Silk Road forums

Discussion => Security => Topic started by: Nightcrawler on October 04, 2013, 04:35 pm

Title: Virtually all of you are doomed... here's why
Post by: Nightcrawler on October 04, 2013, 04:35 pm
I just saw something on here that hit me in the head like a brick. I just saw a user post a PGP public key generated with broken software. The default keys generated by this piece of shit software (e.g. PortablePGP) are _so_ weak, they are literally laughable.

pub   1024D/8B8E2001 2013-09-13
uid                  Zyntaks <>
sub    512g/D303B36C 2013-09-13

A dozen years ago, 512-bit encryption keys were being broken in a few weeks on old, spare computers that people had laying about the office. You can just imagine how long they would last against the resources than an organization like the FBI could bring to bear against them.

Warnings against using this type of software have been repeatedly posted, but they appear to have fallen on deaf ears.

The basic reason why I say "Virtually all of you are doomed" is because almost NO ONE wants to invest the time and effort required to learn how to keep themselves safe. During the crypto wars of the 1990s, I, like the Cypherpunks, believed that people would leap at the chance to embrace the tools that would enable them to escape the Orwellian gaze of the surveillance state.

At that time, the various police agencies were near apoplectic at the prospect of readily available strong encryption making its way into the hands of criminals (and others). They railed at every opportunity -- to anyone who would listen -- that the availability of strong non-backdoored encryption would stop police investigations dead in their tracks. 

They were right -- the problem was that neither the general public nor the criminals adopted these tools. Rather than being widely adopted, the efforts of the Cypherpunks were greeted, at best, with a collective yawn. Even here, amongst a community that should have had a strong motivation to adopt these tools, it has not taken place. As proof, I would submit the fact that various vendors have stated that upwards of 80% of even shipping address information was transmitted in the clear (i.e. unencrypted).

Winters86, in his post here about a year ago, said that the biggest fear among police was that people would start learning to use tools like PGP. Despite that, there was (and is) still resistance -- there are still vendors (like RxKing) who say that PGP is a waste of time.

Sadly, what has become apparent to me, is that people are not going to change their habits. They don't want to learn; they want an instant fix -- they want to be spoon-fed, they want security handed to them on a silver platter. I have read endless complaints about how the software is "so complicated". People have said, "Explain it to me like I'm a 5 year old". You can't learn everything overnight. You have to develop a security-oriented mindset, and that takes time, effort, and patience to develop.

People value ease of use so highly, that they're willing to sacrifice their security to get it. People here are more worried about getting their drugs than they are about getting caught.

That's not the way it works and, in a nutshell, that's why the authorities are going to win in the end. Laziness, ignorance, and stupidity are, and will always be, the authorities greatest weapons.

As Friedrich Schiller wrote:

Folly, thou conquerest, and I must yield!
Against stupidity the very gods Themselves
contend in vain.

Nightcrawler
4096R/BBF7433B 2012-09-22 Nightcrawler <Nightcrawler@SR>
PGP Key: http://dkn255hz262ypmii.onion/index.php?topic=174.msg633090#msg633090
PGP Key Fingerprint = 83F8 CAF8 7B73 C3C7 8D07  B66B AFC8 CE71 D9AF D2F0
Title: Re: Virtually all of you are doomed... here's why
Post by: AnonymousAddict on October 04, 2013, 04:48 pm
Very nice post N C!! Loved it.

The damn thing is. PGP is not that hard, Shit its not hard to learn at all!! I taught a vendor on here last week in 1 hour how to PGP.. Its nothing. Just as simple as making an xbox account or something..

Its just Lazie ness and not willing to learn is all..
Title: Re: Virtually all of you are doomed... here's why
Post by: isthereanyneed on October 04, 2013, 11:06 pm
Well said, but I dont think were all doomed, we just need to learn, its to expensive and time consuming going after buyers or small time vendors, all that effort for what? A buyer who knows nothing about where they got their drugs from, its a no brainer, they wont target buyers and if they do then sobeit, what will be will be, I will use it as a platform to become a stronger person.

