
OpenBazaar is a decentralized Dark Net market that's 'untouchable' by police - dil8
http://www.dailydot.com/politics/openbazaar-is-next-after-silk-road-2-falls/
======
jasode
I see several comments questioning the _legitimate_ value of a peer-to-peer
marketplace. Some cannot see any use other than illegal commerce (drugs, porn,
etc).

It is true that such illicit trades will take advantage of that network but is
it really impossible to envision _legal_ business as the major activity? Yes,
cars can be used as getaway vehicles from bank robberies and also smash
terrorist bombs into government buildings. However, cars also have tons of
other legitimate uses.

Consider that ebay has about 200 million users.[1] Their fees have been going
up every year and they are now at 10% (which does not include the separate
insertion fees.)[2]

If one can sell a _legal_ item such as a $50 book on ebay, why not sell it on
a p2p marketplace and avoid paying $5 of that sale to ebay? If not OpenBazaar
or similar p2p architecture, what alternatives do folks propose?

Do 200 million ebay users have _lawful_ reasons to avoid paying ebay
commission fees?

At this point, I believe low-volume selling is too dependent on proprietary
platforms such as ebay or amazonmarketplace. As an analogy using email, I'm
glad that SMTP won over closed systems such as CompuServe, AOL, and Western
Union's EasyLink. Even though SMTP email has many bad uses such as phishing,
malware delivery, and spam, I'm still glad it won. The good uses outweigh the
bad.

Can a more open platform for sellers _without the stigma of illegal activity_
be realized?

[1][https://www.google.com/search?q=ebay+"200+million+users"](https://www.google.com/search?q=ebay+"200+million+users")

[2][https://www.google.com/search?q=ebay+raises+fees+10%25](https://www.google.com/search?q=ebay+raises+fees+10%25)

~~~
Touche
Why does a distributed marketplace intended for legal trade need to run on
Tor? Do you need anonymity if you're selling towels?

~~~
dionyziz
OpenBazaar developer here. This is the "nothing to hide" argument that we've
seen used to much by the NSA and governments.

The answer is that we believe people simply have the right to privacy in
trade. Here's a discussion by the OpenBazaar team on the matter:

[https://github.com/OpenBazaar/OpenBazaar/issues/189](https://github.com/OpenBazaar/OpenBazaar/issues/189)

Do you want your credit card company to know exactly where you've shopped for
the past two years? Would you like your employer to know what porn movies you
enjoy? Would you want your neighbourhood burglars to know exactly how much
money you spent on your brand new Swiss watch this month? Is it OK if your
super-market chain only offers discounts to you on the condition that you
don't buy anything from other super-market chains?

Should your wife be able to scrutinize what trips you went to and how much you
spent on expensive chocolate and alcohol without your permission? Discover
before her birthday that you bought her a ring as a present? Would you feel
alright if Google used all your shopping history to show you targeted ads? As
a seller of rare books, do you want the prices of all purchases to be
published to potential candidate sellers instead of being treated as trade
secrets? Would you want your annoying jealous nephew to know you've booked
snowboarding tickets to Austria without inviting him?

Is it acceptable for these things to be posted on the Internet and commented-
on by Redditors?

Please, I invite you to post your credit card records for the past year here.
We'll be happy to look over them and leave some comments for you. After all,
you've got nothing to hide, yes?

Anonymity is important for people. For some people, it's more important than
others. Different people have different needs. Sometimes anonymity is a matter
of life and death, sometimes it's just a matter of personal privacy and the
right to be left alone. Users can use the anonymity feature as they see fit,
but we need to be there to protect them if they require so.

And, yes, some trade can be only marginally legal or completely illegal.
Sometimes illegal trade is ethical, and laws vary from country to country. At
least at the trade level, we should be free and anonymous. What if your
Internet provider disables the Internet in your country by secret warrant
request of the government if you live in North Korea, or Turkey in the times
of Twitter-censorship, or Egypt in the time of the revolt, or Iran at times of
war? Is it OK to leak to your government that you purchased an antenna off of
OpenBazaar to access the Internet through mesh networks? Sometimes the penalty
can be death.

