Silk Road forums
Discussion => Newbie discussion => Topic started by: Shm0keand@Panc@ke on March 25, 2013, 04:11 pm
-
When sending your address information to the seller via PM, will he deny your request because it wasn't encrypted(Note: I'm not talking about having a back and forth convo, just sending the buyer's info...
-
Some sellers accept addresses that are unencrypted, but sending your address via PM without PGP is even more risky than putting it unencrypted in the address field. If you want to get busted though, send him your address unencrypted. Look at the tutorials, PGP is really easy anyways.
-
Not neccesary in some peoples eyes but pretty damn important. Some vendors will not accept your order if you don't use pgp.Lots of buyers wouldn't order from a vendor who doesnt use PGP.
it really isn't that difficult, i recommend astors guide, i found it really helpful.
-
Necessary? No.... but if you want to do all you can to maintain anonymity and protect yourself, why WOULDN'T you use it??? the only one who loses by not using it is you.
-
I just got my first order & client did not use pgp, I would prefer if he did just for safety reasons but it is what it is!
pgp is really easy here is a video well worth the watch
http://www.youtube.com/watch?v=SywCI91kfq0
-
Highly recommended ;)
-
About as necessary as condoms with a woman you just met.
-
●▬▬▬▬▬▬▬ஜ۩۞۩ஜ▬▬▬▬▬▬▬▬▬●
❖ Pharmington Rex ❖
●▬▬▬▬▬▬▬ஜ۩۞۩ஜ▬▬▬▬▬▬▬▬▬●
First of all, if you think SR is compromised, who would LE go after? The low hanging fruit who didn't encrypt their address or the low hanging fruit who did encrypt their address not knowing that the vendor was also compromised?
You have to understand what PGP is and what PGP isn't. What it is, is just a degree of separation between you and anyone who might intercept communications between you and the vendor. That's it. Think of it as a bullet proof vest which doesn't protect your head, extremities or even your family jewels.
Why am I approaching it in this manner? Because, while you may secure yourself with PGP, you may be negligent in other areas of security or identity which defeats the purpose of PGP. PGP is just one part of your protective armour. It is not a suit of armour.
TL;DR - while PGP covers your chest and back, it doesn't cover your arse. Don't overweight it as a matter of security, but don't under weight it either. Rather, incorporate it as part of a balanced approach towards securing your identity and putting a degree of separation between you and your illicit activities.
Also note that many vendors who accept all forms of communication are vendors that have protected themselves with degrees of separation from you and SR and often the product itself. Or at least they should have. PGP only vendors on the other hand, if compromised, may divulge their PGP passcode and you wouldn't know it until it is too late. For example, RC vendor davidd. Look into it.
Cheers,
♔ Sir Pillsalot
●ஜ۩۞۩ஜ▬▬▬▬ஜ۩۞۩ஜ▬▬▬ஜ۩۞۩ஜ●
The Gentleman Lords of Pharmaceuticals.
Serving US Patrons from within the US.
●ஜ۩۞۩ஜ▬▬▬▬ஜ۩۞۩ஜ▬▬▬ஜ۩۞۩ஜ●
-
From what I understand exit nodes aren't encrypted. Tor just provides anonymity: you can't tell where a message came from. Messages are encrypted within the Tor network, but the exit node sends the unencrypted message to the destination server (otherwise the server wouldn't be able to read it). The exit node can eavesdrop on any communications it sends, so you are basically trusting the exit node. Anyone can set up an exit node.
A scheme like SSL (that you use with your bank or when buying on Amazon) involves trusted public/private key distribution. The bank has a private key, a certificate authority certifies its public key to say that it belongs to the bank, you encrypt things with the bank's public key, it decrypts them with its private key that only the bank has. In this way you are sure nobody except the bank can see what you send.
On SR the seller has his private key, he publishes his public key on his seller profile, you encrypt your message with it, only he can decrypt it with his private key. In this way you are sure nobody except the seller can see what you send.
SR encrypts the STORED address, so that if SR gets hacked, your address is encrypted. But that happens only after SR has received the address. If you don't encrypt it yourself with PGP then the exit node can see it and it will be sent to the SR servers from the exit node in plaintext. That is my understanding, please correct me if I'm wrong.
-
Different sellers have different policies regarding to what - if any - extent PGP encryption is required for conveying personal information. However, the vast majority of sellers seem to accept orders from people who have not encrypted (or sent via privnote) tunheir address, yet strongly prefer it when buyers use PGP.
