Hacker News new | past | comments | ask | show | jobs | submit login
Inside the ‘DarkMarket’ prototype, a Silk Road the FBI can't seize (wired.com)
139 points by yiransheng on Apr 27, 2014 | hide | past | web | favorite | 83 comments

What an unfortunate name. Not only does it share a name with a cyber crime forum taken down a few years back but it invokes the thought of trade in illicit goods. There was a thread on reddit a few days back talking about how they should have called it "FreeMarket" because it would be harder for politicians and media pundits to dismiss out of hand since it would sound like they were against one of the tenants of capitalism ie: the free market.

The name could also be used against them by Feds wanting to shut it down by charging the devs with conspiracy to traffic or launder. Imagine if Bitcoin was called NarcoCoin and Gavin was openly giving interviews he develops it to facilitate trafficking and thwart law enforcement. They also might run into problems elsewhere, like Thailand or Singapore which require less burden of proof to send people away for conspiracy if this network has vendors listed there. These guys can't travel anywhere if this is released with their names on it.

One of the cypherpunk jokes was "Gold Denominated Burmese Opium Futures".


Let's not hide behind euphemisms.

[EDIT2: OK, I agree that calling it the "FreeMarket" may be a wise move, it nevertheless reminded me a bit of the same game that the politicians play by using words like "criminal", "illicit", etc. in reference to the War on Drugs: manipulation via the negative connotation of words. If on the other hand, like Riseed pointed out in a reply below, what you're saying is that it's simply more accurate to call it a free market, then I agree, that's a strong stance to take.]

We need to turn the tables on these politicians. The truth is that they are the inhumane ones. They are responsible for millions of deaths and atrocities thanks to their support of the War on Drugs. [EDIT3: for citations see: https://news.ycombinator.com/item?id=7656095 ]

"Illicit goods"? How about illicit politicians? War criminals whose face is framed in your neighborhood government office?

Call a spade a spade. The War on Drugs is a War on Humanity. It is literally responsible for more collective human suffering than the Holocaust.

EDIT: Unfortunate to see fellow HN'ers downvoting me on this issue. Don't want to here it from me? Maybe you'll find Richard Branson and H.L. Mencken more appealing:


You need to take a lesson from Ghandi and adjust accordingly:

In my opinion: most people incorrectly read an axiomatic nature to the "non-violence" (revolutionary) approach of Ghandi. Ghandi was not a pacifist in the lay sense. He was a pacifist in the terms of Vedic consciousness and was a daily student of Bhagavad Gita;

And that would prompt the question of why did he opt for non-violence as the 'correct' approach;

And per my analysis, he did so because he recognized that the British Empire motivated its political balast -- from aristocracy down to plebe; whatever held it together -- by the declared shared justification that "we are civilizing the world.";

And Ghandi basically put all of his forces towards attacking that notion;

And by demonstrating (beyond argument) to balast of the British Empire that Ghandi and the Indian Nationalists were in fact more civilized than the Empire, he basically demoralized the affective corps of that Empire. That is why he won.

In the current situation, the fraction of 1% that truly wield global power in our world view us nearly in sub-human terms. And the corporate mirror to the world -- under their control -- pretty much paints their opinion of "us".

To take your example, the motivation for the policy decisions that are accepted by the current regime's 'political balast' -- these are the bright young things furnished by the scientific, academic, cultural, and economic mills -- is their (pretty accurate) assessment that without the police force, without the governing order, the un-washed brethren would eat them up like so much cake. So here, the internalized justification is that "at least this violence is policy driven and under control".

If the layer under the elite balast -- that's the middle class -- demonstrates that they are thoughtful & capable of self determination and self ordering, then this order of things will collapse, just like the British Empire.

So, it is entirely appropriate to remember that "a people get the government that they deserve".

I don't see how this interpretation is compatible at all with Gandhi's suggestion to the British to lay down arms rather than fight the Nazis, or for the Jews to have let Hitler eradicate every single one of them because it would be "heroic." These suggestions seem straightforwardly nonviolent rather than strategic in some fashion, considering the motivations of German imperialism. Appealing to a concentration camp guard's civility and humanity probably wouldn't get you far.

eternalban, that "more civilized than the Empire" line is the most interesting thing I've heard in a long time. Please email me.

