[Complaint/Warning]Alphabay does not encrypt shipping info and does not delete it either.

I'm a vendor that just started on Alphabay and even though I have uploaded my pgp key, all of the shipping info from customers are in plain text. Even if the customer doesn't encrypt it, Alphabay should. And to add on top of that, the shipping info stays around with the order summary. Completed, cancelled, en route, etc, all orders still have personal information in plain text.

Too much risk of LE, either the site getting taken over or already being run by them. I'm out. Even if it doesn't endanger me much, I don't like putting my customers at risk and losing potential future revenue.


Comments


[24 Points] Aluxh:

Entrusting the server to encrypt your data is not safe. Encrypt before it leaves your local network or risk interception.


[19 Points] ThrowawayTehGay:

I agree that they should auto-encrypt, but a growing number of vendors are refusing to accept an order with unecrypted shipping info. If I were a vendor, I would strongly consider doing the same. We've got to stop letting the kids and the noobs dictate our business/opsec practices.


[12 Points] evilgold:

The level of hand holding people expect when doing illegal things on the internet really amazes me sometimes. Why would anyone assume a market is going to bother protecting their info? At best you'd get a false sense of security from sites claiming to encrypt data for you. It all means nothing if LE have access to the server.

Security is the responsibility of the individual, to expect otherwise is foolish.


[7 Points] error_505:

It is the responsibility of the customer to use the PGP key listed on your profile, and likewise, for the vendor to use good etiquette and write an encrypted reply.

It is not the market's job to encrypt communications.


[4 Points] WhereIsMyLSD:

A market should never be entrusted with managing encryption. That's all on the user


[3 Points] deadfap5:

Cracks me up when buyers are this paranoid. One thing you fail to realize is the DEA does not care about your 2 gram drug purchase. They go after the large vendors and markets, not puny buyers. It's not worth their time and resources to hunt someone down for buying a couple of grams of coke or MDMA lol.


[2 Points] None:

You can't rely your opsec to a server. Encryption is paramount from step 1.


[1 Points] _Boogie_:

I see where you are coming from with this. However it is a security flaw to entrust a site to do the encryption for you. What's to stop the site from copying the information prior to encryption and sending it to you?

It's the customers and vendors responsibility to learn encryption before placing an order. What you can do as a vendor is decline unencrypted orders and explain to your customers that they need to learn how to use pgp applications.

Just my 2 cents :)


[1 Points] None:

You use PGP to encrypt the address with the buyers pgp key and leave it in sellers note. If you're putting anything unecrypted in sellers note that your responsibility.


[1 Points] None:

if your OPSEC is threatened because the anonymous black market is not encrypting your messages for you, i agree, you shouldn't be vending.


[0 Points] baseballdude81:

What do you expect? The market is run by one of the moderators of TCF, a carding forum. He has close ties to Verto and there's a good chance he was involved with the exit scam.


[0 Points] None:

The only people I have heard praise this market, are individuals that seemed very shill like. But never looked at it myself.


[-2 Points] None:

We don't auto-encrypt stuff. Even if we did, what makes you think that I won't record the plaintext data before encryption and send it to LE? Always think about "how can I get fucked".

If that really makes you worried, then the Deepweb is probably not for you.