Every time you place an order with a seller for the first time, it's IMPERATIVE that you read their entire seller profile carefully, as well as read the listing(s) for the item(s) you're purchasing from them from beginning to end. Sellers generally address this issue on their seller profile & clearly state their person policies regarding PGP encryption of mailing addresses & anything else along significantly similar lines. If a seller does not specify their policy on the topic in question anywhere in their seller profile, it's safe to assume that there's no added expectations that PGP be implemented when purchasing product(s) from them.
-
That is my understanding, please correct me if I'm wrong.
Your last paragraph lost me a bit, but you are mostly correct. You are misunderstanding one important distinction, though. Exit nodes only apply to node who retrieve traffic outside of Tor. They are called that because they are exiting Tor. Hidden services (.onion) such as SR are encrypted end to end. No node can sniff your traffic at any point (well, they can, but it's encrypted).
-
ROFLCOPTER
-
Your last paragraph lost me a bit, but you are mostly correct. You are misunderstanding one important distinction, though. Exit nodes only apply to node who retrieve traffic outside of Tor. They are called that because they are exiting Tor. Hidden services (.onion) such as SR are encrypted end to end. No node can sniff your traffic at any point (well, they can, but it's encrypted).
Oh I didn't realise that. In that case, there is no danger of exit node eavesdropping.
I guess you should just use PGP if you don't trust SR with your communications. Not strictly necessary, but it's safer to have only the seller as the weak link. The fewer people you trust the fewer opportunities for trust to be broken accidentally or intentionally.
-
Your last paragraph lost me a bit, but you are mostly correct. You are misunderstanding one important distinction, though. Exit nodes only apply to node who retrieve traffic outside of Tor. They are called that because they are exiting Tor. Hidden services (.onion) such as SR are encrypted end to end. No node can sniff your traffic at any point (well, they can, but it's encrypted).
I guess you should just use PGP if you don't trust SR with your communications. Not strictly necessary, but it's safer to have only the seller as the weak link.
It absolutely boggles my mind that some people would rather not take the 5 seconds to encrypt and copy and paste their address when those 5 seconds ensure it would take the world's fastest (publicly known) supercomputer several hundreds to thousands of years (depending on whose estimate you use) to bruteforce.
-
+1 to what everyone else has said. It's a quick and easy (once you figure it out) process. Why wouldn't you do it?
-
PGP is a tool. One you can choose to use, or choose not to. Quite simple, really. Do you trust the Silk Road to keep your information safe, and with that, do you believe that you are at a severe risk when sending that information over Tor? Personally, I do not use PGP for 90% of the things I do on here. Ordering from multiple vendors, different keys, separating orders...It's just too much of a pain in the ass for me to want to use it when all I want is some pot and maybe a few tabs of Lucy. The way I see it is this, I cover my ass when I order, I cover it well. If, by chance, a LE agency happened to snatch up my address....who cares? Seeing them try to prove that I'm the one who ordered anything off of here would be, at the minimum, amusing.
Now, I'm not saying PGP doesn't have its times when you should use it. As said earlier, it's a vest, and if you're in the danger zone, put that bitch on. When ordering bulk for redistribution or even personal use (Stoners) then PGP it up.
I know I'm about to catch more flak than a B17 over Germany, but if you're ordering an 1/8th of pot and maybe some MDMA or LSD or Shrooms or whatever, then I don't think you need to worry about the DEA kicking your door in.
-
beepgp
-
Just do it to be on the safe side man... Quick question tho, How do i get a tor mail address?
-
I'm behind three layers of cryptography on Tor. Unless Silk Road has a mole, I'm not getting busted. Nobody has ever asked me for this shit and I've made quite a few orders. Your seller sounds like a fucktard.
-
Just do it to be on the safe side man... Quick question tho, How do i get a tor mail address?
http://jhiwjjlqpyawmpjx.onion/
-
pgp is so easy to setup and use on any OS that there's no reason it shouldn't be used. there are youtube clips that explain how to set it up quickly.
-
Just imagine if SR was compromised and LE announced they had access to all the archived orders and messages. Wouldn't you feel a little less doomed if you had used PGP every time you sent your NAME and ADDRESS to a vendor to BUY DRUGS?
Furthermore, imagine this scenario, knowing that many users didn't encrypt their names and addresses. Who do you think LE will focus on? Encrypted or unencrypted addresses?
Always use PGP!