I didnt know any better in the early, some one already mentioned this and I agree, I really do think that before your allowed to join any black market site you should have to read the do's and dont's before you start, the sites makers should make it abundantly clear before your allowed to purchase or sell but mainly purchase as I think its the buyers that would the most wet behind the ears as it were, I just hope we all try and stick together after the moves to wherever we go, learned a lot here.
Title: Re: Virtually all of you are doomed... here's why
Post by: dudeism on October 05, 2013, 04:06 am
You're preaching to the choir here on the forums, but right on brother.
Title: Re: Virtually all of you are doomed... here's why
Post by: gn0ssos on October 05, 2013, 04:20 am
Glad I'm on a Mac using GPG Tools. I'm no expert, but I'm pretty sure that's at least a little better than PGP Key on a Windows platform. Also, I think it's a bit of a stretch to say we're all doomed. Even if we assume the NSA/FBI can easily break any type of PGP encryption, do you really think they're going to sift through thousands if not millions of orders and PM's, cracking every single one to track down people who bought drugs at one time on SR and probably don't even have them anymore?

It is something to think about when we're all migrating to other sites like BMR, however. We certainly need to be as careful as possible, you can never be too safe. I just placed my first order on BMR today and noticed that it says above the address box that PGP encryption will already be used IF the vendor has posted a PGP key. I don't think this is a good idea on BMR's part, because this will make people think they don't need to still encrypt their address themselves. I'm just going to keep encrypting and keeping my Tor bundle updated, I feel fairly safe in that.
Title: Re: Virtually all of you are doomed... here's why
Post by: Nightcrawler on October 05, 2013, 04:40 am
Glad I'm on a Mac using GPG Tools. I'm no expert, but I'm pretty sure that's at least a little better than PGP Key on a Windows platform. Also, I think it's a bit of a stretch to say we're all doomed. Even if we assume the NSA/FBI can easily break any type of PGP encryption, do you really think they're going to sift through thousands if not millions of orders and PM's, cracking every single one to track down people who bought drugs at one time on SR and probably don't even have them anymore?

It is something to think about when we're all migrating to other sites like BMR, however. We certainly need to be as careful as possible, you can never be too safe. I just placed my first order on BMR today and noticed that it says above the address box that PGP encryption will already be used IF the vendor has posted a PGP key. I don't think this is a good idea on BMR's part, because this will make people think they don't need to still encrypt their address themselves. I'm just going to keep encrypting and keeping my Tor bundle updated, I feel fairly safe in that.

I was engaging in a little hyperbole. The people who are doomed are the ones who failed to use encryption, which by some vendors' accounts, is upwards of 80% of buyers.  Of those who did use PGP, most of them should be safe. Of that traffic encrypted with DPR's PGP key (0x67B7FA25). with DPR now in custody and his laptop in the hands of the FBI, I suspect any and all such encrypted traffic will soon be decrypted. It is highly likely that the Feds now possess DPR's private key. Given DPR's lack of security sophistication, I suspect that he will either give up his PGP passphrase, or it will be found using brute-force or a dictionary attack, thus leading to the compromise of all his stored, encrypted traffic.

Nightcrawler
4096R/BBF7433B 2012-09-22 Nightcrawler <Nightcrawler@SR>
PGP Key: http://dkn255hz262ypmii.onion/index.php?topic=174.msg633090#msg633090
PGP Key Fingerprint = 83F8 CAF8 7B73 C3C7 8D07  B66B AFC8 CE71 D9AF D2F0
Title: Re: Virtually all of you are doomed... here's why
Post by: Kittykatgirl123 on October 05, 2013, 05:01 am
Glad I'm on a Mac using GPG Tools. I'm no expert, but I'm pretty sure that's at least a little better than PGP Key on a Windows platform. Also, I think it's a bit of a stretch to say we're all doomed. Even if we assume the NSA/FBI can easily break any type of PGP encryption, do you really think they're going to sift through thousands if not millions of orders and PM's, cracking every single one to track down people who bought drugs at one time on SR and probably don't even have them anymore?

