Why don't most/all vendors use PGP?

[DougFuckyouson]

I know some do but I’m surprised to see it isn’t common practice seeing as how much extra security it adds with very little effort. Even if for whatever reason you don’t use PGP a service that destroys text after being read such as privnote would improve security.

In the post about texasmass being raided it did say client information was kept safe but we don’t know if it’s recoverable. Also, if someone else were to get busted and have all the clients information in plaintext right on their e-mail that is a big concern.

I know they don’t typically come after buyers but either way nobody wants to be put on a list.

I think because we aren’t dealing with typical hard drugs people overlook the risk (and it is undoubtedly much smaller) but TexasMass’s recent raid is a reminder that the risk is very real and still there and precautions should still be taken.

 

[Masterofron]

DougFuckyouson" pid='29743' dateline='1541384536:

I know some do but I’m surprised to see it isn’t common practice seeing as how much extra security it adds with very little effort. Even if for whatever reason you don’t use PGP a service that destroys text after being read such as privnote would improve security.

In the post about texasmass being raided it did say client information was kept safe but we don’t know if it’s recoverable. Also, if someone else were to get busted and have all the clients information in plaintext right on their e-mail that is a big concern.

I know they don’t typically come after buyers but either way nobody wants to be put on a list.

I think because we aren’t dealing with typical hard drugs people overlook the risk (and it is undoubtedly much smaller) but TexasMass’s recent raid is a reminder that the risk is very real and still there and precautions should still be taken.

I don’t think any of our sources overlook any of these details. PGP is not the only solution towards keeping your shit private and secure. Would you consider it likely that LE is able to access his email? In this case per say.

 

[system]

Everyone on here uses proton mail and/or tutanota. Both provide secure end-to-end encryption. PGP is not necessary.

 

[rippedgenesbro]

DougFuckyouson" pid='29743' dateline='1541384536:

I know some do but I’m surprised to see it isn’t common practice seeing as how much extra security it adds with very little effort. Even if for whatever reason you don’t use PGP a service that destroys text after being read such as privnote would improve security.

In the post about texasmass being raided it did say client information was kept safe but we don’t know if it’s recoverable. Also, if someone else were to get busted and have all the clients information in plaintext right on their e-mail that is a big concern.

I know they don’t typically come after buyers but either way nobody wants to be put on a list.

I think because we aren’t dealing with typical hard drugs people overlook the risk (and it is undoubtedly much smaller) but TexasMass’s recent raid is a reminder that the risk is very real and still there and precautions should still be taken.

This is something I’ve wondered, too. PGP is pretty easy to use, and given the added security of it, you’d think that everyone would be using it. At one time, it was the standard around here. It seems that people have moved away from it over time, which troubles me a bit. When a source doesn’t use PGP, it’s usually a deal-breaker for me… I know that the email services we use are end-to-end encrypted, but the paranoid side of me still favors the use of PGP on top of that. There’s no such thing as “too cautious” in my book.

 

[Janoshik]

I’ve witnessed dozens of busts by now and none was because of lack of security measures on the internet.

Goddamn unnamed vendor used yahoo mail under his real name for years and he got busted because a bag of hormones from china tore open in post office.

Unless you are Pablo Escobar tier of AAS, you don’t have to care in the slightest bit.

 

[TOPRAWS]

Janoshik" pid='30306' dateline='1541782291:

I’ve witnessed dozens of busts by now and none was because of lack of security measures on the internet.

Goddamn unnamed vendor used yahoo mail under his real name for years and he got busted because a bag of hormones from china tore open in post office.

Unless you are Pablo Escobar tier of AAS, you don’t have to care in the slightest bit.

Cann’t agree more bro.

 

[bigwin]

musashi85" pid='29764' dateline='1541393748:

Everyone on here uses proton mail and/or tutanota. Both provide secure end-to-end encryption. PGP is not necessary.

YOU SIR ARE 10000% INCORRECT!!!

never trust your keys to any third party.
always use PGP messages signed on your own local machine.

that local machine should run from a live medium, and that machine should not contain any form of hdd storage.

anyway… for those who are security minded, they follow these basic steps.

also… pgp can be used to verify that a source is who he says he is. when someone sends you an email stating they are such and such source but using a new email… you can always request that they sign a message that can be verified using the source’s already published public key.
if that source cant produce such a message, you dont deal with them.

but then again idiots are still sending orders to sources using hotmal, gmail. so all this security may be moot.
as for me, i ‘feel’ better when my order information is exchanged using garbled cipher-text.

---

exactly… always use pgp on top of your providers supposed security… there are many sources here who will communicate in pgp… you just have to ask for their public key.
i NEVER order using website shopping carts. i order via email, using PGP.
but i plan for the future and have ordered enough raws, test and other basics to keep me good for another 4-5 years.

then again i run micro doses, since i’ve been in the game since the mid90s and i’ve pretty much reset my baseline at 275-280lbs… so i dont need much to maintain… note i am very tall… so the weight may be misleading.
rippedgenesbro" pid='30234' dateline='1541722971:

DougFuckyouson" pid='29743' dateline='1541384536:

I know some do but I’m surprised to see it isn’t common practice seeing as how much extra security it adds with very little effort. Even if for whatever reason you don’t use PGP a service that destroys text after being read such as privnote would improve security.

