Vendor has a gmail account tied to pgp. Is this an OPSEC flaw?

So I was just about to go ahead and make and order with a vendor but once I imported their PGP key I saw it was attached to a gmail account. I've never used any vendor who has had a gmail email put in as the email on their PGP key, most have sigaint addresses attached. Is using gmail for this a flaw in his OPSEC? He is a relatively new vendor though has a few reviews and they're all positive. I'm just concerned about using a vendor that may have a flaw in their OPSEC before I even order.


Comments


[8 Points] trynakick:

Could it be fake?


[3 Points] UnforgivenRanger:

I'd ask him. Maybe he doesn't know, you did say he was new.


[2 Points] SLEvEnXVF4:

If that Gmail acct is used for personal use and tied to his real name or address etc etc.... Then yes, MAJOR opsec failure. If not then I am not sure? Guess depends on how he accesses his e-mail?


[2 Points] None:

This is such bullshit. Encrypt everything and who gives a shit. Also you assume nobody can get a gmail without it tied to them. Which is more bullshit.

You should assume no email is safe. Sigaint or gmail. Shouldn't matter.


[1 Points] 1percentof1:

its a red flag. i wouldnt worry too much. you could msg the guy.


[1 Points] DrMantisTobogganVend:

i mean it wont affect YOU in any way, only the vendor. however, i cant imagine any vendor, new or otherwise, would be dim-witted enough to attach a real gmail account to an illegal operation... and if said vendor IS actually using a real gmail account attached to real credentials. yeah, id avoid that vendor. just asking for problems!


[1 Points] Atari_Vito:

Most vendors tend to make that mistake when first starting out if they don't have any idea of OPSEC. You should contact him/her and ask him/her about it and let them change it or create a new PGP key before they are well established.


[1 Points] KetaAlex710:

I mean if he doesn't use it for person shit and only ever access or through a VPN would it be an issue?


[0 Points] DruggieKitten:

It's probably fake. It might even be an enemies address, to get someone in trouble (douchebag move, yet funny). Honestly, send a fucking mesage to the gmail and see what happens. Might be funny.

Now, what makes me shake my head is customers that have their actual name set on the pgp key. Also, customers that have names that are completely unrelated to their market account name.

Anyway, I have a sigaint account set on my PGP key. There's really not any reason to not get one. It's free. Send them a couple dollars every once in a while to make sure they stay around.


[0 Points] jack19056:

Burn your house ASAP and run to the mountains.