Silk Road forums

Discussion => Security => Topic started by: Banjo on June 04, 2012, 07:37 pm

Title: Potential new service for venders
Post by: Banjo on June 04, 2012, 07:37 pm
I'm thinking of creating a new .onion service that may be of use to vendors. Before I go to all the trouble of coding it though, I thought I'd do a quick interest check to see if people would actually use it.

Basically it would be a site to track and manage your orders, as well as create and (optionally) share buyer ban/blacklists.

It will allow you to enter your wholesale and retail prices, as well as apply discounts. This way you can easily track your profit margin over time. Each username that you enter is encrypted with a one-way hash, so that if the database were ever compromised, it would be difficult (although not entirely impossible) to get a list of your customers.

I have the whole framework done, so I've got a pretty good idea of how everything will work. Especially from a security standpoint. Rather than making a giant post that no one will read, I'll leave it at this. I plan on being completely transparent with the whole security scheme, so please feel free to ask me anything regarding how I plan to handle a given problem/scenario.

I plan on charging a one-time fee of 5BTC for this service.

A bit about blacklists:
You can create as many blacklists as you want, and each list can have as many banned buyers as you want. When you enter a new order, the system will warn you that the user is on one of your blacklists. That's handy. But what's really handy is you can optionally share your blacklist with other vendors (you control who). If you're subscribed to another vendor's blacklist, and you get a new customer, it will check that username against all of the blacklists you're subscribed to.

To make this a little more clear, let's say you subscribe to Banjo's "Potential LE list". Banjo has added the user, "John Doe" to this list. You get a new order from John Doe, and go to the website to enter in his order. You'd then get a warning: "User John Doe is on Banjo's blacklist, 'potential LE list. The reason stated was: address was a police station'. Are you sure you want to continue with this order?"

But here's the really good part. When you share a blacklist with someone, they don't actually get to see it. Not only do they not get to see the whole list, but it's also encrypted in the database, so that no one can see the list. Using a hash function (I'll be using SHA-512), I can compare uses that you enter against already encrypted users, but there would be no (reasonable) way to reverse the entire list.
Title: Re: Potential new service for venders
Post by: Limetless on June 04, 2012, 07:39 pm
I wouldn't ever consider using this.
Title: Re: Potential new service for venders
Post by: Banjo on June 04, 2012, 07:43 pm
I wouldn't ever consider using this.

Because you wouldn't want a record of your transactions stored somewhere that's out of your control? Especially controlled by someone you have no reason at all to trust?