Pretty turbulent times right now, eh?
Some words to hansa vendors
Law enforcement has gained a huge advantage by not only seizing and taking ab and hansa offline, but by also running a top market for nearly a month. It allowed them to monitor every link every single user clicked, what messages they sent, what passwords they entered, when they logged in and out, . . .
After they are done jacking off to their gained data, they will fan it out to just about every law enforcement agency around the world so they can use this data to go hunting. And trust me, they will. So I want to take the time to urge vendors to not continue like usual. The past has shown that for example the SR data, which was far less extensive than the hansa data, provided the basis for many arrests even after the initial seizure.
While it is part of law enforcement's strategy to scare users and make vendors give up their aliases, vendors should always choose their own freedom and the one of their customers over a few extra bucks before getting busted. So I urge every vendor that was at least somewhat active on hansa to put their current vendor brand to rest. Pause your vending operation, prepare for the worst case, have a critical look at your operation and start again after some time while learning from your mistakes.
It would be reckless to continue vending with law enforcement having such a huge advantage over you. Here some valuable tips on how to make sure law enforcement can not connect your two aliases. And reading the DNM vendor bible in general will not do harm either.
Response to recent law enforcement actions
Since law enforcement gained a huge advantage with operation bayonet, we need to improve too. We need to learn from our mistakes and think what we can do better to minimize the impact of future market seizures and takeovers. So in the following some points I have come up with.
Auto encryption
Making no auto encryption a requirement for markets to get listed. Sadly, we all experienced the fallout I was talking about. This time it equals to over 10 thousand of addresses now in law enforcement hands. Without ae and the promotion of manual PGP encryption, this number would have been much lower.
2FA requirement improvement
There need to be done some improvements to the 2FA requirement. The decoded PGP message must look like the following:
Only valid for marketAddress1.onion marketAddress2.onion
2bjf7
Imagine this case: Vendor V vends on market A and market B. He re-uses his password on both of them but has 2FA enabled.
Law enforcement seized market A and gets his plain-text password by simply logging it when he logs in next time. They then go to market B and fill out the login form with it. Now they get a PGP message prompted that only the vendor can decrypt. Fortunately they can get the vendor to decrypt PGP messages using the 2FA on their taken-over site.
So they manually put the PGP message they got from market B in the system of the taken-over market and wait for the vendor to log in and decrypt it. As soon as that happened, they log into market B with that decrypted code.
Effectiveness can be improved by keeping an eye on the vendor login times and timing the attacks. By the way: I would really be a good law enforcement agent with such ideas.
Pretty frightening if law enforcement executes such an attack as it allows them to circumvent 2FA on every market and other services. So let us prevent this attack in the first place with the updated requirement.
If a vendor decrypt a message from market B that says it is only valid for market A, he will immediately be alerted and hopefully informs the community too.
Past log-ins
Markets could show the timestamps of the last three successful logins on the front page the vendors get redirected to after a successful login. That way they can easily spot if someone logged that was not them. I took 3 as a number because it is a good compromise between security [vendor can see the dates of several logins] and privacy [market does not store too much data about the vendor].
These last 3 successful logins could be displayed in one column. Two more columns could be added that show unsuccessful logins [wrong password] and semi-successful logins [password correct but 2FA wrong]. In the light of recent events, the community would have been warned early because several different vendors would have gotten entries in the semi-successful login column due to law enforcement trying out the login data from hansa on other markets.
Usability can be improved if vendors can set the timestamps to their timezone, so a quick glance is enough and they do not have to calculate their actual timezone from the UTC timestamp.
Market canaries
Markets have to publish a signed message every week or so that they are not compromised and include the hash of the latest btc block. That way law enforcement would not be able to run a market for horrifying 27 days without also getting control over the PGP key.
It is not waterproof but the potential reward in my opinion outweighs the costs for the market operator [spending 2 minutes every week to publish the signed message]. The message should be displayed publicly on market.onion/canary for example. The time period can be also changed [i.e. reduced] to make a takeover less successful.
For example according to some information we received, law enforcement did not manage to compromise the PGP key of hansa at least shortly after the takeover.
Periodically checking vendor keys
We could get a small 'task force' of users to check the listed keys of vendors on several markets. It would consist for example of a handful of users that already have the 'long term community member' flair [so they are at least somewhat trust-able], who have lists of vendors that they check once or twice a week.
They could focus on higher profile vendors [i.e. large sales volumes and products like fent, heroin, . . .] and check on the markets that are most used. That way we could quickly spot changed PGP keys and act accordingly by warning the community. We even got an early warning sign with hansa, but we did not process that information correctly.
I could probably automate this to some extent, but this takes some time and getting some users to do this regularly would be best for now.
Multisig
Multisig. We will have to deal with that topic in a standalone post. Law enforcement basically played all hansa users and was able to do so because nobody implemented and used multisig properly. It is not an easy topic, but if the recent event are not motivation enough to finally provides guides how to use ms properly. . .
Market bust procedure
We main sub mods will also work on a market bust / seizure / exit scam procedure that we can apply if needed. That way we optimize the workflow in such cases more and can achieve better results [i.e. minimizing the damage and passing important information on quickly].
So what are your ideas on improving the DNM scene [not limited to the requirements of the superlist], to minimize the damage of future law enforcement operations? Because if there is one thing we know, it is that the next operation is just around the corner.
Now some interesting traffic stats as a reward to you because you read through the whole post [keep in mind they do not include mobile traffic]:
Screen shot two You can really see how the traffic went up right as the press conference began.
You forgot Mo-Nero...