AmazonPrime on TR. PgP swap, cannot decrypt old with old key

I placed an order with AmazonPrime on TR last week.

PgP key at my time of order returned positive results on Grams:

-----BEGIN PGP PUBLIC KEY BLOCK-----

mQENBFmKir0BCAC5xUIf0mB1UyYE+LNAD4UbQopYnGVXjj7pFdrAeentpu5RRAdD
RJnyyDLevNpjCr9Kwv4hx3grCKmfjKpNj853whdA3wpqdgf4Ok1gfC0Ng1YJSqDj
DK4eqhhKozYlDSh/t+nrIv0cC83LRbsDtb7MPKnYGeFG/gTlw/GCIvcdta0aEPdS
RrodVgrbBVCgTi//4+JEzXA24CP3d8NYKRtqIxzJg1fZQNgFKVq56o2XrM8d/fhN
+11EcGq3iVP78Lrxjc5Axh04ydIVKNCobCIsN86Ih1NK2c4nC7Is/CvNgWeVaK1j
xcbrc7mjVh5HlNF7DmCyRhjgdVQqaEYtrZ0XABEBAAG0KmFtYXpvbnByaW1lIDxh
bWF6b25wcmltZUBkb2Vzbm90ZXhpc3QuY29tPokBOQQTAQgAIwUCWYqKvQIbAwcL
CQgHAwIBBhUIAgkKCwQWAgMBAh4BAheAAAoJECcP9+AVH1Fzh3kH/1z4Pl1A29Mu
W2VSrN5hQwI6nG0Kou0+im+pzjAoS0i2ntqg5efx6iuj2lbtBe6EyHiHTMe6QJeQ
06Fe/eB7TY46aFpvAcWrP8tVasjqn4ZeqbKvU+SIhLPJ1kjlO9YPd6RJAI8o00Xx
hmVkDzrrapbSb3oWM463pjJpycAx8IPf7xj52CiVzRBI1m/o0cKjU3nhAlIos0Q0
m3BwJvjFSot2pP9mhC/KehlQrc29DuCs4cF6AE77/bSVjy9Yw6evMCWzZUfGXWaA
dPn7LqHi1TinywvSMX5N5tNiDDAeo06u0mhdoe7MH15UrIQekniW+qIzVtIqsbFG
7kgDasLAzX25AQ0EWYqKvQEIAL6Id7XjThoom+gRuxXdNzRpbZnz6lyEPTsuKcNt
bgppia9ae9sI+Y6/J6fD89I9CEZQz+c5Wt/dhfOMc/5zXwpj0t0K3PwCPv2zwRyE
4OpHwtWTEUvIt+zaV0HGe0Q6xYzHTcQLByZBxPTClBdVxE3HNh/Myp9toDUzeArc
MICVbxBcpmxwGM76J/xe+I32xJWTai+5i7TWTaaOhmEcSdfKZByw4FKNg31KFMMA
jGOIoHIDGEIQhRGZ/Zla5wZHUVyXv3NfWFkpyQ89+/jGot77vOzJEUV/9qUBdXbm
vFdwR+Iel4KkJVwprNgW5PVfI1rxngQDfzdb5l9A5TuEyHcAEQEAAYkBHwQYAQgA
CQUCWYqKvQIbDAAKCRAnD/fgFR9RcyOEB/9Ku1KfvI4a2QleMmsAGusW+ZgObKiU
39Hzd+UDi+Uz4Qn4gGwpbmrZBC1ebvWwpPmdRz3xsSlOC8Dd018+RHiC66iBMZKw
vpqzoG5Co3uBDmPj3fWvAXeyHLfVxTd9dDKQ5V/xAuIhVvQBHRNJH4J+ENC5bnVQ
HKJXedpVX1XzbOvh6YoPuJmz+M9XGeFieGSsAGMMdP5iDX9qgEjOoBF5RfJe/bQ6
YYrjosyLGb98g/Bam4Y94S1kBQTcypl3lCX8PQapQvx91XxIPONyhe0AqPh9jmWf
kQ1560gBIV66PAVmVspvspvc1PnKc7EYeT5KtHVJx7I8LH/LWlfaaN4Q
=vBQb
-----END PGP PUBLIC KEY BLOCK-----

Yesterday I sent them an encrypted message regarding my order, I placed two similar orders on the same day and forgot to add my middle inital to only one of them. Only one has arrived, and I wanted to finalize for that vendor only. The pack I received was not his, as I confirmed details with the other vendor.