If you don't mind, and if you two actually have a discussion upon the topic, could you make a gist of it on github or something like that? I'm very much curious about conversation such as this, and maybe others will feel the same.

The success of the Indian Independence Movement was probably also facilitated by the fact that by the end of WWII the UK had lost almost all of its political power and economic power to the US and was in no position to control unrest in such a large colony. In particular since the US was unwilling to help the British with any of its colonies or puppet states, as they intended to become the new empire.

I read a science fiction story many years ago that argued that if Germany had won WW II, India would never have become independent because the Germans would simply have executed Gandhi and any others who advocated Indian independence.

Truly love your comment. As for the current situation; I'd like to argue that it's not about violence at all though.

It's about the belief that capitalism is the true(est) reflection of personal worth and that monetary wealth itself determines personal value.

In the future I predict that technology will let us return to the original notion for which money is but an imperfect proxy: credit, or deservingness.

It's not until the wealth of the rich actually becomes dependent on their goodwill that they will behave as though it is.

But what of the layers of society—education, entertainment, media (most of which has become entertainment)—where the elites are poisoning the well, actively undermining the ability of the lower classes to function respectably?


Your comment demonstrates perfectly why "DarkMarket" is a horrible name. You assumed we were discussing the market in the context of only drugs and went off on a rant about how you hate government drug policy. Now imagine if you held the view that the so called war on drugs was good policy and you can see why calling this thing DarkMarket sinks it before it can even get underway.

You don't have to play the politicians word games but totally disregarding their MO is playing into their hand.

Perhaps I was reading too much into pmorici's comment.

I understood it to say not only that "FreeMarket" would be a convenient name because it sounds like "free market", but also to say that such a place/site/network actually is the free market because if someone wants to buy X for $Y, and someone wants to sell X for $Y, then a transaction happens, end of story.

In other words, "FreeMarket" is simply an honest and straightforward name for what it is (or strives to be).

Thanks, I've updated my reply to reflect this. If that's what (s)he was saying, then that's actually a very strong position.

Politicians just by supporting current drug regulations are responsible for "millions of deaths"? Do you have evidence to back up that extraordinary claim?

AFTER EDIT: I note a downvote for disagreement. So I will ask the obvious follow-up question. With what part of the two questions I originally posted do you disagree, and what facts and reasoning should I consider to change my opinion?

Something many folks fail to realize is that the War on Drugs has origins dating back a century ago: [1]

    Although Nixon declared the War on Drugs public enemy number one in
    1971,[14] the policies that his administration implemented as part of the
    Comprehensive Drug Abuse Prevention and Control Act of 1970 were a
    continuation of drug prohibition policies in the U.S., which started in
During this time there have been many wars fought where a principle component of the reason for the war was the War on Drugs.

In Mexico, the "official count" (always an underestimate) is now over 100k. [2]

In Afghanistan, Opium has played a major role in almost every war and genocide, where deaths have exceeded several million. [3][4][5]

You can do your own research for the number of deaths that the War on Drugs has caused in just about every country on the planet (Russia, China, all countries in South America, especially Columbia). Summed up "millions of deaths" is easily accounted for by bad drug-related policies.

And that's not even counting all the drug-related deaths that are caused thanks to illicit drugs being illicit. How many people have blamed the deaths of their loved ones on "illegal drugs" when the truth is that it is the War on Drugs that killed their son, spouse, loved one? When you don't know what you're actually ingesting/smoking/injecting (as a consequence of the substances being illegal and not regulated), again the death toll leads to the millions.

And then there's the number of lives ruined (not killed)...

    [1] https://en.wikipedia.org/wiki/War_on_Drugs#History
    [2] https://en.wikipedia.org/wiki/Mexican_Drug_War
    [3] https://sites.google.com/site/afghanholocaustafghangenocide/
    [4] http://www.countercurrents.org/polya270611.htm
    [5] http://www.tomdispatch.com/post/175225

Well, if you want to include the Opium Wars of Chinese history (which I am familiar with as a student of the history of China) as part of the "war on drugs," we have to realize that in those wars, the drug-pushers were the British colonialists, and the drug-prohibitors were the conquered Chinese officials of the Manchu-led Qing dynasty. And if you include all historical wars of that nature in your count, yeah, maybe you can reach a count of "millions" of people who have been killed in "wars on drugs" over the course of history. But then that has nothing to do with online networks related to Silk Road and the comment to which I first replied here has nothing to do with the submitted article. So take your pick. On my part, I have seen no evidence in this thread that a new secret online network for drug dealers will make the world a safer place for the masses.

