Silk Road forums

Discussion => Newbie discussion => Topic started by: ingloriouslibertine on June 24, 2013, 10:45 pm

Title: First SR transaction, protocol question
Post by: ingloriouslibertine on June 24, 2013, 10:45 pm
Just completed my first transaction on the site and everything went perfectly.  Thought I'd ask the forums about this though:

After sending my shipping info (encrypted with PGP, ofc), I received a tracking number sent back from vendor in plaintext.  Is this standard procedure?  It kind of seems to defeat the purpose of encrypting my address in the first place if information directly tying our transaction to the status of a package is going to be sent back to me unencrypted.  When placing an order with other vendors, should I ask that any correspondence be encrypted?  Should I have to?

I suppose it could also be chalked up to user error....I didn't send a my PGP key along with my shipping info...would he need my public key in order to encrypt his message?  That's about all I could think of.

I sent a reply asking the vendor about it, and didn't mention it in the positive feedback I left.  While I wait for his response, I thought I'd see what some more of the more experienced users of SR have to say on it.
Title: Re: First SR transaction, protocol question
Post by: 77 on June 24, 2013, 11:24 pm
Sometimes, I think it's kind of absurd to use PGP to encrypt information that will then be written on a box full of drugs and sent out into meatspace for all to see. I get that seeing an address in the context of SR is different, but even then, given the nature of a hidden service, if LE were able to see internal communications between users on SR, you might be fucked anyway.

That said, the vendor does need your public key to encrypt a message to you. It's certainly ok to ask that they send messaged using encryption, and it's also ok to take your business elsewhere if the vendor ignores the request.
Title: Re: First SR transaction, protocol question
Post by: GrimWaldo on June 24, 2013, 11:45 pm
Yes, others need your Public Key to encode messages for you, just as you need their Public Key to encode messages for them. As soon as you're able to post outside of the Newbie forum, you can place your Public Key here so others may find it:
http://dkn255hz262ypmii.onion/index.php?topic=174.0

Of course, this really only helps if you use the same name on the Forum as you do on the Road.

As I see it, the only real danger in NOT encrypting your address is physical seizure of the server hardware. Sure, LE can't use the internet to find it (thank you Tor), but they can use other means. Unencrypted addresses will be the "low-hanging fruit", and will most likely receive unwanted attention.
Title: Re: First SR transaction, protocol question
Post by: ingloriouslibertine on June 25, 2013, 02:36 pm
Thank you both for your replies.  I guess I worded my question about the public key wrong...I know that he needed my pub key in order to encrypt a message to me, but for some reason I was under the impression that the encrypted message I sent him would contain the information necessary for him to be able to reply to me.

Thanks also for the link to post my pub key, will probably be very useful.
Title: Re: First SR transaction, protocol question
Post by: CannabisConsumer on June 25, 2013, 02:42 pm
Sometimes, I think it's kind of absurd to use PGP to encrypt information that will then be written on a box full of drugs and sent out into meatspace for all to see. I get that seeing an address in the context of SR is different, but even then, given the nature of a hidden service, if LE were able to see internal communications between users on SR, you might be fucked anyway.

That said, the vendor does need your public key to encrypt a message to you. It's certainly ok to ask that they send messaged using encryption, and it's also ok to take your business elsewhere if the vendor ignores the request.
Encrypting personal details serves as a first line of defense for if the silk road servers are seized. Stranger things have certainly happened. In the event of a mach 10 silk road emergency you would be covered for about 20 years if you use PGP which is typically enough time to get past the statues of limitation. If you did not encrypt your information you would be covered for approximately the amount of time it takes to send out the information to your local PD and submit a search warrant.
Title: Re: First SR transaction, protocol question
Post by: ingloriouslibertine on June 25, 2013, 02:56 pm
Encrypting personal details serves as a first line of defense for if the silk road servers are seized. Stranger things have certainly happened. In the event of a mach 10 silk road emergency you would be covered for about 20 years if you use PGP which is typically enough time to get past the statues of limitation. If you did not encrypt your information you would be covered for approximately the amount of time it takes to send out the information to your local PD and submit a search warrant.

I agree completely, and have mentioned in other posts that just because LE isn't doing something now, it doesn't mean that it will stay that way forever, and if there is a trail you've left behind it could most certainly end up being used as evidence down the road.  You mentioned the SR servers getting seized, another concern would be vendors not properly disposing of correspondence and having their machines seized as well.
Title: Re: First SR transaction, protocol question
Post by: tree on June 25, 2013, 03:12 pm
A tracking number won't show your address so it's not totally necessary to encrypt it but now that you mention it maybe it'd be better.
Title: Re: First SR transaction, protocol question
Post by: zxydwx3 on June 25, 2013, 03:45 pm
I've never had a vendor encrypt tracking info. I've dealt with a couple handfuls of vendors. Some vendors don't even respond to messages and definitely don't provide tracking.
Title: Re: First SR transaction, protocol question
Post by: DrCol on June 25, 2013, 03:51 pm
As a vendor, I rarely track - not the best option really for most cases...

But if I do, and this is occasional...I send it encrypted - I agree it seems overkill if you're printing the address and sending...BUT...should a computer fall into the hands you prefer it not to, then surely it's best for there to be absolutely no trace of your addresses?...

Or is that me just being too paranoid on your behalf..?  ;)

Cheers all...oh and if you want a vendor who really does care, does bother with decent security and sends excellent stealth packs out quickly (and is a friendly guy to boot...)...then you know where to head!

Doc