Silk Road forums
Market => Product offers => Topic started by: aliveandstillhere on September 29, 2012, 11:26 pm
-
Hi the name is aliveandstillhere and I am a new vendor on silk road. Everything for the next day until midnight Pacific Time is half off. After that all items will return to normal list prices.
-
http://silkroadvb5piz3r.onion/index.php/silkroad/user/ef075d1b8c
Sr Vendor Profile for aliveandstillhere.
Hey man congrats on sr, Note this is just some tips to help you get started, that I notice serveal vendors do to be come successful on here.
First and for most a proper induction describing what product you will be vending mainly.
Secondly and most important, You need to have a pgp public key for personal info. Most people on here especally bulk buyers will not deal with you with out pgp. There is a great guide under the secuity section of the forum. http://dkn255hz262ypmii.onion/index.php?topic=42094.0
Thirdly Pictures of your products with your username in the pic would be great also.
Lastly Never ask for people to Finalize Early. Especially when your starting, This is a major red flag for a new vendor.
Best of luck to you. Hope this helps you.
-
Samples are always nice too.
-
Yea pick out 5 or ten members. This could take some time maybe a couple of days since you want to find members who are reputable and write descent reviews. Also, it's ok to make them pay for shipping and make sure if you do samples that they are done with in the SR process with listings of them. That way you will get your feedback over there as well as in the forums.
Make sure you take your pics from a camera that doesn't tag information to your pictures like the latitude and longitude of where your location is. There are easy ways to scrub meta info off your pics using software like photoshop or paint.net.
Welcome to the road! If i read some good reviews I'll give you a try but please try to get your pgp public key block in place. That's the thing about letting a few people sample your items. It gives the rest of us an idea of how good your services are and quality of product plus it shows that you are authentic. You may take a small loss at first but it will be worth it in the long run. Some of my reviews has helped a vendor sell out with in an hour. Good luck!
-
I want to thank all of you for your advice. I could use a little help in where to get the pgp software. Thanks again.
-
You can use Privnote until you get the hang of PGP.
But you can get PGP here: http://ppgp.sourceforge.net/ - portable PGP.
Welcome to SR. :)
-
You can use Privnote until you get the hang of PGP.
But you can get PGP here: http://ppgp.sourceforge.net/ - portable PGP.
Welcome to SR. :)
Don't use privnote.
-
You can use Privnote until you get the hang of PGP.
But you can get PGP here: http://ppgp.sourceforge.net/ - portable PGP.
Welcome to SR. :)
Don't use privnote.
For bulk orders, definitely not. Otherwise, it's fine. And what's more, it's better than using nothing at all.
-
You can use Privnote until you get the hang of PGP.
But you can get PGP here: http://ppgp.sourceforge.net/ - portable PGP.
Welcome to SR. :)
Don't use privnote.
For bulk orders, definitely not. Otherwise, it's fine. And what's more, it's better than using nothing at all.
A public site having your address unencrypted is fine? I can't seem to wrap my head around this. I didn't reccomend for aliveandstillthere to use nothing at all. Pgp can take more effort to learn, but for the privacy of the vendor and the customer i belive is well worth the time.
Also, aliveandstillthere sorry it has took me time to get back to you. The sample link you sent me didn't work. My pm's on are not working at the momment. I'll send you a pm when they are. I look forward to hearing back from you and putting up a review of your service, packaging, and product so you can get started making money. :)
-
Consider that all that is in the privnote is an address. There's nothing in the privnote that denotes what you are buying. Or even if you are buying anything at all. The "logged" IP address is a TOR address (assuming one isn't dumb enough to use Privnote via clear web and assuming Privnote logs IP addresses).
Law enforcement would have to tie the TOR address of the sender with the address in the Privnote with the Tor address with the one who clicked it (recipient), with product being sold. What's more, once read, the Privnote is deleted (assuming this is 100% true).
Not worth any LEO's time and effort to figure out unless it was a bulk order for which they can levy the charge of intent to distribute.
