Silk Road forums

Discussion => Newbie discussion => Topic started by: barney010278 on March 04, 2013, 08:02 am

Title: Not using PGP
Post by: barney010278 on March 04, 2013, 08:02 am
If you werent using PGP and were posting directly on this site, are you trackable or does the forum/Tor browser protect you?
Title: Re: Not using PGP
Post by: barney010278 on March 04, 2013, 08:11 am
bump past all that spam!!
Title: Re: Not using PGP
Post by: InigoProxy on March 04, 2013, 08:17 am
It's a loaded question. PGP is for sensitive identifying data that you want to send to someone you trust with it (namely to destroy it properly later). There is no reason to not use PGP or encryption on sensitive data. It's lazy and dumb.

Now, can someone ID you from posting on the forums. Yes, there are several ways. However, you can do things to mitigate the risk. Tails LiveCD website has a lot of good info on this.
Title: Re: Not using PGP
Post by: kusurichoudai on March 04, 2013, 09:25 am
I think that the hoops one has to jump through to have a decent SR experience kind of serves to weed out some of the more.....er....lazy types. It *shouldn't* be too easy, ya know?

Why no use PGP? I mean....it makes me feel like James Bond every time I use it, besides it's practical side..... 8)
Title: Re: Not using PGP
Post by: InigoProxy on March 04, 2013, 09:33 am
The short of it is that they can't figure out who anyone user on Tor is from IP but they can inspect the Exit Relays and Entry Points. They can't ID a specific user, but they can see if a suspect matches a users activity. I've heard of two ways of doing this; 1) marking the packet going through the Entry and Exit in some way 2) Correlating other service usage or connection status (IE when you connect and disconnect) with Tor data. I read an article where they where able to catch an anon by chatting with him on IRC and at the same time messing with the suspect (In real life's) WiFi. He typed in chat he was having internet troubles exactly matching what they were doing.

Also, Tor does not automatically protect against correlating different identities either.

Use a bootable CD or USB
Hard reset and boot back into the liveCD when switching identities (Accounts you don't want correlated together)
Do not use WIFI (If you must you better not be using WEP)
Do not use any other services (music streaming, games, etc) at the same time as TOR which could be used to correlate activity with ID
Title: Re: Not using PGP
Post by: barney010278 on March 04, 2013, 10:29 am
I am so computer illiterate!! I have tried following everyone's instructions but I think it might
be my firewalls or something but it always gets interrupted when i download.
I have through along the way installed Kleopatra, is this a PGP or just a program that assists
when using a PGP program?
Title: Re: Not using PGP
Post by: soMbraFataL on March 04, 2013, 12:27 pm
http://dkn255hz262ypmii.onion/index.php?topic=30938.2415

^ Pine is BEYOND awesome at helping people with pgp. Amongst others of course. (PrincessHIGH is awesome too).

NO need not to learn it. Plenty of helpful people and will benefit you in the long run. Takes a bit of time but with effort and 100% patience, you will prevail. They have some pictures too to show you if you hate reading. Hope this helps. Cheers!
Title: Re: Not using PGP
Post by: slirp on March 04, 2013, 01:20 pm
Keep your PGP/GPG keys encrypted on your computer using something like TrueCrypt.  Ensure your TrueCrypt key is only in your head and not used on websites or elsewhere or written down.
Title: Re: Not using PGP
Post by: InigoProxy on March 04, 2013, 09:28 pm
Thanks for the info Slurp.

Along those lines, I'd recommend saving files to Flash storage (USB key, or SSD) as magnetic tape drives can be analyzed for past deleted/overwritten files. However, I'd look into a permanent delete program because when you delete a file it isn't truly deleted until that memory is over written.
Title: Re: Not using PGP
Post by: zvp1014 on March 04, 2013, 09:31 pm
Alternatively, if the feds are coming rub a magnet along and/or smash your hard drive discretely.
Title: Re: Not using PGP
Post by: InigoProxy on March 04, 2013, 09:45 pm
You can *buy* a device to demagnetize your HD. A standard magnet wont be good enough. Besides if the feds can prove you smashed your HD or Erased it they can charge you with that regardless if they can prove anything else. Best to not even have to destroy it in the first place. The thing about encryption is that in the US it's very hard for law, possibly illegal, to force you to unencrypted your drive (Especially if you can't remember the pw).
Title: Re: Not using PGP
Post by: slirp on March 15, 2013, 07:43 pm
Using truecrypt, the data is useless without the decryption key.  Memorize a very long password.  Put it on a USB drive as a hidden volume so that you'll have plausible deniability.that an encrypted volume even exists.
Title: Re: Not using PGP
Post by: ph420 on March 15, 2013, 08:00 pm
for my first two purchases I didn't use pgp and the vendors didn't seem to have a problem with it.. i think it's just more to protect yourself, right? like to the vendors they probably don't really care either/or, correct?
Title: Re: Not using PGP
Post by: Geezy_Weezy on March 15, 2013, 08:20 pm
what is a good pgp for mac?
 new to SR and still figuring everything out. want to make sure i am anonymous before i go buy something.
Title: Re: Not using PGP
Post by: fokker on March 15, 2013, 08:35 pm
Alternatively, if the feds are coming rub a magnet along and/or smash your hard drive discretely.

