Bio: We began developing websites for clients and hosting them on Freedom Hosting just over two years ago. Many areas of the darknet were left vacant once FH went down (for good reason), yet there were plenty of users who still possessed their RSA keys. So we contacted everyone we could about their sites, and a couple of them were indeed interested.
We gradually grew our service offerings and personnel to what they are now. We maintain a.onion server to host our clients’ sites, provide design and mockup services for vendors and markets, and have even contributed to the design of certain upcoming darknet markets and resources.
We only started giving our services to the general public without a referral two weeks ago, and since then we’ve set up a clearnet site for customers who don’t wish to use TOR (even though they want a TOR site – yes, this happens quite often).
We’ve constructed some private markets, dozens of vendor sites, current marketplace additions or features, as well as optimisation, and many of the darknet resources you’ll find on r/onions.
We’ve seen drama, mystery, and suspicion like no other media outlet in the last two years.
Stories of corruption, murder (attempted), over $100,000,000 US dollars taken and never located, and people simply disappearing.
The last two years of the darknets’ battle with (primarily) the US government, NSA espionage, TOR breaches and zero-day vulnerabilities, and even some unlawful and filthy efforts by our own FBI to shut down the largest online blackmarket under very questionable circumstances, at times brazenly lying to the public.
We’re not here to complain about politics, economics, or anything else specific; instead, we’d want to share what we’ve learnt while exploring the darknet for the past two years.
We are a three-person team who have known each other long before our interest in the darknet.
EDIT We didn’t think about that, but here’s an anonymous reference for team member-specific questions:
Adam – Administration/Client Relations
Brian – Mockups & Web Design
Chris is in charge of backend coding and hosting.
CANDID ADVICE
Is TOR still safe to use? Interesting tales? What are some of your favourite books? Thank you for doing so!
Both yes and no. Many users believe that they can download TOR, instal it, and be completely safe. This is not true.
TOR, by default (and we have no idea why), allows all scripts. Disable it. This prohibits scripts such as JavaScript, Flash, and others from being performed on the client side.
Another option is to use TOR with a VPN (virtual private networks).
The collapse of Silk Road 1 was pretty interesting. We lost well under a thousand dollars in escrow, despite the fact that we only sold tiny stuff like silk road memorabilia, 3D printed items, glassware, and grinders with the SR camel emblem.
We had a couple significant orders of bongs going out through the USA at the time, which cost us some money, but nothing crucial.
Then there was the Sheep Market fraud to keep an eye on on r/darknetmarkets. I believe over a hundred million USD in BTc was taken.
Books! A fun way to kill time.
Adam: I don’t read much actual literature, but if I had to pick one, I’d say The Adventures of Huckleberry Finn.
Brian: Zombie Survival Handbook. Even after that dreadful movie we dare not mention, it has remained my favourite novel, despite the fact that the author is not the finest.
Chris: Red October’s Hunt.
Have you ever refused to host a website? If so, why did you decline to host it?
Yes, any website that deals with child exploitation. That is the only sort we do not accept, while we are not interested in hosting any kind of porn site.
Will Tor accelerate or slow to a halt?
We have no idea how long it will take. As long as users don’t run multimedia sites, the network appears to be OK.
Yes, Yes, and Yes in the short term. A TOR identity that loads pages at roughly 10kbps (a quarter of the speed of 56k) is available, as are some identities that load pages quite quickly.
However, it is dependent on which TOR nodes you are connecting to; occasionally a few ID switches can detect a faulty connection.
The same is true for onion sites: if the site is hosted on slow nodes, no matter how fast your connection is, the site will still be slow until it hops to a faster connection.
It all depends on whether or not people build more pipes.
The real internet is the same; it’s only because businesses invest in more infrastructure that we can have more data flowing across it.