Not everyone lives in free regimes where privacy is a matter of a warm, cozy
feeling and convenience. People need privacy in trade to be free.

That said, freedom comes at a cost, and the price for being free is not low :)

~~~
csandreasen
> Please, I invite you to post your credit card records for the past year
> here. We'll be happy to look over them and leave some comments for you.
> After all, you've got nothing to hide, yes?

That's a ridiculous counter argument. If I buy a bunch of towels/etc. from an
online merchant, I have every reason to believe they will not use any
information they gather to publicly embarrass me or otherwise do me ill will.
Their business relies on them not abusing their customers. If they showed any
indication that they aren't trustworthy, I wouldn't do business with them.

On the other hand, I don't have any reason to trust someone on the internet
requesting my credit card records in exchange for the privilege of being
publicly embarrassed when they post it on the internet. The argument is never
"I've got nothing to hide", the argument is that I have no reason to hide my
Amazon purchases from Amazon.

Most of your examples are either non-issues or not realistic. My credit card
company does have a right to see how much and where I'm spending - I'm
borrowing their money when I make a purchase. I don't know of any service I
use that sends my porn history to my boss (unless I decided to do it at work
on computers owned by my employer). I don't know of any supermarket discount
program that prevents you from shopping elsewhere - every rewards program I've
ever seen is structured to encourage you to shop with them more, not punish
you for shopping elsewhere. My wife has every right to scrutinize our bank
account - if I didn't trust her I wouldn't have married her. If she finds out
what her birthday present was, that's her loss for ruining the surprise, not
mine. My annoying jealous nephew can get over himself - if he wants to come on
trips with me then he needs to be less annoying.

If I don't want any of these things posted publicly on the internet, I a)
won't post them publicly on the internet, and b) won't share the information
with anyone that I don't trust to refrain from posting it publicly to the
internet. Anonymity is not the same as privacy - privacy comes from keeping
personal information to yourself.

So, to reiterate the grandparent poster asked, why does a distributed
marketplace intended for legal trade need to run on Tor? Do you need anonymity
if you're selling towels?

~~~
pyre
> The argument is never "I've got nothing to hide", the argument is that I
> have no reason to hide my Amazon purchases from Amazon.

The argument most definitely is "you've got nothing to hide." This argument is
bandied about a lot. With some sort of idea that your entire life should be
laid bare before the whims of law enforcement/signals intelligence agencies.
The idea always comes with the assumptions that:

\- If you want to hide something from others is means that you must be guilty
of some sort of crime, and deserve to be punished.

\- All employees of said law enforcement/signals intelligences agencies are
will never abuse their power for any reason, and if they do it's probably for
a "good reason" (e.g. see Supreme Court Justice Scala(?) arguing law based on
"Jack Bauer" scenarios).

~~~
csandreasen
I'm going to take a karma hit for this one, I think...

Well, the conversation has apparently gone from asking why someone needs total
anonymity when conducting completely legal activity online to protecting
oneself from signals intelligence agencies. I have a vested interest in
protecting my sensitive information online from identity thieves, scammers,
people who would want to rob or injure me and people making arguments like the
one I responded to who would likely use my information to embarrass me in an
attempt to make a point about having "nothing to hide." When I have a credible
reason to add the cops or the NSA to the list, I'll start taking measures to
hide my perfectly legal activity from them as well.

The reason I don't fear them isn't because I believe they're infallible, free
from abuse, etc. - the reason is that I'm significantly more likely to be
assaulted by one of the hundreds of people that walk past me on the way to
work than targeted by a rogue NSA agent trying to collect my online activity,
and yet I can still walk down the street without being scared of everyone
around me.

In the mean time, I know that if the NSA or FBI wants to target me they need a
court order, and if I'm going to be arrested and tried in court the cops need
evidence of illegal activity to convict me. When I see credible evidence that
this is not the case, I'll take steps to protect myself from them. Despite
more than a year of Snowden revelations, however, Greenwald and friends have
yet to show evidence of a single American being thrown in jail because of the
vast, Orwellian surveillance state that has supposedly developed around us.

If it was happening, that would have been the first thing they reported a year
ago. The fact that they have yet to come up with anything tells me that in
that giant trove of the NSA's deepest secrets, there is nothing to indicate
any harassing or incarceration of regular citizens.

