Long time buyer on many DNM. I buy only for personal consumption. I use an anonymously purchased VPN proxy service, the Tor bundle for Windows, a mixing service, and GPG\Kleopatra.
I was an Evo refugee who fled to Nucleus after disaster struck. Due to that experience, I have also done business direct via email with a few vendors after getting to know them over the normal course of business.
Recently I began doing some supplemental transactions with a small time vendor on Nucleus. Instead of email, we used the messaging feature on the site for these transactions. For example, I might upgrade postage or take the,"...last one of the batch."
I would use the vendor's published pubkey and my GPG/Kleopatra client/keypair to encrypt all communications.
All is good...right? Well, I don't know...
I had noticed that there was a "PGP" check box on the Nucleus message app. I never paid attention to it as I was using my own encryption.
When Nucleus went down, this vendor emailed me but could no longer decrypt my messages nor could I decrypt his. He made a comment about being bummed because the PGP on Nucleus had helped him as he, "wasn't good with PGP." (?!?!)
What the fuck?
Did Nucleus have some kind of site provided/distributed key pairs/app embedded in their messaging system that this vendor was using?
Does this potentially expose all communications sent with that feature to anyone who has access to the backend DB/system, even though my private key was NEVER uploaded on to Nucleus?
I will gladly accept the ridicule if this is an incredibly stupid question since I was always in possession of my private key.
I don't really get the question here.
I think Nucleus is auto-encrypting messages with the provided keys when you had the 'PGP?'-option checked.
Yes, there is no way to prove if they didn't save them as plaintext before encrypting - in case that's what you were asking.