Silk Road forums

Discussion => Security => Topic started by: cannetic on April 04, 2012, 12:17 am

Title: GPG should be mandatory
Post by: cannetic on April 04, 2012, 12:17 am
Why is this not a standard here? I have never been to a source-board before without GPG being mandatory. I got a response from a vendor today, claiming that he doesn't use GPG, and doesn't want to use GPG. I got another response from a vendor, who was provided my public key, unencrypted! This is a HUGE security flaw.

C'mon people! Step up with the times.. TOR alone WILL NOT save you. You need to be utilizing every method of security that you possibly can.

GPG = Free
TOR = Free
VPN = *Free (There are a handful of amazing VPN services, absolutely free of charge)
SSH = *Free (Same as above)
Proxy Forwarding = Free

Where is your excuse? It seems to me that if you do not use GPG, you are:

1) Lazy
2) Not concerned with this reference staying up
3) Not concerned with the security of your customers

Just my 2 cents.. but something should seriously be done about this. It takes under 10 minutes to download GPA (or whatever you use to encrypt) and make a key. There is no reason someone's security should be compromised for 10 minutes of your time. I don't care how busy you claim to be. If you have time to log on here, or on your email, you have time to learn how to make a key and use it!
Title: Re: GPG should be mandatory
Post by: cr0ssh4t on April 04, 2012, 01:07 am
I agree, but at the same time, I haven't seen any vendors not have a key.  I also don't see a good way to enforce a policy like this.  Nevertheless, all should use it, ignorance or lazyness is not an excuse.
Title: Re: GPG should be mandatory
Post by: sherryandstevebaumstark on April 04, 2012, 05:01 am
Can somebody explain "how to on a Mac" use keys and how to make them???
Title: Re: GPG should be mandatory
Post by: Diamond on April 04, 2012, 05:22 am
I agree, but at the same time, I haven't seen any vendors not have a key.  I also don't see a good way to enforce a policy like this.  Nevertheless, all should use it, ignorance or lazyness is not an excuse.

I have. It's frustrating, because there are a few vendors that only carry the item I want with no public key available. Not going to make the purchase.

I don't have a seller's account, but it can't be THAT hard to enforce
- When registering as a seller, make GPG Public Key a required field
- do some RegEx work to at least attempt to enforce this field receiving proper input

And of course, buyers should refuse to do business with any vendor who will not use GPG. Simple as that.
Title: Re: GPG should be mandatory
Post by: wretched on April 04, 2012, 04:18 pm
And of course, buyers should refuse to do business with any vendor who will not use GPG. Simple as that.

this! but if buyers don't want to use it, it is their choice, just the same as the choice of drugs they put into their body!
Title: Re: GPG should be mandatory
Post by: jtemp102311 on April 04, 2012, 04:20 pm
As long as vendors aren't selling pounds of weed, yayo, cocaine, MDMA or grams of LSD.. I don't think PGP is really necessary.  LEO couldn't give a fuck about small time operations.  I'd imagine they'd want to cut the head off of the proverbial snake.

Just my two cents. (Or bents ;))
Title: Re: GPG should be mandatory
Post by: kmfkewm on April 04, 2012, 09:38 pm
As long as vendors aren't selling pounds of weed, yayo, cocaine, MDMA or grams of LSD.. I don't think PGP is really necessary.  LEO couldn't give a fuck about small time operations.  I'd imagine they'd want to cut the head off of the proverbial snake.

Just my two cents. (Or bents ;))

http://medical-dictionary.thefreedictionary.com/Denial+%28psychology%29

Quote
denial
Psychiatry A primitive–ego defense–mechanism by which a person unconsciously negates the existence of a disease or other stress-producing reality in his environment, by disavowing thoughts, feelings, wishes, needs, or external reality factors that are consciously intolerable.
Title: Re: GPG should be mandatory
Post by: Laughing Man on April 04, 2012, 09:50 pm
GPG should be used for all communication as well, not just when you're sending your address.
Title: Re: GPG should be mandatory
Post by: raven92 on April 04, 2012, 10:03 pm
As long as vendors aren't selling pounds of weed, yayo, cocaine, MDMA or grams of LSD.. I don't think PGP is really necessary.  LEO couldn't give a fuck about small time operations.  I'd imagine they'd want to cut the head off of the proverbial snake.

