Silk Road forums
Discussion => Security => Topic started by: White 0ut on June 23, 2013, 09:40 am
-
This guy seems pretty stand up so far but he just sent all of this UNENCRYPTED to me on SR and here on the forums, should I have reason for alarm? :o
He sent me this, Idc about the signature fuck up part, I just want my shit encrypted. What's your take guys?
He's fairly reputable, I'm not going to call him out but if you read this at least don't do it again... This is serious business.
-------------------------------------------------------------------------------------------------------------------------------------------------------
Hey buddy. I think that the shipping store I use may have forgotten to mark the signature as waived.
Tracking indicates delivery was attempted today:
We attempted to deliver your item at ----------City, State, Zip, Time, Date----------------------------and a notice was left because an authorized recipient was not available. You may arrange redelivery by visiting http:------------------------; or calling 800-ASK-USPS, or may pick up the item at the Post Office indicated on the notice. If this item is unclaimed after 5 days then it will be returned to the sender. Information, if available, is updated periodically throughout the day. Please check again later.
Do *not* be alarmed. The mail store I used to ship your pack has made this mistake before, there is nothing to be concerned about. However, now there is action required on your part here. Please write back to let me know you've gotten this.
Also sending this message to your forum inbox.
Cheers.
-
thats very fucking bad!! i dont have the same user name as on the road and i know the one on the road is takin by someone else other than me. what if they sent that shit to the wrong person! what if someone hacked your forum account? i dont think that should be taking to lightly here..
-
That's a pretty shitty and stupid thing to do. It is bad but consider the possiblity it was merely an oversight. Maybe he was high or drunk. Vendors are human and make mistakes too but I think your more concerned about your privacy. Still with all that being said I wouldn't worry too much cause the chances of someone catching your info while it's exiting Tor are possible but it's more in your favor not. Unless your being monitored or watched which it doesn't seem like it as you understand the importance of encryption. The only thing I can think of since it's done already is to try to get an answer from the Vendor and see what he/she says. If they're an asshole about it I think it would be your responsiblity to let others know ;)
-
Fair enough people make mistakes, But this is too far, especially on a site which requires*strict* anonymity.
-
i left a guy a 2/5 for doing that same thing to me...would have been a 5/5 otherwise
-
Oh ya no I totally agree, what that vendor did was wrong and potentially jeopardized the safety of his buyer. Also I was looking at another thread over in the Shipping Forum and it was the thread on how to get USPS tracking stickers anonymously. One poster who's actually has a vendor account suggested that best and easiest thing to do is to just go to the USPS sign up for an account while using a VPN I'm assuming and put there customers info all into the USPS website and database where it will be stored forever. That really got me to thinking of how many vendors actually use that practice? It's the only way to consistently be able to ship out packages with tracking. If one package was ever intercepted and contents inside found all they would have to do is see what account it shipped and they'd have a field day knocking on doors. Makes me almost think twice about ordering but I have less than a handful of vendors I deal with now that I trust.
-
Oh ya no I totally agree, what that vendor did was wrong and potentially jeopardized the safety of his buyer. Also I was looking at another thread over in the Shipping Forum and it was the thread on how to get USPS tracking stickers anonymously. One poster who's actually has a vendor account suggested that best and easiest thing to do is to just go to the USPS sign up for an account while using a VPN I'm assuming and put there customers info all into the USPS website and database where it will be stored forever. That really got me to thinking of how many vendors actually use that practice? It's the only way to consistently be able to ship out packages with tracking. If one package was ever intercepted and contents inside found all they would have to do is see what account it shipped and they'd have a field day knocking on doors. Makes me almost think twice about ordering but I have less than a handful of vendors I deal with now that I trust.
wow i wonder how many vendors actually use that method... Scary huh, All it takes is one tracking pacage to be compromised and the house of cards comes tumbling down.
How did the thread pan out? did anybody actually come up with a completely anonymous way?
-
Oh ya no I totally agree, what that vendor did was wrong and potentially jeopardized the safety of his buyer. Also I was looking at another thread over in the Shipping Forum and it was the thread on how to get USPS tracking stickers anonymously. One poster who's actually has a vendor account suggested that best and easiest thing to do is to just go to the USPS sign up for an account while using a VPN I'm assuming and put there customers info all into the USPS website and database where it will be stored forever. That really got me to thinking of how many vendors actually use that practice? It's the only way to consistently be able to ship out packages with tracking. If one package was ever intercepted and contents inside found all they would have to do is see what account it shipped and they'd have a field day knocking on doors. Makes me almost think twice about ordering but I have less than a handful of vendors I deal with now that I trust.
wow i wonder how many vendors actually use that method... Scary huh, All it takes is one tracking pacage to be compromised and the house of cards comes tumbling down.
