I'm coding a drug management site to keep track of sales. Would anyone be interested?

Baked Jesus

Well-Known Member
So over the last few weeks I've been working on a website for a friend. Essentially, it logs all of the sales he makes in a secure database. Obviously one of the main concerns for this site is security. If there are any other coders out there that can give some solid advice on the best method of keeping user accounts secure, then please contact me.

The site is at a point where my friend can log the sales and he will be presented with a number of useful calculations, such as how much he's sold in weight and money. It also takes note of whether the green that he's selling is out on loan (on tick) and adjusts the calculations accordingly. I plan to also add support for multiple currencies and weight inputs.

The site allows for multiple 'batches' and you can select which batch you are selling from when you make a sale. This is handy for when you want to know how much of a particular plant you've sold, or how much of an overall grow you've sold or even how much you've sold of a purchase you made.

I've also created a useful page for storing contacts. This is the page I'm most concerned about protecting. Again, if anyone has any ideas on how to go about keeping this data secure from unauthorized access, contact me.

Before I continue coding and researching security precautions, I'm just wondering if anyone would actually use this system of storing sales information over the traditional methods of notepads, word docs and mobile phones. I've had some interest from some close friends and they have been demoing the website and have been finding it quite useful.

So basically I'm curious as to whether anyone else would be interested in this service? If anyone is interested, I'll upload some screeny's of the current website and highlight some key features. :mrgreen:
 

Baked Jesus

Well-Known Member
Though QuickBooks does have similar functionality, this site would be specifically aimed for this one type of sale, making it easy for absolutely anyone to use. From my experience with stoners, the easier to use the better. Also, QuickBooks only allows you to keep records of 20 customers on their free version whereas my site would allow for unlimited customers with the free version.

The pro version that I'm considering offering would cost nowhere near £21 a month. More likely 1/7 of that.

Here is a screen shot of the unfinished sales page, it works but still has more features to come.

 

EvolAlex

Well-Known Member
tracking illegal drug sales online, sounds pretty unsmart to me, no matter how secure you think it is someone can get into it. Contacts, lol just so you can take em all down with you. Bad idea man
 

Baked Jesus

Well-Known Member
How is it any different from posting logs of the cultivation of illegal plants? You aren't any more likely to get busted for keeping logs of sales than you are for posting images of your home grows. If anything, posting images is worse because you're uploading photographic evidence of illegal activities. You can't get arrested for simply uploading information to a database. Who's to say that the information being uploaded isn't fictional?

The contacts page is not a final idea and we understand the risks involved. Storing contact information on the client side seems like a safer solution and I'll look into that as a possible work around. Currently, the only incriminating data being stored is the contact phone number, as we use bogus names for each contact.
 

ExDex1x1

Active Member
How is it any different from posting logs of the cultivation of illegal plants? You aren't any more likely to get busted for keeping logs of sales than you are for posting images of your home grows. If anything, posting images is worse because you're uploading photographic evidence of illegal activities. You can't get arrested for simply uploading information to a database. Who's to say that the information being uploaded isn't fictional?

The contacts page is not a final idea and we understand the risks involved. Storing contact information on the client side seems like a safer solution and I'll look into that as a possible work around. Currently, the only incriminating data being stored is the contact phone number, as we use bogus names for each contact.
Well it's hard to figure out where someone is growing if they are any bit smart about removing metadata or posting through a VPN on an account with a fake name like most smart users who post grows do.

The difference here is you're giving out a lot of very sensitive information. How much dollar value of pot you're purchasing or selling, the frequency at which you're buying or selling, and names and dates of those you're buying from or selling to.
the idea behind bookkeeping is it has to be accurate and easy to reference, so coming up with a code name for every person you buy from or sell to is just ridiculously over complicated and most people don't want to go through the hassle. Not to mention that bookkeeping for weed is a very very very very very very very bad thing to have sitting on your computer. Imagine getting busted for flipping an ounce and now all of a sudden a subpoena for your computer comes up and the DEA now has concrete evidence that you've sold 150 pounds this year. Fucked doesn't begin to scratch the surface of describing what you'd be in this situation.

If accurate books mean the difference between a night in jail and a decade in butt-pounding, don't drop the soap, join the fuckin aryan nation prison, I'd go without the books.
 

Baked Jesus

Well-Known Member
Well it's hard to figure out where someone is growing if they are any bit smart about removing metadata or posting through a VPN on an account with a fake name like most smart users who post grows do.

