Silk Road forums

Discussion => Newbie discussion => Topic started by: Rotaluc on September 15, 2013, 01:14 am

Title: WARNING: Do not use any real mail address with PGP/GPG!
Post by: Rotaluc on September 15, 2013, 01:14 am
I've just imported a bunch of public keys from the Newbie PGP Club thread.

I'm rather scared to find that MANY people appear to have a false sense of security and their public key holds an actual mail address that actually belongs to the user!

For several users I now have a Gmail address. The police will be more than happy to have that.

Instructions for the police:

1. Read Silk Road feedback for cocaine seller to see who's bought it.
2. Search the forums for someone with the same nick who might have posted their key, perhaps PM them to ask for pubkey to discuss something
3. Get mail address
4. Link to IP/ISP
5. Get address from ISP
6. Get search warrant
7. You're nicked

But in some cases I have even found addresses that are using some clearnet domain that appears to belong to the user! I run a simple whois and I have your full name, your full address and your telephone number! If these mail addresses are correct, I have, right now, the full name and address for two Silk Road users.

I sure hope vendors are smarter than this, but I suspect this way even a few newbie vendors could be nicked.

Remember people, the mail address you enter in PGP or GPG is, upon publishing your public key, PUBLIC. It does not have to be a functional address! Mine is z@y.x. GPG does not care.

Be safe!
Title: Re: WARNING: Do not use any real mail address with PGP/GPG!
Post by: LickMyPaw on September 15, 2013, 02:13 am
Thanks. Great post. I never knew you could use a non functioning email address to create new keys. I created a gmail account with a fake name, but LE could still link that to me right?

So I'll just create a new key with a random ass email like skfhsarkgj@zsjhbskv.com?

This is why people should not just spam to get to 50 posts, I have learned so much in the time I've been in this forum.

Title: Re: WARNING: Do not use any real mail address with PGP/GPG!
Post by: Occams razor on September 15, 2013, 02:18 am
Yeah, I listed a fake email in my PGP key without a second thought. There should be no reason to supply that information, all communication can be done through the forum or SR messaging system.

Title: Re: WARNING: Do not use any real mail address with PGP/GPG!
Post by: mikesgirlfriend on September 15, 2013, 02:33 am
Thanks for that info.
Title: Re: WARNING: Do not use any real mail address with PGP/GPG!
Post by: baubt on September 15, 2013, 02:36 am
Good to know before I make my first purchase here.  Thanks!
Title: Re: WARNING: Do not use any real mail address with PGP/GPG!
Post by: LickMyPaw on September 15, 2013, 02:37 am
Thanks. This makes sense now. I was wondering what the point of the email account was in this. I thought that somehow the pgp messages went through the email account or something.

Level of security just went up a notch.
Title: Re: WARNING: Do not use any real mail address with PGP/GPG!
Post by: drinkNlove on September 15, 2013, 02:55 am
You'd think that it'd be common sense to not use your real email address.

Sadly, this world is full of ignorant people.

It's up to people like the OP to set a good example for those that lack said common sense.



The only time you should use any information that's closely associated with yourself is when you send your shipping address to the vendor...via PGP message, of course. Delete vendor public keys from your records when you (or even before, and just kept copying their public key from their page) cease communication with vendor, after transaction is complete.

Never make up usernames, passwords, or anything else, to use on SR that you've EVER used before on the internet. Keep it unique and unlikely that anyone can ever think, "OH, that's probably so and so. He always uses -insert anything easily associated with yourself-. I personally like to make up shit to use on here by using the Keyser Soze method. ;)

Constantly change your passphrase and pin number for safety. Never leave trails.


