Best practices in maintaining anonymity. Also, a nifty idea for a darkmarket

So I was thinking about all the markets biting the dust lately and there is obviously a correlation between how popular the market is from word of mouth, and the government awareness of its presence, which ultimately leads to its shutdown. Now imagine the following:

A market with NO official name, no acronyms, no abbreviations, no codename, never discussed, period, whatsoever. The only way to access the site is obviously through tor, but the address is an ever changing onion link based on some secret algorithm (let's say it changes every 13 days, with a 3 day ahead of time warning). Now the only way to derive the new URL is by implementing the algorithm, which itself can only be obtained through word of mouth. In order to get the site started in the first place would require the involvement of highly reputable and established sellers communicating directly with their most trusted repeat customers on other markets. This would eliminate many of the scammers and childish bullshit that tips off LE, so long as the core members can remain relatively quiet about the sites existence to friends and family.

While all of this is merely speculative and probably just wishful thinking , I feel that it could at least stave off the involvement of law enforcement in our personal affairs.

At the very least, Jesus everyone, please be a bit more subtle about your darknet experiences, for yours and your families' sakes.

Thank you for reading!


Comments


[12 Points] IDBitch:

Sounds like some Russian carding websites.

They've been up for a long time. Whether that is because they are Russian or because of this system I dont know.


[8 Points] Theeconomist1:

Well, in theory sites such as this could already exist and we wouldn't know it based on the premise that people keep quiet about it and basically maintain a type of exclusivity. I'm sure there are sites that exist that are very small and keep small intentional. On the smallest level you have maybe a single vendor who starts up their own "service" and sells only to a set of known and loyal customers. This does exist. Its basically invite only, don't know if that invite list grows at all, you are supposed to not talk about it (a la Fight Club), etc. I guess the function of the algorithm would be to prevent the site being exposed and if it was, the exposure would be minimal since it'd change.

So if the purpose is to keep the size of hte marketplace small, like I said, that's already done to varying degrees. But if you grow the site, no matter how careful you are, the bigger you get, the more chance you let in LE, so I think its a foregone conclusion that LE will get in no matter what. What you want to do is make sure that penetration is irrelevant.

How about decentralized markets? In that case you don't even have a central place to worry about. That should eliminate market-level threats (such as the seizure of a market). Vendors will always have to worry about threats to themselves and customers to a degree as well. Really, the marketplace serves 3 potential purposes: escrow, review/rating system, and search. Multi-sig escrow is a great concept and I heard there was something in the works so that only 2 sigs were needed - I'm not sure how that'd work though in disputes, haven't done much research on that. There are several potential solutions as alternatives for hosting reviews and ratings. Search is a big one to overcome I think. Again, it seems like a decentralized marketplace is the way to go. That way there isn't a site to target.


[3 Points] imaballerbaby:

Good in theory and could work for a small group of vendors and their trusted customers, but humans are inherently greedy and always want more more money. It would be impossible to grow without the wrong people learning about it


[4 Points] jadedsynk:

Sounds like a phishers dream come true.


[1 Points] esterbrae:

A market that annoying to use would be LE only after a few weeks.


[1 Points] sapiophile:

Good thinking, but it's unfortunately not secure in some of the ways that you think it is.

I'm not sure how Tor's hidden service metadata are broadcast among the Tor relays, but as is relevant there are essentially two possibilities - the URL (a truncated hash of the site's hidden service public key, providing authentication) is known to relays - or - it is somehow concealed even to the relays themselves as by encryption. I2P has a distinct feature for what are called "Encrypted Leasesets" that basically allow a site's URL to be unknown even to relays, so that the decrypted URL basically acts as a "password" in order for anyone to access the site. If something similar is not feasible on Tor (again: I don't know, though someone willing to research the Hidden Service documentation - which is pretty bad, in my experience - could probably find out), it's basically a moot point, as a malicious relay could simply fire up a connection to every hidden service URL it learns of. I would assume (hey, more talking out of my ass!) that the new proposal for Tor hidden services provides some functionality for concealed hidden service URLs, but that wonderful proposal is not yet implemented (they need coders to help!).

