Dream encryption checkbox

Just a little opsec pointer.... Dream offers the option to automatically encrypt messages once your vendor has a public key displayed properly. This is a nice feature for people who are not familiar with GPG or cant figure it out.

However your message which is usually your address goes to the dream servers before being GPG encrypted with the vendors public key so the Dream owners see the full message before they encrypt it and send it on to the vendor. Its really worth encrypting yourself using GPG or KGpg or whatever if you are able to... that way nobody except yourself and the vendor can see the content of the message


Comments


[5 Points] SuicideChrist:

I don't see how people can manage to understand bitcoin, let alone get bitcoin for purchases but can't figure out something so simple like PGP. Put down the drugs for 5 minutes and figure it the fuck out.


[4 Points] Uruguayman:

IMHO the auto encrypt function makes the whole PGP communication pointless, since there is some unencrypted/clear data (maybe our address) relayed to the market site. So: what's the point in encrypting server side? It's a nonsense...


[2 Points] None:

[deleted]

This comment has been overwritten by this open source script to protect this user's privacy. The purpose of this script is to help protect users from doxing, stalking, and harassment. It also helps prevent mods from profiling and censoring.

If you would like to protect yourself, add the Chrome extension TamperMonkey, or the Firefox extension GreaseMonkey and click Install This Script on the script page. Then to delete your comments, simply click on your username on Reddit, go to the comments tab, scroll down as far as possible (hint: use RES), and hit the new OVERWRITE button at the top.


[1 Points] None:

[deleted]


[1 Points] MajorWarren:

I use auto-encryption on DHL and AB for messages with no sensitive data, but addresses, names and all other sensitive stuff needs to be manually encrypted. Period.


[1 Points] dervish666:

Alphabay does this as well, I've never used it, what's the point in encrypting it to leave it potentially unencrypted on the DNM server. It's trivially easy to encrypt a message, there are even sites like igolder that will do it for you.