Silk Road forums
Discussion => Security => Topic started by: flaxceed on July 12, 2012, 03:46 pm
-
So it happened. I made a privnote and the recipient told me it was already read. WTF? Has anyone else had this happen? Isolated incident?
Please- no lectures on PGP vs. Privnote. Not interested. I use PGP with everyone who uses it with me, and I am confident with the security that it affords. I also understand that Privnote is not a good substitute. But my question is- WTF? Has this happened to other people too? Just how rare is this? Who read it? Where are the vulnerable points? Sure SR staff could read it but I can't imagine they are interested in doing that. It would be more exciting to watch your own hair grow. LE? But how? This was sent via the SR message system.
-
He could have accidentally double read it (refreshed it)? You could have accidentally clicked the 'destroy it' button? Jesus could have intervened and decided you didn't need Viagra?
Really there's no way to have any idea, it does tell you when it was read.
Was it right as you wrote it, implying you accidentally read it?
Was it 0 minutes implying he accidentally refreshed it?
Nows the time to step up security, learn GPG, lay low for awhile:
dkn255hz262ypmii.onion/index.php?topic=131.0
-
LE? But how? This was sent via the SR message system.
are you sure you want the answer to this?
He probs don't but I do, educate me Shan.
-
Lol ok read through them, adding another comment to that daft cunt who wants other payments as well, some other silly remark that it'll cut up my conscience to let go.
Anyway yeah, I read them and don't see what ya getting at, not been sleep for a bit so not 100% sharp.
-
what i'm getting at is that i think that feds pwning the site and reading privnotes and non-gpg'd addresses is the most likely method of attack against sr. the site is about as secure as a... fuck it i can't think of a good metaphor :P it's very insecure though
actually now that i think about it a little, human intelligence is a more likely attack but they'd get only buyers like that
The most likely way the feds will attack SR is by picking the low hanging fruit and focusing on the human element, not by hacking the technological aspects of it.
-
Always encrypt your privnote links. That's what I do, when I use them. And I hate to use them.
-
OK I know im leaving myself wide open by asking but why encrypt the link? why not just encrypt the whole message?
-
Actually, that's what I also do. If I ever use privnote, and I make sure it is a very rare occurrence... now, at least. But if I ever use it, I encrypt whatever message it is to contain with PGP before hand, then I encrypt the privnote link itself, then I give the encrypted link to whoever it is that needs it. When the transaction system isn't an option due to vendor inexperience, this is how I get my comforting illusion of security.
-
I'm not sure why people use privnote at all, after this incident I'm surprised anyone would use it again. Why take the risk at all things like this occur? Madness.