It is something to think about when we're all migrating to other sites like BMR, however. We certainly need to be as careful as possible, you can never be too safe. I just placed my first order on BMR today and noticed that it says above the address box that PGP encryption will already be used IF the vendor has posted a PGP key. I don't think this is a good idea on BMR's part, because this will make people think they don't need to still encrypt their address themselves. I'm just going to keep encrypting and keeping my Tor bundle updated, I feel fairly safe in that.

It's basically what you've said. When the FBI are going after drug cartels, who are they going after? The buyers, the sellers? The answer is neither. They are going after the supplier, the head of the chain. In the case of SR, it's the very same thing. No, we're not doomed. PGP or not. Maybe in 10 years, when they have sifted through EVERY piece of unencrypted information from both buyers and sellers AND put together a case of viable evidence against both buyers and sellers? I think not. Too much time, too much money, too much work that even the FBI will find not worth it. We're safer online than we are actually having our packages shipped, in the case they were seized by customs. Also, for the automatic encryption, it doesn't seem like many people have read the information on that. If you encrypt any info in the address/instructions box, that encryption will conflict with the original automatic encryption, leaving it to be a confusing mess that will not work. SO: If it is automatically being encrypted, do not encrypt it a second time! It may screw up your order!
Title: Re: Virtually all of you are doomed... here's why
Post by: slyguy498 on October 05, 2013, 08:11 am
Glad I'm on a Mac using GPG Tools. I'm no expert, but I'm pretty sure that's at least a little better than PGP Key on a Windows platform. Also, I think it's a bit of a stretch to say we're all doomed. Even if we assume the NSA/FBI can easily break any type of PGP encryption, do you really think they're going to sift through thousands if not millions of orders and PM's, cracking every single one to track down people who bought drugs at one time on SR and probably don't even have them anymore?

It is something to think about when we're all migrating to other sites like BMR, however. We certainly need to be as careful as possible, you can never be too safe. I just placed my first order on BMR today and noticed that it says above the address box that PGP encryption will already be used IF the vendor has posted a PGP key. I don't think this is a good idea on BMR's part, because this will make people think they don't need to still encrypt their address themselves. I'm just going to keep encrypting and keeping my Tor bundle updated, I feel fairly safe in that.

It's basically what you've said. When the FBI are going after drug cartels, who are they going after? The buyers, the sellers? The answer is neither. They are going after the supplier, the head of the chain. In the case of SR, it's the very same thing. No, we're not doomed. PGP or not. Maybe in 10 years, when they have sifted through EVERY piece of unencrypted information from both buyers and sellers AND put together a case of viable evidence against both buyers and sellers? I think not. Too much time, too much money, too much work that even the FBI will find not worth it. We're safer online than we are actually having our packages shipped, in the case they were seized by customs. Also, for the automatic encryption, it doesn't seem like many people have read the information on that. If you encrypt any info in the address/instructions box, that encryption will conflict with the original automatic encryption, leaving it to be a confusing mess that will not work. SO: If it is automatically being encrypted, do not encrypt it a second time! It may screw up your order!
Well the address box we sent our info in was encrypted automatically right? so ur saying we shouldnt have used pgp?
Title: Re: Virtually all of you are doomed... here's why
Post by: SandStorm on October 05, 2013, 10:28 am
Glad I'm on a Mac using GPG Tools. I'm no expert, but I'm pretty sure that's at least a little better than PGP Key on a Windows platform. Also, I think it's a bit of a stretch to say we're all doomed. Even if we assume the NSA/FBI can easily break any type of PGP encryption, do you really think they're going to sift through thousands if not millions of orders and PM's, cracking every single one to track down people who bought drugs at one time on SR and probably don't even have them anymore?