In the post about texasmass being raided it did say client information was kept safe but we don’t know if it’s recoverable. Also, if someone else were to get busted and have all the clients information in plaintext right on their e-mail that is a big concern.

I know they don’t typically come after buyers but either way nobody wants to be put on a list.

I think because we aren’t dealing with typical hard drugs people overlook the risk (and it is undoubtedly much smaller) but TexasMass’s recent raid is a reminder that the risk is very real and still there and precautions should still be taken.

This is something I’ve wondered, too. PGP is pretty easy to use, and given the added security of it, you’d think that everyone would be using it. At one time, it was the standard around here. It seems that people have moved away from it over time, which troubles me a bit. When a source doesn’t use PGP, it’s usually a deal-breaker for me… I know that the email services we use are end-to-end encrypted, but the paranoid side of me still favors the use of PGP on top of that. There’s no such thing as “too cautious” in my book.

 

[system]

1. Private PGP keys can be stolen
2. LE could pose as a source and put up a public key. All you know when you communicate with them is that you are talking to them (unless #1 occurs), not that you are actually talking to a source.
3. Third parties like tutanota and protonmail do increase your risk exposure but so does using anything internet related. There will be records.
4. Quantum computers will render PGP useless.
5. PGP signing apps can have malicious code as well, such as storing your private keys on a database somewhere.
6. Our biggest security benefit is that LE has more important shit to care about. Sure they focus on us from time to time, but this shit is small beans.

Also, you could have just said 100%.
bigwin" pid='30763' dateline='1542151010:

musashi85" pid='29764' dateline='1541393748:

Everyone on here uses proton mail and/or tutanota. Both provide secure end-to-end encryption. PGP is not necessary.

YOU SIR ARE 10000% INCORRECT!!!

never trust your keys to any third party.
always use PGP messages signed on your own local machine.

that local machine should run from a live medium, and that machine should not contain any form of hdd storage.

anyway… for those who are security minded, they follow these basic steps.

also… pgp can be used to verify that a source is who he says he is. when someone sends you an email stating they are such and such source but using a new email… you can always request that they sign a message that can be verified using the source’s already published public key.
if that source cant produce such a message, you dont deal with them.

but then again idiots are still sending orders to sources using hotmal, gmail. so all this security may be moot.
as for me, i ‘feel’ better when my order information is exchanged using garbled cipher-text.

---

exactly… always use pgp on top of your providers supposed security… there are many sources here who will communicate in pgp… you just have to ask for their public key.
i NEVER order using website shopping carts. i order via email, using PGP.
but i plan for the future and have ordered enough raws, test and other basics to keep me good for another 4-5 years.

then again i run micro doses, since i’ve been in the game since the mid90s and i’ve pretty much reset my baseline at 275-280lbs… so i dont need much to maintain… note i am very tall… so the weight may be misleading.
rippedgenesbro" pid='30234' dateline='1541722971:

DougFuckyouson" pid='29743' dateline='1541384536:

I know some do but I’m surprised to see it isn’t common practice seeing as how much extra security it adds with very little effort. Even if for whatever reason you don’t use PGP a service that destroys text after being read such as privnote would improve security.

In the post about texasmass being raided it did say client information was kept safe but we don’t know if it’s recoverable. Also, if someone else were to get busted and have all the clients information in plaintext right on their e-mail that is a big concern.

I know they don’t typically come after buyers but either way nobody wants to be put on a list.

I think because we aren’t dealing with typical hard drugs people overlook the risk (and it is undoubtedly much smaller) but TexasMass’s recent raid is a reminder that the risk is very real and still there and precautions should still be taken.

This is something I’ve wondered, too. PGP is pretty easy to use, and given the added security of it, you’d think that everyone would be using it. At one time, it was the standard around here. It seems that people have moved away from it over time, which troubles me a bit. When a source doesn’t use PGP, it’s usually a deal-breaker for me… I know that the email services we use are end-to-end encrypted, but the paranoid side of me still favors the use of PGP on top of that. There’s no such thing as “too cautious” in my book.

---

 

[rippedgenesbro]

musashi85" pid='30844' dateline='1542217252:

1. Private PGP keys can be stolen
2. LE could pose as a source and put up a public key. All you know when you communicate with them is that you are talking to them (unless #1 occurs), not that you are actually talking to a source.
3. Third parties like tutanota and protonmail do increase your risk exposure but so does using anything internet related. There will be records.
4. Quantum computers will render PGP useless.
5. PGP signing apps can have malicious code as well, such as storing your private keys on a database somewhere.
6. Our biggest security benefit is that LE has more important shit to care about. Sure they focus on us from time to time, but this shit is small beans.

Also, you could have just said 100%.

So, are you just playing devil’s advocate here, or are you trying to say that using PGP is pointless because of the rare set of circumstances you’ve listed? I mean, I could still die in a car crash while I’m wearing my seat belt, but that doesn’t mean I’m not going to buckle up when I get in the car…