-
Lets say the LE had compromised SR to that dangerous of a degree, which may or may not happen some day I don't know? But people don't always need to use PGP when talking with a vendor or other member because it doesn't give away their name and their address in anyways.
That's why many vendors actually ask you not to use PGP in personal messages unless it discloses personal information that the government could use to harm you.
I've once heard that the government purchased the last gateway used when sending the address to the vendor (I don't know if it's true or not) but I DO recommend always using PGP when sending your address to a vendor, but besides that there is no reason to waste your time with always encrypting every message
-
Chiquita for example doesn't use PGP, he told me to use privnote when ordering, so I just didn't order. I've researched privnote and there is away for administrators to recover your destroyed message after it is already read, which is why I don't understand why he doesn't just post a public PGP
-
When sending your address information to the seller via PM, will he deny your request because it wasn't encrypted(Note: I'm not talking about having a back and forth convo, just sending the buyer's info...
no its not required... unless the vender requires it... and many dont.... but do so at your own risk... if its just weed or something your buying, then its a bit more safe to not encrypt, then if buying cocain or crack.
the worse the law is for a drug... the more you should use pgp.... for something like weed its a bit more safe.
many venders do not require it.. but you should ask before placing an order to make sure its okay with them... so far all the venders i asked were fine with no pgp
i did not want to use pgp at first either... but after some yotube videos.. and some playing around the the program.. its rather easy.... downlaod the program and play around with it as you watch some youtube videos about it.
-
what about privnote?
-
I just put in my first order, it was a small one, but I didn't use PGP to send my address. Should I cancel it and put it in again? If I cancel it, will I get my bitcoins back? the status is "processing".
-
PGP is a tool. One you can choose to use, or choose not to. Quite simple, really. Do you trust the Silk Road to keep your information safe, and with that, do you believe that you are at a severe risk when sending that information over Tor? Personally, I do not use PGP for 90% of the things I do on here. Ordering from multiple vendors, different keys, separating orders...It's just too much of a pain in the ass for me to want to use it when all I want is some pot and maybe a few tabs of Lucy. The way I see it is this, I cover my ass when I order, I cover it well. If, by chance, a LE agency happened to snatch up my address....who cares? Seeing them try to prove that I'm the one who ordered anything off of here would be, at the minimum, amusing.
Now, I'm not saying PGP doesn't have its times when you should use it. As said earlier, it's a vest, and if you're in the danger zone, put that bitch on. When ordering bulk for redistribution or even personal use (Stoners) then PGP it up.
I know I'm about to catch more flak than a B17 over Germany, but if you're ordering an 1/8th of pot and maybe some MDMA or LSD or Shrooms or whatever, then I don't think you need to worry about the DEA kicking your door in.
+1 speak yur mind
-
Yes use pgp, avoid things like privnote. Never use a hosted pgp service like hush, etc.
-
When sending your address information to the seller via PM, will he deny your request because it wasn't encrypted(Note: I'm not talking about having a back and forth convo, just sending the buyer's info...
if its just weed or something your buying, then its a bit more safe to not encrypt, then if buying cocain or crack.
the worse the law is for a drug... the more you should use pgp.... for something like weed its a bit more safe.
I don't know where you are located, but federally in the USA, weed is schedule 1 and cocaine is schedule 2. So your argument is backwards. You should say that you should use PGP for weed but not cocaine.
what about privnote?
Privnote is accepted by many vendors, but as a buyer, I'd almost argue it's worse than nothing.
I just put in my first order, it was a small one, but I didn't use PGP to send my address. Should I cancel it and put it in again? If I cancel it, will I get my bitcoins back? the status is "processing".
No. It's already in the SR database.
I don't really think SR's methods are documented anywhere, so for all we know, the "address" field is deleted from the database when an order is finalized. But as I've said before, I'm dumbfounded that people would rather not take the few seconds to encrypt their address. I just don't get it. To each their own, though.
-
I will be more cautious next time, thanks :)
-
I will be more cautious next time, thanks :)
For the record, that last part was not directed at you. You didn't choose not to use it; you just didn't know about it.
If it was really your first order and you have no built up stats to 'sacrifice', you could consider making a new SR account just so future purchases can't be tied to that first address. Since PGP keys, SR accounts, and Tormail accounts are so easily created (and disposed of if need be), it's something to think about. Again, though, that falls under my probably-will-never-ever-make-a-difference-but-eliminates-the-tiny-possibility-anyway policy, which some might find excessive.