AFTER EDIT: I'm still not seeing any historical or transnational policy comparison support from reliable sources for the proposition that the original comment to which I asked two follow-up questions is factually correct in the context of this thread, which is about a proposal for a secure online network and not specifically about legalization of the sale of currently prohibited drugs.

I didn't include it, and you don't have to to get to millions within the past decade (it's also something for which accurate stats don't exist, so you have to estimate and combine the externalities). The citations I included are from recent history.

Nor am I saying that this "DarkMarket" will make our lives safer. We need these drugs legalized and regulated on the open market. That would make all the difference.

The original url [1] was blogspam—that is, it was a knock-off of some other, more original source. In such cases HN prefers the original source.

Submitters: please double-check the article you post for links to an original source. If there is one, please post it instead.


Off topic: I like these transparent mod comments you have been doing! Do you set a flag to keep them at the bottom or do they get so few upvotes?

Glad to hear it!

That's exactly right. There's a flag for off-topic subthreads that I put on most of these, so they don't interfere with the real discussion.

Is there a flag for disabling edits of certain comments?

There was a bug I fixed the other day that was shortening the edit window on comments. That fix was temporarily lost when the server restarted, so my guess is that you were affected by the rejuvenated bug—in which case, sorry.

The fix won't be permanent until I find a few hours to get back to the damn code. But at least it's live at the moment.

Editing is disabled a certain time after the comment is posted, perhaps that is what you have observed?

It was well under 2 minutes.

Never say never. The one thing the history of online networks teaches all of us is that some attack surfaces are very hard to imagine--until someone imagines the attack surface and uses it to interfere with the network. There is plenty of interest on the part of law enforcement authorities in figuring out ways of enforcing the law on networks like the proposed (not yet implemented) network described in the article kindly submitted here.

The article begins by saying, "The Silk Road . . . still offered its enemies a single point of failure," referring to Silk Road being hosted on a single server. Well, that is the KNOWN point of failure for keeping Silk Road impervious to law enforcement, but there may have been other points of failure in Silk Road's design. About the proposed DarkMarket, the article writes, "DarkMarket, Taaki and its other developers admit, is still just an experimental demonstration. They have yet to integrate anonymity protections like Tor into the software; currently every user’s IP address is listed for every other user to see." The proposal needs a lot more work to become a practical proposal for attempting to evade law enforcement scrutiny. Whether or not DarkMarket is ever implemented, and whether or not it will work as expected if it is implemented, are still open questions. The biggest open question is whether or not there will be ways for law enforcement efforts to reach into the DarkMarket even if it works in practice as the proposals suggests it is meant to work.

To summarize your comment:

* attacks are hard to predict

* law enforcement is interested in attacking

* being hosted on a single server is just one way to make something attackable

* the proposal needs more work

* whether this actually works is an open question

* the real question is whether law enforcement will be able to attack

In a nutshell, this is circular logic that ends where it begins, and makes no journeys elsewhere. It makes no technical criticism of DarkMarket, references no historical or similar examples, and offers no extra information from other sources (such as the source code).

So, I down-voted, and wonder why all the up-votes.

I think the summary is: It's premature to call this 'a Silk Road the FBI Can Never Seize' until it has withstood a few years of determined attacks.

If you look at a lot of the best practices documentation for Tor it makes everything sound like a huge hassle [1] so I can believe making a system secure against the concerted efforts of law enforcement is complicated.

[1] http://lifehacker.com/how-can-i-stay-anonymous-with-tor-1498...

I don't think you are getting the point of the article or the comment above.

This is a p2p system meaning that by definition you cannot take the market down by arresting a single person. It doesn't say it is secure against everything. It just says that as long as the source code/binary is somehow available, it will not be possible to completely shutdown.

The beauty is security vulnerabilities come and go (as in gets patched) so those are not the main concerns here. Even if they decide to tap every communication to identify the transactions and manage to decrypt it, it is going to help for a single raid and then it will get patched.

