Silk Road forums
Discussion => Security => Topic started by: cannetic on April 04, 2012, 12:17 am
-
Why is this not a standard here? I have never been to a source-board before without GPG being mandatory. I got a response from a vendor today, claiming that he doesn't use GPG, and doesn't want to use GPG. I got another response from a vendor, who was provided my public key, unencrypted! This is a HUGE security flaw.
C'mon people! Step up with the times.. TOR alone WILL NOT save you. You need to be utilizing every method of security that you possibly can.
GPG = Free
TOR = Free
VPN = *Free (There are a handful of amazing VPN services, absolutely free of charge)
SSH = *Free (Same as above)
Proxy Forwarding = Free
Where is your excuse? It seems to me that if you do not use GPG, you are:
1) Lazy
2) Not concerned with this reference staying up
3) Not concerned with the security of your customers
Just my 2 cents.. but something should seriously be done about this. It takes under 10 minutes to download GPA (or whatever you use to encrypt) and make a key. There is no reason someone's security should be compromised for 10 minutes of your time. I don't care how busy you claim to be. If you have time to log on here, or on your email, you have time to learn how to make a key and use it!
-
I agree, but at the same time, I haven't seen any vendors not have a key. I also don't see a good way to enforce a policy like this. Nevertheless, all should use it, ignorance or lazyness is not an excuse.
-
Can somebody explain "how to on a Mac" use keys and how to make them???
-
I agree, but at the same time, I haven't seen any vendors not have a key. I also don't see a good way to enforce a policy like this. Nevertheless, all should use it, ignorance or lazyness is not an excuse.
I have. It's frustrating, because there are a few vendors that only carry the item I want with no public key available. Not going to make the purchase.
I don't have a seller's account, but it can't be THAT hard to enforce
- When registering as a seller, make GPG Public Key a required field
- do some RegEx work to at least attempt to enforce this field receiving proper input
And of course, buyers should refuse to do business with any vendor who will not use GPG. Simple as that.
-
And of course, buyers should refuse to do business with any vendor who will not use GPG. Simple as that.
this! but if buyers don't want to use it, it is their choice, just the same as the choice of drugs they put into their body!
-
As long as vendors aren't selling pounds of weed, yayo, cocaine, MDMA or grams of LSD.. I don't think PGP is really necessary. LEO couldn't give a fuck about small time operations. I'd imagine they'd want to cut the head off of the proverbial snake.
Just my two cents. (Or bents ;))
-
As long as vendors aren't selling pounds of weed, yayo, cocaine, MDMA or grams of LSD.. I don't think PGP is really necessary. LEO couldn't give a fuck about small time operations. I'd imagine they'd want to cut the head off of the proverbial snake.
Just my two cents. (Or bents ;))
http://medical-dictionary.thefreedictionary.com/Denial+%28psychology%29
denial
Psychiatry A primitive–ego defense–mechanism by which a person unconsciously negates the existence of a disease or other stress-producing reality in his environment, by disavowing thoughts, feelings, wishes, needs, or external reality factors that are consciously intolerable.
-
GPG should be used for all communication as well, not just when you're sending your address.
-
As long as vendors aren't selling pounds of weed, yayo, cocaine, MDMA or grams of LSD.. I don't think PGP is really necessary. LEO couldn't give a fuck about small time operations. I'd imagine they'd want to cut the head off of the proverbial snake.
Just my two cents. (Or bents ;))
They can't easily bite it off, so they stab the little guys and make huge publicity stunts out of them. To scare other people into not doing drugs.
There is no reason to make it easier to get your info/address.
-
GPG should be used for all communication as well, not just when you're sending your address.
+1 it is very annoying when people don't use GPG. It should be used at all times in every aspect!
-
Okay, what the hell is GPG? Could you please explain what you are talking about instead of using jargon and achronyms? I'm not sure if GPG is needed, but I would like to research it on my own to find out.
-
Can somebody explain "how to on a Mac" use keys and how to make them???
There are a few tutorials on the forum like this one:
http://dkn255hz262ypmii.onion/index.php?topic=8962.0
I also use a Mac and use GPG Keychain Access. It's very easy to learn and took me all of about 15 min to figure out. I agree on all fronts of this post- learn it, use it and make sure you sleep well at night knowing your conversations and personal information is encrypted. Anything else is simply irresponsible.
-
YO wattup peeps!
first post.
I've been reading for minute and decided to post.
While I completely agree on this issue, the real problem is that techy newbs (like myself) simply have a very difficult time learning how to use GPG and other related kinds of programs. I'm currently checking out the tutorials given, mainly the remote option looks like it will be easiest (tried the first one and ran into issues... certain files not shown during process as listed in tutorial), but what happens is one dives in, downloads a program or a couple, and it just gets way confusing way fast.
I've got gpg4win which uses kleopatra? and I just have zero idea how to proceed. Unfortunately some of us need our hand held every fuckin' step! So, the real reason why it's not done across the board is that, I believe.
Please try and spare me any ridicule for lacking probably simplest of know how... I'm working on figuring it out. Any easy to understand help and/tips are mos def appreciated.
PEACE!
-
for the newb, using windows google gpg4usb. simple program to use with built in text editor. from there, you can move on to bigger and better things., like getting rid of windows alltogether.
-
I agree with the OP, I didn't know how to use PGP/GPG etc when I got here but I just asked around and it took me a few hours to learn basics and maybe 2 days to master the software. What's the point of taking chances when it's that easy?
-
Figured out the creating of the key part. Will delve into tutorial and continue figuring it out.
What would be the newbest way to getting off windows? Any general overall benefits and pros someone can share? As in, what blows most about windows and such as well...
Thanks!
-
i agree op, but sadly when I posted this, ppl basically so what?
http://dkn255hz262ypmii.onion/index.php?topic=6233.0
Maybe the tide is turning, idk, but I'm all for it :)
-
Indeed. I wish more people would us GPG.
-
Finally got the shit down! It is actually seriously easy once you know what you're looking at. Sometimes the terms people use, or the actual terms needed are difficult to understand until you go through the process. Like I downloaded GPG4win but initially I didn't download the GPA HAHA I JUST GOTIT! Why "GPA" in the tutorial wasn't listed in my files as I was trying to follow along step by step.
Some newbs like myself tend to click click clicky too fast because they're impatient and I often assume if something isn't checked upon DL'ing, and needs a manual click, it isn't worth it for some reason.
I went ahead and re DL'd the program (after watching youtube tutorials and got tired of still not getting it) and after that it was pretty easy.
I think the OP should list to make sure to check all appropriate boxes. I guess Claws isn't fully needed? I still have left that one out.