if you PM is something like "Remember when I ordered that kilo of MDMA and 1000 pills, you told me you were gonna send my cram of Xtal LSD along with it to my address in Bumsville, Idaho. I got the Molly, but couldn't find the xtal in the pack. are you sure you sent it? If you resend it, can you address it to my grandmother this time, her name is edna smith, and she lives in the retirement home four houses down from me on the left, so it shouldn't raise any flags" I would encrypt that one, because I don't mind hearing how it was sunny one september afternoon while sitting in a defendants chair after the SR server is compromised, but Fuck I dont want that other message read to a jury of my peers.

And the only plaintext address you should have stored is the one printed on the envelope, and you should ditch that copy into a blue box (don't shred it though as you might find yourself going through a resolution for shredded product)
Title: Re: Plain text in messeges
Post by: wretched on September 12, 2012, 11:56 pm
It is a bit of a balance though between keeping LE in the dark about whats important and wasting vendors time. I know it isn't much time, and is pretty seamless, but I bet some vendors have inboxes that are overflowing already, and when you add ~30 seconds (high estimate) to each message, the sunny day message being encrypted might just cheese the guy off, but anything that deals with drug transactions i.e. asking about delivery, or special prices, or reagent test results, etc, I 100% agree that even though it isn't the smoking gun of a trial, it builds circumstantial evidence about interest in...

on a side note, I would like to see ene or joots defense attorney ask an investigator to read cyphertext messages out loud during their trial to ask "where in this message does it reference the sale of a scheduled substance.  Not on topic at all, but it makes wretched smile thinking about a DEA agent sounding this out on the stand

Version: GnuPG v1.4.10 (GNU/Linux)

Title: Re: Plain text in messeges
Post by: GoodGuyGreg on September 13, 2012, 03:27 am
I used to encrypt ALL of my PM's until reputable (but busy) vendors started ignoring the encoded messages. Now all I encrypt is the address. Yes it's not as safe and I would prefer to encrypt everything especially when discussing business, but if vendors won't take the time to read them, then I'm just wasting my time on SR...
Title: Re: Plain text in messeges
Post by: kmfkewm on September 13, 2012, 05:59 am
I would tolerate a vendor who only wanted me to encrypt my address and leave everything else plaintext, even though it is preferable to encrypt as much as can be. On the other hand, I would tell a vendor who wants me to send my address in plaintext that they are out a customer.
Title: Re: Plain text in messeges
Post by: sWEED on September 14, 2012, 12:00 pm
yea i guess there is a fine line between speed and time. maybe if i have repeat customers we can use pgp for everything. will just have to play this by ear.

one question though. say worst case SR is seized. can they read deleted messages? so if i keep my inbox and sent PM clean out will that erase the evidence?
also same question with BTC if i have any money on the SR will i lose those BTC?