OPSEC of Direct Deals (2c-b)

I hope discussing direct deals does not fall under rule #5.

I'm interested in getting domestic 2c-b and the only available option is 2cbking, who claims to have lost >10,000 when MEM fell and has since then only accepted DD's. I am immediately concerned with their opsec because, although they have a sigaint account, they also have and use a gmail account, which is crazy even to a guy like me with little understanding of encryption outside the DNM basics.

Risks of losing my money notwithstanding, are there any OPSEC type risks that are greater by doing a DD with this vendor as opposed to waiting for them to join a market?


Comments


[3 Points] NASBNJ1992:

This really sketched me out too. If he's using gmail, what other OPSEC fuck ups is he making? Because of this I went with mahakala and bought 1g of 2C-B and it is perfect. Mahakala is great


[2 Points] fantasticnameuser:

Using Gmail isn't really a risk at all if you are using PGP and from a secure machine


[1 Points] StrictlyThizzness:

Ya, the gmail is sketchy. This vendor also uses a PGP program that uses BountyCastle (BCPG C# v1.6.1.0). It is supposed to be wildly unsafe. /u/2cbking you are a great vendor in all other categories, but the tech side of your OPSEC has a few flaws that you can easily fix.


[1 Points] 2cbking:

Using gmail to send an unencrypted message would be crazy. Thats why you dont do it. No one is forcing anyone to use gmail, and certainly no one is suggesting sending unencrypted messages on any email provider. One of the basic things about encryption you learn is that the whole point of PGP is that you do not have to trust the medium you send the message over. The whole point is that you could be handing the message to the FBI or NSA and asking them to hand it on to the recipient, and the message would still be completely safe from their viewing eyes. You dont need to trust Gmail, nor should you. Nor should you trust any market, or Tor email provider (they are far more sketchy then Gmail, for all we know, the feds are the ones running them). Trust is stupid, thats what encryption is for.


[1 Points] guywithmoneybutnolab:

It does not matter how PGP encrypted messages are sent. He could have a facebook profile linked to message him on and it would be just as secure as sending it any other way, as long as the account can't be traced back to him.