Everyone should assume that dread and other dread services are compromised. As we have said before, don't trust us. Verify yourself and never risk more than you are willing to lose. We operate on the Tor network with onion services. Onion services not only protect our clusters' privacy but the privacy of users visiting the site. Everyone looks the same. PMs are stored in the database. Even if we said we encrypt your shit on rest and all that stuff it doesn't make it true. We can see messages sent to people if we need to. If you don't want us reading the content encrypt it with PGP. Like on any market.

It's interesting to hear that this website could potentially be operated by NSA (but of course that's not true). As Paris said, we should assume all sites are compromised. Never wholeheartedly trust a site. Always have your guard up and never trust a person wholeheartedly either. Private messages aren't really "private" but it's for the right reasons. They are private in the sense that no regular user can read those messages but the Dread team can. A level of surveillance is needed by the Dread team just to keep everything under control and not have any ongoing scams going in place. It'll be pointless for them to say that our messages are encrypted because Dread is closed-source and without it being open we could never validate their claims. Anyway, any private message you want to send, you could send it via PGP :)

Over the DN, assume than any site, market could be compromised at any moment, same goes with vendors, admin, so caution should be taken. Same goes with any type of communication which aren't encrypted, considere those as stored and in plain text, thats being said, dont trust anything with "auto encrypt" and assume than your PM are in plain text and could be used against you, in the future.

Trust the man that says not to trust him.