Silk Road forums

Discussion => Newbie discussion => Topic started by: Shm0keand@Panc@ke on March 25, 2013, 04:11 pm

Title: Is PGP neccessary?
Post by: Shm0keand@Panc@ke on March 25, 2013, 04:11 pm
When sending your address information to the seller via PM, will he deny your request because it wasn't encrypted(Note: I'm not talking about having a back and forth convo, just sending the buyer's info...
Title: Re: Is PGP neccessary?
Post by: wwizard on March 25, 2013, 04:24 pm
Some sellers accept addresses that are unencrypted, but sending your address via PM without PGP is even more risky than putting it unencrypted in the address field. If you want to get busted though, send him your address unencrypted. Look at the tutorials, PGP is really easy anyways.
Title: Re: Is PGP neccessary?
Post by: ladyjane on March 25, 2013, 04:26 pm
Not neccesary in some peoples eyes but pretty damn important. Some vendors will not accept your order if  you don't use pgp.Lots of buyers wouldn't order from a vendor who doesnt use PGP.

it really isn't that difficult, i recommend astors guide, i found it really helpful.
Title: Re: Is PGP neccessary?
Post by: hojasanta on March 25, 2013, 04:36 pm
Necessary? No.... but if you want to do all you can to maintain anonymity and protect yourself, why WOULDN'T you use it???  the only one who loses by not using it is you.

Title: Re: Is PGP neccessary?
Post by: caman420 on March 25, 2013, 04:38 pm
I just got my first order & client did not use pgp, I would prefer if he did just for safety reasons but it is what it is!

pgp is really easy here is a video well worth the watch

http://www.youtube.com/watch?v=SywCI91kfq0
Title: Re: Is PGP neccessary?
Post by: bayUK on March 25, 2013, 04:46 pm
Highly recommended ;)
Title: Re: Is PGP neccessary?
Post by: Stringer on March 25, 2013, 05:01 pm
About as necessary as condoms with a woman you just met.
Title: Re: Is PGP neccessary?
Post by: Pharmington Rex on March 25, 2013, 05:04 pm
●▬▬▬▬▬▬▬ஜ۩۞۩ஜ▬▬▬▬▬▬▬▬▬●
❖             Pharmington Rex                  ❖
●▬▬▬▬▬▬▬ஜ۩۞۩ஜ▬▬▬▬▬▬▬▬▬●

First of all, if you think SR is compromised, who would LE go after? The low hanging fruit who didn't encrypt their address or the low hanging fruit who did encrypt their address not knowing that the vendor was also compromised?

You have to understand what PGP is and what PGP isn't. What it is, is just a degree of separation between you and anyone who might intercept communications between you and the vendor. That's it. Think of it as a bullet proof vest which doesn't protect your head, extremities or even your family jewels.

Why am I approaching it in this manner? Because, while you may secure yourself with PGP, you may be negligent in other areas of security or identity which defeats the purpose of PGP. PGP is just one part of your protective armour. It is not a suit of armour.

TL;DR - while PGP covers your chest and back, it doesn't cover your arse. Don't overweight it as a matter of security, but don't under weight it either. Rather, incorporate it as part of a balanced approach towards securing your identity and putting a degree of separation between you and your illicit activities.

Also note that many vendors who accept all forms of communication are vendors that have protected themselves with degrees of separation from you and SR and often the product itself. Or at least they should have. PGP only vendors on the other hand, if compromised, may divulge their PGP passcode and you wouldn't know it until it is too late. For example, RC vendor davidd. Look into it.

Cheers,

♔ Sir Pillsalot



●ஜ۩۞۩ஜ▬▬▬▬ஜ۩۞۩ஜ▬▬▬ஜ۩۞۩ஜ●

The Gentleman Lords of Pharmaceuticals.
Serving US Patrons from within the US.

●ஜ۩۞۩ஜ▬▬▬▬ஜ۩۞۩ஜ▬▬▬ஜ۩۞۩ஜ●
Title: Re: Is PGP neccessary?
Post by: safras on March 25, 2013, 10:19 pm
From what I understand exit nodes aren't encrypted. Tor just provides anonymity: you can't tell where a message came from. Messages are encrypted within the Tor network, but the exit node sends the unencrypted message to the destination server (otherwise the server wouldn't be able to read it). The exit node can eavesdrop on any communications it sends, so you are basically trusting the exit node. Anyone can set up an exit node.

A scheme like SSL (that you use with your bank or when buying on Amazon) involves trusted public/private key distribution. The bank has a private key, a certificate authority certifies its public key to say that it belongs to the bank, you encrypt things with the bank's public key, it decrypts them with its private key that only the bank has. In this way you are sure nobody except the bank can see what you send.