PGP isn't anymore secure. Why? Let's say a vendor gets raided. He didn't practice best security and has his PGP software in a place LE can get to. They can just run his software and if he didn't delete messages or public keys of his customers, LE will have addresses of customers and in some cases, access to the the vendor's SR account. Imagine if LE gained access to a vendor's SR account as part of some deal. They go through his orders on SR and instead of seeing PGP messages (which they likely could if they have the vendor's decryption key ), they see links to Privnote. They click the links only to find that the links were already clicked and the messages deleted. The vendor has no other paper trail to give to LEO.
Paranoia is good. But a false sense of security with PGP is bad.
Key to success on SR is not to do too many bulk orders. None is best of course. Bulk orders upgrade any interest in you to intent to distribute. Personal use quantities won't draw too much attention as that amount isn't worth going after someone for. Likely, by the time LEO gets the go ahead, you've already consumed the evidence whereby granting yourself plausible deniability.
-
Consider that all that is in the privnote is an address. There's nothing in the privnote that denotes what you are buying. Or even if you are buying anything at all. The "logged" IP address is a TOR address (assuming one isn't dumb enough to use Privnote via clear web and assuming Privnote logs IP addresses).
Law enforcement would have to tie the TOR address of the sender with the address in the Privnote with the Tor address with the one who clicked it (recipient), with product being sold. What's more, once read, the Privnote is deleted (assuming this is 100% true).
Not worth any LEO's time and effort to figure out unless it was a bulk order for which they can levy the charge of intent to distribute.
PGP isn't anymore secure. Why? Let's say a vendor gets raided. He didn't practice best security and has his PGP software in a place LE can get to. They can just run his software and if he didn't delete messages or public keys of his customers, LE will have addresses of customers and in some cases, access to the the vendor's SR account. Imagine if LE gained access to a vendor's SR account as part of some deal. They go through his orders on SR and instead of seeing PGP messages (which they likely could if they have the vendor's decryption key ), they see links to Privnote. They click the links only to find that the links were already clicked and the messages deleted. The vendor has no other paper trail to give to LEO.
Paranoia is good. But a false sense of security with PGP is bad.
Key to success on SR is not to do too many bulk orders. None is best of course. Bulk orders upgrade any interest in you to intent to distribute. Personal use quantities won't draw too much attention as that amount isn't worth going after someone for. Likely, by the time LEO gets the go ahead, you've already consumed the evidence whereby granting yourself plausible deniability.
You are the only person that has been able to shift my perspective on privnote. Than's for opening my mind and i gave you karma. Which kinda gave me a whole new idea. What if the seller was to use the vendors pgp and place the encrypted message into privnote. Do you think that would add another layer of security or be in a sense a waste of time?
-
PGP in a Privnote is definitely more secure. But I would ask the vendor ahead of time if that is alright. Some can't open Privnotes since some vendors use a Mac - at least that is what I read on a few occasions. Plus some vendors may feel inconvenienced if you add that extra layer. More clicks for them which can be annoying when TOR is slow. Though, I don't think they would mind for a bulk order. And that's where you'd want to have that extra layer of security.
Glad that I could illustrate that Privnote isn't as bad as some make it seem. Though, like TOR, it is vulnerable to man in the middle attacks. But then again, one has to figure that LEO doesn't want to be bothered going after buyers of small orders. It's unproductive and a waste of their resources.
Though one thing about security and LEO - if multiple LEOs pooled their resources and attempted a multi-pronged attack on SR where they went after buyers and sellers alike during say a one month sting operation to create FUD (fear, uncertainty, and doubt), they would do so as posing as vendors and buyers. Likely as bulk vendors and bulk buyers. But that causes a whole bunch of legal problems for themselves. Not that that would deter them from doing this. But if you weren't ordering bulk during this time, I believe that if you unwittingly bought a personal use quantity from a LEO honeypot vendor, you might get a visit to your address on record. But since anyone can pose as you on Tor and send the package to your address, you have loads of plausible deniability. Even in the event of a controlled delivery. If you suspect a controlled delivery, don't accept the package. If you did before you thought about it, don't open the package. Always wait a bit to open any package from SR. By not opening it, you can claim ignorance, that you didn't open it because you never ordered from the entity listed on the return address. And have a pretty good hiding place in your residence for your drugs. That's just best practice.