Except that Tor extends its capacity as a pool with each new node, whereas the Internet just expands capacity on the individual circuit where you added capacity. As a result, adding an X Mbps node to Tor will increase capacity by X Mbps (in practise, X/3 because Tor circuits are three hops by default). Adding a Y Mbps node to the Internet will only increase traffic through that node, not the entire Internet.
This is somewhat odd given that the Internet’s fundamental premise is that packet switching is easier to scale than circuit switching. Tor circuits, of course, have no physical limits and are fairly short-lived, whereas Internet routes are attached to the underlying cables and are, in practise, quite long-lived.
What coding languages do you employ in your company?
PHP, HTML5/CSS3, MySQL, and a minimal amount of JavaScript (usually only to tell users they have JS enabled).
What are your thoughts on CSS3’s expanded capabilities in a Scriptless browser?
You appear to be designing websites for the period 1995-2003. I despise how every web developer expects I have enough space to download a 400 kB uncompressed JS file from which they use 1 function to click a form. However, Javascript was occasionally required to make things appear nice. CSS3 appears to be capable of a wide range of tasks.
If you’re responsible for some of the websites I visit, you’ve made excellent use of current HTML5/CSS while avoiding the bloat and vulnerabilities of Javascript. However, have you discovered any HTML5/CSS3 security flaws?
What have been your highest and lowest points since starting this service?
The highest point would be when bitcoins reached $1,200 and we cashed out part of our funds.
The lowest point was definitely when Freedom Hosting went down and many of our favourite websites went down with it.
It was, however, shut down for a legitimate reason (hosting the majority of CP on TOR).
Do you have any experience with other “darknets” like Hyperboria and the like?
I’m thrilled by how all of these things are starting to erupt; it’s fantastic (:
We tried I2P for a while but it just didn’t get any customers, so we haven’t expanded beyond TOR and I2P.
It’s fantastic to see so many darknet sites emerge from the SR1 takedown.
“If you cut one head off, two more will sprout in its place.”
How has the demise of Silk Road affected your business?
We never offered our services to the general public until after the fall, but the modest products (in comparison to some other vendors, our loss was around 0.5% of what large vendors lost) made us reconsider using marketplaces.
Budster was one of the first markets we helped develop, but we merely designed the theme. It’s a shame the website turned out to be a hoax.
We no longer sell products on the market, and the income from web services allows us to spend our free time with our family while supplementing our income.
It has also taught us to accept multisignature escrow in the event that this occurs in another market.
So, what is your personal definition of “darknet?” I’ve heard of it but have no idea what it is.
The portion of the internet that is inaccessible to conventional web browsers and requires authentication and encryption to access, providing users with anonymity.
This includes I2P, TOR, and Freenet.
What are some of the oddest events you’ve hosted?
We can’t disclose anything specific since we respect our clients’ privacy.
The most intriguing, however, was what turned out to be an ARG. Someone apparently felt it would be fascinating to entice viewers into an online game using.onion sites, so they acquired a handful and put some very….odd….photos without telling us. Nothing unlawful, just really upsetting.
Grotesque animals and shapes, but no gore.
When we discovered it in our monthly audit, we immediately paused the site and contacted them, and everything was soon resolved (within a few hours).
What is the most difficult aspect of becoming a member of Tor?
Disinformation and harmful conduct are mostly propagated by US officials.
What is your connection to RSA?
We use the digital signature component far more than its counterpart in the creation of custom onions and bitcoin addresses, but that’s about it.
What coding experience do you and your colleagues have?
Has your expertise grown while working in this field?
What did you do before you started building and hosting TOR sites?
What was your favourite project on which you worked (without giving too much away)?
We each have 8-12 years of experience and work professionally in web development.
It has vastly improved; we only wish it had been accessible a decade ago, when we were still paying off school debts.
We continue to work as legal web developers.
One of our current projects is a website based on one of the characters from the Archer FX series.
Can you suggest a flashlight?
This is an excellent question. I’m not sure why, but I do.