On SR the seller has his private key, he publishes his public key on his seller profile, you encrypt your message with it, only he can decrypt it with his private key. In this way you are sure nobody except the seller can see what you send.

SR encrypts the STORED address, so that if SR gets hacked, your address is encrypted. But that happens only after SR has received the address. If you don't encrypt it yourself with PGP then the exit node can see it and it will be sent to the SR servers from the exit node in plaintext. That is my understanding, please correct me if I'm wrong.
Title: Re: Is PGP neccessary?
Post by: luxxiaxx on March 25, 2013, 10:40 pm
Different sellers have different policies regarding to what - if any - extent PGP encryption is required for conveying personal information. However, the vast majority of sellers seem to accept orders from people who have not encrypted (or sent via privnote) tunheir address, yet strongly prefer it when buyers use PGP.

Every time you place an order with a seller for the first time, it's IMPERATIVE that you read their entire seller profile carefully, as well as read the listing(s) for the item(s) you're purchasing from them from beginning to end. Sellers generally address this issue on their seller profile & clearly state their person policies regarding PGP encryption of mailing addresses & anything else along significantly similar lines. If a seller does not specify their policy on the topic in question anywhere in their seller profile, it's safe to assume that there's no added expectations that PGP be implemented when purchasing product(s) from them.
Title: Re: Is PGP neccessary?
Post by: onetwothree on March 25, 2013, 10:42 pm
That is my understanding, please correct me if I'm wrong.

Your last paragraph lost me a bit, but you are mostly correct. You are misunderstanding one important distinction, though. Exit nodes only apply to node who retrieve traffic outside of Tor. They are called that because they are exiting Tor. Hidden services (.onion) such as SR are encrypted end to end. No node can sniff your traffic at any point (well, they can, but it's encrypted).
Title: Re: Is PGP neccessary?
Post by: TheWire on March 25, 2013, 10:46 pm
ROFLCOPTER
Title: Re: Is PGP neccessary?
Post by: safras on March 25, 2013, 11:04 pm
Your last paragraph lost me a bit, but you are mostly correct. You are misunderstanding one important distinction, though. Exit nodes only apply to node who retrieve traffic outside of Tor. They are called that because they are exiting Tor. Hidden services (.onion) such as SR are encrypted end to end. No node can sniff your traffic at any point (well, they can, but it's encrypted).
Oh I didn't realise that. In that case, there is no danger of exit node eavesdropping.

I guess you should just use PGP if you don't trust SR with your communications. Not strictly necessary, but it's safer to have only the seller as the weak link. The fewer people you trust the fewer opportunities for trust to be broken accidentally or intentionally.
Title: Re: Is PGP neccessary?
Post by: onetwothree on March 25, 2013, 11:23 pm
Your last paragraph lost me a bit, but you are mostly correct. You are misunderstanding one important distinction, though. Exit nodes only apply to node who retrieve traffic outside of Tor. They are called that because they are exiting Tor. Hidden services (.onion) such as SR are encrypted end to end. No node can sniff your traffic at any point (well, they can, but it's encrypted).

I guess you should just use PGP if you don't trust SR with your communications. Not strictly necessary, but it's safer to have only the seller as the weak link.

It absolutely boggles my mind that some people would rather not take the 5 seconds to encrypt and copy and paste their address when those 5 seconds ensure it would take the world's fastest (publicly known) supercomputer several hundreds to thousands of years (depending on whose estimate you use) to bruteforce.
Title: Re: Is PGP neccessary?
Post by: bandeto962 on March 25, 2013, 11:34 pm
+1 to what everyone else has said. It's a quick and easy (once you figure it out) process. Why wouldn't you do it?
Title: Re: Is PGP neccessary?
Post by: simplyanon on March 25, 2013, 11:35 pm
PGP is a tool. One you can choose to use, or choose not to. Quite simple, really. Do you trust the Silk Road to keep your information safe, and with that, do you believe that you are at a severe risk when sending that information over Tor? Personally, I do not use PGP for 90% of the things I do on here. Ordering from multiple vendors, different keys, separating orders...It's just too much of a pain in the ass for me to want to use it when all I want is some pot and maybe a few tabs of Lucy. The way I see it is this, I cover my ass when I order, I cover it well. If, by chance, a LE agency happened to snatch up my address....who cares? Seeing them try to prove that I'm the one who ordered anything off of here would be, at the minimum, amusing.

Now, I'm not saying PGP doesn't have its times when you should use it. As said earlier, it's a vest, and if you're in the danger zone, put that bitch on. When ordering bulk for redistribution or even personal use (Stoners) then PGP it up.

