First time reaching out direct to a reputable vendor in the wake of AG.
I'll spare their name, but reached out via their email. I sent a question and asked for their price encrypted with their verified PGP key. and included mine.
They replied... without encryption, including BC instructions and asking me to identify myself in another email when I send with the wallet where it's coming from and my address.
UPDATE: when i PDG'ed them another message asking why they didn't PGP me, here was their explanation:
We use PGP where ever relavent, like with sensitive information like a persons name and address. Our previous message did not put you (particularly not you, since it had zip zilch nada nothing about you at all in the email) or us (anyone could get that BTC address by simply messaging us like you did, its not exactly a state secret) at any risk of anything.
Thanks for everyone's thoughts.
So... that's kinda bad, right? Am I being too parnoid about Opsec?
BTW. their email is a gmail.
I wouldn't touch them with a 93,000,000 mile pole.