How did the thread pan out? did anybody actually come up with a completely anonymous way?
a isn't it? You think vendors are going to go care about our safety or theirs more? I think sometimes as buyers we don't understand the amount of risks a vendor has to take to get us our drugs. They do get paid for their troubles but still. In regards to that thread to be honest I think they're putting way too much thought and effort into it. Two days ago when I went to the post office to try and get tracking stickers the guy was like just go online and I'm not sure what stickers you're talking about. I've been going to that PO for 4 yrs and the guy knows me as a customer there.
Like really why would they give you one? They tell you go do it online and it's free. What can you possibly say to that in this day and age? Oh I don't have a computer .. Oh it's for my grandmother and she doesn't know how to use a computer. That's some of the solutions they were talking about.
The only solution I have if I was a vendor would just bite the bullet open a different USPS account for each 5 transactions and use a prepaid CC bought with cash to pay for the transactions. Of course connecting to USPS while masking my IP but not by using ToR. If one of those packages ever got intercepted it still sucks but it's damage control. You can never take away 100% of the risk away in anything. It's not possible. But other than that that's all I got or have strict buyer req. or just don't ship with tracking.
-
Oh ya no I totally agree, what that vendor did was wrong and potentially jeopardized the safety of his buyer. Also I was looking at another thread over in the Shipping Forum and it was the thread on how to get USPS tracking stickers anonymously. One poster who's actually has a vendor account suggested that best and easiest thing to do is to just go to the USPS sign up for an account while using a VPN I'm assuming and put there customers info all into the USPS website and database where it will be stored forever. That really got me to thinking of how many vendors actually use that practice? It's the only way to consistently be able to ship out packages with tracking. If one package was ever intercepted and contents inside found all they would have to do is see what account it shipped and they'd have a field day knocking on doors. Makes me almost think twice about ordering but I have less than a handful of vendors I deal with now that I trust.
wow i wonder how many vendors actually use that method... Scary huh, All it takes is one tracking pacage to be compromised and the house of cards comes tumbling down.
How did the thread pan out? did anybody actually come up with a completely anonymous way?
a isn't it? You think vendors are going to go care about our safety or theirs more? I think sometimes as buyers we don't understand the amount of risks a vendor has to take to get us our drugs. They do get paid for their troubles but still. In regards to that thread to be honest I think they're putting way too much thought and effort into it. Two days ago when I went to the post office to try and get tracking stickers the guy was like just go online and I'm not sure what stickers you're talking about. I've been going to that PO for 4 yrs and the guy knows me as a customer there.
Like really why would they give you one? They tell you go do it online and it's free. What can you possibly say to that in this day and age? Oh I don't have a computer .. Oh it's for my grandmother and she doesn't know how to use a computer. That's some of the solutions they were talking about.
The only solution I have if I was a vendor would just bite the bullet open a different USPS account for each 5 transactions and use a prepaid CC bought with cash to pay for the transactions. Of course connecting to USPS while masking my IP but not by using ToR. If one of those packages ever got intercepted it still sucks but it's damage control. You can never take away 100% of the risk away in anything. It's not possible. But other than that that's all I got or have strict buyer req. or just don't ship with tracking.
yeah pretty damn scary, but this world is..not many excuses at all really is there.
thats about all you cn do, as much damage as control as possible. I remember someone saying, Brand new member on the road, best way to cover my tracks? I remember the reply, and it only makes sense. Dont leave any and you will have none to cover.
-
How is the vendor "fairly reputable" if he's doing shit like this?
-
Relax the post office does shit like this all the time. The mail man probably didn't feel comfortable just leaving it there.. If you got the yellow slip just request a re- deliver on the website and sign the back of the yellow card and leave it at the drop then if anything were to happen to the package you signed it by saying they aren't responsible or you can pick it up, your choice.
As for the vendor, he could a. he could of just forgot. b. just a dumbass that didn't think of how sensitive that information is to not send by encryption. Safe to say never to use that vendor again and to make sure to let his ass know.