Vendors, don't keep permanent records of your customers!

It just so happens that in proximity to me a vendor got busted and it turned out he kept tables full of his order informations - not only the dnm account name and the order details, but the unencrypted customer informations like name, address etc. too, ranging back for years. This of course led to countless further cases of prosecution.

If you're vending, don't ever do that to your customers. Don't keep permanent records at all, and if you really need to keep additional digital records make sure to securely delete the files on a regular basis.

Please, don't fuck over your customers like this one guy and probably a lot of others I don't know about did. It's really one of the worst things you can do in this business.


Comments


[34 Points] Wanted_drugs_2day:

I would imagine it would just prove more deals and tack more time onto your sentence.

Probably kept out of pure laziness


[24 Points] None:

One would think that it would be standard OPSEC to never keep anything like that.

unencrypted customer informations

That's just laziness.


[12 Points] None:

They all gonna snitch before doing the time bro don't be naive. And link to article?


[10 Points] jtronicustard:

"This of course led to countless further cases of prosecution"... I'm sure if there were countless arrests, we'd be hearing about them. Hearing about an arrest near you does not equal intimate knowledge of said arrest and further prosecution. This is FUD.


[7 Points] polaroidandroid1:

Which vendor was this?


[5 Points] None:

[deleted]


[4 Points] Tests4U:

Customer data is stored on an SD card and that SD card is wiped clean every 2 weeks the only thing that is kept are Customers PGP keys with their username.
So even if I wanted to cooperate I couldn't because that data is simply nonexistent. Edit:Of course the SD cars is encrypted.


[4 Points] Vendor_BBMC:

Why was he keeping all that sales info? for his tax returns?

There is no reason for a vendor to keep a record of his sales volume. Gwern does it for us.

I do have a couple of regular customer's shipping details written down,at their instigation. They order from me every week, so rather than risk getting their details to me 50 times, then me forgetting them 50 times like we're supposed to, they risk getting their details through the internet just once and I wrote it on a bit of paper.

customers sometimes suffer from a generalized paranoia disorder which confuses them. They WANT vendors to have their name and address, in fact they insist on us having them. Its LE that you don't want to have them.

You can sneak the same details past LE to me 50 times, or I can just get a pen. There are many worse things we can do in this business.

I don't believe that story happened. If it did, the info would just be used as proof of the vendor's earnings. When tyhe police bust someone on a drug-related charge, they are looking to bust people HIGHER UP. not customers.

What drug did the vendor sell?


[3 Points] Solid716:

Personally, and not to sound like a dick; I believe most vendors just don't care. I bet that if there was a actual statistic on this at least half the vendors store/do not encrypt their stored information.


[1 Points] earthmoonsun:

unfortunately, it won't happen, so at least they should keep them encrypted


[1 Points] davaunte:

Country?


[1 Points] None:

State if US or country?


[1 Points] madisonrebel:

While this is a beneficial piece of advice, I also think it's a little paranoid. You're assuming that when nabbing a single dealer, that it's worth the time or money of any city or state attorney's time to go round up a bunch of users based on their easily-stolen personal information being in that dealer's possession. Any of those customer's lawyers would immediately ask how law enforcement isn't sure that a criminal drugs trafficker didn't also deal in stolen information gleamed from rooting through dumpsters behind businesses or in trash bins behind the curb.

I'm not saying it can't happen. I'm saying it's a logistical nightmare that would yield very little return to the branch of law enforcement tasked with it.


[1 Points] None:

why would any one keep records

just sell and be done with it


[1 Points] shellysmellybelly:

fastdonut kept records


[1 Points] fantasticnameuser:

https://veracrypt.codeplex.com/wikipage?title=Hidden%20Volume

If vendors HAVE to keep records because they refuse to value their customers safety over convenience, they should at least implement a hidden volume to store the sensitive information


[1 Points] None:

I left a review of a vendor on reddit... My account names are not linked at all and my history wouldn't of given me away...

However, I got a PM from the vendor telling me to check my po box for freebies for the review.

What the fucking fuck.


[1 Points] bubblehashreview:

Please name the vendor


[1 Points] upsidedownsyndrom:

pls vendors stop


[1 Points] Vendor_BBMC:

Security specialists are starting to believe that every new hard drive by every major manufacturer has a sector containing a few kilobytes of Firmware code which the NSA can trigger remotely to communicate with their servers. They then have a range of exploits to choose from, can upload your PGP keys etc

It's generically known as "Eye of Sauron"

I used to have a government job where I was forced to use PGP for certain tasks. Then, one day, a memo came round saying "you can no longer consider PGP to be "safe".

I don't know the year, but my work PCs had windows NT server edition installed, so it was about 15 years ago. It caused us loads of problems and there was a meeting about it where my boss said "it would take months or years for a computer to crack PGP". The GCGQ spook told her "I don't know about other countries, but we don't need to "crack" it. We get your PGP keys at the same time you do"

I've never told you this before, for fear of doxxing myself via my past life.


[1 Points] J0NJ0NES:

It's on you, not the vendor. Don't presume that what a vendor 'should' do is being done, and certainly don't base you OPSEC on this presumption.


[1 Points] AstraPharmaceuticals:

some vendors store this info for blackmail purposes.... one of bobafet's resellers did this to me


[0 Points] Battyhole:

Surely if you do get popped as a vendor you have two options:

Cooperate and get fucked by the law for a few years and live with the fallout for life

Or don't cooperate, get sentenced to football numbers and live as a violent predators wife for ever, best case...


[0 Points] Hank_Vendor:

thanks for the advice newb.


[0 Points] bobbiggs69:

As we've learned from Ross' trial and several other incidents, they all keep customer information as a back-up plan, just in case. Not sure what they're thinking, the cops always find their encryption keys anyway, so it's not like it holds any value, at all. They all think "I'm going to be the one that doesn't talk and they won't find my password written behind my headboard." Bullshit.


[0 Points] Vikas-shuk1a:

I use burner names and addresses anyways for that reason.