Nexus Market Bureau est. 2026
Note

Encrypt anything sensitive with the vendor PGP key

The message system is encrypted, but layering your own PGP on top matters for the fields that matter.

By Editor · 16 July 2026 · 2 min

The Nexus message system is encrypted by the storefront. But every message is decryptable by the storefront itself, which means it is decryptable by anyone who compromises or seizes the storefront database.

Layering your own PGP on top for anything sensitive changes this. If you encrypt your shipping address to the vendor PGP key before sending, the storefront sees only ciphertext for the address field. A seized database returns nothing useful to whoever seized it, at least for the encrypted parts.

The parts to encrypt: name, address, phone number, tracking number if you exchange one, any identifiers that could link the order back to your real identity. The parts you do not need to encrypt: order coordination questions, dispute discussion, generic messages.

Every vendor page has the vendor PGP key published at the bottom. Import it. Encrypt sensitive fields with gpg --encrypt --armor -r vendor-key-id. Paste the ciphertext into the storefront message. Vendor decrypts with their private key.

This is one habit that costs you two minutes and closes a permanent risk. Worth it.