These aren't tips from an experienced SR user. I've only just recently started on SR. So, if any of my tips need improvement or changing. Please, any experienced members, correct me.
Title: Re: WARNING: Do not use any real mail address with PGP/GPG!
Post by: bubblebuttbalooza on September 15, 2013, 03:01 am
safety first always
Title: Re: WARNING: Do not use any real mail address with PGP/GPG!
Post by: bashlion on September 15, 2013, 05:17 am
Wow, I'm glad I wouldn't have made such a mistake. Hope all these users don't get popped for this kinda error.
Title: Re: WARNING: Do not use any real mail address with PGP/GPG!
Post by: No-Disassemble on September 15, 2013, 05:42 am
Wow, Thanks for posting this. Knowledge is power, hope newbie venders read this..
Title: Re: WARNING: Do not use any real mail address with PGP/GPG!
Post by: lantis on September 15, 2013, 08:19 am
50 posts is tiresome bullshit
Title: Re: WARNING: Do not use any real mail address with PGP/GPG!
Post by: D34dm4u5 on September 15, 2013, 08:49 am
someone should compile a thread for all the useful information that's needed so the NOOBS won't be so nooby after they finally learn how to buy / sell etc.

I'm still confused about a few things myself, so i won't be purchasing anything until I am 100% sure that nothing is traceable.
Title: Re: WARNING: Do not use any real mail address with PGP/GPG!
Post by: Mitragyna on September 15, 2013, 11:20 am
Great warning, thanks! Haven't really figured out this about PGP yet?
I'm using countermail which is supposed to be crypted and not logg any IP etc. Better than hush-mail regarding that. Is PGP still necessary?
Title: Re: WARNING: Do not use any real mail address with PGP/GPG!
Post by: jetskikiller on September 15, 2013, 03:51 pm
I'm no great shakes on PGP, bitcoin or other stuff but you have to be patient.I myself am getting better everyday with said subjects just by putting in the hours. In my short time here around the forums and the like it seems so many people are rushing into SR expecting to have product within their first week of joining without doing the proper research.

I'll admit i got a little excited when i joined aswell, but relised fairly quickly that its quite easy to get caught without the proper steps being taken to conceal your identity. Its the most valuable product on silk road IMHO. Hope everyone stays safe and one step ahead of the law. Knowledge is power in this game.
Title: Re: WARNING: Do not use any real mail address with PGP/GPG!
Post by: fatbrian on September 15, 2013, 08:31 pm
You'd think that it'd be common sense to not use your real email address.

Sadly, this world is full of ignorant people.

It's up to people like the OP to set a good example for those that lack said common sense.



The only time you should use any information that's closely associated with yourself is when you send your shipping address to the vendor...via PGP message, of course. Delete vendor public keys from your records when you (or even before, and just kept copying their public key from their page) cease communication with vendor, after transaction is complete.

Never make up usernames, passwords, or anything else, to use on SR that you've EVER used before on the internet. Keep it unique and unlikely that anyone can ever think, "OH, that's probably so and so. He always uses -insert anything easily associated with yourself-. I personally like to make up shit to use on here by using the Keyser Soze method. ;)

Constantly change your passphrase and pin number for safety. Never leave trails.


These aren't tips from an experienced SR user. I've only just recently started on SR. So, if any of my tips need improvement or changing. Please, any experienced members, correct me.

You would think that PGP wouldn't require an email address to create a key, but it does. It requires something that resembles an email address in there.  Luckily for me, I noticed this when I was testing it out and creating my own key.  I then deleted it for security reasons.

Then, using Tor I created a new email account from a clearnet webmail vendor, that I only access through Tor.  I have to jump through tons of hoops to log in, but its not an email account that sees any real use anyway.  There's really no danger of me accidentally logging in without Tor. 