I know I'm about to catch more flak than a B17 over Germany, but if you're ordering an 1/8th of pot and maybe some MDMA or LSD or Shrooms or whatever, then I don't think you need to worry about the DEA kicking your door in.
Title: Re: Is PGP neccessary?
Post by: TheWire on March 25, 2013, 11:41 pm
beepgp
Title: Re: Is PGP neccessary?
Post by: jentyb on March 25, 2013, 11:54 pm
Just do it to be on the safe side man... Quick question tho, How do i get a tor mail address?
Title: Re: Is PGP neccessary?
Post by: KintaroBC on March 26, 2013, 12:01 am
I'm behind three layers of cryptography on Tor. Unless Silk Road has a mole, I'm not getting busted. Nobody has ever asked me for this shit and I've made quite a few orders. Your seller sounds like a fucktard.
Title: Re: Is PGP neccessary?
Post by: onetwothree on March 26, 2013, 12:14 am
Just do it to be on the safe side man... Quick question tho, How do i get a tor mail address?

http://jhiwjjlqpyawmpjx.onion/
Title: Re: Is PGP neccessary?
Post by: Player3013 on March 26, 2013, 12:30 am
pgp is so easy to setup and use on any OS that there's no reason it shouldn't be used. there are youtube clips that explain how to set it up quickly.
Title: Re: Is PGP neccessary?
Post by: newbottles on March 26, 2013, 09:43 pm
Just imagine if SR was compromised and LE announced they had access to all the archived orders and messages.  Wouldn't you feel a little less doomed if you had used PGP every time you sent your NAME and ADDRESS to a vendor to BUY DRUGS?

Furthermore, imagine this scenario, knowing that many users didn't encrypt their names and addresses.  Who do you think LE will focus on?  Encrypted or unencrypted addresses?

Always use PGP!
Title: Re: Is PGP neccessary?
Post by: AddyJacks on March 26, 2013, 09:49 pm
Lets say the LE had compromised SR to that dangerous of a degree, which may or may not happen some day I don't know? But people don't always need to use PGP when talking with a vendor or other member because it doesn't give away their name and their address in anyways.

That's why many vendors actually ask you not to use PGP in personal messages unless it discloses personal information that the government could use to harm you.

I've once heard that the government purchased the last gateway used when sending the address to the vendor (I don't know if it's true or not) but I DO recommend always using PGP when sending your address to a vendor, but besides that there is no reason to waste your time with always encrypting every message
Title: Re: Is PGP neccessary?
Post by: AddyJacks on March 26, 2013, 09:53 pm
Chiquita for example doesn't use PGP, he told me to use privnote when ordering, so I just didn't order. I've researched privnote and there is away for administrators to recover your destroyed message after it is already read, which is why I don't understand why he doesn't just post a public PGP
Title: Re: Is PGP neccessary?
Post by: CuteHotGirl on March 26, 2013, 10:22 pm
When sending your address information to the seller via PM, will he deny your request because it wasn't encrypted(Note: I'm not talking about having a back and forth convo, just sending the buyer's info...

no its not required... unless the vender requires it... and many dont.... but do so at your own risk... if its just weed or something your buying, then its a bit more safe to not encrypt, then if buying cocain or crack.

the worse the law is for a drug... the more you should use pgp.... for something like weed its a bit more safe.

many venders do not require it.. but you should ask before placing an order to make sure its okay with them... so far all the venders i asked were fine with no pgp

i did not want to use pgp at first either... but after some yotube videos.. and some playing around the the program.. its rather easy....  downlaod the program and play around with it as you watch some youtube videos about it.

Title: Re: Is PGP neccessary?
Post by: potluver2446 on March 26, 2013, 10:29 pm
what about privnote?
Title: Re: Is PGP neccessary?
Post by: inthefade on March 26, 2013, 10:47 pm
I just put in my first order, it was a small one, but I didn't use PGP to send my address. Should I cancel it and put it in again? If I cancel it, will I get my bitcoins back? the status is "processing".
Title: Re: Is PGP neccessary?
Post by: ChemCat on March 26, 2013, 10:57 pm
PGP is a tool. One you can choose to use, or choose not to. Quite simple, really. Do you trust the Silk Road to keep your information safe, and with that, do you believe that you are at a severe risk when sending that information over Tor? Personally, I do not use PGP for 90% of the things I do on here. Ordering from multiple vendors, different keys, separating orders...It's just too much of a pain in the ass for me to want to use it when all I want is some pot and maybe a few tabs of Lucy. The way I see it is this, I cover my ass when I order, I cover it well. If, by chance, a LE agency happened to snatch up my address....who cares? Seeing them try to prove that I'm the one who ordered anything off of here would be, at the minimum, amusing.

