Silk Road forums
Discussion => Security => Topic started by: kikisdeliveryservice on January 21, 2012, 05:19 am
-
Hi,
I am in the middle of updating all my security measures at the moment, and while using Kleopatra to decrypt a message last night, I had a paranoid moment.
OK, so my Kleopatra certificate is titled "kikisdeliveryservice". If the cops seized my computer, opened up Kleopatra and saw this as as my certificate, would that be enough for them to link me to a vendors account?
I have deleted everything off Kleopatra at the moment until I can feel safe using PGP again.
Any advice would be greatly appreciated.
Cheers,
Kiki
-
...my Kleopatra certificate is titled "kikisdeliveryservice". If the cops seized my computer, opened up Kleopatra and saw this as as my certificate, would that be enough for them to link me to a vendors account?
It wouldn't look good to the authorities if they were also aware of a "kikisdeliveryservice" account -- seller or buyer -- on SR or this forum. That alone may not constitute proof of anything but would be difficult to explain away as purely coincidental. To form a strong(er) link they'd also need a message -- say, one lying about in one of SR's messaging systems or on somebody's hard disk -- encrypted to or signed by that key. (Even a cleartext message to/from "kikisdeliveryservice" of the wrong sort or found in the wrong place could be problematic, once they know of that key/certificate.)
The best defense against anyone ever associating you, personally, with "kikisdeliveryservice" to begin with would be to keep both the keys/certificates *and* any messages to/from that identity that are retained by you on encrypted media; in a TrueCrypt (or similar) volume or container. (Even then, in certain localities such as the U.K., a simple volume/container may not be enough as you can be compelled by a court to give up your passphrases.)
-
Thanks CrunchyFrog, that was what I was suspected.
So, running Kleopatra off a USB drive would probably be the safest way if I don't want any record on my PC?
-
I have never used Kleopatra and am not sure if it's portable, but none of the other tools in the gpg4win bundle are, so I wouldn't bet on it. You may want to look into solutions that are definitely portable, such as Portable PGP (although that uses the crappy Bouncy Castle implementation of PGP), or gpg4usb.