He messaged me back today, "message won't decrypt, I have a new key"

Here is the key now listed on his profile:

-----BEGIN PGP PUBLIC KEY BLOCK-----

mQENBFm9GWcBCADSKz0ysogbXjyNAm49AyHJMnY5tf1dFEq181ZZq234bk3cjtkN
LTFylW69iKu8JkzHG8pxv35hS+SEVZeFjPd5cBXNOYcqVM6YV5UHhTsXCruC59BN
ldf++F4fR5HED0W3jx3ZZTJUM790O9b7Qd6+jPlPLSv/AgtBd57vn9U/yL85VKVH
kRKECSV+Fzc1SbTc7HVtRPKTKOmBxt1xjWMTIhHd0IDP6/n3Z/Lm88ItH0DKS58a
UHfK1686agoR2ziC7YlemfF9nfWxALYaeHRhrCsHu8oxJXL8eFrlQ6ijBpNQZnTc
WVoBuubglPkA4d9O1ltBP4wQYOM2BTlOEruXABEBAAG0IWFtYXpvbnByaW1lIDxh
bWF6b25wcmltZUBuZXcuY29tPokBTgQTAQoAOBYhBNDsW2yBkuLfsr3jjcXqM1iU
DGuhBQJZvRlnAhsDBQsJCAcDBRUKCQgLBRYCAwEAAh4BAheAAAoJEMXqM1iUDGuh
5R8IAJ6LUJp6CbOJxXvVGFThngQJJfvuOu3u1In1kFN+T19ijDCBVzWAQqShuuRW
DZlJNWCyn+8iIN4lDCnbtcT9ZFosUY/0S3bwymBjzTDhAcY8ktkcvy/QWGaRvCu8
SRY5X9MaXJTm3t6B1ER4dVNs2Myxi5VeieoF2rI7p2bURGY9jBnjLRn1dY/E5jPF
s+eJ0NARd6sd/wMz0qa2h7p28i4Ac1R7trb5S4UKDMIMqWoiEzzaVNk9sYkgOw50
Ll9JZxDpJYMWDPXH/tEftgeo5QqklElAma/fPHeBbKRsj8sgTY+86TFpdNpJUQwe
KuR+nQ6i8SZhkCf8hJOEM69oc2W5AQ0EWb0ZZwEIAMVoBLchUdRuL3ANHMydnQj0
dC9mYb3wlN2pYIuyKoDPEZHa9otZVAyTGsdqpQfG0R1IpWmR6KZNNC5wQS6WDrxX
oOgillXUkKBESV1vCfeQxlxF30Uj9pYdsKxZ7a+//00/RTHdFXiTas2KSuGYVF4D
R+jJQ1mwfvUXXVbfKG5rITAZEq1GhiJIbUOnkR/TehkKQI6yp8AK+/EsZseo1QuY
/wJhXtoXEj+LAExaQTe9oj+isxBmQC1NnYgyg9aoroZwugmBgnvqzVmG8Gjl4GU1
bOxm86hLagHZUyhoMook4pnpIgtpiFmcBSQzuN1JDekGQIiW4InNvdNjDdsKJK8A
EQEAAYkBNgQYAQoAIBYhBNDsW2yBkuLfsr3jjcXqM1iUDGuhBQJZvRlnAhsMAAoJ
EMXqM1iUDGuh/nwH/iFTTsB0z64yhgJnCKERUdy+AzK6R8OyF1Lp8pbcXtDGWMhw
QBUXyBHusn7o+/m8uWCt06oHVzeSLXXfbTYllQaMISTODoGNbz6e+E4/WHVZtBpQ
UC92JIx8r/rV7g0Kh7XevEw/9JYtAUhcHD3QYI93TsoC8+2D4jRJn67nJlcDU1X/
EGbFrQyPzgcEE8Z2kACJO7L/zT9xPlgEojxcxu3XPhpDwHfh/y/MHKMyGl8B91Bd
35U7vAFZaO/kIlBn7hHh9T8W6gQFFIUtaRplzYCldjZQS87+qQ/JoRcEdu4e/57U
02IymWE1cBfm2Uayu0AFNCqaBJbDXLGxRJnlIsE=
=lm1W

-----END PGP PUBLIC KEY BLOCK-----

This key returns no hits in Grams. So my only response was to ask, if they had any issue decrypting my address, and if they had signed the new key with the old anywhere. I'll update when/if they respond. I know I saw a Vendor Inquiry about AmazonPrime a few days ago, so I wanted to bring it up.

TTFN

Edit: AmazonPrime messaged me back, asking that I put my address into the auto-encrypt box, for an order that was marked shipped on the 16th. Not gonna happen, I began a dispute immediately.
Proof- https://anonimage.net/image/iJVOBUsUbO


Comments


[8 Points] None:

[deleted]


[4 Points] AnEvilKangaroo:

interesting - props for posting it to alert us op


[5 Points] Bigw0rmer:

i read this and for some reason i was reminded of amazon dark


[1 Points] AutoModerator:

NEVER let the market encrypt sensitive data (such as your address) for you. Always encrypt it yourself.

The market can always store the plaintext version of your message, and send an encrypted one to the vendor. That way you both think it was encrypted while the market still has the original and unencrypted message.

Also if the market gets taken over by law enforcement, they will store the plaintext versions of the messages that the users sent using the 'PGP encrypt' checkbox to harvest addresses. But they will still send the encrypted ones to the vendor to not make anyone suspicious.

I am a bot, and this action was performed automatically. Please contact the moderators of this subreddit if you have any questions or concerns.