The difference here is you're giving out a lot of very sensitive information. How much dollar value of pot you're purchasing or selling, the frequency at which you're buying or selling, and names and dates of those you're buying from or selling to.
the idea behind bookkeeping is it has to be accurate and easy to reference, so coming up with a code name for every person you buy from or sell to is just ridiculously over complicated and most people don't want to go through the hassle. Not to mention that bookkeeping for weed is a very very very very very very very bad thing to have sitting on your computer. Imagine getting busted for flipping an ounce and now all of a sudden a subpoena for your computer comes up and the DEA now has concrete evidence that you've sold 150 pounds this year. Fucked doesn't begin to scratch the surface of describing what you'd be in this situation.

If accurate books mean the difference between a night in jail and a decade in butt-pounding, don't drop the soap, join the fuckin aryan nation prison, I'd go without the books.
If people are that paranoid that they're willing to take precautions covering their tracks for grow logs, then why couldn't they do the same for keeping logs of sales? The only thing that would link you to your account would be the username and password, no emails. No IP addresses will be logged or stored. So even if the information stored in the database was compromised, what use is it out of context? Even if the DEA gains a subpoena for your computer, how will they link your computer to the website, let alone know your user name and password which links you to all of your records? We will be writing a disclaimer about how this site is strictly for novelty purposes and in no way records any performed illegal activity.

We have thought of these issues and yes, though it may seem slightly unsafe, it's no less safe than keeping a log of sales anywhere else. Many dealers I know keep logs on their phones. You are a lot more likely to lose your unsecured phone, containing all of these sales than you are a computer that has no record of you being on this particular website.

I understand the need to feel 100% secure, but reality shows that isn't the case with any method of protection, short of burying it deep in the Earth's core. Even then, what's to stop the mole people from finding it?
 

Baked Jesus

Well-Known Member
Yeah, there will be free accounts available. The first X amount of people to join up before a certain date would receive the Pro version free also.
 

Johnny Retro

Well-Known Member
Not trying to shoot your idea down, but i think your getting into somthing your going to regret. Is it worth going to jail for a website? Im not sayin it will happen, but it can happen..
 
Don't listen to people that don't like the idea...the best way to do it would be offline and all information would be stored on the client-side. PM me when this gets up or you have a version to test.
 

Snow Crash

Well-Known Member
This is no different than a database... except it is written in HTML and exposed to the internet.

I don't think something like this will get the grower or seller caught. What it does do is provide evidence for conviction when it comes to distribution. Personally, I think it is unnecessary.

If you think putting sales information on the internet is a good idea you very obviously don't know enough about IT security.
I think the closest I would get is to use a spreadsheet, encrypted and compressed, uploaded and downloaded when required from a sFTP.

Still, it isn't necessary to publish this kind of shit online. A DB program, like MS Access, would provide the same services. Hell, I could use a spreadsheet and some relational equations to do exactly the same thing.

A way to remove risk is to run several mirror sites and pull updates to a central server which can then push the updates back to all the mirrors. This makes it difficult to get consistent IP action and packet sniffing would be a little confused. I would also suggest using a rotating port access (rather than 80/81) and never registering with a DNS.

Good luck with it.
 

upthearsenal

Well-Known Member
I know nothing about internet security and I'm not saying you will get caught.... but do you need this?

Years back when I was in high-school I sold about an oz in grams everyday, and never had to keep track of my sales.. if I sold and gram, or an 1/8th to someone, I'd supply them, get paid, and move on... never did I have to reference it, lol.. as long as I got my money at the end of the day, it wouldn't matter...

Why would you reference it...? unless maybe someone wanted a return, and you could see how much sold them?

I don't get it, but whatever, good luck I guess.
 

Timmy22

Member
i guess im just old school because i still carry around my cash register and staple a reciept to every baggy...
 

Serapis

Well-Known Member
Self promotion..... At first, I thought maybe you were out to do something for the community. Then I saw your second post refer to this as a 'service'. I knew right then that you were doing nothing else but promoting yourself on a community website. Lo and behold, you have a price for it. Many of us here have a slogan....... we tell no one and we sell nothing. Try drug-dealers_'r US.com

Yeah, there will be free accounts available. The first X amount of people to join up before a certain date would receive the Pro version free also.
 

Serapis

Well-Known Member
That is nothing more than a simple spread sheet or database if it is stored client side and the OP's 'services' aren't really needed. And just how many dealers do you think there are in the population? I know when I needed them, they were scarce and few to be found. I certainly hope you don't think you are going to have 100's of clients. Most of them would think you are crazy to ask them to store illegal drug sales on a web based application, without personally knowing you. This idea is just not thought out very well....

Don't listen to people that don't like the idea...the best way to do it would be offline and all information would be stored on the client-side. PM me when this gets up or you have a version to test.
 

sonar

Well-Known Member
Um yeah I'm not how they handle this sort of thing in the UK, but here in the States they call this "evidence." Does he take credit cards and have a money back guarantee as well?
 
Top