Sure, maybe you can make entry nodes discoverable by users without them being discoverable by the feds. And maybe new users can get the software without going to a central location. And maybe you can distribute bug fixes securely without a central server, and without the people with the keys to sign the bug fixes getting compromised. And maybe you can deal with 90% of the peers being created and controlled by the feds. And maybe you're secure against any and all types of DOS. Maybe you're undetectable by deep packet inspection if every ISP was forced to perform it. And maybe there's no way to grief or spam the network into being useless. And maybe you can tolerate coordinated police operations, where a single bug in the software gets a hundred of your best sellers carted off to jail. And maybe the market will still be going strong after that's happened 5 or 6 times.

But I'm going to reserve judgement until I've seen it working.

The most effective attack is the easiest to predict.

It is human intelligence or infiltration by actors with a hidden loyalty. This has worked since the time immemorial for all sorts of security systems.

For FBI to bring it down they'll just need to repeat what they've done with Silk Road - pose as a straw buyers, get everyone they touch on record and use them to identify/arrest the users. Put out a request for a contract killing and arrest all responders. Bonus for putting a bounty on members turning in other members.

Even if this won't "shut down" the system itself, it would make it impossible to use safely.

> Never say never.

It's wired.com. They aggrandize words in their title to get you to click. Everything they publish is apparently amazing, ever, never, finally, extreme, and "why this thing we wont name in the title is X (because we want you to click before you realize it's just the inane bullshit you thought it would be)" and the same kind of upworthy nonsense you see everywhere these days.

In my opinion Wired is killing their brand with their current editorial policy, at least for discerning minds. Maybe they just want a stupid, incredulous semi-literate mob to click. I guess advertisers don't give a shit, because maybe the people that click ads are the people who click titles like that. It may just be the direction ad supported sites have to go.

I'm surprised no one has commented on what I thought was the most interesting aspect: using the block chain and digital signatures to create and verify identities. They're using it for a reputation system, and given the distributed nature of their marketplace that's a pretty smart way to do it. By putting it on the block chain you have this externally verifiable (at this point) directory. One of the more creative uses of bitcoin I've seen yet.

It's unfortunate that they see this as a "next generation black market;" why couldn't something like this also disrupt eBay or Craigslist? Or something more important in places that have less free markets? The basic tenants should also work for good, not just drugs/guns/etc.

    why couldn't something like this also disrupt eBay or Craigslist?
I thought the same thing. This should be started as a general marketplace for anyone to buy/sell anonymously; it shouldn't come out of the gate as a drug store.

I would love to use an anonymous ebay and there are plenty of normal things I would like to buy without it being tied back to my real world name.

...why couldn't something like this also disrupt eBay or Craigslist?

I don't use eBay much, but is Craigslist really something that invites disruption? It's dependable, there are no arbitrary stupid limitations, everyone uses it, and it's free. The only tactic that could beat that combination would be an overwhelming onslaught of marketing.

Craigslist personals seems practically dead.

Namecoin performs the same task, but has built in key/value storage support.

Hmhm. Why do they use their own (by which i mean, 'custom') elliptic curve implementation (in pure python - what about timing / side channel attacks?)

https://github.com/darkwallet/darkmarket/blob/master/ecdsa/e... https://github.com/darkwallet/darkmarket/blob/master/ecdsa/n...

Would be nice to see some kind of design paper, threat model, etc. Of course a PoC is supposed to be a PoC - good for them, for releasing code that works :) but, people might end up using it and trusting it. So gotta ask those questions.

Never seize but that's not the true problem, is it? Anonymity is the actual problem.

Why aren't there any of these guys trying to build this sort of thing on-top of https://gnunet.org/ ?

Anonymity is definitely a big problem, but there's something to be said for a network that doesn't have a central authority. I don't think the problem with Silk Road was the anonymity, it was more the fact that it was a central authority - once that was taken down, the whole system stopped. As the article says, it's very difficult for the feds to take down a network like this if there's a ton of people using it.

Right, but distributed systems are solved problem at this point, anonymity is much harder, and GNUnet's primary model is distributed / mesh darknets as a foundation for some of their anonymity features.

That's a really good point. In my university Networks & Protocols course we made an anonymous messaging fabric where all the nodes could talk to one another but none knew who anyone else was, and every node could connect into the network by just knowing one node's address.

