Silk Road forums

Discussion => Newbie discussion => Topic started by: MrJoshua on April 24, 2013, 11:11 pm

Title: Atlantis honeypot conspiracy theories -- who cares?
Post by: MrJoshua on April 24, 2013, 11:11 pm
The big gripe seems to be that Atlantis "looks" like a professional honeypot and we're led to believe we'd be fools to trust them. But ask yourself this, if you only connect to Atlantis the same way you do SR and only ever give your real address via PGP can they find you? Probably not.

And why would Atlantis be so willing to offer advanced, easy to use built-in PGP and promoting it actively when it's the one thing that can't be cracked? A honeypot would be encouraging risky behaviors, yet when I read their users guide it's more paranoid and complete than the one in here!

Me thinks SR resting on their laurels is finally catching up to them.

Title: Re: Atlantis honeypot conspiracy theories -- who cares?
Post by: Not_A_Sheep on April 24, 2013, 11:18 pm
Lol I think its funny how theres all the mass waves of paranoia, with all the crackies and daily meth smokers and all...
Title: Re: Atlantis honeypot conspiracy theories -- who cares?
Post by: UFOCommander on April 24, 2013, 11:27 pm
if its a honeypot i would assume its aimed at the big vendors and surely not at the casual SR shoppers

but only time will tell

just my 2cnts
Title: Re: Atlantis honeypot conspiracy theories -- who cares?
Post by: SR23042013 on April 25, 2013, 12:01 am
I was going to reply to this topic but made my own instead to point out a large flaw in your argument.

http://dkn255hz262ypmii.onion/index.php?topic=151795.0

I'm in no way saying that atlantis is a honey pot but the built in PGP encryption is not a security feature its a flaw.
Title: Re: Atlantis honeypot conspiracy theories -- who cares?
Post by: MrJoshua on April 25, 2013, 01:01 am
I'm in no way saying that atlantis is a honey pot but the built in PGP encryption is not a security feature its a flaw.

Interesting. I'm seeing this theme pop up more today. So their built in system is flawed, but if I use standard pgp like I do in here is there any noticeable vulnerability that they have that SR doesn't? I need a backup plan in case SR doesn't come back online. Mouths to feed is a big motivator.
Title: Re: Atlantis honeypot conspiracy theories -- who cares?
Post by: onetwothree on April 25, 2013, 01:22 am
I'm in no way saying that atlantis is a honey pot but the built in PGP encryption is not a security feature its a flaw.

Interesting. I'm seeing this theme pop up more today. So their built in system is flawed, but if I use standard pgp like I do in here is there any noticeable vulnerability that they have that SR doesn't? I need a backup plan in case SR doesn't come back online. Mouths to feed is a big motivator.

Disclaimer: I've never gone through their checkout process, so I'm going solely by what I'm gathered from people posting about it here.

It's not a "flaw" per se, it just defeats the entire purpose. The whole point of a private key is that it's PRIVATE. If they are encrypting it for you, they have your private key and you have no idea what they're doing with it (or even worse they use the same private key to encrypt everything site-wide). Even if they don't have evil intentions, if their server is compromised, the key is sitting right there for anybody to decrypt everything.

The bottom line is you shouldn't send any sensitive or incriminating information anywhere, at any time, at any site, ever, without personally encrypting it yourself with a key only YOU know. Don't trust anybody but yourself. Shit happens, even if they didn't mean it to. Know why you have to get a link e-mailed to you to reset your password at major sites like Google, Yahoo, whatever? Because they have no idea what the fuck your password is. It is never stored, anywhere, at any time by sites that take your security seriously. Just like your private key should not be stored by anyone, ever, except yourself, especially at a site that uses that key to log your name and address and illegal drug transaction history.

but if I use standard pgp like I do in here is there any noticeable vulnerability that they have that SR doesn't?

In that regard, no. You would paste the encrypted text, then they would encrypt the encrypted text. If they were to decrypt it at some point, all they would see is the original encrypted text. As an analogy, it would be the same as you putting your address on a piece of paper, putting it in a safe and locking it, then they put the locked safe in a bigger safe they lock themselves. Even if they go to their bigger safe and unlock it, all they will get is your locked safe and not your address.
Title: Re: Atlantis honeypot conspiracy theories -- who cares?
Post by: MrJoshua on April 25, 2013, 02:18 am
So if there is no way they can read my PGP and that's the only time I use my address it doesn't matter if they are LEO. SR could be LEO as well but so long as I encrypt any sensitive information it doesn't matter.
Title: Re: Atlantis honeypot conspiracy theories -- who cares?
Post by: silverheart on April 25, 2013, 02:23 am
I was going to reply to this topic but made my own instead to point out a large flaw in your argument.

http://dkn255hz262ypmii.onion/index.php?topic=151795.0

I'm in no way saying that atlantis is a honey pot but the built in PGP encryption is not a security feature its a flaw.

