
Inside the ‘DarkMarket’ prototype, a Silk Road the FBI can't seize - yiransheng
http://www.wired.com/2014/04/darkmarket/
======
pmorici
What an unfortunate name. Not only does it share a name with a cyber crime
forum taken down a few years back but it invokes the thought of trade in
illicit goods. There was a thread on reddit a few days back talking about how
they should have called it "FreeMarket" because it would be harder for
politicians and media pundits to dismiss out of hand since it would sound like
they were against one of the tenants of capitalism ie: the free market.

~~~
itistoday2
Let's not hide behind euphemisms.

[EDIT2: OK, I agree that calling it the "FreeMarket" may be a wise move, it
nevertheless reminded me a bit of the same game that the politicians play by
using words like "criminal", "illicit", etc. in reference to the War on Drugs:
manipulation via the negative connotation of words. If on the other hand, like
Riseed pointed out in a reply below, what you're saying is that it's simply
more accurate to call it a free market, then I agree, that's a strong stance
to take.]

We need to turn the tables on these politicians. The truth is that _they_ are
the inhumane ones. _They_ are responsible for millions of deaths and
atrocities thanks to their support of the War on Drugs. [EDIT3: for citations
see:
[https://news.ycombinator.com/item?id=7656095](https://news.ycombinator.com/item?id=7656095)
]

"Illicit goods"? How about illicit politicians? War criminals whose face is
framed in your neighborhood government office?

Call a spade a spade. The War on Drugs is a War on Humanity. It is literally
responsible for more collective human suffering than the Holocaust.

EDIT: Unfortunate to see fellow HN'ers downvoting me on this issue. Don't want
to here it from me? Maybe you'll find Richard Branson and H.L. Mencken more
appealing:

[http://www.cnn.com/2012/12/06/opinion/branson-end-war-on-
dru...](http://www.cnn.com/2012/12/06/opinion/branson-end-war-on-drugs/)

~~~
eternalban
You need to take a lesson from Ghandi and adjust accordingly:

In my opinion: most people incorrectly read an axiomatic nature to the "non-
violence" (revolutionary) approach of Ghandi. Ghandi was not a pacifist in the
lay sense. He was a pacifist in the terms of Vedic consciousness and was a
daily student of Bhagavad Gita;

And that would prompt the question of _why_ did he opt for non-violence as the
'correct' approach;

And per my analysis, he did so because he recognized that the British Empire
motivated its political balast -- from aristocracy down to plebe; whatever
held it together -- by the declared shared justification that "we are
civilizing the world.";

And Ghandi basically put all of his forces towards attacking that notion;

And by _demonstrating_ (beyond argument) to _balast_ of the British Empire
that Ghandi and the Indian Nationalists were in fact _more civilized_ than the
Empire, he basically demoralized the affective corps of that Empire. That is
why he won.

In the current situation, the fraction of 1% that truly wield global power in
our world view us nearly in sub-human terms. And the corporate mirror to the
world -- under their control -- pretty much paints their opinion of "us".

To take your example, the motivation for the policy decisions that are
accepted by the current regime's 'political balast' \-- these are the bright
young things furnished by the scientific, academic, cultural, and economic
mills -- is their (pretty accurate) assessment that without the police force,
without the governing order, the un-washed brethren would eat them up like so
much cake. So here, the internalized justification is that "at least this
violence is policy driven and under control".

If the layer under the elite balast -- that's the middle class -- demonstrates
that they are thoughtful & capable of self determination and self ordering,
then this order of things will collapse, just like the British Empire.

So, it is entirely appropriate to remember that "a people get the government
that they deserve".

~~~
sivers
eternalban, that "more civilized than the Empire" line is the most interesting
thing I've heard in a long time. Please email me.

~~~
cinquemb
If you don't mind, and if you two actually have a discussion upon the topic,
could you make a gist of it on github or something like that? I'm very much
curious about conversation such as this, and maybe others will feel the same.

------
dang
The original url [1] was blogspam—that is, it was a knock-off of some other,
more original source. In such cases HN prefers the original source.

Submitters: please double-check the article you post for links to an original
source. If there is one, please post it instead.

[http://www.ibtimes.co.uk/silk-road-successor-darkmarket-
unto...](http://www.ibtimes.co.uk/silk-road-successor-darkmarket-untouchable-
by-feds-claim-creators-1446241)

~~~
phreeza
Off topic: I like these transparent mod comments you have been doing! Do you
set a flag to keep them at the bottom or do they get so few upvotes?

