After reading this I realized we should probably have vendors post the fingerprint of their PGP key somewhere public for verification. Snowden used twitter but for us Reddit seems like a natural place to do this. Why?
- It will prevent an attack where LE infiltrates the marketplace and provides their own PGP key instead of the vendor's.
- It will allow us to monitor when/if a vendor changes his PGP key, which could be a red flag.
I am aware that a similar project was started a while ago: https://pay.reddit.com/r/DarkNetMarkets/comments/1tkzna/all_markets_vendor_directory_use_it_to_find_your/ However having the vendors themselves post their own key is much more reliable.
Thoughts? Comments?
EDIT: Thought about it more following people's comments and realized my suggestion has very little benefit since a lot of us already have vendors' keys saved and will easily be able to tell when someone switches up. Thanks everyone for the intelligent discussion and the upvotes. Stay paranoid :)
[deleted]