Crowdsourcing integrity of vendors' PGP keys

It appears that multiple vendors on Dream have had PGP keys altered by malicious actors/LE, likely due to them using the same credentials on Hansa as on Dream (and on Hansa we know keys were indeed changed by LE). There is thus a great deal of uncertainty surrounding whether buyers can trust the PGP keys listed on remaining markets (Trade Route and, yes, Dream). This mistrust is exacerbated by some questions surrounding a possible compromising of Grams and alterations to PGP reference listings on its Infodesk.

There may be a method to gain some surety on whether a given vendor's key on a market is indeed correct and has not been tampered with:

1) If anyone scraped Alphabay before it was taken down and captured listed public keys, this archive could prove useful in establishing key integrity.

2) If the first solution is not possible (I'm not familiar with the intricacies of darkweb crawlers), another would be for experienced users to post copies of saved public keys from their keychains, provided they were saved a significant time ago. If the first solution is possible, this would provide a further degree of confirmation. If many established users agreed that the uploaded key of a specific vendor matched their own copy of that key, buyers could act with greater confidence that said key remained under control of the vendor.

An obvious issue is LE posting their own keys as the correct ones. Buyers would thus have to judge for themselves the threshold number of other users corroborating the uploaded key for said key to be considered safe. The system is thus blurry and imperfect but may provide some comfort in these trying times. If anyone thinks this may be useful to prevent buyers' addresses being captured by LE (thinking particularly of anyone who may be entering dangerous/uncomfortable withdrawal at this time and thus has no choice but to order from DNMs), maybe the mods could organise some list or megathread where public keys could be uploaded and corroborated or disputed.

To me this sounds like it could regenerate some of the trust this community needs. I haven't completely thought the system through - please dissect it and/or improve upon it as necessary.


Comments


[2 Points] Sourcery_Market:

Has Grams come and made any comments?


[1 Points] AthenaisTethys:

I was just wondering about something like this earlier. The problem comes about when someone posts a fake key, and no one can verify/challenge it. I'd love to have faith in our merry little group of criminals, but the trolls are so active.


[1 Points] throwawaypgpverify:

Just came here to say that I used Hansa after the Dutch LE takeover and made orders with Icegod, Gloves, and G00d00. I pulled their pgp keys from Hansa during the orders and just verified them as the same on Grams info desk. So anyone worried about the rumor that Dutch LE intercepted encrypted messages with fake pgp keys can rest assured that didn't happen.

If anyone wants, I can also post my saved version of the pgp keys for these vendors.