It is something to think about when we're all migrating to other sites like BMR, however. We certainly need to be as careful as possible, you can never be too safe. I just placed my first order on BMR today and noticed that it says above the address box that PGP encryption will already be used IF the vendor has posted a PGP key. I don't think this is a good idea on BMR's part, because this will make people think they don't need to still encrypt their address themselves. I'm just going to keep encrypting and keeping my Tor bundle updated, I feel fairly safe in that.

It's basically what you've said. When the FBI are going after drug cartels, who are they going after? The buyers, the sellers? The answer is neither. They are going after the supplier, the head of the chain. In the case of SR, it's the very same thing. No, we're not doomed. PGP or not. Maybe in 10 years, when they have sifted through EVERY piece of unencrypted information from both buyers and sellers AND put together a case of viable evidence against both buyers and sellers? I think not. Too much time, too much money, too much work that even the FBI will find not worth it. We're safer online than we are actually having our packages shipped, in the case they were seized by customs. Also, for the automatic encryption, it doesn't seem like many people have read the information on that. If you encrypt any info in the address/instructions box, that encryption will conflict with the original automatic encryption, leaving it to be a confusing mess that will not work. SO: If it is automatically being encrypted, do not encrypt it a second time! It may screw up your order!
This is bullshit!
The way encrytion works:
(message)  -- encryption 1 -> (|e1| 90rjfn93hrfbeh |/e1|) -- encrytption 2 (auto) -> |e2| 387g4t[gbqi893ghwo |/e2|

Decryption:
(|e2| 387g4t[gbqi893ghwo |/e2|) -- decryption 2 -> (|e1| 90rjfn93hrfbeh |/e1|) -- decryption 1 -> message
(|e2| 387g4t[gbqi893ghwo |/e2|) -- decryption 1 -> "can't decrypt!"
(|e1| 90rjfn93hrfbeh |/e1|) -- decryption 2 -> "can't decrypt!"

Now that silkroads automatic encryption |e2| probably is compromised it provide a very nessesary layer of security to have this extra layer of encryption on any sensitive information you've sendt here on silkroad!
Title: Re: Virtually all of you are doomed... here's why
Post by: Nightcrawler on October 05, 2013, 01:55 pm
Glad I'm on a Mac using GPG Tools. I'm no expert, but I'm pretty sure that's at least a little better than PGP Key on a Windows platform. Also, I think it's a bit of a stretch to say we're all doomed. Even if we assume the NSA/FBI can easily break any type of PGP encryption, do you really think they're going to sift through thousands if not millions of orders and PM's, cracking every single one to track down people who bought drugs at one time on SR and probably don't even have them anymore?

It is something to think about when we're all migrating to other sites like BMR, however. We certainly need to be as careful as possible, you can never be too safe. I just placed my first order on BMR today and noticed that it says above the address box that PGP encryption will already be used IF the vendor has posted a PGP key. I don't think this is a good idea on BMR's part, because this will make people think they don't need to still encrypt their address themselves. I'm just going to keep encrypting and keeping my Tor bundle updated, I feel fairly safe in that.

It's basically what you've said. When the FBI are going after drug cartels, who are they going after? The buyers, the sellers? The answer is neither. They are going after the supplier, the head of the chain. In the case of SR, it's the very same thing. No, we're not doomed. PGP or not. Maybe in 10 years, when they have sifted through EVERY piece of unencrypted information from both buyers and sellers AND put together a case of viable evidence against both buyers and sellers? I think not. Too much time, too much money, too much work that even the FBI will find not worth it. We're safer online than we are actually having our packages shipped, in the case they were seized by customs. Also, for the automatic encryption, it doesn't seem like many people have read the information on that. If you encrypt any info in the address/instructions box, that encryption will conflict with the original automatic encryption, leaving it to be a confusing mess that will not work. SO: If it is automatically being encrypted, do not encrypt it a second time! It may screw up your order!
This is bullshit!
The way encrytion works:
(message)  -- encryption 1 -> (|e1| 90rjfn93hrfbeh |/e1|) -- encrytption 2 (auto) -> |e2| 387g4t[gbqi893ghwo |/e2|

Decryption:
(|e2| 387g4t[gbqi893ghwo |/e2|) -- decryption 2 -> (|e1| 90rjfn93hrfbeh |/e1|) -- decryption 1 -> message
(|e2| 387g4t[gbqi893ghwo |/e2|) -- decryption 1 -> "can't decrypt!"
(|e1| 90rjfn93hrfbeh |/e1|) -- decryption 2 -> "can't decrypt!"

