Silk Road forums
Discussion => Newbie discussion => Topic started by: Rotaluc on September 15, 2013, 01:14 am
-
I've just imported a bunch of public keys from the Newbie PGP Club thread.
I'm rather scared to find that MANY people appear to have a false sense of security and their public key holds an actual mail address that actually belongs to the user!
For several users I now have a Gmail address. The police will be more than happy to have that.
Instructions for the police:
1. Read Silk Road feedback for cocaine seller to see who's bought it.
2. Search the forums for someone with the same nick who might have posted their key, perhaps PM them to ask for pubkey to discuss something
3. Get mail address
4. Link to IP/ISP
5. Get address from ISP
6. Get search warrant
7. You're nicked
But in some cases I have even found addresses that are using some clearnet domain that appears to belong to the user! I run a simple whois and I have your full name, your full address and your telephone number! If these mail addresses are correct, I have, right now, the full name and address for two Silk Road users.
I sure hope vendors are smarter than this, but I suspect this way even a few newbie vendors could be nicked.
Remember people, the mail address you enter in PGP or GPG is, upon publishing your public key, PUBLIC. It does not have to be a functional address! Mine is z@y.x. GPG does not care.
Be safe!
-
Thanks. Great post. I never knew you could use a non functioning email address to create new keys. I created a gmail account with a fake name, but LE could still link that to me right?
So I'll just create a new key with a random ass email like skfhsarkgj@zsjhbskv.com?
This is why people should not just spam to get to 50 posts, I have learned so much in the time I've been in this forum.
-
Yeah, I listed a fake email in my PGP key without a second thought. There should be no reason to supply that information, all communication can be done through the forum or SR messaging system.
-
Thanks for that info.
-
Good to know before I make my first purchase here. Thanks!
-
Thanks. This makes sense now. I was wondering what the point of the email account was in this. I thought that somehow the pgp messages went through the email account or something.
Level of security just went up a notch.
-
You'd think that it'd be common sense to not use your real email address.
Sadly, this world is full of ignorant people.
It's up to people like the OP to set a good example for those that lack said common sense.
The only time you should use any information that's closely associated with yourself is when you send your shipping address to the vendor...via PGP message, of course. Delete vendor public keys from your records when you (or even before, and just kept copying their public key from their page) cease communication with vendor, after transaction is complete.
Never make up usernames, passwords, or anything else, to use on SR that you've EVER used before on the internet. Keep it unique and unlikely that anyone can ever think, "OH, that's probably so and so. He always uses -insert anything easily associated with yourself-. I personally like to make up shit to use on here by using the Keyser Soze method. ;)
Constantly change your passphrase and pin number for safety. Never leave trails.
These aren't tips from an experienced SR user. I've only just recently started on SR. So, if any of my tips need improvement or changing. Please, any experienced members, correct me.
-
safety first always
-
Wow, I'm glad I wouldn't have made such a mistake. Hope all these users don't get popped for this kinda error.
-
Wow, Thanks for posting this. Knowledge is power, hope newbie venders read this..
-
50 posts is tiresome bullshit
-
someone should compile a thread for all the useful information that's needed so the NOOBS won't be so nooby after they finally learn how to buy / sell etc.
I'm still confused about a few things myself, so i won't be purchasing anything until I am 100% sure that nothing is traceable.
-
Great warning, thanks! Haven't really figured out this about PGP yet?
I'm using countermail which is supposed to be crypted and not logg any IP etc. Better than hush-mail regarding that. Is PGP still necessary?
-
I'm no great shakes on PGP, bitcoin or other stuff but you have to be patient.I myself am getting better everyday with said subjects just by putting in the hours. In my short time here around the forums and the like it seems so many people are rushing into SR expecting to have product within their first week of joining without doing the proper research.
I'll admit i got a little excited when i joined aswell, but relised fairly quickly that its quite easy to get caught without the proper steps being taken to conceal your identity. Its the most valuable product on silk road IMHO. Hope everyone stays safe and one step ahead of the law. Knowledge is power in this game.
-
You'd think that it'd be common sense to not use your real email address.
Sadly, this world is full of ignorant people.
It's up to people like the OP to set a good example for those that lack said common sense.