Now, I'm not saying PGP doesn't have its times when you should use it. As said earlier, it's a vest, and if you're in the danger zone, put that bitch on. When ordering bulk for redistribution or even personal use (Stoners) then PGP it up.

I know I'm about to catch more flak than a B17 over Germany, but if you're ordering an 1/8th of pot and maybe some MDMA or LSD or Shrooms or whatever, then I don't think you need to worry about the DEA kicking your door in.


+1 speak yur mind
Title: Re: Is PGP neccessary?
Post by: tearghoa on March 26, 2013, 11:01 pm
Yes use pgp, avoid things like privnote. Never use a hosted pgp service like hush, etc.
Title: Re: Is PGP neccessary?
Post by: onetwothree on March 26, 2013, 11:06 pm
When sending your address information to the seller via PM, will he deny your request because it wasn't encrypted(Note: I'm not talking about having a back and forth convo, just sending the buyer's info...
if its just weed or something your buying, then its a bit more safe to not encrypt, then if buying cocain or crack.

the worse the law is for a drug... the more you should use pgp.... for something like weed its a bit more safe.

I don't know where you are located, but federally in the USA, weed is schedule 1 and cocaine is schedule 2. So your argument is backwards. You should say that you should use PGP for weed but not cocaine.

what about privnote?

Privnote is accepted by many vendors, but as a buyer, I'd almost argue it's worse than nothing.

I just put in my first order, it was a small one, but I didn't use PGP to send my address. Should I cancel it and put it in again? If I cancel it, will I get my bitcoins back? the status is "processing".

No. It's already in the SR database.

I don't really think SR's methods are documented anywhere, so for all we know, the "address" field is deleted from the database when an order is finalized. But as I've said before, I'm dumbfounded that people would rather not take the few seconds to encrypt their address. I just don't get it. To each their own, though.
Title: Re: Is PGP neccessary?
Post by: inthefade on March 26, 2013, 11:16 pm
I will be more cautious next time, thanks :)
Title: Re: Is PGP neccessary?
Post by: onetwothree on March 26, 2013, 11:33 pm
I will be more cautious next time, thanks :)

For the record, that last part was not directed at you. You didn't choose not to use it; you just didn't know about it.

If it was really your first order and you have no built up stats to 'sacrifice', you could consider making a new SR account just so future purchases can't be tied to that first address. Since PGP keys, SR accounts, and Tormail accounts are so easily created (and disposed of if need be), it's something to think about. Again, though, that falls under my probably-will-never-ever-make-a-difference-but-eliminates-the-tiny-possibility-anyway policy, which some might find excessive.

Happy Roading!
Title: Re: Is PGP neccessary?
Post by: ChemCat on March 26, 2013, 11:38 pm
+1 that in 72 hours  ..   

:)  Just Remind Me  :P

Peace,


ChemCat


8)
Title: Re: Is PGP neccessary?
Post by: inthefade on March 27, 2013, 12:23 am
I will be more cautious next time, thanks :)

For the record, that last part was not directed at you. You didn't choose not to use it; you just didn't know about it.

If it was really your first order and you have no built up stats to 'sacrifice', you could consider making a new SR account just so future purchases can't be tied to that first address. Since PGP keys, SR accounts, and Tormail accounts are so easily created (and disposed of if need be), it's something to think about. Again, though, that falls under my probably-will-never-ever-make-a-difference-but-eliminates-the-tiny-possibility-anyway policy, which some might find excessive.

Happy Roading!
Yes, it was my first time with bitcoin, PGP and SR, total newbie here lol I'll probably do what you say, I don't have anything to lose. Thanks!
Title: Re: Is PGP neccessary?
Post by: ChemCat on March 27, 2013, 12:33 am
yur good man...anything further..follow the link at the bottom of my sig. Be safe....

Enjoy  :)

Research...there is alot of info here around us  :)

use the search feature...

i'm not just sayin this to be an ass  :)

there is a varitable cornucopia of information right at our fingertips....utilize everything....BE SAFE!!

:)

Peace,

ChemCat

8)
Title: Re: Is PGP neccessary?
Post by: newbottles on March 27, 2013, 12:34 am
BTW I agree that non-incriminating messages do NOT require PGP.  Only things that may identify you.
Title: Re: Is PGP neccessary?
Post by: weed4me6969 on March 27, 2013, 01:12 am
So YES it is very important to remain anonymous!
Title: Re: Is PGP neccessary?
Post by: ChemCat on March 27, 2013, 01:26 am
wut r bitcoins?