In that vein, I purchased a Coast (never heard of them before but decided to give it a shot) mid-size (around 5 or 6 inches) lamp. It’s difficult to beat for 30 dollars. Stupidly brilliant and well-built. However, the battery life is only rated at a couple of hours, and the low-light capability was immediately disabled by the multi-function button. But if you merely want something to light up a room or the backyard of your neighbour (zoom lense), you can’t go wrong.
Do authorities ever contact you for information about your clients?
How well-informed do you think potential clients are when it comes to starting a business on the darknet?
No, not yet. We chose a hosting firm for the clearnet site, therefore there is a chance it will be removed, although we doubt it.
Customers have inquired about our clients, as well as personal information about vendors, which we obviously do not have and would not provide even if we had.
We have made contact with authorities via anonymous emails whenever we discover a child pornography website. We also refuse to communicate with anyone hunting for CP sites, of which there are an alarming number.
In general, we identify clients that are already selling on the darknet and are familiar with the majority of the absics of using it safely. But every now and then, we get “I have $50 and want a vendor site and market accounts, please help me,” and we have to explain that it costs much more than that.
The most serious issue is that some new merchants mistake our vendor sites for market accounts and are furious when we correct them. You’d be shocked how many individuals want to be darknet vendors but refuse to pay for vendor accounts.
I’m not too familiar with the dark web, though I’m aware of it. What are the legal implications of using the dark web? I’d like to investigate it, but I’m afraid. Where would you start for someone who is absolutely new to it, and what programmes should they download and use?
It is entirely legal. The US Navy created something to aid journalists.
If you are afraid, simply launch a Virtual Private Network (VPN), connect, and then launch TOR. This means that no one, not even your ISP, can tell you’re using TOR.
You should look into r/tor and r/onions.
Tor Project – https://www.torproject.org/
Private Internet Access can be found at https://www.privateinternetaccess.com.
What would it be if there was one thing about the “darknet” that people who use it seem to understand but isn’t truly made public?
I don’t believe the public is given a realistic picture of the number of people who despise all parts of child abuse/CP and use TOR.
The bulk of community members are vehemently opposed to it; it’s one of the few things that dark nett surfers will report, and nearly all.o0nion hosts prohibit it, implying that most CP is hosted on someone’s personal TOR server.
Furthermore, there are no TOR hitmen. Scams. They’re all of them.
Where can I locate tor directories with working sites? I attempted to access several links, but none of them worked.
Is operating a TOR node considered enabling child porn, or has the alleged facilitator been falsely accused by the FBI?
‘The High Court has declined to allow an Irishman regarded as “the world’s largest facilitator of child porn” to dispute the DPP’s decision not to prosecute him in Ireland.’
It does not constitute enabling it in the United States unless your exit node can be linked to a source of CP.
We’ve never run an exit node non-anonymously, so we’re not too concerned.
Is it possible to buy cake online?
On Silk Road, there used to be a grilled cheese sandwich, but now there are THC edible sellers selling cakes, truffles, candy (really, south patch kids and reeses cups), and other cannabis-infused cuisine.
I’m not sure how it would fare in the mail….
Is there any promising peer-to-peer software, such as WASTE, that is becoming popular?
So. Why should customers use your company’s services? Are you a company? What’s to say you won’t give the government everything when they come knocking?
Where do I begin for someone who wishes to get into this kind of thing?
Lol. I’ve been running Liberte Linux/TAILS for a few years now. TBB is not anything I utilise. I mean, where can I understand how the network works (besides, it’s an ONION lol!!) and how to create/fix/test hidden sites/services? Thank you for responding, however I should have said that earlier.
Nobody. Or everyone. Depends.
People are aware that we design websites for a living, but they are unaware of the range and depth of our services on the darknet. Actually, no one knows we work on the deep web; we believe most people believe we either make a lot of money or have a side business we work for in our leisure time (the latter of which is closest to being correct).
How did Silk Road get its start? I mean, how did the creators get it to that stage before it shut down? Essentially, I’m curious how you attract customers to a site with no vendors and vendors to a site with no customers.
