Silk Road forums
Discussion => Security => Topic started by: underbelly on May 15, 2013, 10:27 am
-
When private messaging vendors on SR, are all the messages encrypted? Or how does it work?
Thank you
-
When private messaging vendors on SR, are all the messages encrypted? Or how does it work?
Thank you
If it's sensitive, such as shipping address or information, then encrypt it. For all else normal text is fine. The rule I use on deciding whether to encrypt is if I feel I wouldn't want LEA to see it, I encrypt it.
That's great advice, and kind of what I follow as well.
-
I don't think you guys actually answered the question there.
I do not know if PMs are encrypted like addresses are on SR, if that is what you are asking?
(I also heard that putting a plain text address into SR is safer than using privnote...)
-
Nothing you send on SR is inherently encrypted by the system as far as I know.
If you want text encrypted you have to do it yourself... I typically only encrypt very sensitive information.
More importantly though it's best to just ensure your Tor Browser is encrypted with truecrypt so you can't be connected to SR any way, in the unlikely chance they do confiscate and search your shit... which itself is unlikely unless you're trafficking huge amounts of drugs.
-
Nothing you send on SR is inherently encrypted by the system as far as I know.
If you want text encrypted you have to do it yourself... I typically only encrypt very sensitive information.
More importantly though it's best to just ensure your Tor Browser is encrypted with truecrypt so you can't be connected to SR any way, in the unlikely chance they do confiscate and search your shit... which itself is unlikely unless you're trafficking huge amounts of drugs.
These are hidden services. Everything is technically encrypted...
-
Nothing you send on SR is inherently encrypted by the system as far as I know.
If you want text encrypted you have to do it yourself... I typically only encrypt very sensitive information.
More importantly though it's best to just ensure your Tor Browser is encrypted with truecrypt so you can't be connected to SR any way, in the unlikely chance they do confiscate and search your shit... which itself is unlikely unless you're trafficking huge amounts of drugs.
These are hidden services. Everything is technically encrypted...
This ^^^
If my message is private to a vendor on SR, doesnt it mean only he/she can see it and therefore its encrypted technically?
-
Ye that is how it is meant to be. Messages sent between buyer and vendor should only be viewable to those two people, coz its addressed to them, goes to their private page so only they should be able to see it. Maybe SR has some access maybe not Ive no idea but they are safe. For anyone else to be able to see this communication they will have to hack into it in some way, your account, their account, or some how catching it as it is sent through what ever pipe line it goes down.
Ive personally had no problems or issues with that and I talk to my customers a lot. If you are just a small buyer then I wouldnt worry. If your selling as much as C63 then you might have to really be on top of all that lot but other wise, for regular users like our selves the SR security methods are probably safe enough.
Can never be too careful but vendors get annoyed if messages with out sensitive information in them are encrypted it becomes a pain in the arse going through them. Hope this answers your question.
-
Nothing you send on SR is inherently encrypted by the system as far as I know.
If you want text encrypted you have to do it yourself... I typically only encrypt very sensitive information.
More importantly though it's best to just ensure your Tor Browser is encrypted with truecrypt so you can't be connected to SR any way, in the unlikely chance they do confiscate and search your shit... which itself is unlikely unless you're trafficking huge amounts of drugs.
These are hidden services. Everything is technically encrypted...
This ^^^
If my message is private to a vendor on SR, doesnt it mean only he/she can see it and therefore its encrypted technically?
No. It is not.
DPR and staff can see it. Anybody who hacks the servers can see it. Feds who physically seize the servers can see it.
What you need, is end to end encryption. This means you have to use PGP, this is the only way for only you and the vendor to see the message.
-
There seems to be all kinds of reference to "Encryption" in this thread, without the granularity that would help the OP.
1. End to End encryption, where only the source and recipient can see the plaintext. PGP encryption is an example of this.
2. Network traffic level encryption to prevent eavesdropping. Traffic between various Tor nodes is encrypted.
3. FDE encryption. Where computer forensics on a HD cannot ascertain whether you're using SR/Tor etc.
OP, you need to know about type 1. Katnip too.
Even if DPR has the most sophisticated system to encrypt files until you request them, you shouldn't assume this.
This is kind of the entire reason why PGP Club exists in the first place.
-
To clarify - staff can access and read messages when it is necessary to do so during an investigation of scamming or abuse or order issues. Even deleted messages.
If you want your message only to be read by the vendor, you will need to encrypt it specifically to their PGP key.
-
Excellent thread. I think its good practice to encrypt any communications with vendors. Lets say, for example, you want to ask a vendor about how they package their product or what their shipping schedules are. You would not want this communication to be seen by LE, because it establishes intent to purchase illegal contraband. Not that LE has access to any of these communications currently, but its just good practice to cover your ass just in case and not leave open the possibility that they could be read.
A little extra safety never hurt anyone
-
There seems to be all kinds of reference to "Encryption" in this thread, without the granularity that would help the OP.
1. End to End encryption, where only the source and recipient can see the plaintext. PGP encryption is an example of this.
2. Network traffic level encryption to prevent eavesdropping. Traffic between various Tor nodes is encrypted.
3. FDE encryption. Where computer forensics on a HD cannot ascertain whether you're using SR/Tor etc.
OP, you need to know about type 1. Katnip too.
Even if DPR has the most sophisticated system to encrypt files until you request them, you shouldn't assume this.
This is kind of the entire reason why PGP Club exists in the first place.
Cheers for that.
Makes sense.
Ill do my homework and then hopefully buy something :)