The only time you should use any information that's closely associated with yourself is when you send your shipping address to the vendor...via PGP message, of course. Delete vendor public keys from your records when you (or even before, and just kept copying their public key from their page) cease communication with vendor, after transaction is complete.
Never make up usernames, passwords, or anything else, to use on SR that you've EVER used before on the internet. Keep it unique and unlikely that anyone can ever think, "OH, that's probably so and so. He always uses -insert anything easily associated with yourself-. I personally like to make up shit to use on here by using the Keyser Soze method. ;)
Constantly change your passphrase and pin number for safety. Never leave trails.
These aren't tips from an experienced SR user. I've only just recently started on SR. So, if any of my tips need improvement or changing. Please, any experienced members, correct me.
You would think that PGP wouldn't require an email address to create a key, but it does. It requires something that resembles an email address in there. Luckily for me, I noticed this when I was testing it out and creating my own key. I then deleted it for security reasons.
Then, using Tor I created a new email account from a clearnet webmail vendor, that I only access through Tor. I have to jump through tons of hoops to log in, but its not an email account that sees any real use anyway. There's really no danger of me accidentally logging in without Tor.
And with this, I have reached my 50th post, without joining the spamming threads (well maybe once or twice). I'll still be around. Now I can contribute to the rest of the forum. Peace out.
-
Luckily the guide I read told me to use a fake email. Scary to think how easy it would be for people not clued up, to get busted.
-
If you were truly that concerned enough about anonymity that you would use PGP to encrypt your address, I would have thought that you would have used a fake email anyway...
~D
-
Well actually thinking about it, i wouldn't have used an isp based email... it would be a safe webmail address which i would have signed up to using a VPN to hide my ip/location etc. So many I could have used a 'real' email after all.
-
someone should compile a thread for all the useful information that's needed so the NOOBS won't be so nooby after they finally learn how to buy / sell etc.
I'm still confused about a few things myself, so i won't be purchasing anything until I am 100% sure that nothing is traceable.
I like this guy, SOMEONE GIVE HIM A FUCKING METAL! But for real I think more people should be like this. But I think everything on the net is traceable. You must convince people that your someone your not.
If your smart act dumb, if your dumb act smart. And do everything under a real name but ofc its not yours! Follow your victim, know your victim, be your victim. :)
-
the police aint gun catch me
-
Duh ! :-)
Read up , there is plenty. If you are waiting to have it handed to you ........good luck !!
-
I mentioned this in the PGP thread a few days ago, good thing that it gets more attention.
http://dkn255hz262ypmii.onion/index.php?topic=107219.msg1526057#msg1526057
-
I noticed this also as some are using gmail or regular emails.
We had to do fresh key after tormail and want to tell everyone not to use tormail, there is other pgp email providers,message me for info!
Also consider using fake emails yourname@silkroadtor.com :)
lol
-
thanks capt'n obvious
-
I've just imported a bunch of public keys from the Newbie PGP Club thread.
I'm rather scared to find that MANY people appear to have a false sense of security and their public key holds an actual mail address that actually belongs to the user!
For several users I now have a Gmail address. The police will be more than happy to have that.
Instructions for the police:
1. Read Silk Road feedback for cocaine seller to see who's bought it.
2. Search the forums for someone with the same nick who might have posted their key, perhaps PM them to ask for pubkey to discuss something
3. Get mail address
4. Link to IP/ISP
5. Get address from ISP
6. Get search warrant
7. You're nicked
But in some cases I have even found addresses that are using some clearnet domain that appears to belong to the user! I run a simple whois and I have your full name, your full address and your telephone number! If these mail addresses are correct, I have, right now, the full name and address for two Silk Road users.
I sure hope vendors are smarter than this, but I suspect this way even a few newbie vendors could be nicked.
Remember people, the mail address you enter in PGP or GPG is, upon publishing your public key, PUBLIC. It does not have to be a functional address! Mine is z@y.x. GPG does not care.
Be safe!
I didn't even write any email adress when making my key.
-
I used an anon mail (safe-mail) in my private key but I'm not posting it here. It's only for vendor comm. Most vendors seem fine with me sending them private messages using their own keys. They reply unencrypted but its just general chit chat and coffee. ;)