Things get hairy quick, though, when you start talking about an algorithmic shift of the URL. Essentially, you're describing a Pseudorandom function which is completely deterministic. This basically makes the algorithm itself a part of the "password" (along with the secret URL) which has virtually identical security parameters as the URL itself. In essence, if LE could gain access to the site once, they can almost certainly also gain access to the algorithm which shifts its URL into the future, so there's very little security benefit to such a system (and in fact a tremendous opportunity for authentication issues like phishing and LE man-in-the-middle attacks).

So, there are a lot of possibilities that could improve on this idea - note that all of them do away with the deterministic URL incrementation:

  1. Instead of deriving the chain of URLs deterministically, simply share them privately by word-of-mouth over secure and authenticated channels periodically - probably at a semi-random interval to befuddle any snooping on brand-new hidden service announcements.

  2. Use I2P Encrypted Leasesets.

  3. Use a more direct friend-to-friend secure network like RetroShare or FreeNet running in Private (high security) mode.

  4. Have every new URL generate a random, believable-looking HTTP authentication request (or some other similar extremely simple authentication prompt) that redirects to the site on a valid login. The key is to make this authentication step difficult to profile, and variable (at least somewhat). That way, if LE was able to monitor when new hidden service URLs become active, and they decide to check them out as soon as they learn of them, they won't necessarily know that the URL points to a market, or even the same market that they've been trying to pin down.

  5. Using a non-standard port might help against probes like those described above in (4), but of course the hidden service's guard node will still know which port the service is being accessed on (though it won't know what service it's accessing, if any - I think? Hmmm, another interesting research topic for the HS docs...). LE definitely controls a lot of guard nodes.

...and more, I'm sure.

Theoretically, such a system would indeed be incredibly secure, as long as everyone involved really knew their shit about Key Trust and made sure that they didn't get fubar'd via some less secure market. And of course, everyone was using secure platforms, like sanely-run GNU/Linux or *BSD.

Authentication and Key Trust are the biggest hurdles, here, for sure. You're essentially describing a secret-key distribution system, and that is a very difficult thing to secure well.

edit: some clarity stuff


[1 Points] Axaq:

Great concept I suppose but you can't overcome the main problem here: laziness. If most idiots can't be bothered using PGP, then what makes you think they will go through the effort of having to work out the new URL each week or so? It would be great if it was easy enough but I doubt it would gain enough traction to even get off the ground.


[1 Points] Vendor_BBMC:

Do you think that you know about a market because you're cool, and law enforcement haven't busted it because they're so square they don't know about it? The moment a policeman finds out about it and install TOR on the police station computer they all get furious and it gets busted that day?

EVERYBODY who wants to know about darknet markets can find them all in 10 minutes. Look at the sidebar. Look on deepdotweb. On Grams.

Or ask the NSA for a list of TOR hidden services.

Its like starting a post on Reddit to tell everyone in every country in the world not to talk a about "Fight Club", followed by 14 comments discussing why we shouldn't talk about Fight Club.

What if a policeman is reading Reddit? Do you think he's preparing an emergency memo to all police departments saying "we've lost the war on drugs. There's a guy shouting at everyone to be subtle about darknet markets on Reddit Darknetmarkets! They are going to pretend to be talking about buying and selling cakes through the post! That's the end of us...its just too subtle"

Somebody go and kidnap Lutherman13., We will torture the information out of him. There are half a million drug customers trading somewhere, but not one of us cops is cool enough to be told where"

This subreddit would have to close. Whose going to get the ball rolling by leaving first? Luther13, are you going to set an example by not writing about darknet marketplaces again?

We will have to get by without your razor-sharp mind.


[1 Points] NinjaGaiden2:

There was once a "vouched" only carder forum, where you needed a cert copy just to access the front page and see the login link and it was only handed out to a couple of people. Raided and shut down.

Security through obscurity is worthless. The best way to survive is do what that 2009 Russian drug forum does: avoid politics. If your site becomes some kind of political movement then you attract nation state attention


[1 Points] trooper_sips:

If these vendors trust their buyers enough to invite them into a system like this, they probably have enough trust to do direct deals, where there is nothing said outside of PGP.