Now that silkroads automatic encryption |e2| probably is compromised it provide a very nessesary layer of security to have this extra layer of encryption on any sensitive information you've sendt here on silkroad!

Silk Road's automatic encryption??!!   There is no such thing!

To the best of my knowledge, all information on the Silk Road servers was stored in the clear, i.e. UNENCRYPTED. Even if DPR had setup the server with full-disk encryption, this would not have been of any value, since full-disk encryption ONLY protects the data when the server is shut-down. In the court documents that have been revealed to date it is stated that forensic analysis has been carried out on the server(s) and various statistics are cited -- this would not have been possible, if the server's contents were strongly encrypted.

I suspect that you're confusing the encryption provided by the Tor network with server-side encryption.

Nightcrawler
4096R/BBF7433B 2012-09-22 Nightcrawler <Nightcrawler@SR>
PGP Key: http://dkn255hz262ypmii.onion/index.php?topic=174.msg633090#msg633090
PGP Key Fingerprint = 83F8 CAF8 7B73 C3C7 8D07  B66B AFC8 CE71 D9AF D2F0
Title: Re: Virtually all of you are doomed... here's why
Post by: gn0ssos on October 05, 2013, 05:50 pm
Glad I'm on a Mac using GPG Tools. I'm no expert, but I'm pretty sure that's at least a little better than PGP Key on a Windows platform. Also, I think it's a bit of a stretch to say we're all doomed. Even if we assume the NSA/FBI can easily break any type of PGP encryption, do you really think they're going to sift through thousands if not millions of orders and PM's, cracking every single one to track down people who bought drugs at one time on SR and probably don't even have them anymore?

It is something to think about when we're all migrating to other sites like BMR, however. We certainly need to be as careful as possible, you can never be too safe. I just placed my first order on BMR today and noticed that it says above the address box that PGP encryption will already be used IF the vendor has posted a PGP key. I don't think this is a good idea on BMR's part, because this will make people think they don't need to still encrypt their address themselves. I'm just going to keep encrypting and keeping my Tor bundle updated, I feel fairly safe in that.

It's basically what you've said. When the FBI are going after drug cartels, who are they going after? The buyers, the sellers? The answer is neither. They are going after the supplier, the head of the chain. In the case of SR, it's the very same thing. No, we're not doomed. PGP or not. Maybe in 10 years, when they have sifted through EVERY piece of unencrypted information from both buyers and sellers AND put together a case of viable evidence against both buyers and sellers? I think not. Too much time, too much money, too much work that even the FBI will find not worth it. We're safer online than we are actually having our packages shipped, in the case they were seized by customs. Also, for the automatic encryption, it doesn't seem like many people have read the information on that. If you encrypt any info in the address/instructions box, that encryption will conflict with the original automatic encryption, leaving it to be a confusing mess that will not work. SO: If it is automatically being encrypted, do not encrypt it a second time! It may screw up your order!

Are you sure about this? I've ordered before on BMR and I always still use PGP on top of the automatic encryption. Many vendors seem to expect you to do this, especially after what just happened. Can anyone confirm this about BMR's automatic encryption? Thanks.
Title: Re: Virtually all of you are doomed... here's why
Post by: CodoneCowboy on October 05, 2013, 08:45 pm
Are you sure about this? I've ordered before on BMR and I always still use PGP on top of the automatic encryption. Many vendors seem to expect you to do this, especially after what just happened. Can anyone confirm this about BMR's automatic encryption? Thanks.