You can use Active Killdisk with multiple DoD pass to erase your drives. I use it once in a while to destroy all my harddrives data.
Title: Re: Not using PGP
Post by: hairmug on March 15, 2013, 08:43 pm
You'd want to use PGP for your own protection for your address etc.  This way, if say an exploit in SR were found and someone was able to retrieve order records, they would only get the encrypted/unreadable shipping address.  Theoretically if you didn't use PGP they might see the address in plain text.  The only way to decrypt and read the address is with the vendor's private key, which only the vendor has.

So, that means if a vendor was busted and their computer was seized, with the private key on it, they could only then decrypt the information.

Yeah, probably 99%+ of the time you'd be fine, but not give yourself a little extra protection--it only takes maybe 10 seconds...
Title: Re: Not using PGP
Post by: luxxiaxx on March 15, 2013, 08:48 pm
Just take 10 minutes out of your day & figure out how to use PGP.

http://x35jfacrznhhtrfr.onion/tutorials/pgp/windows/
Title: Re: Not using PGP
Post by: ralphwaldo on March 15, 2013, 11:11 pm
a lot of vendors dont care if you use pgp because it is YOUR OWN risk. pgp is intimidating at first, but if you do a forum search for "command line easy as shit" you will find a pgp guide to use from the command line step by step, and once you follow it and see how the command line works, it really is absolutely easy as shit
Title: Re: Not using PGP
Post by: m4rc0 on March 15, 2013, 11:21 pm
its easy. use it
Title: Re: Not using PGP
Post by: toff on March 16, 2013, 10:58 am
You can use privenote?
Title: Re: Not using PGP
Post by: SudoMan on March 16, 2013, 03:00 pm
what is a good pgp for mac?
 new to SR and still figuring everything out. want to make sure i am anonymous before i go buy something.

Check out GPGTools. It is completely free and works great! They also have video walkthroughs. If you are still stuck after that check out the PGP threads here or YouTube. There is a great amount of visual explanation of PGP on YouTube.

Best of luck!

~Sudo
Title: Re: Not using PGP
Post by: SudoMan on March 16, 2013, 03:04 pm
what is a good pgp for mac?
 new to SR and still figuring everything out. want to make sure i am anonymous before i go buy something.

Check out GPGTools. It is completely free and works great! They also have video walkthroughs. If you are still stuck after that check out the PGP threads here or YouTube. There is a great amount of visual explanation of PGP on YouTube.

Best of luck!

~Sudo
Title: Re: Not using PGP
Post by: ReD EyE on March 16, 2013, 03:55 pm
privnote looks kewl? and are you not safe browsing the forums using Tor?
Title: Re: Not using PGP
Post by: ChemCat on March 16, 2013, 04:54 pm
Follow the link in my Sig.

:)

Always use PGP when sending your addy to any vendor!!

:P


Also go here, right within our own forums : http://dkn255hz262ypmii.onion/index.php?topic=107219.0

for those of you that do not have the 50 posts.....you can also raise your post count in the "Newbie PGP Club" !!


Hope this Helps!!!!

Peace,


ChemCat



8)
Title: Re: Not using PGP
Post by: crackistan on March 16, 2013, 09:22 pm
It is a bit paranoid to think anybody would care to go after you for buying 20 pills or a bag of weed especially knowing that there is no way for you to roll over on your dealer here.

That said, it is too easy to use pgp so why would you not.

Computer literacy and low risks anyway I can see the reasons for not bothering. If you are buying amounts to distribute then that is another story. If I were to buy the B1,500 brick of heroin I would want to take every precaution, this being one of them.

Title: Re: Not using PGP
Post by: toizh on March 17, 2013, 12:51 am
Doesn't SR's use of the https protocol encrypt everything going over the air anyway? I'm not understanding why further encryption is needed.
Title: Re: Not using PGP
Post by: 57 on March 17, 2013, 01:05 am
bump
Title: Re: Not using PGP
Post by: ChemCat on March 17, 2013, 01:24 am
Doesn't SR's use of the https protocol encrypt everything going over the air anyway? I'm not understanding why further encryption is needed.

SR encrypts msg's but what you send to a vendor isnt encrypted.
My Question is quite simply this, Why would anyone Not want to be Safe?  it's easy and i personally
feel as though something which takes a few seconds more time is well worth doing in order to keep my Freedom :)

But, to each their own i suppose :P
i'm sure there are alot of people that dont encrypt   :o

LOL


Peace,,

ChemCat


O0
Title: Re: Not using PGP
Post by: toizh on March 17, 2013, 02:34 am
Thanks for the explanation ChemCat. Scout offered a challenge to newbies to send him an encrypted message using his public key, and so far I'm lost doing it with Cryptophane, which was supposed to make things easier.