Of course, there still has to be some level of trust on the part of a buyer, that the seller they're connecting to is actually a real drug dealer and not an undercover cop. But that was still an issue even on the original Silk Road. It was partially addressed by the feedback/review system -- which does involve a certain amount of trust in the site not to fabricate reviews -- but more importantly by the fact that high-level law enforcement is really only interested in tracking down sellers. And assuming the users are competent, running a honeypot gives you very little information about the sellers.
Many users over in Europe took to themselves to review sellers on trusted third-party sites, such as flashback.org.
There trusted sellers were "greened", as it were, and word was quickly spread when some seller tried a bait-and-switch by giving good drugs to the first buyers and scamming the second wave.
Full Disclosure: I am a user of flashback.org but I never used drugs or silk road.
Buyers slightly less, considering that the sellers might be cops (which is also the case on a non-honeypot site), or because the PGP-keys of the sellers might be fake (for MITM).
But considering that feds generally seem to target sellers, I don't think the usefulness of this as a honeypot would be huge. But it's definitely possible, especially given that the feds have the source code and all.
Why wouldn't law enforcement pose as buyers, as well? This is a common tactic in narcotics enforcement. Entrapment often isn't an issue, as the seller took the first step of advertising the drugs for sale.
Are you getting at the fact that the buyer must have a receiving address, while the seller can ship anonymously? I would be skeptical of that. If I were attempting to track the source of a package, and I had the full force of warrants behind me, I bet I could track down most shippers.
Every shipping company has its own tracking information. Much of this may be opaque to the end user. The tracking might be much more detailed than what you can see as an end user with a tracking number. Assuming the carrier cooperates with law enforcement, tracking could (presumably) be further enhanced for targeted post offices, routes, etc..
For example, suppose I, as a law enforcement agent, receive an order from a Silk Road seller. Let's say it was shipped in an envelope, dropped off at a USPS street-corner box. From the tracking info, I identify which post office first handled the envelope. Thus I narrow my search to a few possible mailboxes served by that post office.
I instruct the carriers at that post office to assist me. As they follow their routes, emptying mailboxes, I have them sort outgoing mail into separate bags, one per box. I have the post office flag any mail going to my address.
I place another order from the same seller. When it hits the post office, it gets flagged, and because of the per-box sorting, I know which mailbox was used.
For round three, I place yet another order, this time with the mailbox under surveillance. I also install a camera inside the mailbox that sees the destination address of every envelope deposited. When the seller drops his shipment, my surveillance team detects it. They then follow the person who dropped the letter. Now I have the shipper's identity.
Can these measures be defeated with appropriate opsec? Maybe, if you know exactly what tactics law enforcement will employ. But you don't. You could spend all your time defending against the tactics I just described, only to get caught because law enforcement came up with a totally different strategy.
My point is, opsec is really, really hard.
For sellers, proper OPSec requires that they do not leave fingerprints in/on the package, that mailing locations are reasonably random and not isolated to a small geographic area, and that the sender masks his identity (veiled face, no cellphone, no car) when dropping off the packages. Additionally, a seller should use a variety of packaging types for shipments to make detecting the illicit shipments harder.
Given these precautions, it would likely be infeasible for law enforcement agencies to identify a given seller. However, they would also reduce profits for the vendor.
For example, conceivably when you package the drugs in your warehouse, local pollens and molds could find their way into the insides of the packaging. If the distribution of pollens and molds is unique to a reasonably small area, that would be an information leak.
A bit sci-fi? Sort of. You'd need a database of mold and pollen distributions for the whole country, plus tools to analyze the distribution in a given package. That's daunting, and maybe it's more trouble than it's worth for drug enforcement. But it's not outright impossible. And I have no idea what's the maximum effort DEA is willing to spend to track down Silk Road sellers.
This is just one example of a possible information leak, off the top of my head. I'm sure we could come up with others, if we thought hard enough about it. All of this is to say that it's not the information leak you're worried about, it's the one you haven't thought of that will ruin you.
Agents need to make busts in order to get promoted, therefore 'rational' agents will catch those easier to catch before devoting resources to harder to catch suspects.
Not that I'm disagreeing with you at all. Your point seems spot-on.
