Silk Road forums

Discussion => Newbie discussion => Topic started by: argosy on July 23, 2013, 06:27 pm

Title: Newbie SR question
Post by: argosy on July 23, 2013, 06:27 pm
Looking for some advice here. On SR, let's say I'm looking at a given listing, and I click the button that says "Send a message", because I have a question for the seller. Is it necessary to use PGP there, or is SR already encrypting PMs?

And what about when I order something, and it says, "Paste your address here as you would on a letter"? Do I need to paste in an encrypted PGP message containing my address? Or is that already being encrypted?

Thanks for any help.
Title: Re: Newbie SR question
Post by: Crepuscular on July 23, 2013, 06:58 pm
I advise you to use PGP, for instance via PGP4Win. Usually every legit vendor have their public key listed under profile, and you can encrypt with that, send the PGP-encrypted message in the address-field, and maybe include your own public PGP key if you want them to contact you back in encrypted form if needed.
Title: Re: Newbie SR question
Post by: mcguire39 on July 23, 2013, 07:02 pm
If you're just asking a question like 'do you have any cheese in stock?' you do not need to use PGP for that. In fact using PGP for a question like that is probably irritating to the vendors because it does take a little extra time to decrypt.

Normally you do want to encrypt at least the delivery address with PGP. And right, you just paste the ASCII armored PGP encrypted message into the 'enter your address' box. Don't worry, the box may look small, but you can sure stuff a lot in it.   ;D
Title: Re: Newbie SR question
Post by: PowerToCharm on July 23, 2013, 07:27 pm
To be sure, there is no automatic encryption as part of the SR site. If you send your delivery address to a vendor in plain text, it will be easily readable by anyone snooping on your traffic. Use PGP for sensitive information! Other messages, encrypt them or not depending upon how incriminating they are.
Title: Re: Newbie SR question
Post by: ko10011 on July 23, 2013, 07:39 pm
interesting subject, but i need to ask something here, from what i read and understood, you guys saying in the process of placing an order where SR page asks you to write down your address and the mailing option, it is advisable to write down your address in the text field using PGP !? or should i write in the address field a message to the vendor such as " address will be sent to your email using PGP, and send it to the vendor separately using a diff method other than SR !?
Title: Re: Newbie SR question
Post by: dmc002 on July 23, 2013, 07:46 pm
I would just send the encrypted address in the address box. If the vendor is not smart enough to try and decrypt the message with their key then you probably shouldn't do business with them.
Title: Re: Newbie SR question
Post by: Crepuscular on July 23, 2013, 07:48 pm
interesting subject, but i need to ask something here, from what i read and understood, you guys saying in the process of placing an order where SR page asks you to write down your address and the mailing option, it is advisable to write down your address in the text field using PGP !? or should i write in the address field a message to the vendor such as " address will be sent to your email using PGP, and send it to the vendor separately using a diff method other than SR !?
Simply post the block of gibberish you get back from encrypting using their public key in the address field.
Title: Re: Newbie SR question
Post by: osbourne on July 23, 2013, 08:10 pm
To be sure, there is no automatic encryption as part of the SR site. If you send your delivery address to a vendor in plain text, it will be easily readable by anyone snooping on your traffic. Use PGP for sensitive information! Other messages, encrypt them or not depending upon how incriminating they are.

The following is stated in the wiki's Buyer's Guide, "From the moment you submit your order, to the moment it is displayed to your vendor, the information is fully encrypted and unreadable. Then, as soon as your vendor marks your package with the address and confirms shipment, the address is deleted forever and is irretrievable. For the extra cautious, you can encrypt your information yourself with your vendor's public key. This way, even if the Silk Road server your address is on were compromised, your address would still be safe."
So its my understanding that the PGP stuff is for ADDITIONAL security and once it's given to the vendor you also have to trust that they properly destroy your address.
Title: Re: Newbie SR question
Post by: Brain Washington on July 23, 2013, 08:20 pm
Try to clean up after yourself every login.
Title: Re: Newbie SR question
Post by: osbourne on July 23, 2013, 08:32 pm
It seems if I was subject to an investigation, the kleopatra program with my saved certificates would not only be incriminating but a direct link to my SR seeing how it is a public key specific to the user.  Maybe I shouldn't have used my SR name like my instructions told me?
Title: Re: Newbie SR question
Post by: rapidsk on July 23, 2013, 08:57 pm
Use PGP because everyone hosting a tor-node can read your plaintext adress. Unfortunately I also have done some orderings without encryption (in good hop) because my cleopatra didn't worked.