Happy Roading!
-
+1 that in 72 hours ..
:) Just Remind Me :P
Peace,
ChemCat
8)
-
I will be more cautious next time, thanks :)
For the record, that last part was not directed at you. You didn't choose not to use it; you just didn't know about it.
If it was really your first order and you have no built up stats to 'sacrifice', you could consider making a new SR account just so future purchases can't be tied to that first address. Since PGP keys, SR accounts, and Tormail accounts are so easily created (and disposed of if need be), it's something to think about. Again, though, that falls under my probably-will-never-ever-make-a-difference-but-eliminates-the-tiny-possibility-anyway policy, which some might find excessive.
Happy Roading!
Yes, it was my first time with bitcoin, PGP and SR, total newbie here lol I'll probably do what you say, I don't have anything to lose. Thanks!
-
yur good man...anything further..follow the link at the bottom of my sig. Be safe....
Enjoy :)
Research...there is alot of info here around us :)
use the search feature...
i'm not just sayin this to be an ass :)
there is a varitable cornucopia of information right at our fingertips....utilize everything....BE SAFE!!
:)
Peace,
ChemCat
8)
-
BTW I agree that non-incriminating messages do NOT require PGP. Only things that may identify you.
-
So YES it is very important to remain anonymous!
-
wut r bitcoins?
???
-
wut r bitcoins?
???
Dear ChemCat,
With this many posts, I'm kind of shocked you don't even know wut bitcoins r.
Bitcoins are the unit of currency of the Bitcoin system. A commonly used shorthand for this is “BTC” to refer to a price or amount (eg: “100 BTC”). There are such things as physical bitcoins, but ultimately, a bitcoin is just a number associated with a Bitcoin Address. A physical bitcoin is simply an object, such as a coin, with the number carefully embedded inside.
Sincerely,
123
-
Oh My (blushes)
I'm Sorry :)
I was Just Bein Goofy :P
Peace,
ChemCat
8)
-
Oh My (blushes)
I'm Sorry :)
I was Just Bein Goofy :P
Peace,
ChemCat
8)
WHAT IN THE HECK?!?!?
I never would have guessed! ;)
I'm almost off for the night.
Take care Mr. ChemCat and all :-*
-
Sending your delivery address un-encrypted is king of like ordering and giving out your info over a loudspeaker. Not only to mention if the SR database was ever compromised and you had an order processing at the time. You are now on an SR customer list you don't want to be on.
-
Absolutely!!
:P
You have a nice time of day yourself :)
Peace,
ChemCat
8)
-
From the wiki (http://dkn255hz262ypmii.onion/wiki/index.php?title=Buyer%27s_Guide#Receiving_address). My only hope is that it's true:
Receiving address
From the moment you submit your order, to the moment it is displayed to your vendor, the information is fully encrypted and totally unreadable. Then, as soon as your vendor marks your package with the address and confirms shipment, the address is deleted forever and is irretrievable. For the extra cautious, you can encrypt your information yourself with your vendor's public key so that even we at Silk Road would be unable to view it, even if we wanted to.
-
When sending your address information to the seller via PM, will he deny your request because it wasn't encrypted(Note: I'm not talking about having a back and forth convo, just sending the buyer's info...
100% YES..welcome to SR....
-
I have always worried more about a vendors lack of stealth leading to my address becoming of interest!
-
Hmm is PGP really necessary...you are surfing in an encrypted network, paying with cryptocurrency which seems to be pretty safe( at least if you are human being who tends to make decisions based on logical patterns)...and you really risk your safety for a few seconds of lazyness? Anyway you never now, what your vendor does with your address, i would only wish they are all really only using some Linux-on-a-stick and the customer data additionally is secured with TrueCrypt, just in case, they got busted. On the other hand, as long as you don't use a real clear name...what would happen. I also happen to use a false identity for over 10 years, if this poor guy really existed and once got busted...uh :D
So as a consensus, if you want to understand the idea, the future and everything about SR and BTC, you better learn to use PGP. With Echelon and other stuff already up and running, try to keep the rest of you privacy...don't throw it away or you will wake up after "1984" and be living in a "Brave New World" without even recognizing it ;) Nuff said...
-
pgp protects you address when SR servers get busted or hacked...
-
It is very easy software..Just encrypt the address using sellers ID
-
YES! if SR said we must, it is a must. It is easy to learn and use, DO IT! for your sake and the customers sake as well
-
One more thing to learn
-
two