How do the marketplaces keep sensitive user data safe?

Is there any info anyone can share regarding how any of the more popular marketplaces (e.g. Agore or Evolution) store sensitive user information such as user info, orders, shipping addresses, and messages?

What types of user data would LE or other nefarious individuals be able to access if one were to gain access to the systems that store the data?

I would suspect these marektplaces use some level level of encryption to protect data at rest, but obviously the method which you encrypt and use the keys is very important. Do any of the sites use asymmetric encryption to ensure only the receiver of the data can view sensitive information?


Comments


[6 Points] None:

This is the whole reason PGP exists. You encrypt all the sensitive data in the vendors PGP key so nobody can read it but them...this means if a market is compromised by LE the information is not in clear text. Encrypt sensitive data and never send anything linking your buying account to your identity without encrypting it in PGP.


[5 Points] DeafPirateRoberts:

Always assume they don't. PGP is your friend.


[3 Points] select1on:

Don't count on it, use PGP. PGP is like a condom and Markets are like hookers.


[2 Points] Theeconomist1:

Nobody can answer this question and even if the developer(s) of the market got on here and told you, I wouldn't believe them anyway. Always assume they don't protect your data and that'll keep you as safe as possible. My guess is that if LE were to seize the server and database, PMs with vendors (of course, any PMs that are PGP'ed should be safe from prying eyes), your username and transaction history would be available. My guess is that not everything is encrypted. PGP your address and any identifying information and this will limit your exposure. If they don't have identifying information, the other information isn't useful to LE. They'll just have a bunch of transactions but not tied to anyone they can arrest.


[1 Points] galaxyandspace:

They shouldn't have to. You use PGP.