Silk Road forums
Discussion => Security => Topic started by: avalonsunset on December 01, 2011, 03:45 pm
-
Hi,
I am about to make my first purchase. Finally.
However, when I chose what I wanted, SR wants me to put in my name and address.
Do they want it in plain text or should I be putting an encrypted message with my address?
Any help here would be most appreciated.
Thanks
-
Hi !
Of course you should encrypt your address, this is the most sensitive information you have to send on the site !
I suppose you took all precautions by reading feedbacks about the seller on the forum, for your first order you should only deal with a trusted seller and stay in escrow system.
Welcome on SR !
WL
-
Thanks White Light
I guess I figured as much but I'm a tad scared of using GpG (I have it downloaded and ready to go: have mine and sellers key) but just kinda hoping someone would say: Oh, don't worry about it! plain text on SR is fine.
Oh well, time to jump in....
-
Definitely use GPG. I'm trying to get in the habit of using GPG for all private comms, even if there's no address being mentioned. Better safe than sorry!
Also make sure your password for your key is strong!
-
Definitely use encryption for sending your address.
Hopefully this wiki article will help: http://dkn255hz262ypmii.onion/wiki/index.php/PGP/GPG_Encryption
-
Never, ever send personal information without GPG encryption. Hell, to be super safe, you should encrypt all of your communication with sellers on SR.
-
Out of curiosity, is there anything to worry about besides server confiscation as far as that stage of the buying process is concerned?
Since SilkRoad should be very hardened and tight about data, I imagine the information is destroyed as soon as a transaction is processed and shipped. Baring a rouge server or perhaps TOR listening, I'm wondering what other dangers there could be.
-
Better safe than sorry I suppose. SR claims that info is store for a specified time then removed. That specific time period could cause an issue, that encrypted communication could help avoid.
-
There are lots of people who do not encrypt their address and receive their packages safely. The address is supposed to be deleted as soon as the order is either shipped or finalized I believe. Who knows whether it actually is or not, and whether it is safely overwritten somehow. Of course you should be as safe as possible, so unless you are unable to use pgp for some reason, it is a very smart idea.
If you cant get your pgp to work, or are still concerned about it, you could use https://www.igolder.com/PGP/encryption/
Just copy the entire scambled text part of the vendor's public key and past in the appropriate area, then type your message and it will be encrypted for you. No hassle and instantaneous.
-
Thank you all!
Address was encrypted and sent to seller. Wonder of wonders, it actually worked; package is on its way.
Good luck to you all.