Hello community.
This post is to help clearing up some misunderstandings from the past. You can find the first part here.
Was penissmith a part of the alphabay staff at the time of publishing the post?
No, just a vendor.
Why did I say that he was part of the alphabay staff?
As you can see on the screenshots he had a 'GBR' tag which is reserved for 4 special users that have influence in the process of a guide approval as explained. However he had that tag falsely as alphabay support wrote
Furthermore there are a lot of threads on this subreddit which were about people inviting penissmith to their disputes. Since I saw them over the time and also did a quick search for his name using the search function which revealed that he helped users with disputes, I logically assumed that there is only a special list of users that can get invited to a dispute. For example moderators and a list of privileged vendors, because it would make no sense to be able to invite random buyers or vendors who have absolutely nothing to do with the dispute. However after I paged the two alphabay reddit accounts on the post in question I replied to their second comment they made on that issue and wrote that
you can add him to a dispute because he is a vendor with more privileges than others. if a user has the choice to add people to a dispute, in order to resolve the issue with the help of them, how else would you name such a person?
and that
you can not add any vendor or users to a dispute. only a hand picked list of users. penissmith is in that list.
in a follow up comment. However alphabaysupport took very long to clarify that it is possible to invite literally any user to a dispute. For example he wrote 'No, it isn't possible to invite any vendor.' here which clearly a lie, because he later finally confirmed that is indeed possible to invite anybody to a dispute.
So instead of correcting my wrong assumption which I wrote on Feb 12 13:26 UTC in a direct reply to his second comment on that issue, he waited till Feb 12 17:01 UTC to clarify that one can invite anyone to a dispute. In the mean time he made several other comments and a post and evaded to answer my questions like "can you please tell me what users [or user groups] are on the list of people that you can invite to disputes?".
You can by the way see the time-stamps of posts and comments by hovering over the 'x days ago' part of the comment.
However when I was unsure if it is only possible to invite certain users to a dispute (I did not know if it was really the case because alphabaysupport took long to give me an answer to that question) I edited my post several times to include the additional info I received. In the end I also clarified that he was in fact not a staff member.
The reason why I did not know who can be invited to disputes is that I never used or ever will use alphabay. I go rarely on the alphabay forums (who would visit forums of a market that he does not even use?) and I also do not have a complete list of trolls who are known for posting fucked up shit.
Furthermore was penissmith working for alphabay in the past, as a part of the scamwatch team [link]. That also was the cause for the thread of the users complaining about penissmith because he has not been helpful in the past with helping resolve disputes (example 1 | example 2).
So all these factors led me to believe that penissmith is still a staff member. How could I know that the GBR tag he had was a lie? Do I have to ask every market admin if the tags their users have are correct and hope that I maybe get an answer? Why did alphabaysupport lie to me by first telling me that it is not possible to invite any vendor to a dispute?
Did the mod team (and especially me) learn from all that?
Yes. We mods had of course discussions about all the issues in the past and improved our behaviour and actions every time. For example econ published the mod guidelines, we came to the conclusion that if a mod is in a discussion with someone he should not take mod actions in it but ask others to do it instead because they are more objective,. . .
The things I will personally change are for example: no more comments/posts about alphabay using this account (except for paging their accounts to make them aware of an issue without any further comment (like I often did in the past)). Such comments will be made by a dedicated alt account and I will not make any mod action concerning them to ensure objectivity. Before you fear that there will be one account relentlessly bashing alphabay: no, in the weeks after the second alphabay message leak I used that alt account to make ab comments (except for the recent post). But it was not an endless stream of bashing, only two comments. So if alphabay fucks up once more I will criticize them using that alt account, if they do not then that account will be silent.
We mods (specifically me) will also not make posts about issues that a user initially bought to our attention (like the recent one) but let them post them about it themselves and only provide an environment for proper discussion (e.g. if there is a bug we verify it and then make a comment in the post of the user that is has been verified). An example for that is the recent dream bug.
Were the alphabay links ever removed from the superlist completely?
No. First of all, during the second alphabay message leak I made a post which listed and explained the actions that I took. At no time the alphabay links were fully removed from the superlist and I never claimed that.
To see the changes made to the superlist please go to the superlist history and click on the next button once to get to the changes that took place 25 days ago. You can view the different version by clicking on the view link. Now this is what it looked like before and this is what it looked like after the message leak was published.