Just my two cents. (Or bents ;))

They can't easily bite it off, so they stab the little guys and make huge publicity stunts out of them. To scare other people into not doing drugs.

There is no reason to make it easier to get your info/address.
Title: Re: GPG should be mandatory
Post by: cosmicwizard on April 04, 2012, 10:47 pm
GPG should be used for all communication as well, not just when you're sending your address.

+1 it is very annoying when people don't use GPG. It should be used at all times in every aspect!
Title: Re: GPG should be mandatory
Post by: kidx on April 05, 2012, 01:10 am
Okay, what the hell is GPG? Could you please explain what you are talking about instead of using jargon and achronyms? I'm not sure if GPG is needed, but I would like to research it on my own to find out.
Title: Re: GPG should be mandatory
Post by: funkynuts321 on April 05, 2012, 03:48 am
Can somebody explain "how to on a Mac" use keys and how to make them???
There are a few tutorials on the forum like this one:
http://dkn255hz262ypmii.onion/index.php?topic=8962.0

I also use a Mac and use GPG Keychain Access. It's very easy to learn and took me all of about 15 min to figure out. I agree on all fronts of this post- learn it, use it and make sure you sleep well at night knowing your conversations and personal information is encrypted. Anything else is simply irresponsible.
Title: Re: GPG should be mandatory
Post by: BE HERE NOW on April 05, 2012, 03:57 am
YO wattup peeps!

first post.

I've been reading for minute and decided to post.

While I completely agree on this issue, the real problem is that techy newbs (like myself) simply have a very difficult time learning how to use GPG and other related kinds of programs. I'm currently checking out the tutorials given, mainly the remote option looks like it will be easiest (tried the first one and ran into issues... certain files not shown during process as listed in tutorial), but what happens is one dives in, downloads a program or a couple, and it just gets way confusing way fast.

I've got gpg4win which uses kleopatra? and I just have zero idea how to proceed. Unfortunately some of us need our hand held every fuckin' step! So, the real reason why it's not done across the board is that, I believe.

Please try and spare me any ridicule for lacking probably simplest of know how... I'm working on figuring it out. Any easy to understand help and/tips are mos def appreciated.

PEACE!

Title: Re: GPG should be mandatory
Post by: wretched on April 05, 2012, 04:02 am
for the newb, using windows google gpg4usb. simple program to use with built in text editor. from there, you can move on to bigger and better things., like getting rid of windows alltogether.
Title: Re: GPG should be mandatory
Post by: Limetless on April 05, 2012, 04:09 am
I agree with the OP, I didn't know how to use PGP/GPG etc when I got here but I just asked around and it took me a few hours to learn basics and maybe 2 days to master the software. What's the point of taking chances when it's that easy?
Title: Re: GPG should be mandatory
Post by: BE HERE NOW on April 05, 2012, 06:46 am
Figured out the creating of the key part. Will delve into tutorial and continue figuring it out.

What would be the newbest way to getting off windows? Any general overall benefits and pros someone can share? As in, what blows most about windows and such as well...

Thanks!
Title: Re: GPG should be mandatory
Post by: Limitless on April 08, 2012, 11:48 pm
i agree op, but sadly when I posted this, ppl basically so what?

http://dkn255hz262ypmii.onion/index.php?topic=6233.0

Maybe the tide is turning, idk, but I'm all for it :)
Title: Re: GPG should be mandatory
Post by: Smiletabs on April 09, 2012, 12:45 am
Indeed. I wish more people would us GPG.
Title: Re: GPG should be mandatory
Post by: BE HERE NOW on April 15, 2012, 12:49 am
Finally got the shit down! It is actually seriously easy once you know what you're looking at. Sometimes the terms people use, or the actual terms needed are difficult to understand until you go through the process. Like I downloaded GPG4win but initially I didn't download the GPA HAHA I JUST GOTIT! Why "GPA" in the tutorial wasn't listed in my files as I was trying to follow along step by step.

Some newbs like myself tend to click click clicky too fast because they're impatient and I often assume if something isn't checked upon DL'ing, and needs a manual click, it isn't worth it for some reason.

I went ahead and re DL'd the program (after watching youtube tutorials and got tired of still not getting it) and after that it was pretty easy.

I think the OP should list to make sure to check all appropriate boxes. I guess Claws isn't fully needed? I still have left that one out.