Silk Road forums

Discussion => Security => Topic started by: fartsinthewind on October 28, 2012, 09:08 pm

Title: Unencrypted address in SR PM
Post by: fartsinthewind on October 28, 2012, 09:08 pm
If i gave a vendor my unencrypted address per SR PM, do these messages automatically delete after a while? If I delete them on my end for a vendor who is awol, are they deleted for good?

Just wondering in case somebody's computer gets seized and LEO's are able to view messages. And call me a noob, but even encrypted messages can be read if a hard drive is seized and the 2nd party's public pgp key hasn't been destroyed?

Thanks for your input.
Title: Re: Unencrypted address in SR PM
Post by: CoolGrey on October 28, 2012, 09:27 pm
After the order is completed, the address should be wiped from the Silk Road database. We can't be sure it is, that's why it's good practice to use PGP encryption. If something ever happens to the server, PGP encrypted addresses will be unreadable.   

A good seller should not safe his customers addresses on his computer. At least not unencrypted, but preferably not at all. However, as a buyer, that is out of your hands. The only thing you can do is try to choose a security conscious seller.
Title: Re: Unencrypted address in SR PM
Post by: fartsinthewind on October 28, 2012, 09:49 pm
Yeah i understand that. But in this case my address was in a private message for the sending of a sample/out of escrow transaction.

You can go read your sent messages in your mailbox and there is a <delete> option. Does this delete it for good or does the other party have to delete it on their end as well?
Title: Re: Unencrypted address in SR PM
Post by: microRNA on October 29, 2012, 01:39 am
that was not very smart honestly

even if you delete it that doesnt remove it cause like you said it could still be in the vendors messages

i do believe however that after a period of 3-4 months all messages are automatically removed from the system - not positive cause i probably read that on the forum

and you cant guarantee someone hasnt copied the database before that occurs, although obviously hopefully this hasnt occurred but this is why you should absolutely NEVER send your address unencrypted even through the address box from now one