Silk Road forums

Discussion => Newbie discussion => Topic started by: seasofgreen on July 24, 2013, 11:50 pm

Title: placing an order
Post by: seasofgreen on July 24, 2013, 11:50 pm
Just getting familiar with the site, I added something to my cart and to complete the order, it just asks me to enter in my name/address as it would appear on a letter with a little green ? and a popup saying to check the buyers guide. There's no mention of encryption at all. Is it automatically done through the site? How safe is it to just enter my info in there without a PGP key?

I've had some bitcoin for close to a year now and not made a purchase, mostly because PGP might as well be Chinese to me and haven't taken to time to get familiar with it. Is it a must?
Title: Re: placing an order
Post by: 69isfun on July 25, 2013, 12:37 am
You can put your unencrypted address in the shipping field. It will remain unencrypted.  If you don't want to fool with PGP many users use privnote.com - you will create a self-destructing link that contains your address- Post the link in the address field on SR and the vendor will know what to do.

Title: Re: placing an order
Post by: seasofgreen on July 25, 2013, 03:44 am
Thanks. Looks like privnote is down. Guess I'll just have to dig into PGP
Title: Re: placing an order
Post by: new vendor on July 25, 2013, 12:19 pm
get gpg4usb. preferably run it from your usb drive, although that is not necessary.

This is inbcredibly easy to use, there are lots of senior members who will help you learn it...

do not put your real name and address in the place where it says to do so, only send it in an encrypted message to the vendor.
Title: Re: placing an order
Post by: oznation22 on July 25, 2013, 12:27 pm
dang just made first purchase with frank matthews trusted vender and straight up put my address on there does it really matter????
Title: Re: placing an order
Post by: pathfinder13 on July 25, 2013, 12:31 pm
Also easy to use is "portablepgp".
These are the steps:

-  install the little prog.
-  copy the public pgp key from your vendor into a text file (f.e. notepad.exe)
-  import to prog  ("import from file")
-  klick on the key you want to use in the "target" field (if you imported more than 1 already)
   the second field take option: "No signature just encrypt"
- type your address
-  press the green arrow "encrypt"
- copy and paste the encrypted address to the address field in your order --> you're done with it.

Hth,
pathfinder13
Title: Re: placing an order
Post by: fiveotwo on July 25, 2013, 01:16 pm
dang just made first purchase with frank matthews trusted vender and straight up put my address on there does it really matter????
Somewhat, but for the average buyer not really.  What it means is that in the scenarios

- Your connection is intercepted (unlikely over tor, using onion.to etc. definitely a concern)
- Silkroad is compromised and unscrupulous persons get hold of the decrypted DB (DPR claims addresses are only stored until an item is marked shipped, but you are taking his word for it)
- Your vendor is comprised (before the order is shipped), and a third party has access to his account

If any of these happen, your address will be visible to someone you most likely do not wish to share it with.  Using PGP you are granted another strong layer of protection.  It's unlikely, but much better to be safe, some real harsh consequences for getting caught
Title: Re: placing an order
Post by: 69isfun on July 25, 2013, 05:09 pm

Also- using PGP may instill a bit more confidence in your vendors.  At least you went that tiny extra step to be safe.
Title: Re: placing an order
Post by: AdolfHindenburg on July 25, 2013, 05:21 pm
i don't get it, what is the worst that can happen if your just write your name and adress directly in that box?
Title: Re: placing an order
Post by: 69isfun on July 25, 2013, 05:26 pm
i think 502 said it above:

Quote
- Your connection is intercepted (unlikely over tor, using onion.to etc. definitely a concern)
- Silkroad is compromised and unscrupulous persons get hold of the decrypted DB (DPR claims addresses are only stored until an item is marked shipped, but you are taking his word for it)
- Your vendor is comprised (before the order is shipped), and a third party has access to his account

Complacency is a bitch.