Show Posts

This section allows you to view all posts made by this member. Note that you can only see posts made in areas you currently have access to.


Messages - Keycart

Pages: [1]
1
The first time I read this list on reddit it was obvious the list was written by a person who heard something, somewhere, by someone which included the word security. In effect, this list does absolutely nothing for security.

The current 2FA on the darknet markets isn't 2FA at all. It is still very easy for a Man-in-the-middle attack to succeed. Your standard phising site still works without any issues. The only thing it does is take up valuable system resources, being annoying for the user, and give a false sense of security. Users may become complacent, which is very bad.

A simple and effective method to prevent/make it harder for accounts to be taken over is to have different User and Login names. And a simple PIN in order to make any changes to the account. Fairly similar to how it works on this very forum. PGP-keys expire, passwords get lost, shit happens. And they cannot be rebuilt like crypto-wallets. A simple PIN or secret phrase will only get lost if you have sudden specific amnesia, which is very unlikely to happen. ;)


Verifying if a message is PGP encrypted by searching for a string is wrong. It takes many system resources and accomplishes nothing. Users can simply copy/paste -----BEGIN PGP MESSAGE----- in front of their message. A better way would be to do an easy character count of the message. As every PGP message has a minimum amount of characters, depending on key-bit size. Added benefit is that you can enforce minimum key strength.


There is no benefit in forcing accounts to be Buyers or Vendors. Reputation is everything on the darknet, and not allowing a Vendor to buy something only creates opportunity for scammers/imposters.


A must have imo is a separate login url for the administrator. Preferably a random or custom one.

Forced logout after a while, say 1 hour or 30 mins. Mandatory for everyone, including Administrators.

There are certainly some more, and I could compile a proper feature list later. Which reminds me, is there a TODO, roadmap or Current/Future feature list somewhere? I couldn't find one.

Have a great day :)

2
Member Introductions / Pleased to meet you.
« on: April 21, 2018, 10:50:55 AM »
Hello,

Finding this project made me happy, and realize I might be able to help out.

A family member of mine was murdered by the police several years ago over as little as 3 grams of cannabis, which she took to help her manage her migraines after her prescription medication ran out. The police claimed it was on "honest" mistake and we were left with nothing but an insincere apology.

I have a career as a SysAdmin/Network Manager, and have always had an interest in finding a way for people to bypass and resist the hypocrisy of the War on Drugs and Pharmaceutical mafia.
The current Darknet markets are a great "movement" but most of them have some serious flaws. Unfortunately I lack the real programming skills to implement proper procedures and features. This project however seems to be a perfect opportunity to share my experience and help implement them.

I'm looking forward to helping Annularis succeed.

Pages: [1]