Is my OPSEC fucked up?

I have some LSD blotters I bought from Agora some weeks ago. The problem is that my friend (not a close friend) hit me up on whatsapp asking me to sell him some acid, he was begging for it and I ended up agreeing on it. I know we shouldn't talk about those things on whatsapp or facebook messenger but my friend did and I thought that I would be fine as long as LE doesn't have any reason to investigate me.

I must also say that I don't live in the US so I don't think I would be a target for FBI/DEA.

What should I do?


Comments


[3 Points] sapiophile:

That was a bad move.

A couple of years ago, I would have said, "eh, as long as you or they are not being actively investigated, it's unlikely to be any kind of problem." But recently Facebook and other service providers have started implementing keyword triggers and such to specifically look for illegal activity on their platform.

Now, theoretically, WhatsApp messages are encrypted end-to-end with the same process that TextSecure uses, and TextSecure is really the absolute gold standard in asynchronous secure messaging, period. So, you're probably okay in this instance, at least assuming that the secure messaging feature was in use (I'm not sure if it's optional or not within WhatsApp, but if it's something that needs to be enabled, it's possible that it wasn't). However, WhatsApp itself is closed-source and therefore the "security" of its messaging is entirely based in the trust you place in the developers, who at this point work for a multi-billion-dollar company. In other words, you cannot.

However, prosecuting you for doing deals like this would reveal that their messaging is not actually secure, unless they used some kind of Parallel Construction, and for such a small deal, they wouldn't bother doing that.

One very serious threat in this case, though, is the message history that's saved on your device and your friend's device. I would say that it's extremely important to delete all the history of these messages with your friend from your device, and to message them and tell them to immediately do the same. All the secure message transport protocols in the world won't help you one bit if either of you end up running into some cops and they just look at your phone directly.

If you want actually secure messaging (and I think everyone should), I very, very highly recommend TextSecure as linked above, as well as their other apps for secure voice calls (Signal/RedPhone). All of these are completely open-source and made by extremely competent cryptographers who are explicitly anti-state, and just plain good, smart people besides. Their company is a non-profit. They are activists. In other words, they won't sell you (or the rest of their users) out.

TL;DR: You're almost certainly fine, but don't do it again. Install TextSecure and get your friends to install it, too, and use that instead of WhatsApp whenever possible in the future.


[2 Points] None:

Nothing much you can do now, maybe delete the messages that's about all you can do. But if you just sold a small amount to him I doubt the piggies give a fuck, especially since you don't live in merika.

But in the future if you decide to actually resell stuff, the safest way is to use burner phones, call don't text and change numbers constantly. Talking in person is the safest.


[1 Points] None:

Use privnote


[1 Points] throwaxanny:

Did either of you mention the darknet at all or buying it online? If not than you are probably fine, especially if its only a few tabs.