Silk Road forums
Discussion => Security => Topic started by: Crisis on December 01, 2011, 08:11 am
-
Hi all,
I'm new here and I've already placed my first order with a reputable vendor. I think I have everything figured out but this gpg-pgp thing. It seems needlessly confusing.
I'm using mac and android, which doesn't help but I neither like nor have access to a windows machine.
If I'm just using Silk Road for purchases, do I need to use gpg? Is using the built in messaging service on Silk Road alright for simple texts?
I trust Silk Road will delete my name and address as soon as I make an order, leaving that information with just myself and the seller. Is this safe?
I want to protect myself but I don't want to be guided by paranoia.
Thanks for your help and for fighting the good fight.
Crisis
-
My recommendation would be to always use gpg, especially for addresses though.
-
Learn to use GPG/PGP. It is a necessity. On the off chance the LEO ever gets involved in this site, they can and will try to recover stuff from servers, hard drives, whatever. You are making it harder, if not impossible for the asshole LEO's to get your info..Why do you use Tor? Because it keeps you anonymous..otherwise you would just hop on good ol' Firefox and enter "SilkRoad.com" See what i'm saying?
Good Luck in you SR Ventures:) oh, and when you add BTC, try n make that paper trail as small as possible. Assume they are watching and do what you can to minimize your personal risk. When I first started I didn't do any of that, it could've, and still can cost me..but doubtful:)
-
Crisis,
I'm new like yourself.
I downloaded gpg three days ago and I'm still trying to figure it out!
I have built a simple website, so I know a bit about this shit.
GPG is a pain because: it does not seamlessly work with tormail and tormail does not work with windows MS office outlook at all! But why would you load tormail and GPG onto MS office anyway?
You can workaround all this with plenty of cut n paste, but its a pain a BIG pain. Not easy cut n paste stuff.
Also I'm still unclear what my 'secret key' is and what the public key is, and worried I'll send the wrong one to SR!
Then there's the sheer SIZE of the encrypted stuff, I encrypted my delivery addy (the only thing I think one needs to worry about, especially if you use tormail, which is anonymous and 'in the cloud'.)
Anyway the encryption was about a foot long, that does not look right to me compared to the stuff encypted here on SR. Verdict: It's a fucking pain! But, the other posters have a valid point. Court and jail is a bigger pain... I'm gonna keep my encyptions to a minimum. (the only thing I think needs it is your delivery address.
I really don't see why emails using tormail would incriminate you if you used it for vendor contact and keep your address encrypted. (tormail cannot be accessed on the regular internet, so it's about as safe/risky as these posts here... go figure!)
-
Can anyone help with what email proggy they use to get a nice GUI for quick and easy use of GPG (NOT PGP).
Has anybody got tormail to work on outlook? I need the settings please for POP3 and SMTP.
As above, i'm running out of time with this shit, I used up hours, and I'm using a very poor mix of tormail, Kleopatra (cut & Paste as Kleopatra wont interact with tormail the way it interacts with outlook.
If I use, say, gmail with outlook to encrypt my mail, i have 2 problems, I can't send mail to vendors on SR using gmail, or can I?
And gmail can track my IP addy, right? This has got me dased and confused, and I've been sober the whole time, can somebody please help using their own setup as an example?
Thanks! Murungu.
-
What you are looking for is Thunderbird + Enigmail + Tormail. This will probably be of use:
http://jhiwjjlqpyawmpjx.onion/help.html
-
save yourself the frustration with working with all that bs
If you learn gpg commandline you can use it on Mac, Linux, Windblows, etc...
gpg --help
man gpg
He has a mac, and an android device, suggesting to him that he install and learn how to use linux so that he can then try and learn how to use GPG is ludicrous.
Then sourcing him the man page to GPG ? If he USED linux of course that'd be the first thing he'd read. Do you feel fulfilled now that you've waved your 'i'm a superior linux user, use linux or you suck la de da' flag in the air on an anonymous drug marketplace forum?
CRISIS, the only thing you MUST make sure to use GPG for is sending your address. It is much better practice though to just get used to sending every message you make with GPG, you'll get fast enough at it that it won't be an annoyance.
I use GPG4WIN, which by it's very name tells you i'm a windows user, so i'm not really too sure what's out there on the Mac, other then to link you to the Mac frontend section of the GnuPG homepage:
http://www.gnupg.org/related_software/frontends.html#mac
-
Start here: http://macgpg.sourceforge.net/docs/howto-build-gpg-osx.txt.asc; This should help a little at least, and the preferable way of doing it, but I do not own a Mac so I can't tell you if its gonna work
They also reference this site -->http://www.gpgtools.org/gpgmail/index.html
This looks promising as its an add-on for Apple Mail, maybe a little more pain in the ass, but again I don't know Mac's.
Good Luck,
NS
-
I have GPG up and running on my Mac -- I'll be happy to provide assistance if you need it.
There was a thread for Mac users testing their GPG setups, but I can't seem to find it. Here's a more recent thread with some basic instructions that might help you:
http://dkn255hz262ypmii.onion/index.php?topic=5405.0
I ALWAYS use encryption when sending a vendor my mailing address. On any other (non-incriminating) topics, I think it's perfectly okay to communicate with vendors in clear text, but you might want to encrypt your first message to a particular vendor in case he/she prefers encryption generally.
-
Thanks everyone for the great advice. You pretty much said what I was thinking.
Silk Road has it all set up pretty nice. I just wasn't sure if it was mandatory.
Some people seem to overthink it and create a crazy amount of paper trail to cover their tracks and it's hard to tell when enough is enough.
I think I can figure it out but I might take you up on your offer at some point Shmoo.
Right now, I'm trying to do everything on my android to protect the people around me. I don't mind going to jail, if that's what it comes down to, I just don't want to involve my love ones.
-
What you are looking for is Thunderbird + Enigmail + Tormail. This will probably be of use:
http://jhiwjjlqpyawmpjx.onion/help.html
Thank you doctor, now I see why one would run thunderbird with tormail after all, another poster said this was counterintuitve, becuase it 'compromised' the computer on which the encryptions set up was running, but it's not illegal to encypt your emails! And if the unencyrpted content is erased (not just 'trashed') I see no poroblem. Thanks again, I will give it another try...
-
I like GPGTools: http://www.gpgtools.org/index.html
Encrypting stuff is as easy as ABC(D):
a) install it
b) generate your key with the GUI (pop up GPG Keychain Access > new > done)
c) activate the services (Preferences > Keyboard > Services, tick the checkboxes next to OpenPGP actions)
d) type your address in Textedit, right-click, services, OpenPGP Encrypt
edit: To remove the annoying "Version:" and "Comment:" lines you get in the output, open /Users/you/.gnupg/gpg.conf, delete the last line (beginning with "comment") and add "no-emit-version" on a line by itself.