~~~
dang
Glad to hear it!

That's exactly right. There's a flag for off-topic subthreads that I put on
most of these, so they don't interfere with the real discussion.

~~~
stcredzero
Is there a flag for disabling edits of certain comments?

~~~
phreeza
Editing is disabled a certain time after the comment is posted, perhaps that
is what you have observed?

~~~
stcredzero
It was well under 2 minutes.

------
tokenadult
Never say never. The one thing the history of online networks teaches all of
us is that some attack surfaces are very hard to imagine--until someone
imagines the attack surface and uses it to interfere with the network. There
is plenty of interest on the part of law enforcement authorities in figuring
out ways of enforcing the law on networks like the proposed (not yet
implemented) network described in the article kindly submitted here.

The article begins by saying, "The Silk Road . . . still offered its enemies a
single point of failure," referring to Silk Road being hosted on a single
server. Well, that is the KNOWN point of failure for keeping Silk Road
impervious to law enforcement, but there may have been other points of failure
in Silk Road's design. About the proposed DarkMarket, the article writes,
"DarkMarket, Taaki and its other developers admit, is still just an
experimental demonstration. They have yet to integrate anonymity protections
like Tor into the software; currently every user’s IP address is listed for
every other user to see." The proposal needs a lot more work to become a
practical proposal for attempting to evade law enforcement scrutiny. Whether
or not DarkMarket is ever implemented, and whether or not it will work as
expected if it is implemented, are still open questions. The biggest open
question is whether or not there will be ways for law enforcement efforts to
reach into the DarkMarket even if it works in practice as the proposals
suggests it is meant to work.

~~~
andrewljohnson
To summarize your comment:

* attacks are hard to predict

* law enforcement is interested in attacking

* being hosted on a single server is just one way to make something attackable

* the proposal needs more work

* whether this actually works is an open question

* the real question is whether law enforcement will be able to attack

In a nutshell, this is circular logic that ends where it begins, and makes no
journeys elsewhere. It makes no technical criticism of DarkMarket, references
no historical or similar examples, and offers no extra information from other
sources (such as the source code).

So, I down-voted, and wonder why all the up-votes.

~~~
michaelt
I think the summary is: It's premature to call this 'a Silk Road the FBI Can
Never Seize' until it has withstood a few years of determined attacks.

If you look at a lot of the best practices documentation for Tor it makes
everything sound like a huge hassle [1] so I can believe making a system
secure against the concerted efforts of law enforcement is complicated.

[1] [http://lifehacker.com/how-can-i-stay-anonymous-with-
tor-1498...](http://lifehacker.com/how-can-i-stay-anonymous-with-
tor-1498876762)

~~~
mathetic
I don't think you are getting the point of the article or the comment above.

This is a p2p system meaning that by definition you cannot take the market
down by arresting a single person. It doesn't say it is secure against
everything. It just says that as long as the source code/binary is somehow
available, it will not be possible to completely shutdown.

The beauty is security vulnerabilities come and go (as in gets patched) so
those are not the main concerns here. Even if they decide to tap every
communication to identify the transactions and manage to decrypt it, it is
going to help for a single raid and then it will get patched.

~~~
michaelt
Sure, maybe you can make entry nodes discoverable by users without them being
discoverable by the feds. And maybe new users can get the software without
going to a central location. And maybe you can distribute bug fixes securely
without a central server, and without the people with the keys to sign the bug
fixes getting compromised. And maybe you can deal with 90% of the peers being
created and controlled by the feds. And maybe you're secure against any and
all types of DOS. Maybe you're undetectable by deep packet inspection if every
ISP was forced to perform it. And maybe there's no way to grief or spam the
network into being useless. And maybe you can tolerate coordinated police
operations, where a single bug in the software gets a hundred of your best
sellers carted off to jail. And maybe the market will still be going strong
after that's happened 5 or 6 times.

But I'm going to reserve judgement until I've seen it working.

------
azinman2
I'm surprised no one has commented on what I thought was the most interesting
aspect: using the block chain and digital signatures to create and verify
identities. They're using it for a reputation system, and given the
distributed nature of their marketplace that's a pretty smart way to do it. By
putting it on the block chain you have this externally verifiable (at this
point) directory. One of the more creative uses of bitcoin I've seen yet.

It's unfortunate that they see this as a "next generation black market;" why
couldn't something like this also disrupt eBay or Craigslist? Or something
more important in places that have less free markets? The basic tenants should
also work for good, not just drugs/guns/etc.

