Silk Road forums

Discussion => Newbie discussion => Topic started by: SR23042013 on April 24, 2013, 11:59 pm

Title: Atlantis - Do not use their auto encryption you nubs.....
Post by: SR23042013 on April 24, 2013, 11:59 pm
I was very surprised when they offered this "feature" as they are either completely ignorant of the whole point of encryption or it is indeed a massive honey pot.

Messaging via plain text that is auto encrypted by the server is well..... facepalm worthy. The whole point of encrypting a message is so even if the server is compromised all they will get is a bunch of gibberish. You can never be sure that they are not storing the unencrypted messages in the database somewhere.

This is one thing I think DPR is probably well aware of which is why he never bothered to implement it. I'm sure there will be plenty of noobs writing their life story into atlantis thinking their message will be encrypted by the server and "safe".

tl;dr
don't use the encryption feature on atlantis.
Title: Re: Atlantis - Do not use their auto encryption you nubs.....
Post by: pftm on April 25, 2013, 12:11 am
I haven't gotten far enough through Atlantis's checkout mechanism to tell, since I haven't funded my account, but,
couldn't you just paste a PGP-encrypted message into their address box, whether they claim to encrypt it or not?
IIRC SR also encrypts the contents of the address box, but doing it yourself is just good sense. If they don't allow
that then no one should use them.
Title: Re: Atlantis - Do not use their auto encryption you nubs.....
Post by: silverheart on April 25, 2013, 01:46 am
I was very surprised when they offered this "feature" as they are either completely ignorant of the whole point of encryption or it is indeed a massive honey pot.

Messaging via plain text that is auto encrypted by the server is well..... facepalm worthy. The whole point of encrypting a message is so even if the server is compromised all they will get is a bunch of gibberish. You can never be sure that they are not storing the unencrypted messages in the database somewhere.

This is one thing I think DPR is probably well aware of which is why he never bothered to implement it. I'm sure there will be plenty of noobs writing their life story into atlantis thinking their message will be encrypted by the server and "safe".

tl;dr
don't use the encryption feature on atlantis.

We only store encrypted messages in the database if they're auto-encrypted. You can verify this by looking at your outbox after you send a message, you'll see the outgoing message is encrypted. If it wasn't, you would see it in plaintext. I don't see how your misunderstanding of how the system works makes us ignorant of encryption.

If you're really that paranoid, you can simply manually encrypt the messages yourself. No one is forcing anyone to use features, they're there as a convenience and have been developed with security in mind.
Title: Re: Atlantis - Do not use their auto encryption you nubs.....
Post by: titsmcgee123 on April 25, 2013, 01:51 am
i actually believe atlantis is dea, it just doesnt smell right. if it aint broke dont fix it(just because the road goes down from time to time, its to ensure saftey.. better safe than sorry) the road is gold as far as im concerned
Title: Re: Atlantis - Do not use their auto encryption you nubs.....
Post by: seatturtle on April 25, 2013, 02:03 am
I hope Atlantis is legit because it is a nice design and set up, takes litecoins, and would relieve some of the traffic / pressure on Silk.  But just as a precaution I would only use your own PGP software for encryption. If Atlantis is for real, and it gains some good vendors in the coming months, I think it will do very well. We're just at the beginning, anon markets are here to STAY.

Has anyone succesfully used Atlantis, or SheepMarket? SheepMarket has a nice design but literally like 20 listings of weed and random prescription stuff. I don't even know if they use escrow. I think time will flesh out concerns/bugs/honeypots
Title: Re: Atlantis - Do not use their auto encryption you nubs.....
Post by: silverheart on April 25, 2013, 02:05 am
i actually believe atlantis is dea, it just doesnt smell right. if it aint broke dont fix it(just because the road goes down from time to time, its to ensure saftey.. better safe than sorry) the road is gold as far as im concerned

Hello BBB. Good to see you're okay after your huge drug binge.
Title: Re: Atlantis - Do not use their auto encryption you nubs.....
Post by: titsmcgee123 on April 25, 2013, 02:11 am
BBB? THAAA FUCK?
Title: Re: Atlantis - Do not use their auto encryption you nubs.....
Post by: SR23042013 on April 25, 2013, 02:44 am
I was very surprised when they offered this "feature" as they are either completely ignorant of the whole point of encryption or it is indeed a massive honey pot.

Messaging via plain text that is auto encrypted by the server is well..... facepalm worthy. The whole point of encrypting a message is so even if the server is compromised all they will get is a bunch of gibberish. You can never be sure that they are not storing the unencrypted messages in the database somewhere.

This is one thing I think DPR is probably well aware of which is why he never bothered to implement it. I'm sure there will be plenty of noobs writing their life story into atlantis thinking their message will be encrypted by the server and "safe".

tl;dr
don't use the encryption feature on atlantis.

We only store encrypted messages in the database if they're auto-encrypted. You can verify this by looking at your outbox after you send a message, you'll see the outgoing message is encrypted. If it wasn't, you would see it in plaintext. I don't see how your misunderstanding of how the system works makes us ignorant of encryption.

If you're really that paranoid, you can simply manually encrypt the messages yourself. No one is forcing anyone to use features, they're there as a convenience and have been developed with security in mind.

Um that proves nothing. All that shows is that the database entries you are pulling from the server are encrypted versions of the original message - it does not prove that the messages are not stored elsewhere in plain text.