Silk Road forums
Discussion => Security => Topic started by: Enigma on January 30, 2012, 09:42 pm
-
Hey,
Is it fatal to send your Name & Address to a vendor in plain text in the box in the shopping cart? Or is it safe but just safer to encrypt it? Thanks in advance :)
Regards
-
am I corect in thinking that all data in the address field is wiped clean from the database after its been confirmed/sent by the seller
-
Fatal? No. Risky? I think yes.
If a vendor supplies their PGP key, best use it.
-
It is completely unadvised. GPG is pretty easy to use, and virtually unbreakable. There is no reason NOT to use it.
-
So we would have to send the seller a message of our encrypted address instead of entering it in the address field? or just put the whole encryption into the address field?
-
Either use PGP (there are a number of guides on setting it up, but it is anything but user friendly), or privnote.com. Messages sent using privnote are destroyed once read, so even if the database is compromised, no data would be obtained.
-
So we would have to send the seller a message of our encrypted address instead of entering it in the address field? or just put the whole encryption into the address field?
Just enter the encrypted address in the address field. Make sure to include your public key if they don't have it.
-
i feel ya void.
Could I not just use the sellers public key to encrypt it instead of giving them mine? seems like it would be more hassle for them to have to import my key instead of just using their's
-
i feel ya void.
Could I not just use the sellers public key to encrypt it instead of giving them mine? seems like it would be more hassle for them to have to import my key instead of just using their's
The public key is so they can message you back if need be.
-
am I corect in thinking that all data in the address field is wiped clean from the database after its been confirmed/sent by the seller
One would hope. But that's all you're doing: hoping.
To me, it's far better to *know* that it doesn't matter because you've used encryption. Control all the risks that you *can* control, in other words.