Does DutchMagic on Python Market place is the real one ?

Final Edit: the REAL DutchMagic is back ! Verify yourself the signed message http://paste2.org/e7nPLVEF (or BUq5NRNu on pastebin but filters applies I can't post link to it)


Edit4: Btw feel free to share to us if you find the real DutchMagic, he was set to return 1st september but due to Tor security breach and ago shutdown I believe it will be harder to find him again, nor we will get tons of fake DM to deal with. I think he's supposed to appear on the Darknet Heroes League but I'm unsure yet, his profile is set, just inactivity.

Edit3: Python admin answered my support ticket, and removed the fake DM, he told me they will verify the vendor PGP key and if they don't reply they will not be allowed. I apologize to the admin of Python, if you are legit I understand being called a scammer is not cool but you should understand I was close to be scammed on your market place.

Edit2: Being a long time customer of the real DM, what I notice is that he has the same template of communication, same prices, except he has all the small orders gone, you can no more buy small 10g or 20g orders on weed, everything is 50g minimum and there is a tracking on each items, while the real DM tracks at 600$ and does not permit to select tracking on orders below 600$, this one accepts

Edit: If you don't get him to decrypt a text encrypted with him public PGP, it is safe to say this is a scammer and do not buy on Python.

If you ask me I will not buy and I consider him not DM.


Before you go in: "of course this is the same, check its Grams signature and Python signature, they are both the same"

Anybody can reproduce this, please read below what I did tested successfully

I have noticed any user can create an account on Python Market place with any public PGP key without being asked to decrypt a crypted text with the public key you have just used. This is usually called 2FA when there is a box specially dedicated for a PGP key; here not the box let you enter any PGP key without any single verification procedure

I have tested to create an account with DutchMagic's PGP key and it worked...

This leads to a security concerns, the DutchMagic we have on Python may have never used its private key and so on, this might be someone impersonating him, like the admins setting up famous vendors profiles.

But there is only one way to know is to get DutchMagic to decrypt

Can someone confirm he did decrypt something you sent to him crypted ? He does not want to decrypt my test phrase I sent to him, that's even more suspicious.


Comments


[2 Points] farfarglethrowaway:

I sent him an encrypted message stating "please copy and paste this back to me if you can decrypt this".

Instead, he sent me this:

Merchant user DutchMagic

15 Sep 2015 - 12:46 Hi,

Yes, there is no problem, as i said feel free to order.

Best wishes DM

Thats twice I've asked him to decrpyt and he just tries to guess a response.

He's also only got one sale for 0.002BTC

Feedback From Date Pos

fe- trusted (Spent: 0.002 BTC) g...3 15 Sep 2015 09:48

Long story short, its sadly not him


[1 Points] boredraw:

Never heard of python marketplace?!? Isn't he on abraxas/alpha/nucleus ?


[1 Points] defthrowawayy:

That's a new market name. It's not on the sidebar. How do I find it and where is there more info on it? It'd be nice if it was mentioned here more by people with experience with it.


[1 Points] DutchMagicVERIFY_PGP:

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512

Hi Guys,

It’s me… the REAL me. Verify this message in GPG and behold, I have returned! Reddit might fuck up the layout of this signed message.

So feel free to send me a PGP challenge and I will decrypt and post openly here.

There are 3 versions of the SAME PGP KEY floating around. Check the KEY ID: 1BAC6AA0.

I don’t care which version you use. The Agora one, Nucleus one (Same as Agora) or the Grams / Middle Earth one. I can decrypt all of them. Try me.

WE ARE NOT ON PYTHON. CURRENTLY ONLY ON NUCLEUS (vaction mode due to account issue) and MIDDLE EARTH.

Best wishes DM -----BEGIN PGP SIGNATURE----- Comment: GPGTools - https://gpgtools.org

iQEcBAEBCgAGBQJWAusSAAoJEJlS7Z8brGqg30UH/i43DAAahuj8+joyw/8ZmC1t AvDaUfZPh/7A1PTNWDcjARy917TKZqKFazZxHrHDVq/t9bXNjCRdjZGp9m3EOZU+ jqGGob3vQ4Zf7wRUPXEskznCC54pAFJVymdzRWu3q9/xI8ggaPtANP5RLex1AxIe mTJ8FQN39NXSlUFGXucq2IEl2XbKeC9m+nI+T5jimttdq9OlMsbz2FyGjDjNeCsH rtZqLsMoyq87K54eLdAHw8DUIT/HuL1gbmpPxpghak/ON0Fxtdo08d0X89yRm069 49iyQgByi4F21wZ4wzZgtJ855Wn11e+vq5WRKye4VVH5c5BgFkdGJCrLURNF1Ec= =BA7r -----END PGP SIGNATURE-----


[0 Points] boredraw:

The key thing is not concerning in and of itself though, you(or the vendor) put your public key in your profile so people can encrypt messages to you. Still don't like the sound of using an unknown market though..........


[0 Points] Jay-__:

That's because 'Python Market' is most likely a scam and they're just using his real PGP-key to impersonate him.

They didn't have to decrypt something with that key to get 'verified' on the market because it's the owners themselve setting up these fake-profiles to scam.

That's the case with every single scam market and why they work. They use profiles of real vendors with their real PGP-keys, give them a 'verified'-batch and a ton of fake feedback to look credible.