I can’t think how tough that would be if no one had ever heard of something like this before and were sceptical about it.
Advertise like you would any other website.
Silk Road was nothing new, and neither was it on Tor. Hell, drug channels were prevalent on IRC and BBSs.
Did they not use Escrow? Escrow is used by all “clearnet” Russian websites.
He collaborated with the person who is presently in charge. Basically, he was the ringleader, and he would advertise on random TOR and bitcoin sites, saying things like, “Hey, have you heard about this site called the Silk Road? Apparently you can purchase drugs there,” and it developed organically from there.
What are your most common website requests? Are you using a popular CMS or creating your own? On your website, it is clear that subdomain generation takes time and is dependant on the quantity of letters. Could you explain why this is different from a regular subdomain, where you merely need to update the DNS?
Finally, “Hardened Gentoo with PaX,SELinux, and TPE Enabled” — Those are some nicely secured servers. Do you have any custom monitoring or security modules?
Vendor stores appear to be the most popular.
We prefer to use pre-existing CMSs or create our own using Bootstrap.
The generation is for entire domains such as dpolezbmujmbcqze.onion and dpoletuchcwxcmvc.onion, which require a large number of private keys to be created until the script (scallion) discovers a match.
This was virtually instant for the ones above with a query of “dpole,” but adding additional special letters makes it significantly tougher and so takes longer.
However, we do support subdomains, so you could have something like north.dpolezbmujmbcqze.onion.
We don’t have many custom modules other than a handful that inform us when customers exceed their resource caps and send them a BTC invoice.
I’ve always experienced bans due to price hacks based on IP address from airlines and other businesses. I’ve been tempted to price shop anonymously on the darknet. Is it possible to buy flights and items on the darknet? If so, is the price reasonable?
I’d be wary about flying. I can picture the US putting that into a terrorist scheme called “Blackmarket Plane Tickets.”
However, there are travel services and discount items that are not unlawful in and of themselves on several of the markets.
Do you have any openings?
We are looking for more graphic designers and journalists.
I’m a journalism student with some professional experience. What is the purpose of having journalists?
How does one get started investigating the darknet and other comparable sites?
Downloading TOR and viewing onion directories
Subreddits like r/tor and r/onionsa are great for this.
Sites can be found at http://vault43z5vxy3vn3.onion/wiki.
You can get TOR from https://www.torproject.org.
What percentage of TOR usage do you believe is comprised of CP? What about the narcotics trade?
We estimate the figures for medicines are approximately 40% and CP is around 20%.
But I have no idea; I’m just guessing based on a fairly old report from before the FH shutdown.
When people come onto public forums to chat about TOR, drugs, aiding new members, and so on. and then post CP or gore
What are your thoughts on openbazaar?
It gives us no incentive to use it instead of other sites. It’s a competitive market with over 20 darknet markets.
Let’s just say “the majority of TOR users believe such sites are phoney and merely for entertainment.”
The deepnet contains some terrifying sections.
Is that stuff genuinely effective? I mean, did you order drugs and hitmen? It appears strange and unnatural. If so, how does it function?
Yes, drugs. When we first realised it was real and legitimate (basically), it felt like a dream come true.
As long as you choose a good vendor, the success rate is roughly 95%, with the remaining 5% being minor delays.
In terms of hitmen, we don’t believe we’ve come across a single real hitman website.
Adam: I’m not much of a coder, but I prefer jazz or soft rock. Chris: Usually relaxing films on headphones. Brian: Classic Rock, Oldies It aids my concentration.
You’re fantastic! Do you ever intend or expect to expand? Would you utilise TORs if more people did?
Always. We’d like to secure a couple decent-sized sites as regulars and maybe expand our resourcing to other locations.
We’re always searching for new ways to get people to use TOR, so if there’s a site you’d want to see on TOR, let us know and we’ll do our best to make it happen.