~~~
jessaustin
_...why couldn 't something like this also disrupt eBay or Craigslist?_

I don't use eBay much, but is Craigslist really something that invites
disruption? It's dependable, there are no arbitrary stupid limitations,
everyone uses it, and it's free. The only tactic that could beat that
combination would be an overwhelming onslaught of marketing.

~~~
stcredzero
Craigslist personals seems practically dead.

------
wfn
Hmhm. Why do they use their own (by which i mean, 'custom') elliptic curve
implementation (in pure python - what about timing / side channel attacks?)

[https://github.com/darkwallet/darkmarket/blob/master/ecdsa/e...](https://github.com/darkwallet/darkmarket/blob/master/ecdsa/ellipticcurve.py)
[https://github.com/darkwallet/darkmarket/blob/master/ecdsa/n...](https://github.com/darkwallet/darkmarket/blob/master/ecdsa/numbertheory.py)

Would be nice to see some kind of design paper, threat model, etc. Of course a
PoC is supposed to be a PoC - good for them, for releasing code that works :)
but, people might end up using it and trusting it. So gotta ask those
questions.

------
ixmatus
Never seize but that's not the true problem, is it? Anonymity is the actual
problem.

Why aren't there any of these guys trying to build this sort of thing on-top
of [https://gnunet.org/](https://gnunet.org/) ?

~~~
jamesroseman
That's a really good point. In my university Networks & Protocols course we
made an anonymous messaging fabric where all the nodes could talk to one
another but none knew who anyone else was, and every node could connect into
the network by just knowing one node's address.

Could you make a market like this anonymous in the same fashion? Even if the
Feds seized one node they'd have only seized one node?

~~~
ixmatus
I think you could, check out GNUnet, seriously. Those guys have been laboring
away for a long time to produce a _platform_ for anonymous and encrypted
communication.

GNUnet can be used to build a darknet of any sort: P2P chat, a social
networking application, email, you name it. Brilliant people are plugging away
at it to build a platform for people with less knowledge of cryptography (like
me) to build this sort of stuff on top of.

------
Tenoke
I like decentralized services as much as the next guy, but here are some
problems off the top of my head:

1\. Running a node could easily be made illegal in most jurisdictions (abiding
criminals), which is problematic for multiple reasons (there is distinction
between helping the market operate and merely browsing it).

2\. A big enough bug is enough to get everyone involved in trouble, and even
if it is easy to fix the flaw everyone's identity up until that moment would
be compromised (bitcoin for example has had many problems, which were later
fixed, except that the stakes weren't as high)

3\. During disputes, the arbiter can side with whoever offers them the biggest
fee.

~~~
walden42
> 3\. During disputes, the arbiter can side with whoever offers them the
> biggest fee.

Then he would be left a negative review. Arbiters will be chosen based on
fairness.

~~~
Tenoke
Sure, but making new identities is cheap in such an environment. Not that I am
saying there are no fairly easy solutions, that could be implemented to
prevent this, or that this is a big issue.

~~~
nilved
No, it definitely isn't. It's not enough to have zero negative reviews, you
also need to cultivate hundreds of positive reviews.

~~~
Natsu
How do legitimate people get their first positive review?

~~~
collin128
Exactly. A little social engineering by the police could quickly erode the
trust in the network.

Police could set up a ring of their own accounts, facilitate fake transactions
amongst each other, leave positive reviews, take down one large player, then
shut that ring down. Imagine hundreds of these rings within the network.

~~~
drdaeman
That's possible if they're using only network-global review and reputation
system.

If they're also relying on WoT-like reputation system where peers rate peers,
and reputation's calculated from those chains of trust, massive sockpuppet
attackers won't be able to _quickly_ erode trust, as they'd generate that
trust only throughout their own circle, having minor impact on others. They'll
have to play by the rules for a long time to spread connections through the
network.

------
coldcode
As long as there are people involved in this somewhere it can never be out of
the reach of the law. Al Capone thought he had it all figured out and they got
him on income tax evasion. If you build a system that is based on illegal
activities instead of legal, all you do is make yourself a fat target and all
the rest of us will suffer even if we don't care for the illegal products.

~~~
josu
And that's a risk some people are willing to take. What's revolutionary about
this is that there is no way to take down the whole network as they did with
Silkroad. Of course some people are going to go down, but that won't affect
the integrity of the network.

