So I put in an order with ShadowRX on August 10th for 250 Xanax bars. It got marked shipped on August 12th.
Today I log into my account and see that my order has been canceled and refunded. Confused, I look at he says that he tried to private message me(I did NOT get a message) that he changed his PGP key and couldn't get my shipping details.
Screenshots;
He said he had a new key from the get-go, so why did he not just let the order auto-cancel and send me a message saying he got a new key then instead of marking my item as shipped and waiting a week to cancel it? I did NOT get any private message from him about this and this is the first I have heard about a new key.
I'm not saying it 100% is LE but I have never had this happen in my year of getting multiple packs a week from dozens of vendors.
There's a really easy solution to this for vendors: Sign the new key with the old one. It's just that simple. That demonstrates to anyone who downloads the new public key that it is vouched-for by the key they already have. It's a one-step process:
Then follow the couple very simple prompts and you're done. Then any time you export your new public key, it will include right inside of it this testament that it's legit, according to your old identity.
Any vendor who cannot provide this kind of authentication for a new key should be considered compromised, period.