I've actually disabled automatic encryption on BMR. If BMR were compromised, the feds could change the code so that the automatic encryption doesn't actually work--or they could have two copies of the data: the vendor and buyer would see it get automatically encrypted, but the unencrypted data would be sent to the feds prior to encryption. You should always, always manually encrypt and submit it that way. Meanwhile, if you manually encrypt on top of the automatic encryption, the vendor has to decrypt twice I believe--which doesn't give you any more protection, it's just a pain in the ass for the vendor.

My recommendation would be to disable automatic encryption and encrypt manually.
Title: Re: Virtually all of you are doomed... here's why
Post by: MushroomMafia on October 05, 2013, 10:35 pm
doesnt bmr use the pgp key that you provide to encrypt orders?  if so .gov cant change the key so the they can decode it , and  that it would still work for decoding your own messages.   correct me if i'm wrong please.
We at MushroomMafia  ALWAYS required that every order was pgp encrypted with our 4096 bit key (generated of course with gpg  that I compile my self.)  I had even adjusted a small bit of code in gnupg to make much larger keys than 4096 but not everyones software could handle them.  my other suggestion was to switch to ECC encryption (521 bit)  as it is very very strong as far as i know.
Title: Re: Virtually all of you are doomed... here's why
Post by: Kittykatgirl123 on October 05, 2013, 11:22 pm
Are you sure about this? I've ordered before on BMR and I always still use PGP on top of the automatic encryption. Many vendors seem to expect you to do this, especially after what just happened. Can anyone confirm this about BMR's automatic encryption? Thanks.

I've actually disabled automatic encryption on BMR. If BMR were compromised, the feds could change the code so that the automatic encryption doesn't actually work--or they could have two copies of the data: the vendor and buyer would see it get automatically encrypted, but the unencrypted data would be sent to the feds prior to encryption. You should always, always manually encrypt and submit it that way. Meanwhile, if you manually encrypt on top of the automatic encryption, the vendor has to decrypt twice I believe--which doesn't give you any more protection, it's just a pain in the ass for the vendor.

My recommendation would be to disable automatic encryption and encrypt manually.

The automatic encryption does happen on BMR, and it can be disabled. I read it on the forums straight from backopy, he said encrypting it a second time over complicates it for the vendors and can make it harder to decrypt. So the best method would be to disable and do it manually as CC mentioned.
Title: Re: Virtually all of you are doomed... here's why
Post by: Nightcrawler on October 06, 2013, 01:15 am
doesnt bmr use the pgp key that you provide to encrypt orders?  if so .gov cant change the key so the they can decode it , and  that it would still work for decoding your own messages.   correct me if i'm wrong please.

The problem with the automatic encryption is that the data has to be on the server in cleartext, prior to encryption. Now the cleartext may only be on the server-side for a fraction of a second, but it is nonetheless there. It is ALWAYS better to have the information placed on the server already encrypted.

We at MushroomMafia  ALWAYS required that every order was pgp encrypted with our 4096 bit key (generated of course with gpg  that I compile my self.)  I had even adjusted a small bit of code in gnupg to make much larger keys than 4096 but not everyones software could handle them.  my other suggestion was to switch to ECC encryption (521 bit)  as it is very very strong as far as i know.

Bruce Schneier, in one of his latest blog posts outlines what people can do to avoid being surveilled by the NSA.  In that post, he specifically advises against using ECC, as many implementations use curves chosen by the NSA, likely because they are easier for them to break.  Here is some of what he said:

Quote
[I} have five pieces of advice:

1) Hide in the network. Implement hidden services. Use Tor to anonymize yourself. Yes, the NSA targets Tor users, but it's work for them. The less obvious you are, the safer you are.

2) Encrypt your communications. Use TLS. Use IPsec. Again, while it's true that the NSA targets encrypted connections – and it may have explicit exploits against these protocols – you're much better protected than if you communicate in the clear.