------
jackgavigan
This is very similar to an idea I came up with in 2006, for decentralised
financial trading, with counterparties trading directly with one another and
trust provided by central counterparties who would novate the trade.

Details here:
[http://jackgavigan.com/?attachment_id=796](http://jackgavigan.com/?attachment_id=796)

~~~
Lost_BiomedE
Curious, how is this different than trading Forex with a non-dealing desk
broker? Or something like Nadex, where you trade directly on the exchange and
each trade between you and a market maker is essentially in escrow until the
outcome is realized?

~~~
jackgavigan
_> Curious, how is this different than trading Forex with a non-dealing desk
broker?_

Well, the broker's a middleman. He's going to add some commission to the
price. A decentralised system allows you the option of trading directly with
the other end of the deal and bypassing the middlemen that normally make money
by connecting the two endpoint counterparties of a trade.

 _> Or something like Nadex, where you trade directly on the exchange and each
trade between you and a market maker is essentially in escrow until the
outcome is realized?_

What if you don't want to use Nadex? What if you could get a better price
trading directly with someone else instead? What if you want to trade
something that Nadex doesn't support?

~~~
Lost_BiomedE
Ah. I was thinking mostly of counter-party risks. Yeah, if you could get the
liquidity, the spreads available may be real nice.

I think the way trading has been trending technologically, we will get there
eventually.

Thanks

------
api
Tor needs a mechanism for P2P, like ephemeral .onion addresses. Then it could
just run _over_ Tor which is already a proven anonymity technology.

------
alttab
The arbiter system is broken. The bitcoin are effective timely controlled by
who controls the arbiter.

------
frozenport
Questions:

1\. How is this distributed? For example, torrents require a tracker. What
does 'zeromq' do that enables them to not have any centralized server at all.
Where is the client list?

2\. Does every user need to download the whole marketplace, including all
resources like images? Downloading a bitcoin wallet takes forever, wouldn't
this be much worse? Similar to keeping the whole internet in a single file?

~~~
TehCorwiz
Each ZeroMQ daemon can be a provider or a consumer of data. Therefor given a
list of upstream providers it can request data and given a list of downstream
consumers it can register as a provider.
[http://zeromq.org/](http://zeromq.org/)

No, It's HTTP like the web, except when you ask for DarkVendor555's info it
loads it over this distributed network instead of from a central server.

~~~
frozenport
Ah I see, but I wonder how this scales, if you need to download a client list
everytime you connect. I guess downloading a client list is easier compared to
downloading all the resources. Maybe download a small fraction of the list?

~~~
TehCorwiz
Well, both BitTorrent and Tor implement distributed client lists in a
performant way. I wouldn't imagine this is much different or worse.

------
analogj
The distributed search would be the most complex part. it could probably work
if each user worked as part of a sharded database, being just one part of the
index. that would only work if the node was connected all the time tho. its
definitely going to be one of the more interesting problems though.

------
primitivesuave
Surely we're at that phase in technological development where Murphy's law no
longer applies. I mean, we have build systems and unit tests now!

------
niix
Hey it's using Twitter Bootstrap.

~~~
icpmacdo
Duh it was built at a hackathon!

------
jacques_chester
I see that the basics of marketing have not been swept away by bitcoin.

~~~
etherael
What do you mean?

~~~
jacques_chester
I mean that making categorical statements is marketing 101.

Tell people what they _want to hear_. People want to hear that they can trade
illegally with zero risk of being caught: so tell them that. No need to sully
people's minds with tedious details like the risk of design flaws, the risk of
implementation flaws, dealers giving you up in a plea deal, undercover agents
... etc etc etc.

The most important lesson of security is that it is about probabilities, not
certainties. You can only ever secure yourself against attackers with a given
level of motivation and resources. When you brag about your security, you
create a more motivated attacker. And the FBI is pretty well-resourced, as
attackers go.

~~~
etherael
I see, actually there's a popular thread in the bitcoin subreddit petitioning
to change the name to "FreeMarket" to escape the negative connotations of
"DarkMarket", so it seems a lot of people see it as a marketing failure rather
than success.

I partially agree with you even though I want to see the state destroyed.
Goading them to attack will likely result in consequences for some of the
people using the tool, but it's also a way to put active hostile pressure on
the attack surfaces as well to quickly show any security flaws.