~~~
musername
so, you don't believe that it's a fragile system, before you saw it break?

~~~
csandreasen
I've followed the reporting that Greenwald, Poitras, Gellman et al. have put
out fairly closely, but I've also watched the debates, watched several of the
Congressional hearings, read both of the PCLOB reports, quite a few of the
declassified documents, etc. The conclusion I've come to is that talking about
nuances in surveillance law doesn't bring in advertising dollars, but you
can't go wrong by stirring up hysteria talking about all of the things the NSA
could technically do without showing evidence of them actually doing it. This
is the Ebola scare of the tech community.

So to answer your question, I believe it's an ugly system with a lot of warts,
but I have yet to see it break.

~~~
pyre
> you can't go wrong by stirring up hysteria talking about all of the things
> the NSA could technically do without showing evidence of them actually doing
> it.

A couple of questions:

* Are you a fan of the "benevolent dictator" ideal? (The idea that forming a dictatorship is ok so long as the dictator has the best interests of the people in mind)

* Do you agree with the NSA's redefinition of the word 'collect' to mean that something is only "collected" when a human see it? If not, then why would you trust people that attempt to redefine common terms to mean things that normal people wouldn't expect in the hopes of deceiving them while appearing to be completely honest and up-front?

~~~
csandreasen
> Are you a fan of the "benevolent dictator" ideal?

I'm not an authoritarian if that's what you're getting at - and this is
getting _way_ off topic...

> Do you agree with the NSA's redefinition of the word 'collect' to mean that
> something is only "collected" when a human see it?

I'm going to repost part of an older comment I wrote that addresses the issue:

This is the actual legal definition of 'collected' per DoDD 5240.1-R[1]:

 _" C2.2.1. Collection. Information shall be considered as "collected" only
when it has been received for use by an employee of a DoD intelligence
component in the course of his official duties. Thus, information volunteered
to a DoD intelligence component by a cooperating source would be "collected"
under this procedure when an employee of such component officially accepts, in
some manner, such information for use within that component. Data acquired by
electronic means is "collected" only when it has been processed into
intelligible form."_

That would include sent to the NSA, processed by algorithms and stored. The
"read by a human definition" as far as I can tell comes from the EFF
selectively quoting that definition[2] and drawing their own conclusions from
their selective quotation, not the regulation itself. As the regulation itself
states, as soon as any DoD intelligence components receives it and processes
it, it is considered collected.

The misunderstanding is compounded by Clapper's June 9th 2013 interview with
Andrea Mitchell, where he tries to explain that there's a legal difference
between collecting content and metadata and fails miserably[3]. Mind you,
Clapper is not part of the NSA. That's not an excuse, since as DNI he should
know better, but it does explain it somewhat...

[1]
[http://www.dtic.mil/whs/directives/corres/pdf/524001r.pdf](http://www.dtic.mil/whs/directives/corres/pdf/524001r.pdf)
(see page 15)

[2] [https://www.eff.org/nsa-
spying/wordgames#collect](https://www.eff.org/nsa-spying/wordgames#collect)

[3] [http://www.nbcuni.com/corporate/newsroom/nbc-news-
exclusive-...](http://www.nbcuni.com/corporate/newsroom/nbc-news-exclusive-
transcript-of-andrea-mitchells-interview-with-director-of-national-
intelligence-james-clapper/)

I hope that answers your questions. (and, btw, I hate it when people downvote
because they don't agree with someone. I think it should be reserved for
actual abuse, so I voted you back up a point if it matters to you).

------
SamPatt
Hey HN, this is Sam Patterson, operations lead on OpenBazaar.

Please note that this open source project is about 6 months old, and not
production ready. It has just started integrating Tor, but should not be
considered private or secure yet.

We welcome testers, we are about to release 0.3.0 sometime in the next few
days. Our Github is here:

[https://github.com/openbazaar/openbazaar](https://github.com/openbazaar/openbazaar)

We've gotten a lot of attention from the recent dark net markets being shut
down. As I've said elsewhere, viewing OpenBazaar as SR 3.0 misses the true
potential of creating a protocol, network, and client that allows individuals
or companies to conduct trade directly with each other online.

We welcome feedback on our project, I'm happy to answer questions, and of
course we'd be delighted if you want to join us. Let's make trade free.

