Silk Road forums
Discussion => Newbie discussion => Topic started by: ChemdogSunrise on June 27, 2013, 12:41 pm
-
I received an order this morning with the address line containing a link to Privnote. I replied with this and thought I would share it here, as it could be of some benefit to other peeps.
Namaste
CDS
+++
Hi there
I just wanted to be sure that you were ok with me picking your address us via Privnote. There are some security concerns with it, that's all. If you are happy for me to proceed, I shall, but if you are looking for a more secure method in the future without installing a PGP app, I can recommend the Hane Javascript PGP webpage at:
www.hanewin.net/encrypt/PGcrypt.htm
Erase the contents of the first text box on the page, paste my key into the text box (make sure ONLY the key is in the box - no extra spaces or line returns anywhere) and press the "Get Public Key Information" button. The key information should then be displayed in the text fields below.
Finally, you can then type a message, your address or any other information in the last text box and press the "Encrypt Message" button. If everything works, an encrypted text block should appear for you to copy + paste into your email / address line / msg.
Again, whilst this is not a prerequisite, I do recommend it.
I will pack your order ready but will await to hear from you before accessing your address.
You will find a key at the end of this msg that works with Hane JPGP.
Apologies for any inconvenience caused - let me know how you wish to proceed.
Namaste
CDS
-
Why is the vendor directing you to a clearnet URL?? Anyone using a website to encrypt their sensitive info, especially software written in Javascript, is CRAZY!! This sounds similar to existing sites like Bouncy Castle or iGolder. Never trust the encryption of your personal info to a third party website, despite what they may claim. Encrypt and Decrypt messages yourself and never trust others to do it for you. Privnote is not safe either. By using Privnote, your message is stored on a 3rd party server, completely out of your control. It requires Javascript to be enabled and there are exploits using JavaScript which can deanonymize you on the Tor network. Seeing as requests from Tor Exit Nodes are trivial to spot, that makes a possible exploit from Privnote something to be taken very seriously.
-
super dodgy