Silk Road forums

Discussion => Newbie discussion => Topic started by: Audiopolis on August 05, 2013, 12:47 am

Title: Reminder to vendors about security - Please move to Silk Road Discussion
Post by: Audiopolis on August 05, 2013, 12:47 am
Support should send out a message to all vendors reminding them to delete all old messages in case they contain sensitive information. I have sent my unencrypted home address over PM before and I can't know if he deleted the message after reading it. Alternatively make old messages disappear automatically.

Also, the shipping address isn't saved after finalization anywhere, right?

Silk Road's next.
Title: Re: Reminder to vendors about security - Please move to Silk Road Discussion
Post by: Audiopolis on August 05, 2013, 12:52 am
Also, you should be able to unlink feedback and history from your account. If you have finalized something and you leave a feedback, the feedback is just lying there forever. If you're being monitored somehow or the police access your SR account, they have proof that you have bought those products. I see no reason why feedback should be visible to the author forever. I find the account history feature useless.
Title: Re: Reminder to vendors about security - Please move to Silk Road Discussion
Post by: dotgoat on August 05, 2013, 01:00 am
First off use PGP, always (there's several forum topics about how to set it up).

I wish account history on SR wasn't permanent. Maybe hang around for 30 days and then it's purged.  Any PMs I sent at SR I always used the sellers PGP key aside from a couple times where I just replied "acknowledged" in plain text as that doesn't reveal anything.
Title: Re: Reminder to vendors about security - Please move to Silk Road Discussion
Post by: Audiopolis on August 05, 2013, 01:15 am
For some reason I was under the impression that messages are deleted automatically after a few days, so I never used PGP. I will from now on, though. However, it's not exactly hard to take a look at the vendor's profile and decrypt all the messages, so is PGP even useful? Maybe if the PGP key is changed regularly...

I also think the admins should send out a warning about the deletion of all messages soon. SR has some security holes that could easily be fixed but never are.

Title: Re: Reminder to vendors about security - Please move to Silk Road Discussion
Post by: DaveDoe on August 05, 2013, 01:53 am
Both purchase history (not stats) and PMs are deleted automatically after a few months.
Title: Re: Reminder to vendors about security - Please move to Silk Road Discussion
Post by: dotgoat on August 05, 2013, 03:24 am
However, it's not exactly hard to take a look at the vendor's profile and decrypt all the messages, so is PGP even useful? Maybe if the PGP key is changed regularly...

That's now PGP works, search here or on the internet (sorry just quickly replying so couldn't find the post I was looking for, maybe someone else will post a good tutorial) but PGP is asymetric encryption.  This means that there are a pair of keys made. One is public that you put on the vendor's profile page or in a forum post here.  The other is private which you keep, well, private.  Something is encrypted with the person's public key and the only way to decrypt it (that anyone is aware of) is with the matching private key. The public key can't be used to decrypt it.
Title: Re: Reminder to vendors about security - Please move to Silk Road Discussion
Post by: do unto others on August 05, 2013, 05:39 am
Support should send out a message to all vendors reminding them to delete all old messages in case they contain sensitive information. I have sent my unencrypted home address over PM before and I can't know if he deleted the message after reading it. Alternatively make old messages disappear automatically.

Also, the shipping address isn't saved after finalization anywhere, right?

Silk Road's next.

Your address is gone as soon as the vendor marks your order shipped. I believe your account history stops showing transactions after 30 days which is how long they allow you to change your feedback. I agree this is too long and feedback should be locked in after one week. Two weeks tops.
Title: Re: Reminder to vendors about security - Please move to Silk Road Discussion
Post by: Audiopolis on August 05, 2013, 08:51 am
So really, all that needs to be done is change the expiration date on feedback from a month to a week or two. However, since some listings are shipped very slowly (more than autofinalization + a week), maybe keep the 30 days, but add a button to remove the feedback. Just a little "X" that you can click as soon as you're finished giving feedback.

However, it's not exactly hard to take a look at the vendor's profile and decrypt all the messages, so is PGP even useful? Maybe if the PGP key is changed regularly...

That's now PGP works, search here or on the internet (sorry just quickly replying so couldn't find the post I was looking for, maybe someone else will post a good tutorial) but PGP is asymetric encryption.  This means that there are a pair of keys made. One is public that you put on the vendor's profile page or in a forum post here.  The other is private which you keep, well, private.  Something is encrypted with the person's public key and the only way to decrypt it (that anyone is aware of) is with the matching private key. The public key can't be used to decrypt it.

Oh, that makes sense. I'll get into PGP the next time I send a PM.