Silk Road forums

Discussion => Newbie discussion => Topic started by: durace11 on August 15, 2013, 03:16 pm

Title: I ordered without PGP - dumb newbie mistake
Post by: durace11 on August 15, 2013, 03:16 pm
I've made two very small orders and both times, I didn't use PGP encryption to send my mailing address.

I thought the PGP keys were only if you wanted to message the vendor, and basically, I was didn't think it through and was stupid by not encrypting that info.

I now know that should have PGP'd my mailing address, and now I'm paranoid that I've compromised myself.

Having made that mistake, am I now in trouble? How serious is it that I didn't use PGP, bearing in mind that it was two small purchases of hash in the space of about 3 weeks.

I basically need someone to tell me to stop panicking!
Title: Re: I ordered without PGP - dumb newbie mistake
Post by: xxsquidxx on August 15, 2013, 03:23 pm
dude chill
Title: Re: I ordered without PGP - dumb newbie mistake
Post by: dirtybiscuitzz718 on August 15, 2013, 03:28 pm
yea you shouldnt worry. Then again, you should try to avoid ordering with out using pgp. Many long established vendors still dont for some reason or another use pgp.
Title: Re: I ordered without PGP - dumb newbie mistake
Post by: durace11 on August 15, 2013, 03:32 pm
I'm going to PGP from now on.

I'm hoping my address that's now logged on a SR server somewhere will be lost among the thousands of other plain text addresses.
Title: Re: I ordered without PGP - dumb newbie mistake
Post by: MrMates on August 15, 2013, 03:36 pm
Deny deny deny everything and then deny some more  ;)
Title: Re: I ordered without PGP - dumb newbie mistake
Post by: hiesenberg on August 15, 2013, 03:37 pm
small order your fine. if its a real big order i would use it, if the vendor doesnt have the pgp he most likely didnt take the time to learn how to use it. its an option that is up to you.
if vendor didnt take time to learn pgp what other shortcuts do they use?
it only takes a couple seconds to decode messages when you figure it out so it doesnt slow you down that much
Title: Re: I ordered without PGP - dumb newbie mistake
Post by: qasm on August 15, 2013, 04:08 pm
always best to encrypt  in case the road is compromised. If LE took hold of the road as your order was still processing they would be able to see your address if unencrypted. As LE haven't taken hold your previous two orders are safe but always use pgp in the future just in case it happens one day and your order happens to be the one in processing.
Title: Re: I ordered without PGP - dumb newbie mistake
Post by: slirp on August 15, 2013, 04:24 pm
SR hasn't been compromised so you're fine.  When the package was marked as shipped your address was deleted from the SR servers.

Apparently it is pretty common for users to not bother encrypting their address, even with vendors that require it.  I always PGP though.
Title: Re: I ordered without PGP - dumb newbie mistake
Post by: Psyche on August 15, 2013, 04:26 pm
No sense in worrying about it, it's in DPR's hands now.

Next time you try something that can possibly land you in jail for 10-50 years make sure to learn as much about it as possible before attempting it yourself. I'd say that people sould lurk the forums for at least 3 months before making their first order to avoid mistakes like this.

SR is presumably the fed's next target so using encryption is vital although as soon as the vendor marks it "in transit" it is wiped from the system so don't worry!
Title: Re: I ordered without PGP - dumb newbie mistake
Post by: new dreams on August 17, 2013, 08:08 am
Dude don't worry about it from my experiences vending very few people ever use pgp. I think I had maybe 6 out of about 150 use it, reading the forums makes it seem like everyone uses it in reality not a large percent actually do
Title: Re: I ordered without PGP - dumb newbie mistake
Post by: alcauita on August 17, 2013, 08:26 am
Durace, brother, calm down.
It's okay to order safe here, using good proxy connection only. Hide my ass are da best. it's 11 buck only. Then you go to TOR and further just ordering inside of SILK. There's no risk to get exposed IF you do businesses with confident Vendor. And this is very easy to find out who is who here.

PGP is necessary ALWAYS if you talk about business OUTSIDE of silk. Past news were about that tormail is not confident anymore cause it was compromised. If you had one there , you're really safe only if you used pgp.

Keep yourself calm, straight and anonymous in both lives.Be a man. Good luck!

Title: Re: I ordered without PGP - dumb newbie mistake
Post by: thedanfan on August 17, 2013, 08:54 am
you'll be fine
Title: Re: I ordered without PGP - dumb newbie mistake
Post by: leking on August 17, 2013, 09:04 am
Prepare for that SWAT team to bust through your door any minute ;)
Title: Re: I ordered without PGP - dumb newbie mistake
Post by: schuldig on August 17, 2013, 11:20 am
It's like fucking without a condom. Sometimes you are lucky, sometimes you aren't. ;)
Title: Re: I ordered without PGP - dumb newbie mistake
Post by: rockwaterwind on August 17, 2013, 12:19 pm
Take responsibility as far as you can.

Try to look for vendors that give the sense they too take security responsibly.

Just make sure not to wait for a disaster to change your habits...

However, no good can come from using your energies to worry. Just pump them into learning how to do it more securely in future...

:)
Title: Re: I ordered without PGP - dumb newbie mistake
Post by: FelixUK on August 17, 2013, 02:04 pm
It's not a big deal, when I first came on SR I wast a little lazy to encrypt so ordered mostly without encryption on my Customer account so doing it the once won't hurt.
Title: Re: I ordered without PGP - dumb newbie mistake
Post by: rockwaterwind on August 17, 2013, 03:55 pm
It's not a big deal, when I first came on SR I wast a little lazy to encrypt so ordered mostly without encryption on my Customer account so doing it the once won't hurt.

It won't hurt based upon the following assumptions:

1. SR is uncompromised, and those involved in it do not co-operate with malicious/any third parties.
2. Data is removed from the SR servers after a period of time and the server is not compromised before this period of time.
3. The vendor you used does not store the information/get compromised whilst in possession of your details.

I agree that it is _probably_ fine. But we should all remember that we should try to curtail risk as much as possible.

We can avoid points 1 and 2 by using gpg, with strong passwords etc however there is little we can do about the processes of vendors.

take care of yourselves people!