Opsec shit I don't like

When vendors leave you tracking in privnote/temp.pm. I just get the feeling that even if those sites are ran by LE, if the Market itself is LE or compromised , I don't think it would be hard to quickly read the privnote, then create a new privnote and edit the vendors message to you so you still receive the information but they do as well.

This is kinda beating a dead horse but streaming/site vendors communicating the login info in cleartext. Probably a small chance but if a market is seized/compromised and they go through notes it might be as simple as going "Oh cool, this one buyer who has spend 30k in 2 months bought a netflix account; coolkid123:assh0le , lets check with netflix and see which IPs used that account for that date and a week after. Oh cool,who would have thought, he used it from his house."

Sure you can mention xfinity wifi logins and then you would be correct by sighting the one example where it might not be as dangerous

2 of my favorite vendors do these things and it's just a shortcut that might put a buyer in danger.

OPSec isn't really that important. Until it is.


Comments


[2 Points] sapiophile:

Privnote and the like are total shit, and it's disgusting that anyone in this community uses them for anything. It's like handing your messages over to LE personally. I mean what the fuck people, stop having "trust a third party 100%" be a part of your security model. It's amazing to me that people still don't get it.

HushMail sold out its users. HideMyAss sold out its users. Crypto AG was a front from the get-go. Safe-mail sold out its users. These are just a few of the services that we know about. When the option exists, why would anyone not ensure their own security/privacy, with software running on their own computer?


[2 Points] crzboyg:

Xfinity logins?


[2 Points] None:

a lot of buyers ask for tracking to be encrypted but don't list thier public pgp key!


[1 Points] None:

I agree with you 100%, but how do you propose LE would do this? Have an alert set up every time a message is sent containing a privnote link so they can immediately switch it before the buyer has a chance to see it?