If you're smart enough to devise these opsec procedures, you're probably smart enough to make a decent living doing something legal. So being a drug dealer is only worth it if you can do it at scale and make serious money. But these opsec procedures would significantly erode your hourly rate, making Silk Road an unattractive proposition. Unless, of course, you're willing to throw caution to the wind and optimize for efficiency rather than security.
The post office also happens to have a list of these mailboxes, if you use random selection and travel during peak hours they can't reduce much below the 'people who live in the metro area and commute' level.
"...while the Royal Mail intercepted several other packages, which had been held up because insufficient stamps had been put on them."
"After receiving the second letter, which had been damaged by fire, police made enquiries with the Royal Mail and discovered that a fire had been reported in a postbox on Bradpole Road, Bournemouth, leading to speculation that "Sally"—the alias by which all the letters were signed—had changed his mind and attempted to destroy the letter."
"The police received another letter from "Sally" on 7 December. Once again, the letter was traced back to the Bradpole road postbox, where the surveillance operation had continued. The operation had captured good-quality footage of all the users of the postbox that day, but, as it was close to Christmas, the postbox was busier than normal, with 172 items posted by 38 people. Royal Mail regulations meant that detectives could not open or delay the letters, so they made enquiries with the recipients to identify the senders. They eventually managed to identify all but a small number of the senders."
"On 17 February 2001—over six months after the receipt of the first demand and three months since the last letter from "Sally"—the police made a major breakthrough. Detective Constable Alan Swanton, a junior detective on the case, spotted one of the people caught by the surveillance of the postbox who had yet to be identified. The man was carrying a fuel container, which Swanton believed had come from a nearby filling station. Officers obtained CCTV footage from the filling station, where their suspect had paid by cheque, and identified the man as Robert Edward Dyer."
And then you end up with covert LEO buying, and covert LEO selling ... and find yourself knee deep in a Philip K Dick novel.
Because as a buyer you don't know who the seller is. You just receive your package.
But as a seller, you know your buyer's mailing address. It becomes trivial to catch the buyer.
And would it be even legal for the police to do this?
If the government is running a drug marketplace as a honeypot to catch sellers and buyers, it's possible that some of those buyers and sellers might mount an effective suit ... but I'd say the expected result is much more likely to be jail time for the buyers/sellers.
Moreover, the courts will rule that only people directly harmed by such things can sue for it, and then will deny THEIR suit unless they are able to prove that it happened. Since it'll all be classified up to the moon, the government will deny its existence, and no suits will happen.
This is a deliberately cynical take on how that would go down, but I fear it's probably not inaccurate.
There is no other way to run a honeypot. Reminder that the feds ran the two largest carding forums on the web:
They almost entirely destroyed English-language US-based carding forums in the process.
What I don't really know, I guess, are the legal implications of entraping people on such a mass scale.
I'm also not sure about the usefulness of such a honeypot, since you can't actually track the buyers. Just because someone pays you to send drugs to some address, doesn't mean it's their own address
That said, I agree with other comments here as to why it's unlikely to be a honeypot.
Of course they would. The makers of a maximally-effective honeypot aren't going to shy away from making fun of TLAs. They'll do what's most effective.
With that said, I doubt it's a honeypot. Of course I don't plan to test that hypothesis.
This may result in your neighbor being raided and possibly being injured (and small chance they might be killed). Please read the description of some of these botched raids http://www.cato.org/raidmap before you willfully endanger people you should be looking out for.
If you get drugs shipped to your house, they will charge and probably convict you. Doesn't mean it would hold up in an appeal, but why would you risk an innocent's life, freedom, finances, and social standing just to order drugs off the internet?
All I was responding to is your statement, "One of the most irresponsible things I've ever read." If I ranked all statements I've ever read in order of irresponsibility, this is pretty middling.
If you don't see the irresponsibility of implicating an unknowing third-party in a serious life ruining felony, I don't know what to tell you.
Given that this is most likely filled with vendors who are either agents or guys who have been popped and are now confidential informants, your statistics are way off.
But that is just low. What kind of psychopath do you have to be to ruin some innocent persons's life just because you want to check some theory.