<h1>Serverside: Should I trust serverside encryption? Should I use PGP? </h1>
</div>
</div><!-- /row -->
</div><!-- /container -->
</div><!-- /grey -->
<!-- +++++ Second Post +++++ -->
<divid="anon3">
<divclass="container">
<divclass="row">
<divclass="col-lg-8 col-lg-offset-2">
<h2><b>Clientside Encryption: Who can be trusted ? </b></h2>
<p>As we discussed <ahref="../encryption/index.html">previously</a>, Encryption is about providing privacy, Bob and Alice use encryption, for their conversation to remain private from the adversary Jack.</p>
<imgsrc="1.png"class="imgRz">
<p>One way to close the door on Jack, is to use PGP encryption:</p>
<imgsrc="2.png"class="imgRz">
<p>the logic behind using PGP encryption is for Bob and Alice to encrypt their conversation themselves, because they don't trust anyone else. <b>Bob encrypts his message using PGP</b>, and no matter where he sends it (over mail, over discord, over IRC, XMPP, facebook, etc) <b>only Alice will be able to decrypt the message.</b></p>
<p>In short, Bob uses PGP because he doesn't trust the platform on which you wish to talk to Alice.</p>
</div>
</div><!-- /row -->
</div><!-- /container -->
</div><!-- /white -->
<divid="anon2">
<divclass="container">
<divclass="row">
<divclass="col-lg-8 col-lg-offset-2">
<h2><b>Serverside Encryption: a Phallacy</b></h2></br></br>
<p>When we are talking about Serverside Encryption, Who is Bob, Who is Alice and Who is Jack ?</p>
<p>In the case of the <ahref="https://iv.nowhere.moe/watch?v=5VEXj09TFNA">Incognito Market</a>, an illegal Darknet Market (DNM), <b>the platform admins told it's users to trust their own encryption</b></p>
<p>What happens here, is that Bob decides to trust Jack with the confidentiality of his data, <b>instead of encrypting his sensitive data with PGP</b>. What can happen from there ?</p>
</div>
</div><!-- /row -->
</div><!-- /container -->
</div><!-- /white -->
<!-- +++++ Second Post +++++ -->
<divid="anon1">
<divclass="container">
<divclass="row">
<divclass="col-lg-8 col-lg-offset-2">
<h2><b>The consequences of trusting Serverside Encryption</b></h2></br></br>
<p>Darknet Markets have 2 possible ends: they are either seized by authorities, or they are exit-scamming with their users' cryptocurrencies that are still in custody.</p>
<p>In the case of Incognito Market, they exit scammed, but something else happened:</p>
<imgsrc="4.png"class="imgRz">
<p>There is a third exit option for DNMs : <b>they can extort all of the users who decided to trust serverside encryption.</b></p>
<imgsrc="5.png"class="imgRz">
<p>They saved every unencrypted message (including Bob and Alice's unencrypted messages), and they decided to extort them, by threatening them to give out their sensitive data (such as their home adress), to the authorities.</p>
<p>All of that situation could have been avoided <b>if Bob and Alice didn't trust the platform with serverside encryption.</b></p>
<p>In short, <b>never trust serverside encryption, the only encryption you can trust, is your own encryption (such as using PGP encryption).</b></p>
<p>To learn how to use PGP, check out <ahref="../pgp/index.html">this tutorial</a>.</p>