~~~
mike_hearn
I think you should reconsider integration of Tor. This is quite likely to end
badly for you. If the police reports are true SR2 had 150,000 users: if even a
fraction of those decide to migrate to OpenBazaar at some point, any
legitimate usage will likely be overwhelmed by illegal usage. That would put
you in the unenviable position of being the next DPR, except not anonymous
(Silk Road sold books as well as drugs but that didn't matter).

Your best bet is to just not ensure IP addresses are recorded and
unobfuscated. That'll help tip the balance towards legal activity.

~~~
joshschreuder
I'm not sure it's equivalent. What you're saying is that whoever wrote the
stack that SR used should be prosecuted for facilitating the site's creation.

This is simply a project in the same way BitTorrent is a project - it can be
used for many things, illegality being just one, and even if that is the main
usage pattern (which isn't clear at this point), that's no reason for the
creator to be punished.

~~~
tikhon
Tell that to the creator of cryptocat

~~~
kordless
TMK, he was never _prosecuted_. Baited, yes.

------
awjr
I think the interesting thing about these Dark Net markets is how they enable
sellers to market their product and maintain their reputation without the need
to "get out on the streets" and push their wares. It is fundamentally better
for society.

What governments need to get over is the failed "War on drugs". Legalise and
tax the lot. Decriminalise possession, release all prisoners on non-violent
drug related internments. Provide health care support to help people come off
drugs as we do with alcoholics/smokers.

Let's stop being so damn hypocritical about this.

~~~
killerpopiller
I don't think we should push OpenBazar into the illegal drug corner. It is a
neutral tech and follows the decentralization vector the internet opened.
Amazon, Ebay, alibaba and so on, all could very well get absorbed by an open
bazar concept.

This happened imho to bittorrent, which remains in the piracy corner, even
though it is brillant tech solution. E.g. BTSync still has this reputation
problem (besides missing open sources) which curbs adoption from sys-admins.

~~~
Touche
What need is there for selling non-illegal things in a darknet market? Let's
be honest, OpenBazaar will be used to sell drugs, stolen ids, and other
illicit things.

~~~
lucastx
Therapeutical herbs. Prohibited books.

~~~
krapp
If these are illegal, then you're not really presenting a counter-case that
darknets are only useful for illegal trade. If they're not, you don't need a
darknet to get them.

~~~
anonymfus
> If they're not, you don't need a darknet to get them.

False. Some things are restricted by abuse of power, not by law. For example,
it's very hard to massprint antiputin agitation in Russia despite there is no
law against it.

~~~
krapp
Fair enough.

------
gwern
Keep in mind, a lot of people are hyping OpenBazaar more than it deserves or
is helpful. The basic question about OB no one has answered is: assuming they
get it up and running and with a good security model, why will the mass of
black-market - or legal - users ever use it, when using Amazon or something is
easier and more familiar?

You may say that they'll use it so they don't have to worry about police,
except black-market users' revealed preferences are that _they don 't care_:
SR2 was doing millions a month _without any escrow at all_ , and multisig
usage is uncommon even on the markets which support it (vendors generally
estimate <10%). The users seem to simply not care. Why are they going to use
OB?

~~~
ertdfgcb
The users that don't care are almost always the users buying the smallest
(personal) amounts, and they usually don't care because they know if they get
scammed or it gets lost they only lost $30. The customers who want larger
quantities very much do care, and they're the ones who spend real cash.

Furthermore it's pretty common for a dealer who has a good enough reputation
to start requiring early finalization. Most of the reason people still used
SR2 is it was the easiest place to find their favorite vendor, and the lack of
escrow didn't matter because you trust him and/or he requires FE no matter
what the market.