???
Title: Re: Is PGP neccessary?
Post by: onetwothree on March 27, 2013, 01:34 am
wut r bitcoins?

???

Dear ChemCat,

With this many posts, I'm kind of shocked you don't even know wut bitcoins r.

Quote
Bitcoins are the unit of currency of the Bitcoin system. A commonly used shorthand for this is “BTC” to refer to a price or amount (eg: “100 BTC”). There are such things as physical bitcoins, but ultimately, a bitcoin is just a number associated with a Bitcoin Address. A physical bitcoin is simply an object, such as a coin, with the number carefully embedded inside.

Sincerely,

123
Title: Re: Is PGP neccessary?
Post by: ChemCat on March 27, 2013, 01:38 am
Oh My  (blushes)

I'm Sorry  :)

I was Just Bein Goofy  :P

Peace,

ChemCat

8)
Title: Re: Is PGP neccessary?
Post by: onetwothree on March 27, 2013, 01:43 am
Oh My  (blushes)

I'm Sorry  :)

I was Just Bein Goofy  :P

Peace,

ChemCat

8)

WHAT IN THE HECK?!?!?

I never would have guessed!  ;)

I'm almost off for the night.

Take care Mr. ChemCat and all  :-*
Title: Re: Is PGP neccessary?
Post by: BKisnotBurgerKing on March 27, 2013, 01:49 am
Sending your delivery address un-encrypted is king of like ordering and giving out your info over a loudspeaker. Not only to mention if the SR database was ever compromised and you had an order processing at the time. You are now on an SR customer list you don't want to be on.
Title: Re: Is PGP neccessary?
Post by: ChemCat on March 27, 2013, 01:53 am
Absolutely!!

:P

You have a nice time of day yourself  :)

Peace,

ChemCat

8)
Title: Re: Is PGP neccessary?
Post by: inthefade on March 27, 2013, 02:05 am
From the wiki (http://dkn255hz262ypmii.onion/wiki/index.php?title=Buyer%27s_Guide#Receiving_address). My only hope is that it's true:

Receiving address

From the moment you submit your order, to the moment it is displayed to your vendor, the information is fully encrypted and totally unreadable. Then, as soon as your vendor marks your package with the address and confirms shipment, the address is deleted forever and is irretrievable. For the extra cautious, you can encrypt your information yourself with your vendor's public key so that even we at Silk Road would be unable to view it, even if we wanted to.
Title: Re: Is PGP neccessary?
Post by: JimmyJack2222 on March 27, 2013, 02:18 am
When sending your address information to the seller via PM, will he deny your request because it wasn't encrypted(Note: I'm not talking about having a back and forth convo, just sending the buyer's info...

100% YES..welcome to SR....
Title: Re: Is PGP neccessary?
Post by: enigma6667 on March 27, 2013, 01:35 pm
I have always worried more about a vendors lack of stealth leading to my address becoming of interest!
Title: Re: Is PGP neccessary?
Post by: bravesoul on March 27, 2013, 02:42 pm
Hmm is PGP really necessary...you are surfing in an encrypted network, paying with cryptocurrency which seems to be pretty safe( at least if you are human being who tends to make decisions based on logical patterns)...and you really risk your safety for a few seconds of lazyness? Anyway you never now, what your vendor does with your address, i would only wish they are all really only using some Linux-on-a-stick and the customer data additionally is secured with TrueCrypt, just in case, they got busted. On the other hand, as long as you don't use a real clear name...what would happen. I also happen to use a false identity for over 10 years, if this poor guy really existed and once got busted...uh :D
So as a consensus, if you want to understand the idea, the future and everything about SR and BTC, you better learn to use PGP. With Echelon and other stuff already up and running, try to keep the rest of you privacy...don't throw it away or you will wake up after "1984" and be living in a "Brave New World" without even recognizing it ;) Nuff said...
Title: Re: Is PGP neccessary?
Post by: tramonym on March 27, 2013, 09:05 pm
pgp protects you address when SR servers get busted or hacked...
Title: Re: Is PGP neccessary?
Post by: ratobhale on March 27, 2013, 09:13 pm
It is very easy software..Just encrypt the address using sellers ID
Title: Re: Is PGP neccessary?
Post by: Mr Lucy on March 27, 2013, 09:17 pm
YES! if SR said we must, it is a must. It is easy to learn and use, DO IT! for your sake and the customers sake as well
Title: Re: Is PGP neccessary?
Post by: okonkwo on March 27, 2013, 09:53 pm
One more thing to learn
Title: Re: Is PGP neccessary?
Post by: ChemCat on March 28, 2013, 12:12 am
two