And with this, I have reached my 50th post, without joining the spamming threads (well maybe once or twice).  I'll still be around.  Now I can contribute to the rest of the forum.  Peace out.
Title: Re: WARNING: Do not use any real mail address with PGP/GPG!
Post by: bouncetobass on September 15, 2013, 08:38 pm
Luckily the guide I read told me to use a fake email. Scary to think how easy it would be for people not clued up, to get busted.
Title: Re: WARNING: Do not use any real mail address with PGP/GPG!
Post by: Dougggy on September 15, 2013, 08:42 pm
If you were truly that concerned enough about anonymity that you would use PGP to encrypt your address, I would have thought that you would have used a fake email anyway...
~D
Title: Re: WARNING: Do not use any real mail address with PGP/GPG!
Post by: bouncetobass on September 15, 2013, 08:48 pm
Well actually thinking about it, i wouldn't have used an isp based email... it would be a safe webmail address which i would have signed up to using a VPN to hide my ip/location etc. So many I could have used a 'real' email after all.
Title: Re: WARNING: Do not use any real mail address with PGP/GPG!
Post by: No-Disassemble on September 15, 2013, 09:21 pm
someone should compile a thread for all the useful information that's needed so the NOOBS won't be so nooby after they finally learn how to buy / sell etc.

I'm still confused about a few things myself, so i won't be purchasing anything until I am 100% sure that nothing is traceable.

I like this guy, SOMEONE GIVE HIM A FUCKING METAL! But for real I think more people should be like this. But I think everything on the net is traceable. You must convince people that your someone your not.
If your smart act dumb, if your dumb act smart. And do everything under a real name but ofc its not yours! Follow your victim, know your victim, be your victim.  :)
Title: Re: WARNING: Do not use any real mail address with PGP/GPG!
Post by: Jesusson420 on September 15, 2013, 09:28 pm
the police aint gun catch me
Title: Re: WARNING: Do not use any real mail address with PGP/GPG!
Post by: The Enlightened on September 15, 2013, 09:29 pm
Duh ! :-)

Read up , there is plenty. If you are waiting to have it handed to you ........good luck !!
Title: Re: WARNING: Do not use any real mail address with PGP/GPG!
Post by: JohnCantrell on September 15, 2013, 09:51 pm
I mentioned this in the PGP thread a few days ago, good thing that it gets more attention.


http://dkn255hz262ypmii.onion/index.php?topic=107219.msg1526057#msg1526057

Title: Re: WARNING: Do not use any real mail address with PGP/GPG!
Post by: BTCB on September 15, 2013, 10:12 pm
I noticed this also as some are using gmail or regular emails.


We had to do fresh key after tormail and want to tell everyone not to use tormail, there is other pgp email providers,message me for info!

Also consider using fake emails yourname@silkroadtor.com :)

lol
Title: Re: WARNING: Do not use any real mail address with PGP/GPG!
Post by: cryngie on September 15, 2013, 10:21 pm
thanks capt'n obvious
Title: Re: WARNING: Do not use any real mail address with PGP/GPG!
Post by: DopeSneaky on September 15, 2013, 10:30 pm
I've just imported a bunch of public keys from the Newbie PGP Club thread.

I'm rather scared to find that MANY people appear to have a false sense of security and their public key holds an actual mail address that actually belongs to the user!

For several users I now have a Gmail address. The police will be more than happy to have that.

Instructions for the police:

1. Read Silk Road feedback for cocaine seller to see who's bought it.
2. Search the forums for someone with the same nick who might have posted their key, perhaps PM them to ask for pubkey to discuss something
3. Get mail address
4. Link to IP/ISP
5. Get address from ISP
6. Get search warrant
7. You're nicked

But in some cases I have even found addresses that are using some clearnet domain that appears to belong to the user! I run a simple whois and I have your full name, your full address and your telephone number! If these mail addresses are correct, I have, right now, the full name and address for two Silk Road users.

I sure hope vendors are smarter than this, but I suspect this way even a few newbie vendors could be nicked.

Remember people, the mail address you enter in PGP or GPG is, upon publishing your public key, PUBLIC. It does not have to be a functional address! Mine is z@y.x. GPG does not care.

Be safe!

I didn't even write any email adress when making my key.
Title: Re: WARNING: Do not use any real mail address with PGP/GPG!
Post by: anontoker on September 16, 2013, 12:41 am
I used an anon mail (safe-mail) in my private key but I'm not posting it here. It's only for vendor comm. Most vendors seem fine with me sending them private messages using their own keys. They reply unencrypted but its just general chit chat and coffee. ;)