Silk Road forums
Discussion => Security => Topic started by: limitlessone on December 26, 2012, 04:18 pm
-
Is it more secure to send messages via tor email for example? My concern being if a seller isn't diligent about deleting messages. If somehow SR was compromised and the encrypted GPG messages were available, would that be a risk?
-
No need to worry if they are encrypted, no matter if it is Tormail or SR. If not then you are fucked in both cases- Which fuck is more likely to occur ? No idea, toss a dice.
-
Also it doesn't matter how diligently the vendor removes the messages, this would only protect you against his account being compromised.
If the database with the messages was compromised then your message would still be in there.
DPR has said that all messages are kept for 2 months so even if you both delete it, it's still there.
Ding ding, that's what I was actually wondering about. I don't know how much info is retained on SR's servers which is why I was wondering for a sensitive order if its better that all messages be done offsite.
-
Trust no one, always encrypt.
No matter what system you use, the message you send will always be sitting on a server temporarily, somewhere. You do not personally know the administration of any of the sites you're on, so why would you trust that any of them handle your information securely? The only way to ensure that someone isnt spying on your purchase/request/communication is to encrypt the message straight to the individual you're trying to communicate with.
Silk Road provides a good service, but do you trust them with your information? Are you positive that they're deleting all your information/address? Do you trust that the vendor will delete your address/message immediately? Are you sure the Vendor is going to check their purchases before SR goes down, or gets hacked, or seized? We can assume that this is actually a pretty safe place to do business, and I'm not trying to discourage you from doing business here. Just realize that this is not near a perfect system, and most people here are conducting illegal activities on a site that is internationally recognized as providing illegal resources.
The only safe assumption is to assume you're being watched. So protect yourself. ENCRYPT ALL OF YOUR COMMUNICATIONS.
if you dont know how to setup PGP/GPG encryption, please check the forums here, or use this onion, which is dedicated to helping people setup encryption on their computer: http://p3lr4cdm3pv4plyj.onion/
Stay Safe!
-wicked420
-
Thanks wicked. I'm already doing all the above. I was just thinking out loud that having no direct control over how messages are stored on SR is a weak vector in the scheme of things. It's unlikely but in theory a vendor is busted, encrypted message are intercepted, and coughed up password is used to decrypt. Again highly unlikely.
Although I do believe using public keys that expire would help somewhat?