Could you make a market like this anonymous in the same fashion? Even if the Feds seized one node they'd have only seized one node?

I think you could, check out GNUnet, seriously. Those guys have been laboring away for a long time to produce a platform for anonymous and encrypted communication.

GNUnet can be used to build a darknet of any sort: P2P chat, a social networking application, email, you name it. Brilliant people are plugging away at it to build a platform for people with less knowledge of cryptography (like me) to build this sort of stuff on top of.

What would you recommend to me if I wanted to build something on top of Gnunet?

Read the docs? Their API is C based so it's not necessarily as easy as a Node.js or Ruby programmer might be used to.

They do have a P2P chat program built on-top of it so you can use that as an example and I think someone did their thesis on building a "facebook for GNUnet" on an older version. Not sure if that code is public though (it most likely is, I just don't know where).

I like decentralized services as much as the next guy, but here are some problems off the top of my head:

1. Running a node could easily be made illegal in most jurisdictions (abiding criminals), which is problematic for multiple reasons (there is distinction between helping the market operate and merely browsing it).

2. A big enough bug is enough to get everyone involved in trouble, and even if it is easy to fix the flaw everyone's identity up until that moment would be compromised (bitcoin for example has had many problems, which were later fixed, except that the stakes weren't as high)

3. During disputes, the arbiter can side with whoever offers them the biggest fee.

> 3. During disputes, the arbiter can side with whoever offers them the biggest fee.

Then he would be left a negative review. Arbiters will be chosen based on fairness.

The arbiter is going to be left with a negative review no matter whether they were fair or not. There's often some measure of uncertainty in arbitration - you can barely ever prove beyond all reasonable doubt that one side attempted to scam the other.

Basically, you're going to have to trust yourself to see which arbitrators are scammers, based on reviews, some amount of which are likely to be fake. This doesn't really help the whole situation of avoiding scammers, just moves it around slightly.

Maybe add a second arbitrer that overlooks the whole case and decides if the first arbitrer has been fair?

This prototype had a single arbiter per transaction, but there is no reason why you couldn't have N arbiters on each transaction, for as high an N as you want.

Imagine having, say, three arbiters for each transaction, and two of the three have to side with one side in order for the money to be moved. This cuts down a lot on the potential problems, especially if the arbiters were kept anonymous from one another, thus preventing collusion and making sure that each investigation is independent from the others.

And how do you trust the second, when you can't trust the first?

In the real world, there is no such thing as "trust" at all.

On the contrary - in the real world, trust is unavoidable.

Disregarding the obvious familial trust, I trust the manufacturers of the food I buy not to poison it. I trust that the gas pump is actually pumping gas. I trusted the bank teller to deposit the cash I gave her into my bank account and not just put it in her pocket (a trust her bank shared as well.) I trust my employers to pay me and my employers trust me not to steal their IP.

Of course, in each of these cases, there exists a system to enforce regulations and punish infractions when trust is broken, because while trust has to work in many social and business transactions, people cannot always be trusted not to cheat, lie and game the system. And yes, this means one still has to trust that system to an unavoidable degree.

Sure, but making new identities is cheap in such an environment. Not that I am saying there are no fairly easy solutions, that could be implemented to prevent this, or that this is a big issue.

No, it definitely isn't. It's not enough to have zero negative reviews, you also need to cultivate hundreds of positive reviews.

How do legitimate people get their first positive review?

Exactly. A little social engineering by the police could quickly erode the trust in the network.

Police could set up a ring of their own accounts, facilitate fake transactions amongst each other, leave positive reviews, take down one large player, then shut that ring down. Imagine hundreds of these rings within the network.

That's possible if they're using only network-global review and reputation system.

If they're also relying on WoT-like reputation system where peers rate peers, and reputation's calculated from those chains of trust, massive sockpuppet attackers won't be able to quickly erode trust, as they'd generate that trust only throughout their own circle, having minor impact on others. They'll have to play by the rules for a long time to spread connections through the network.

No idea how architects handle this, but my guess is, this could be done either by relying on external reputation (i.e. knowing the arbiter outside of the network) or by network somehow rewarding buyers and sellers who take a risk to chose "newbies" as arbiters.

Sure, but making new identities is cheap in such an environment.

Yes, but the real question is how easily can trust be manufactured?