Anyway, walk good and enjoy your SR experience. Be cautious. Don't be too trusting of or be too chummy with vendors. Keep it professional. It's business. But do treat vendors as human beings. Above all, stay in escrow.
After 85+ transactions, I haven't lost money yet because I stayed in escrow. Made it through all the scams in the last year. Got my money back from two vendors that flaked out on me and failed to ship. I use PGP with vendors that have it, Privnote with those that don't. Oddly though, I've never entered my address as clear text into the SR system at check out. It's a silly fear I suppose. Seems naked.
-
PGP in a Privnote is definitely more secure. But I would ask the vendor ahead of time if that is alright. Some can't open Privnotes since some vendors use a Mac - at least that is what I read on a few occasions. Plus some vendors may feel inconvenienced if you add that extra layer. More clicks for them which can be annoying when TOR is slow. Though, I don't think they would mind for a bulk order. And that's where you'd want to have that extra layer of security.
Glad that I could illustrate that Privnote isn't as bad as some make it seem. Though, like TOR, it is vulnerable to man in the middle attacks. But then again, one has to figure that LEO doesn't want to be bothered going after buyers of small orders. It's unproductive and a waste of their resources.
Though one thing about security and LEO - if multiple LEOs pooled their resources and attempted a multi-pronged attack on SR where they went after buyers and sellers alike during say a one month sting operation to create FUD (fear, uncertainty, and doubt), they would do so as posing as vendors and buyers. Likely as bulk vendors and bulk buyers. But that causes a whole bunch of legal problems for themselves. Not that that would deter them from doing this. But if you weren't ordering bulk during this time, I believe that if you unwittingly bought a personal use quantity from a LEO honeypot vendor, you might get a visit to your address on record. But since anyone can pose as you on Tor and send the package to your address, you have loads of plausible deniability. Even in the event of a controlled delivery. If you suspect a controlled delivery, don't accept the package. If you did before you thought about it, don't open the package. Always wait a bit to open any package from SR. By not opening it, you can claim ignorance, that you didn't open it because you never ordered from the entity listed on the return address. And have a pretty good hiding place in your residence for your drugs. That's just best practice.
Anyway, walk good and enjoy your SR experience. Be cautious. Don't be too trusting of or be too chummy with vendors. Keep it professional. It's business. But do treat vendors as human beings. Above all, stay in escrow.
After 85+ transactions, I haven't lost money yet because I stayed in escrow. Made it through all the scams in the last year. Got my money back from two vendors that flaked out on me and failed to ship. I use PGP with vendors that have it, Privnote with those that don't. Oddly though, I've never entered my address as clear text into the SR system at check out. It's a silly fear I suppose. Seems naked.
Yeah, i think we might think alike more than i thought. Thanks for all that information. I have also been very lucky and haven't lost any money. I've always used pgp and i've used privnote once.
I stick to vendors i know. (Even though this doesn't mean that LEO couldn't obtain that vendor's account in the future.) It shocks me that some vendors don't have pgp or use privenote. But, to each is own. The point could also be argued that it doesn't matter what type of encryption you use if the vendor makes a mistake and doesn't delete your address after using it.
I try to help out new vendors that i feel are legit and are trying to get a start on the road. Someone has to take a chance to gives these guyes a start. I guess the most important thing to remember is. If it's too good to be true, it most likely bad news. And always be ready to stick to your guns and deny no matter what happens.
-
Thanks to the both of you for the enlightening advise about security. I think that I would go with the pgp inside of the privnote. I have always been to better to be safe than sorry. Even if it means a few more minutes at the computer so what. This is the freedom of persons and SR that we are dealing with and to me that means taking any precautions that are necessary for that security.