Do vendors save customer data?

What do you think, how common is it for vendors to save customer data?

Have there been many cases where customers were visited by police after a darknet vendor was caught?

Would it make sense for them to save customer data to hand over the list to the judge in order to received a reduced sentence in case they were caught?


Comments


[7 Points] Vendor_BBMC_Lizard:

They should get rid of it, but many do not.


[4 Points] KrispyKremeDNM:

Nope. The shipping information we get is deleted once the order has shipped out. We save receipts from the shipping labels to provide us with tracking numbers in the event of a dispute but that information is saved in its own encrypted partition.


[2 Points] Joebelowme:

Everyone that buys from me gets a weekly flyer in the mail with specials and upcoming sales!


[2 Points] gwern:

I don't know how common it is, but it definitely happens. Some vendors even sell their customer lists.

I was arguing with some other researchers that it was unnecessary to carefully sanitize market crawls in case someone accidentally puts their address in a review (this happens, believe it or not), because I already knew of thousands upon thousands of buyer addresses being leaked or obtained by LE with minimal repercussion*, and I drew up a brief list of ones I could remember:

For more background on some of these, http://www.gwern.net/Black-market%20arrests

* note I refer solely to drug users here. For people buying guns or poisons, there are definitely repercussions from even old expired address lists.


[1 Points] define_irony:

Most save the tracking information for a few weeks. It's usually encrypted.


[1 Points] Clix828:

This comment has been overwritten by an open source script to protect this user's privacy. It was created to help protect users from doxing, stalking, harassment, and profiling for the purposes of censorship.

If you would also like to protect yourself, add the Chrome extension TamperMonkey, or the Firefox extension GreaseMonkey and add this open source script.

Then simply click on your username on Reddit, go to the comments tab, scroll down as far as possible (hint:use RES), and hit the new OVERWRITE button at the top.


[1 Points] whichkraft:

It's very bad practice for a vendor to save customer information and there's not really a good reason to do so. If LE finds a vendor's saved customer information, not only could they target the customers, but it would also stand as solid evidence to aid in convicting a vendor for distribution.

Once we decrypt your address, it's printed to a shipping label, cleared from RAM, and is never looked at again. For tracking, the order number and tracking number is saved in a PGP-encrypted text file on an encrypted drive which is purged as soon as we see a buyer finalized their order.

Messages and order information are stored on market servers until they're purged, so remember to encrypt all your messages and information with a vendor's public PGP key when you contact them.


[1 Points] IntellectualEuphoria:

I've befriended multiple vendors, and I hate to tell you this, but most do save all names and addresses.


[1 Points] None:

[deleted]


[0 Points] None:

[deleted]