[Vendor/MarketInquiry] Black Bank AutoPGP feature

maybe I misinterpreted the feature,but my understanding is that the site is offering to allow us to type our shipping info in clear text and the site will encrypt message for vendor. Is this an acurate decription of the feature? And if so, doesnt that seem a little sketchy for a site to even incourage sending sensitive through there site cleartext??


Comments


[5 Points] MLP_is_my_OPSEC:

It is an accurate description, and yes it's incredibly sketchy. I can't say whether they store plaintext infomation or not but anyone that uses that "feature" is an idiot.


[3 Points] 666fun:

MAYBE it a legit feature. MAYBE it copies the plaintext elsewhere before sending the encrypted message onward. No way to know. No reason to trust it and no reason to think its nefarious.

Do your own encryption then you don't have to worry. Who knows, maybe it'll save a low hanging fruit that would have sent their address in the clear, but you don't want to be the test low hanging fruit, do you?


[2 Points] None:

If you can't figure out PGP, then it is better than just having your address on the site in cleartext like people do on other sites. If you trust BlackBank, it is secure. If you don't, then it isn't. It is a compromise.

Having said that, people should just learn PGP. It isn't hard at all.


[1 Points] Spoogly:

Only way I could see AutoPGP being 'trustworthy' is if it was done locally. Without javascript, the options for that are limited...Maybe like, right click context menu entry that cuts, encrypts and pastes. But then there's always that risk that you hit post without encrypting. You're better off keeping all form entries out of the browser until they're encrypted, in my eyes.


[1 Points] DancingCottonwood:

IIRC, the Black Bank wiki page suggest that you should always still use PGP on your end, even if Auto PGP is enabled. So, basically you end up with an encrypted encrytped address. To much security is better than not enough....


[1 Points] None:

Search, and you shall find all the riches of the world at your fingertips...

https://www.reddit.com/r/BlackBank/comments/2qnims/pgp_on_bbm/


[1 Points] young_k:

better then nothing, but still sort of like multisig on a marketplace with all the keys...


[1 Points] fapfapfap89:

Back in the SR1 days I didn't use pgp and eventually used privnote. To this day I still don't understand how anyone could be as stupid as I was... Just sheer laziness... Autopgp is like the perfect trap. LE will seize BB one day and be shocked that all the work has already been done for them.


[0 Points] None:

[removed]