As pointed out in the other post, the only thing that is flawed is your understanding of the security practices on Atlantis. I'll paste my quote from the other thread:

"We only store encrypted messages in the database if they're auto-encrypted. You can verify this by looking at your outbox after you send a message, you'll see the outgoing message is encrypted. If it wasn't, you would see it in plaintext. I don't see how your misunderstanding of how the system works makes us ignorant of encryption.

If you're really that paranoid, you can simply manually encrypt the messages yourself. No one is forcing anyone to use features, they're there as a convenience and have been developed with security in mind."
Title: Re: Atlantis honeypot conspiracy theories -- who cares?
Post by: onetwothree on April 25, 2013, 02:29 am
So if there is no way they can read my PGP and that's the only time I use my address it doesn't matter if they are LEO. SR could be LEO as well but so long as I encrypt any sensitive information it doesn't matter.

Yes, as long as -YOU- encrypt any sensitive information, not -THE SITE DOING IT AUTOMATICALLY FOR YOU-.
Title: Re: Atlantis honeypot conspiracy theories -- who cares?
Post by: SR23042013 on April 25, 2013, 02:39 am
I was going to reply to this topic but made my own instead to point out a large flaw in your argument.

http://dkn255hz262ypmii.onion/index.php?topic=151795.0

I'm in no way saying that atlantis is a honey pot but the built in PGP encryption is not a security feature its a flaw.

As pointed out in the other post, the only thing that is flawed is your understanding of the security practices on Atlantis. I'll paste my quote from the other thread:

"We only store encrypted messages in the database if they're auto-encrypted. You can verify this by looking at your outbox after you send a message, you'll see the outgoing message is encrypted. If it wasn't, you would see it in plaintext. I don't see how your misunderstanding of how the system works makes us ignorant of encryption.

If you're really that paranoid, you can simply manually encrypt the messages yourself. No one is forcing anyone to use features, they're there as a convenience and have been developed with security in mind."

No my understanding is perfect.

The server encrypts the message with the recipients public key (entered in plain text by the sender) and then sends it through. Whether or not it stores it in an encrypted format or not is up to the users trusting the owners. Just because it shows up as encrypted in the outbox does not mean it isn't stored elsewhere in plain text (e.g. another table in the database that simply isn't visible to users). It probably isn't stored in plain text, but when conducting criminal activities in plain sight "probably" is not really good enough.

Personally I couldn't care less about it as I send all my messages pre-encrypted anyway. It's just a warning to others who may be a bit too "trusting".

Although if people aren't smart enough to make the necessary precautions then they get what's coming to them anyway.
Title: Re: Atlantis honeypot conspiracy theories -- who cares?
Post by: IamMulva on April 25, 2013, 02:51 am
curious i went there today and laughed at the paltry offerings.

the thought of defecting to a way subpar site is not one i want to have.

searched for some trusted SR vendors to see if they had made the jump. none had.

flash in the pan people. flash in the pan........
Title: Re: Atlantis honeypot conspiracy theories -- who cares?
Post by: silverheart on April 25, 2013, 02:56 am
curious i went there today and laughed at the paltry offerings.

the thought of defecting to a way subpar site is not one i want to have.

searched for some trusted SR vendors to see if they had made the jump. none had.

flash in the pan people. flash in the pan........

Lots have actually, most recent addition being JesusOfRave.
Title: Re: Atlantis honeypot conspiracy theories -- who cares?
Post by: onetwothree on April 25, 2013, 03:10 am
SR23042013 (despite the ominous ass username) and I have said it as plainly as we can. The choice is yours. The choice is also obvious in my opinion, but it's yours. Best of luck.
Title: Re: Atlantis honeypot conspiracy theories -- who cares?
Post by: thernabulax on April 25, 2013, 03:14 am
If you at least have two brain cells to rub together, you have to be open to the plausible possibility of a honeypot/sting/gov't intelligence gathering/etc. going on. However unlikely it is.

The gov't has been known to do much wackier things in the name of LE.