Bitcoin Forum

You are not Jason Bourne.

If you are not absolutely certain you know how to operate anonymously continuously don't attempt to operate a drug marketplace, at least one servicing the U.S. You see, the U.S. govt. is very resourceful and can (for now) print just about any money it needs for any task.

Ed Snowden himself said if they want to get your computer (specifically) they'll get you. Even I would have thought a clean Linux install would be a good starting point until the shellshock (https://en.wikipedia.org/wiki/Shellshock_(software_bug)) bug showed up. There are just too many potentially vulnerable points to consider to operate with confidence, from coin taint/trails, to compromised hidden services, to botched communication, and that's the technical side. There is also the human/social element to trip things up.

If you're going to attempt such an undertaking you should always operate under the assumption the enforcers are one step away. At the very least don't remain in the U.S. and regardless of location don't sit still. I'm not sure I'd even attempt it and I believe I know what I'm doing. You should at most operate for under one year then walk away, and if you can pull that off it would be an impressive achievement.

Well things happen. I did not however expect the owner to be found so quickly.
It is possible to stay hidden if you're smart enough. There are many people who the government can't catch, or services that can't be shut down. Look at TPB. Bitcoin helps with their finances.

Greed is what gets most criminals caught; especially cyber "criminals".

There is no such thing as perfect security, for anything.

The problem is the free market sale of controlled substances is a political issue. Bitcoin and its libertarian enthusiasts are poking the government in the eye, putting that issue in the spotlight. To them it's a game, one of strategy, and they're playing to win. That's why they codenamed their operation onymous.

FBI is certainly stepping up enforcement efforts. The oldest dark net market "farmer's market", used paypal, and they weren't caught for over 2 years (surprise surprise, they were caught simply by paypal disclosing their contact info to FBI). This was before Bitcoin was available.

FBI is increasingly getting good at busting TOR sites.

Must be mad running an illegal drug website. Just the tiniest microscopic slipup could reveal your real identity. TOR isn't foolproof.

Why not just use the nxt market place? Decentralized and all that.. There's already a guy selling prescription drugs on it.. Doctor from Mexico apparently ::)

Well, that sucks.

I have no interest in the narcotics but some of the other items available and vendors have proven themselves to be reliable.

there have been a number of attacks by not-so-honest tor exit nodes as of recently. I would say this is likely related.

dogecoindark.net

already has darknet = untraceable ip crypto.

;]

http://www.belfasttelegraph.co.uk/news/local-national/republic-of-ireland/two-held-over-darknet-drugs-ring-30724056.html

I never said that there was perfect security. There isn't 'perfect' for anything actually.
Well there needs to be something called DarkNet 2.0, Tor 2.0 and such, services which would utilize Bitcoin in the process.

@OP - I will take your feedback into consideration.
















@FBI - Just kidding. :D

No, You should operate everywhere around the world including within the US with decentralized marketplaces.

No, but you said it's possible to stay hidden if you're smart enough. My point isn't so much about perfection as it is about degree. If U.S. government enforcement agencies in large enough degree want to find you, there is a pretty good chance they will. They have near limitless resources, whereas it only takes one slip up on the part of the evader. Open drug sale is too large a political issue for them to put up only half efforts.

Yup, same thing I noticed, good point.
Crazy how fast this cat and mouse game happens...always the good vs. bad, one playing catchup!

Lets see them try and shutdown openbazaar where there is no site operator, no server, and no domain to shutdown.

I wanted to mention this but I totally forgot about it while doing other work. Such services are the way to the future. They can't shut it down no way, although they could trick users with fake merchants set up by FBI agents. This is why I'd only buy from a few trusted buyers (if it was something illegal).

Actually they caught this guy by becoming apart of the site's support staff, so it had nothing to do with computers or anything it was really old fashion cop work. Go undercover and becoming one of them.

Are u sure ? Because I read that they got Defcon's IP from Google as he used Gmail for some registrations.

Social engineering at it's best.

It was both. There was an undercover agent that was a staff member of SR2, but they likely used some kind of advanced tracking to find the SR2 server. The complaint really did not go into how they found the server, only that they found it back in may.

Well apparently the ownership/control of SR did actually transfer in December. It is apparently not known who created/started SR2.

While putting on my tinfoil hat, I would speculate that SR2 was created by law enforcement as a way to entrap people running the site and law enforcement would have made up a good portion of the support staff

It has been reported that this Defcon is not the first Defcon. It is the fifth one. So, those who actually created and launched the site on November 6, 2013 are probably not caught as of yet.

Do you have a link/source to defcon being the 5th one? I would somewhat doubt that. The complaint does not mention anything about there being more then one defcon.

Source: https://www.cryptocoinsnews.com/silk-road-2-0-users-defcon-5-as-related-arrests-continue-around-world/

Check the last sentence of the article...

Satoshi is doing a good job staying hidden and his probably one of the most hunted people on the net at the moment. It's not easy but it's possible as he has showed us.

http://en.wikipedia.org/wiki/DEFCON

Read the above wiki. "defcon" is a measure of "preparedness" of the military with 5 being the least prepared and 1 being the most prepared

The difference between satoshi and defcon is that defcon was active in the community he was participating in while satoshi left the community long before he was someone that people would want to dox

This is not true. The complaint says that defcon was the original defcon and did not present any evidence of him being a successor to the original one. It did mention that DPR was suppose to be not the original DPR as it was suppose to be a take-away from the princess bride

In fact the most useful piece of advice which would be marketplace operators should follow is to check their ego and be as invisible and behind the scenes as possible.  Actively participating in "the community", and especially adopting the role of "visionary leader" is just plain stupid.  It's an illegal business first and foremost.  Leave the ideological bullshit to the users instead of courting their adoration.