As for why people will use OB (I have no idea if they will), cops aren't the
only thing to worry about when buying drugs on the darknet (in fact they're
close to the bottom of the list). Several marketplaces (including SR2) have
been hacked and had all the users money stolen, and a couple have just
disappeared with everyone's money. I suspect the selling point will be more
like: "Hackers and corrupt admins won't be able to steal your money! Plus it's
never down! Plus it's harder to get arrested!".

~~~
gwern
> The users that don't care are almost always the users buying the smallest
> (personal) amounts, and they usually don't care because they know if they
> get scammed or it gets lost they only lost $30. The customers who want
> larger quantities very much do care, and they're the ones who spend real
> cash.

No, you're just wrong. The multisig markets do little business, period. And
lots of SR2 sales were for quite large amounts, see Judith Aldridge's paper on
this topic - the larger quantities made up most of the revenue.

> I suspect the selling point will be more like: "Hackers and corrupt admins
> won't be able to steal your money! Plus it's never down! Plus it's harder to
> get arrested!".

And yet, none of that has made PGP or multisig standard.

------
ams6110
_If authorities acted against OpenBazaar users, they could arrest individuals,
but the network would survive._

This sounds exactly like the current physical marketplace for anything
illegal. Individual drug dealers are arrested, sometimes even big distributor
organizations are taken down, but the trade network always goes on.

------
higherpurpose
Sensationalist title, just like saying "Bitcoin - an untouchable crypto-
currency for drugs".

This has the potential to be used by everyone in the world to sell anything.

------
EGreg
As someone passionate about decentralized systems, I'm curious how OpenBazaar
would deal with, say, a marketplace for assassinations and other things that
would clearly be illegal and unethical.

Can any distributed system deal with it? Probably best to leave it in place
and expose such people, but who gets to decide which crimes warrant exposing
the participants, and how would that even work? I can think about sting
operations but that's about it.

------
manucorporat
Looks like they are also developing a Search API for OpenBazaar
[https://search.bizarre.company](https://search.bizarre.company)

------
ChrisGaudreau
Untouchable by police? That's a pretty big claim. What would happen if the
government were to round up some computers and control 50% or more of the
network?

------
theone11
untouchable is such a overused word. everything is touchable. the government
just has to order some products and track their origin using the mail system,
get enough orders, you find the vicinity, spy on the drop off area and the
businessman is bound to make mistakes, we are human after all. there are many
ways to skin this cat.

------
theone11
untouchable is such a overused word. everything is touchable. the government
just has to order some products and track their origin using the mail system,
get enough orders, you find the vicinity, spy on the drop off area and the
businessman is bound to make mistakes, we are human after all.

------
paulhauggis
For my business, I order thousands of items on Amazon and Ebay per week. Even
with the protections in place, sellers don't ship the items and then never
respond/won't refund, I get the wrong items/broken items (and they refuse to
let me send it back).

Why would I shop anywhere without these assurances?

~~~
SamPatt
OpenBazaar uses 2-of-3 multisig, meaning that the buyer doens't send funds
directly to the seller but instead sends it to a Bitcoin account that is
jointly controlled by three parties; the buyer, the seller, and a trusted
third party called a notary. Both parties agree to the notary, and then in
order for the funds to be released from the multisig, any two parties must
agree on how the funds are released.

In a normal transaction, once the item ships and is received, both the buyer
and seller agree to the transaction and funds are released. If there is a
problem, then that third party enters the picture, and sends funds from the
multisig by agreeing with either buyer or seller.

~~~
sanswork
How will they be able to prove anything though? The seller could send an empty
box. They'd have a tracking code then "proving" they'd sent the item. The
buyer could claim it was an empty box but the 3rd party wouldn't be able to
know if it was or not.

A scammer would just have to ensure they cycle 3rd parties so their actions
aren't noticed(or cycle accounts). What's to stop that?

~~~
mappu
That (fraud) is a problem for current ecommerce too. It can be addressed in
part by reputation systems.