What do you believe will happen in the darknet’s future? Do you believe it will ever cease, or will new technologies (such as I2P) emerge?
Also, is it difficult to ensure that these sites are secure, or does that not concern you? I’ve been working as an apprentice web developer for a few months and have looked at a couple of.onion sites, but I have no idea how safe they can be. I’d be concerned about my code being exploited for flaws.
You would keep your servers as secure as you would any other website.
Thank you for taking the time to participate in an AMA! I am a Linux System Administrator with a strong history in security, and any questions you can answer would be greatly appreciated.
What steps do you take to secure your users’ privacy (web application firewalls, intrusion detection and prevention systems, kernel hardening, etc.)?
What further steps must you take to preserve the privacy of your IPv4 address?
Do you prefer a certain administration panel software (cPanel, Ajenti, etc.) or simply plain linux servers?
Could you please inform us where you host your websites?
Do you provide email as part of your services, and if so, do you use encryption?
Also, do you utilise popular CMSs or bare code? What safeguards do you have in place if a consumer requires CMSs?
Do you encrypt your clients’ files on the web server as well? Do you believe there is a need to do so?
All server traffic is routed through a transparent TOR proxy, so even if the server wanted to, it couldn’t reveal its IP address.
The kernel is protected by PaX, SELinux, and GRSecurity.
Aside from the Tor proxy, we also ensure that the server’s information is not disclosed via error pages or dangerous scripts.
We prefer Linux servers, however we’ve had several questions regarding providing cPanel to clients. For the time being, only SFTP and SSH are available.
We are unable to disclose where the sites are hosted.
We do provide email integration, but we do not provide an SMTorP service. Safe-mail and Lelantos can be integrated into user services.
We employ both pre-existing CMS/scripts and custom code, which is often constructed with Bootstrap. We make every effort to enable all possible security features, transfer any JS features to php or CSS3, and provide code optimisation for TOR.
We employ pseudo encryption, which means that the server encrypts crucial information that customers do not need to view, but we have access to all user files and the encryption keys. Otherwise, we’d have a difficult time keeping Child Pornography off our systems.
It doesn’t appear to be the case. Strange, given that Reddit is free source. Would you rather fight a hundred duck-sized horses or a single horse-sized duck? The size of a horse. Big Bird, bring it!
In its most basic form, the Darknet is a collection of webpages hosted on a hidden, encrypted area of the internet that can only be accessed by using a tool such as TOR.
It is used to host pages that are not safe to host on the wider public internet for any reason. This could be due to illegal content, anti-government websites, hazardous ideas, private anonymous blogging, or a variety of other factors. Basically, if you want to host a website that cannot be linked back to you, the Darknet is the place to do it.
Yes, if you know how, you can accomplish anything you can do on a real computer within a VM.
In a recent comment, you stated that approximately 40% of the darknet is used for narcotics and 20% for CP; can you tell me what the remaining 40% is used for? I’m new to the darknet and have just heard stories from pals. Thank you in advance!
Did you think your group might have gotten yourself, Reddit, or TOR in trouble by making this post? To be honest, this is an incredible post, and I’m glad it exists. Another question: have you ever been caught making the sites yourself?
I can’t speak for them, but I doubt anyone got in trouble because of this post. The US Navy invented TOR. Using it is neither unlawful nor immoral. This is a corporation that uses TOR to host websites. This company is neither unlawful nor immoral. In fact, it actively opposes child porn, making it more moral than the hosting business it replaced, Freedom Hosting.
I’m probably too late for the party, but is there a darknet search engine? Or is something in the works? Is it more difficult to design a search engine for the darknet than for the conventional internet? If so, please explain why.
Do you get attacked frequently?
What about DDoS attacks? Do the cops come to your house because you host on the dark web?
We attempt not to host any sites that encourage harmful behaviour, such as Markets.
We are completely anonymous, so even if the cops had an issue with us, they would not know who was to blame.