I think the reason why "defcon" was adopting the role of a "leader" was to inspire trust in his marketplace, especially after it has been hacked as many times as it was hacked. If you are not active in the community then people will not trust you as much

Yeah, but can we get weed there yet?

Given that many of the darkmarkets have been shutdown recently, I would avoid buying drugs on any of the remaining ones for some time. Use a local drug dealer instead.

Openbazaar beta 3 about to be released. I expect to start seriously using it in Jan 2015.

They can print infinite money, but they can not print infinite human resources.

That's actually what makes open drug sales such a perfect strategy. Lure them into a fight they can neither resist nor win. (where have I heard that strategy before?)

The reason they can't win is because the USG is operating with a goodwill account that's overdrawn.

Like an overdrawn checking account, every further attempt to withdraw from the account just makes the balance more negative due to overdraft fees.

Each time they act, their pool of talented individuals willing to accept their money shrinks a little bit. At the same time, more people decide to apply their talents toward thwarting them.

How many more people are going to spend some time auditing or hardening Tor hidden services today that would have not done so absent this announcement?

They think that they can scare people into submission, because only the types of people who'd make that kind of error would be in that job in the first place. Of course it will backfire on them.

We should be thanking them for providing the incentive to produce the kinds of technology improvements that will result from their actions, to their own detriment.

The cult of personality which has existed around SR "leaders" may have inspired trust, but it's been misplaced trust.  Hackings and law enforcement take-downs have happened under the watch of these trusted leaders.

Whenever the shit hits the fan, there's always a big "trust no-one" push and the emerging leaders always tell the community to assume everyone is law enforcement and act accordingly.  That advice is very quickly forgotten as people once again get wrapped up in the idea that they're part of some heroic movement for change and that the leadership is going to great lengths and making great sacrifices to protect them.  The reality never matches the rhetoric, though.

Power and money are heady intoxicants, but there's a danger in believing your own publicity.  When you start believing your own PR, you put others at risk.

Users need to stop buying into the idea of SR as a movement or community.  They need to view it as a commercial enterprise and stop believing that the people at the top are martyrs who'll protect those beneath them.  They need to stop wanting to like and be close to whoever is at the top.  Buying into the mythology creates vulnerability on both the part of the leadership and the users and leads to stupid mistakes.

Agreed, mutisig and auditing is the right solution:

https://blog.openbazaar.org/migration-of-our-project-funds-to-a-multisig-address/

You are correct, it was misplaced trust, as SR2 was hacked multiple times to the tune of millions of dollars worth of bitcoin. They were however acting "honestly" and were eventually able to repay users their lost bitcoin by using funds from site commissions. It was only when the site was eventually shut down that users lost money

I noticed that the Europol statement specifically referred to investigating the technology.  I don't think it's safe to assume that human error alone is responsible for every bust.  Yes, good old fashion police work has played a huge part in the very public busts to date, but it would be extremely unwise to assume that access to awesome technological resources hasn't also given investigators far more information than has been made public.

I'd be inclined to take Europol at their word about going after users - not because they care about people buying small amounts of drugs but because they want to create the impression that involvement in the dark markets is unsafe whether you're an operator, a vendor or a buyer.  For the most part, non-vendor buyers have felt relatively safe up until now - so safe that they're posting on clearnet trying to track down contact details for known SR vendors.  Prosecution of buyers will disrupt that feeling of safety.

Well one thing that I think is interesting is the ratio of sites they took down to the number of people they arrested. It appears that they took down ~400 sites while they were only able to arrest ~15 people. I would highly doubt that those 15 people were running 400 sites as this would not be very efficient. I would speculate they were able to find the hosting of the sites easily (probably via traffic analysis) but would have more problems locating the people who are actually running the sites).

You would however have problems trusting that a dark market site is not now running as a honeypot as law enforcement could potentially take over the site and allow it to continue to run to see who buys/sells on it

I don't think using multisig addresses for openbazaar donations is going to help anything. Anyone that facaliates the sale of illegal drugs (or any other illegal good for that matter) is risking apprehension by law enforcement as well as a lengthy jail/prison sentence

Even if you ignore the incentivization from asset forfeiture, there are real limits to how an organization can fund its operations without sufficient funding. Right now a large amount of funding is done through fines and theft(asset forfeiture). If one uses mutisig addresses than these apprehensions will result in less theft occurring therefore starving the state of these needed funds.

Where will law enforcement make up this loss in revenue?

It isn't actually the job of law enforcement to earn certain amounts of revenue, it is their job to enforce the law that the legislature has enacted.

Also if they were going to seize the assets of open bazaar then they could simply seize the keys from two of the four devs (assuming they are using a 2 of 4 multi sig address) to sign/push a TX out of their address

Agreed, but that is not where their priorities lie.


Ok, I see where the confusion is. We are both talking about the developers using multisig for their measly 18 BTC to fund development and the future dealers using multisig BTC as part of the open bazaar protocol in order to protect their assets from either the feds stealing it or the developers stealing it.

Are you suggesting you believe the feds will go after developers for creating a non-profit agnostic marketplace? If so why haven't they gone after developers who create torrent software and protocols in a non-profit and voluntary method yet?

OpenBazaar is a protocol, not a one stop shop for illegal drugs. Thus, governments probably can't stop development on it any moreso than they could on BitTorrent. If anything, a crackdown on the software would lead more people to using it and developing for it, e.g. PopcornTime.

Exactly, I believe federal agencies are aware of that and that's why they don't just ban everything immediately. They're slowly taking their time as not to cause too much disruption(an outright ban on some services would lead to even more people doing things they don't want). All in all, their take your time approach is better than the outright ban approach and I think all bitcoiners would agree.

I don't believe anything is untraceable for the NSA.