3) Assume that while your computer can be compromised, it would take work and risk on the part of the NSA – so it probably isn't. If you have something really important, use an air gap. Since I started working with the Snowden documents, I bought a new computer that has never been connected to the internet. If I want to transfer a file, I encrypt the file on the secure computer and walk it over to my internet computer, using a USB stick. To decrypt something, I reverse the process. This might not be bulletproof, but it's pretty good.

4) Be suspicious of commercial encryption software, especially from large vendors. My guess is that most encryption products from large US companies have NSA-friendly back doors, and many foreign ones probably do as well. It's prudent to assume that foreign products also have foreign-installed backdoors. Closed-source software is easier for the NSA to backdoor than open-source software. Systems relying on master secrets are vulnerable to the NSA, through either legal or more clandestine means.

5) Try to use public-domain encryption that has to be compatible with other implementations. For example, it's harder for the NSA to backdoor TLS than BitLocker, because any vendor's TLS has to be compatible with every other vendor's TLS, while BitLocker only has to be compatible with itself, giving the NSA a lot more freedom to make changes. And because BitLocker is proprietary, it's far less likely those changes will be discovered. Prefer symmetric cryptography over public-key cryptography. Prefer conventional discrete-log-based systems over elliptic-curve systems; the latter have constants that the NSA influences when they can.

Since I started working with Snowden's documents, I have been using GPG, Silent Circle, Tails, OTR, TrueCrypt, BleachBit, and a few other things I'm not going to write about. There's an undocumented encryption feature in my Password Safe program from the command line); I've been using that as well.

I understand that most of this is impossible for the typical internet user. Even I don't use all these tools for most everything I am working on. And I'm still primarily on Windows, unfortunately. Linux would be safer.

The NSA has turned the fabric of the internet into a vast surveillance platform, but they are not magical. They're limited by the same economic realities as the rest of us, and our best defense is to make surveillance of us as expensive as possible.

Trust the math. Encryption is your friend. Use it well, and do your best to ensure that nothing can compromise it. That's how you can remain secure even in the face of the NSA.

Source: http://www.theguardian.com/world/2013/sep/05/nsa-how-to-remain-secure-surveillance (clearnet)

Nightcrawler
4096R/BBF7433B 2012-09-22 Nightcrawler <Nightcrawler@SR>
PGP Key: http://dkn255hz262ypmii.onion/index.php?topic=174.msg633090#msg633090
PGP Key Fingerprint = 83F8 CAF8 7B73 C3C7 8D07  B66B AFC8 CE71 D9AF D2F0


Title: Re: Virtually all of you are doomed... here's why
Post by: Bungee54 on October 06, 2013, 10:04 am
EXCELLENT OPENING POST !!

*clapping hands*
Title: Re: Virtually all of you are doomed... here's why
Post by: toejammer on October 06, 2013, 06:10 pm
if u use encryption for ALL then they have to work a little harder to catch u and there are LOADS of people out there not using it correctly so u get a pass cause u are more difficult to nab. takes more time and energy...  that guy over there. WEEK encryption if any at all.... Lets get him first.....


plus who dont like banging on the keys to create enough juice to create those LARGER encryption strings PLUS your KEY is like 2 pages LONG!


can never be too safe right.

AND WHY THE HELL WAS DPR living in the US ANYWAY! for being so smart he is really dumb....he has also put us in great danger as well...... i thought he cared about this community.. If he did he would not have done such dumb things and gotten nabbed....... hell even that french director polansky knows not to come anywhere close to the US!

Title: Re: Virtually all of you are doomed... here's why
Post by: newbottles on October 08, 2013, 11:49 pm
AND WHY THE HELL WAS DPR living in the US ANYWAY! for being so smart he is really dumb....he has also put us in great danger as well...... i thought he cared about this community.. If he did he would not have done such dumb things and gotten nabbed....... hell even that french director polansky knows not to come anywhere close to the US!

Just more reasons to wonder wtf is going on with the official DPR bust story.  There is more than meets the eye here.  We just don't know what. 

I smell Oswald-Ruby type thing or classic snitch setup.