As you can see, while URLs after the "Address:" got replaced with a warning text, the link to the forum was literally three lines, about 40px, under it (the link is pwoah7foa6au2pul.onion/forum). So all a user had to do was either:
removing the '/forum' from the URL, or
go to the forum and then navigate to the market, or
go to the superlist history and view and older version (literally takes two clicks), or
use the bookmark he should have made, or
check other reputable link sources such as deepdotweb or dnstats, or
search for "alphabay" or "alphabay address" using the search function of the subreddit to see the link mentioned in a post (phishing links are automatically removed so you only see legit ones)
If you can not do even one of the things above than you should re-think if you are in the right place.
If you ever wondered why some of the warnings linked to /bigbadwarning I made an in depth explanation here
Am I distracting from a "dream market hack"?
No. Some people claim that I am doing it. The post to which the OP is referring to is this one where the user only posted the pastebin link without further information and also evaded automod filtering by obscuring the URL (e.g. writing h[xx]p://pastebin.c[x]m).
When I logged in I started to clean the mod queue and of course noticed that post. Like every sane mod who wants to avoid getting this sub banned and not damage the dnm community, I removed the post because it also contained usernames, passwords and PINs of alleged dream market users. Should I have left it up so these possible users could get their accounts drained?
After the removal I contacted the OP of that post and told him to please contact the mods first before posting such 'leaks' because simply publishing login credentials with which users can loose all their money is not helping anyone. I also asked where he got the data from.
That user fortunately contacted us though the mod mail and clarified that he was just relaying the link that someone posted on twitter and said it was from dream. However there are many issues that make it very unlikely that this data is not from a dream hack:
the pastebin post was made on Apr 23rd, 2016
the first part of the dump contained about 500 username/pw/PIN combinations. I tested 10 random accounts from that list and only two worked. These two belonged to users that have no accounts history, no balance and no other activity. So these 500 accounts could have been easily got by phishing, because if there was a vulnerability that leaked the data there would be many more accounts in the dump. Or these accounts could have been created by a bot or even a bored human.
not even dream would be so dense to not hash passwords and PINs but store them in plaintext
the second part contains more than 1700 usernames, pw, email addresses (a lot of gmail ones) and IP addresses. There is no way a DNM would store IP addresses or email addresses. I also checked some of the email addresses, and it revealed that they all got leaked previously.
If I was distracting from the 'dream hack' I would not post publicly about that issue and inform the community about how the situation develops. You can clearly see that the two linked comments were made before the OP claimed that I was covering up the "dream hack". In case you want the link to the tweet that published the dump you can message me so you can see for yourself that the dump is not obtained through a hack of dream.
However everybody that read more than a handful of comments of mine knows that I dislike dream (almost) as much as alphabay (e.g. because they allow vendors to dox customers), so the last thing I would do is trying to suppress as database breach from dream.
Am I being paid by a market or other entity/user or do I insult users through private messages?
No. There are also claims like this one:
oh by the way, this mod sent me a pm screaming at me for insuating he is being paid off by another market to discredit AB
made by /u/My6thRedditusername and I even offered him a generous reward of 10000000000 BTC if he could prove that I sent him messages and insulted him (see the bottom of this message). Unfortunately he has yet come back to my offer to make him the richest person in the entire history of human mankind (the offered bitcoins are worth $10,090,000,000,000).
However if any other person wants to claim that I insulted and screamed at him through personal messages, please step forward and you will become the richest person in the world if you can prove these claims.
Now people also accuse me of getting paid by markets too, which is also not true. Therefore I offer to give my login credentials to a long time community member (who is unlikely to abuse that power) so he can log into my account and look through all my messages. This is not something natural and I would avoid giving away to an internet stranger my account when possible. So I suggest that if the community really wants that "audit" that they pinch together about 1 btc for example (in a multisig wallet) and if that limit is reached I will give my login credentials under previously discussed circumstances to a long time and well known community member.
If the claims can not be proven, all that money from the multisig wallet goes to the torproject. If they can be proven, then you can go ahead, ban me, humiliate me in front of the community, put me on the wall of shame, give the donators the btc back,...
Now to summarize, I poured countless hours of my free time into explaining my actions (in this post and previously too) and also offer to be completely transparent by letting someone else read all my private messages. Combine that with the many other things I did for the DNM community in the past and you will hopefully see a picture of somebody that is not interested on harming this community in any way but to make it better with every single day.
Modding is a learning process and I appreciate your dedication and to the community and hard work you're doing.