As long as there are people involved in this somewhere it can never be out of the reach of the law. Al Capone thought he had it all figured out and they got him on income tax evasion. If you build a system that is based on illegal activities instead of legal, all you do is make yourself a fat target and all the rest of us will suffer even if we don't care for the illegal products.

And that's a risk some people are willing to take. What's revolutionary about this is that there is no way to take down the whole network as they did with Silkroad. Of course some people are going to go down, but that won't affect the integrity of the network.

This is very similar to an idea I came up with in 2006, for decentralised financial trading, with counterparties trading directly with one another and trust provided by central counterparties who would novate the trade.

Details here: http://jackgavigan.com/?attachment_id=796

Curious, how is this different than trading Forex with a non-dealing desk broker? Or something like Nadex, where you trade directly on the exchange and each trade between you and a market maker is essentially in escrow until the outcome is realized?

> Curious, how is this different than trading Forex with a non-dealing desk broker?

Well, the broker's a middleman. He's going to add some commission to the price. A decentralised system allows you the option of trading directly with the other end of the deal and bypassing the middlemen that normally make money by connecting the two endpoint counterparties of a trade.

> Or something like Nadex, where you trade directly on the exchange and each trade between you and a market maker is essentially in escrow until the outcome is realized?

What if you don't want to use Nadex? What if you could get a better price trading directly with someone else instead? What if you want to trade something that Nadex doesn't support?

Ah. I was thinking mostly of counter-party risks. Yeah, if you could get the liquidity, the spreads available may be real nice.

I think the way trading has been trending technologically, we will get there eventually.


Tor needs a mechanism for P2P, like ephemeral .onion addresses. Then it could just run over Tor which is already a proven anonymity technology.

The arbiter system is broken. The bitcoin are effective timely controlled by who controls the arbiter.


1. How is this distributed? For example, torrents require a tracker. What does 'zeromq' do that enables them to not have any centralized server at all. Where is the client list?

2. Does every user need to download the whole marketplace, including all resources like images? Downloading a bitcoin wallet takes forever, wouldn't this be much worse? Similar to keeping the whole internet in a single file?

Each ZeroMQ daemon can be a provider or a consumer of data. Therefor given a list of upstream providers it can request data and given a list of downstream consumers it can register as a provider. http://zeromq.org/

No, It's HTTP like the web, except when you ask for DarkVendor555's info it loads it over this distributed network instead of from a central server.

Ah I see, but I wonder how this scales, if you need to download a client list everytime you connect. I guess downloading a client list is easier compared to downloading all the resources. Maybe download a small fraction of the list?

Well, both BitTorrent and Tor implement distributed client lists in a performant way. I wouldn't imagine this is much different or worse.

torrents require a tracker

Not if you use the DHT.

The distributed search would be the most complex part. it could probably work if each user worked as part of a sharded database, being just one part of the index. that would only work if the node was connected all the time tho. its definitely going to be one of the more interesting problems though.

Surely we're at that phase in technological development where Murphy's law no longer applies. I mean, we have build systems and unit tests now!

Hey it's using Twitter Bootstrap.

Duh it was built at a hackathon!

I see that the basics of marketing have not been swept away by bitcoin.

What do you mean?

I mean that making categorical statements is marketing 101.

Tell people what they want to hear. People want to hear that they can trade illegally with zero risk of being caught: so tell them that. No need to sully people's minds with tedious details like the risk of design flaws, the risk of implementation flaws, dealers giving you up in a plea deal, undercover agents ... etc etc etc.

The most important lesson of security is that it is about probabilities, not certainties. You can only ever secure yourself against attackers with a given level of motivation and resources. When you brag about your security, you create a more motivated attacker. And the FBI is pretty well-resourced, as attackers go.

I see, actually there's a popular thread in the bitcoin subreddit petitioning to change the name to "FreeMarket" to escape the negative connotations of "DarkMarket", so it seems a lot of people see it as a marketing failure rather than success.

I partially agree with you even though I want to see the state destroyed. Goading them to attack will likely result in consequences for some of the people using the tool, but it's also a way to put active hostile pressure on the attack surfaces as well to quickly show any security flaws.

Guidelines | FAQ | Support | API | Security | Lists | Bookmarklet | Legal | Apply to YC | Contact