[GeneralQuestions] why is iGolder or any online PGP encryption website unsafe?

If you were to use iGolder on Tor, they wouldn't be able to track your IP address correct?

I understand the basis for why they could be unsafe, being linked with the FBI or the NSA, but if you're just encrypting your name and address, why does that automatically assume something illegal? You could be encrypting your name and address for a multitude of reasons. I guess I'm just not seeing why it's sketchy. Please enlighten me? :)


Comments


[8 Points] None:

Why are people so obsessed with convenience nowadays?

Why not simply learn how to use PGP? It comes with Tails, it's not that hard at all. Buy a USB stick for $5, encrypt it with your key, and now you are as safe as can be. Why take any extra risk? It makes no sense. In the time it took you to post this and read my reply you could have learned PGP.

I just don't get it.


[4 Points] doubledoseopimpin:

iGolder is not safe because they hold the private keys to decrypt your messages. The reason is simple if you know basic cryptography and encryption. Only you should be in control of your private keys.


[4 Points] PleaseStopClaire:

I mean.. does igolder store everything that's encrypted/decrypted on their site?


[4 Points] None:

This comment has been overwritten by an open source script to protect this user's privacy.

If you would like to do the same, add the browser extension GreaseMonkey to Firefox and add this open source script.

Then simply click on your username on Reddit, go to the comments tab, and hit the new OVERWRITE button at the top.


[3 Points] Illuzzi0nz:

Because you don't know who has access to that info and for all you know they could be cross referencing vendor PGP keys from markets with sent messages to determine useful info on whoever is ordering from whichever vendors.


[3 Points] zombiesingularity:

Because they can decrypt messages you encrypt, as they store the private keys for you. Kinda defeats the purpose.


[2 Points] JonJulien:

In using a 3rd-party encryption service, you are trusting that the 3rd party won't store, share, or leverage your data in any way. It's just silly to do this when you're fully capable of performing encryption on your own machine.

About IP addresses, you're correct - yours can be hidden using Tor. But still, your data may imply your identity, or that of whomever you're communicating. You really shouldn't use online encryption services for anything serious.


[2 Points] sapiophile:

It's even worse than "they have the private keys."

They have the PLAINTEXT. They don't need any private keys (edit: well, of course they also have your own private key to read any replies from a vendor). They are just ordered by a judge to save all the plaintexts and forward them to LE. If you think that they haven't been so ordered, you need to learn your history.

On top of that, the key that these messages are being encrypted to is clear to them, so they know who the messages are intended for. Hello! You think LE doesn't have a copy of every vendor's public key? You need to smoke less.

Encryption is almost useless unless it's end to end. Period, full stop. If the data isn't being encrypted on your own device, and only decrypted on the recipient's own device, then it isn't end to end. And it is being intercepted.

It's just absurd that tools like this ever even got used in the first place. It's like handing your enemies a loaded gun.


[1 Points] None:

[removed]


[1 Points] TripAddict:

Even if they wipe their shit on their end. If you are not using vpn and all of that, and the cops or whoever sees your ip connecting to igolder at the same time you access tor, and also tracked a package containing marry-j-wanna to your house.....there is going to be some shit going down.


[1 Points] Sparkler11:

Even though those sites say that the massage is deleted, how can you be sure?