Here is text from the DOJ announcement, the part in question reads:
BETWEEN EUROPOL, FBI, DEA, DUTCH POLICE, THE TEAM PLAY THAT WE RAN HERE WAS TO TAKE OVER CONTROL OF THE HANSA MARKET UNDER DUTCH JUDICIAL AUTHORITY A MONTH AGO, WHICH ALLOWED US TO MONITOR THE ACTIVITIES, CRIMINAL ACTIVITIES OF USERS, WITHOUT THEIR KNOWLEDGE, AND THEN SHUT DOWN ALPHA BAY DURING THE SAME PERIOD. WHAT THIS MEANT, IN PARTICULAR, WAS THAT WE COULD IDENTIFY AND DISRUPT THE REGULAR CRIMINAL ACTIVITY THAT WAS HAPPENING ON HANSA MARKET BUT ALSO SWEEP UP ALL OF THOSE NEW USERS THAT WERE DISPLACED FROM ALPHA BAY AND LOOKING FOR A NEW TRADING PLOT FORM FOR THEIR CRIMINAL ACTIVITIES. IN FACT, THEY FLOCK TO HANSA IN DROVES. WE RECORDED AN EIGHT TIMES INCREASE IN THE NUMBER OF HUMAN USERS ON HANSA IMMEDIATELY FOLLOWING THE TAKEDOWN OF ALPHA BAY. SINCE THE UNDERCOVER OPERATION TO TAKE OVER HANSA MARKET BY THE DUTCH POLICE, USERNAMES AND PASSWORDS OF THOUSANDS OF BUYERS AND SELLERS OF ILLICIT COMMODITIES HAVE BEEN IDENTIFIED AND ARE THE SUBJECT OF FOLLOW-UP INVESTIGATIONS BY EUROPOL AND OUR PARTNER AGENCIES. SO AS A LAW ENFORCEMENT STRATEGY, THEREFORE, LEVERAGING THE COMBINED OPERATIONAL AND TECHNICAL CAPABILITIES OF MULTIPLE AGENCIES HERE IN THE U.S. AND AROUND EUROPE HAS BEEN AN EXTRA ORDINARY SUCCESS. AN ILLUSTRATION OF THE COLLECTIVE POWER WE CAN BRING A CONCERTED GLOBAL LAW ENFORCEMENT COMMUNITY TO WORK AGAINST EVEN THE MOST CHALLENGING SERIOUS CRIMINAL ENTERPRISES.
When you place a order on the market and you use the built in PGP you are giving your personal information to law enforcement to use in real time. Any orders that are then shipped with yours are also subject to LE investigation because they will be coming from the same account for that day. For shitty vendors that might mean grouping customers for more than one day, or weeks, or even months if they are complete shit vendors.
I have had a policy in place for years that if you place a order without PGP your order is automatically cancelled and you are blacklisted from doing business with me. I have always warned customers about this security issue and how they put my other customers safety in question when they expose their personal information on darknets.However I cannot tell whether the customer pastes their own pgp generated message or use the built in market PGP. This is a major concern to me. How am I supposed to correct the mistakes of customers if I cannot monitor this?
This same situation has happened multiple times. I have been warning customers that marketplaces are honey pots since we discovered that is exactly what happened with SR1. Do not be lazy. This is not just about your own personal liberty, but the liberty of all customers. Install PGP. Use it. Do not ever rely upon market PGP. You have your proof, now stop fucking around and treat the situation with the severity it deserves because this is a situation where peoples lives are on the line.
Whoever makes the next Hansa, please consider not providing market-side PGP and instabanning anyone who tries to send a non-PGP message, this shit is too important to keep treating it like a game.