Silk Road forums

Discussion => Security => Topic started by: HarmReduction on November 06, 2012, 09:39 am

Title: Privnote
Post by: HarmReduction on November 06, 2012, 09:39 am
Anyone any experience of using Privnote ...would you recommend it
Title: Re: Privnote
Post by: John-Cockblast on November 06, 2012, 09:45 am
It's a great way to pass small notes of communication in an easy fashion. Some people do claim it has vulnerabilities, but I have yet to see any hard evidence on that. What is said is that before the note is read, it can be decrypted, read and passed on without arousing suspicion, but to do that you have to intercept and decrypt the link before it is read which most of the time is unlikely.
Title: Re: Privnote
Post by: HarmReduction on November 06, 2012, 09:56 am
Thanks one of the reasons for asking is that I am a Harm Reduction worker and a researcher, sometimes I use SR for research and people are nervous about PM and others dont have tormail I saw Privnote as another option   as its all encrypted
Title: Re: Privnote
Post by: CoolGrey on November 06, 2012, 01:13 pm
Do NOT use it.

Some time ago there was an "anonymous" internet market, called "the farmer's market". People there used a service called "hushmail", which was a bit like Privnote.

You know what happened? Law Enforcement went to the hushmail service operators and forced them to install software to spy on the users. Some of them are now in jail.

The same thing could happen to Privnote. They can easily spy on your communication if they want to.

There is only one way to securely encrypt your email, and that is called PGP.
Title: Re: Privnote
Post by: PlutoPete on November 06, 2012, 01:52 pm
How do we know privnote is encrypted? we don't know the people who own the site so any claims they make are unverifiable. I cannot understand how buyers here think that putting their details on an unverifiable clearnet site is safer than using plain text in the address box on their order page. Everybody used to tell me how safe hushmail was, and we saw what happened there.
Title: Re: Privnote
Post by: HarmReduction on November 06, 2012, 07:23 pm
Flipen hec - here is details of the market , thanks hushmail and privnote are different though hushmail does not automatically delete the emails hushmail is supposed to be encrypted , it seems though by this article ( http://nakedsecurity.sophos.com/2012/04/23/farmers-market-tor-narcotics/) they were using Pay Pal and Western Union ...I mean hello ;-/
Title: Re: Privnote
Post by: John-Cockblast on November 06, 2012, 07:27 pm
Hushmail's problem was never the encryption, but the spyware that got certain users passwords which made LE able to log in to their accounts. And as HR says, Privnote destroys the content as it has been accessed.

LE could go to Privnote and force them to change certain parameters, but how is it different? The messages can not be linked to certain users as it can with mail accounts as all messages are individual.
Title: Re: Privnote
Post by: HarmReduction on November 06, 2012, 08:03 pm
Hi JC thanks for the clarification ,yes Hushmail only uses passwords which is weak enough even though people claim that its encrypted http://www.cryptoheaven.com seems decent enough
Title: Re: Privnote
Post by: wsg on November 06, 2012, 10:10 pm
Why use a 3rd party to encrypt when you can do it yourself and know that only the sender and receiver are able to see the file harmreduction we have a thread dedicated to the use of encryption on sr I thought your were a researcher :)
Title: Re: Privnote
Post by: The Consultant on November 06, 2012, 10:34 pm
Just use PGP. Really. All there is to it.

Happy Crimes!

- The Consultant
Title: Re: Privnote
Post by: fractalglobal on November 07, 2012, 02:32 am
javascript:oQuickReply.swap();
Are there any email vendors that offer RSA tokens? Seems like a pretty easy way to get around all afore mentioned problems