Into the deep | Flickr - Photo Sharing!

As Silk Road 2.0 struggles, new black markets look beyond Tor

Shares

Three months ago, the world marveled at how Silk Road seemed so indestructible. It had been around for over two years and barely had a scratch to show for it.

After giving a famous Forbes interview in July 2013, Dread Pirate Roberts publicly declared that the war on drugs was over, “and the guys with the bongs have won.” 

Roberts was speaking directly to the public because he had an eye for massive expansion. He wanted even more people to visit his already popular Deep Web black market. It seems like even DPR bought into the idea that he was immune from the law.

Things couldn’t be more different today. Silk Road’s golden age seems like a distant memory. Ross Ulbricht is sitting in a New York jail, accused of being its charismatic captain.

Silk Road 2.0 is struggling mightily to stay afloat after the arrest of multiple top administrators. TorMarket, its top competitor, is just the latest market to have been robbed blind. Millions of dollars have been taken from customers wallets by owners who’d rather make a quick buck than risk jail.

The world of Deep Web black markets has been reduced to domino theory: Once a new market rises, it’s only a matter of time before it falls. It’s part of the monumental collapse of an ecosystem that aimed to boldly challenge the United States government’s war on drugs.

Even though dozens of black markets have come and gone since the original Silk Road fell, few have tried anything new. Virtually all of them have cloned the original in nearly every way, selling themselves to the public on the idea that it was only Ross Ulbricht’s personal mistakes that brought down the empire.

A new group believes there’s a different path to take toward black-market nirvana.

A new prototype

One surviving black market is doing something fundamentally different than its competitors. 

Instead of relying solely on the Tor anonymizing network, a new site called “The Marketplace” can be found only on I2P, an anonymizing network launched in 2003 that exists separately from Tor.

While Tor is an encryption tool designed mainly to access the Internet anonymously, I2P is decentralized, end-to-end Dark Net designed almost exclusively for intra-I2P communication. Tor generally gives users anonymous access to the Internet, but I2P is meant to be an anonymous network within the Internet. It’s also optimized for BitTorrent, a design choice exemplified by the network’s thriving piracy scene.

Schultz, the founder of The Marketplace (often stylized as TMP), has repeatedly stressed that the software defends against various cyberattacks and prevents location leakage. It can also be used on top of Tor itself.


 

“We feel that the recent events have shown that given enough resources, Tor hidden services can be identified,” wrote Schultz, founder of The Marketplace. “We feel that moving to a
completely distributed platform built on the simple rule of ‘Don’t trust anyone’ is the best choice for continued survival.”

TMP, which can be accessed at http://themarketplace.i2p once you have the proper software installed, has a number of security-centric features that other marketplaces have never tried. 

Users with Javascript enabled are banned, an understated but immensely important move that plainly demands users with Javascript enabled to turn it off. Javascript is vulnerable to attack and was used by the FBI when it took down Freedom Hosting in August.

PGP encryption is mandatory to register and for almost all private communications. While this will likely strike many users as purely inconvenient, it might amaze some people to know how many customers and vendors communicate with absolutely no encryption. When a customer sends his address in cleartext to vendor, it can be read by anyone.

Finally, TMP’s unique escrow system aims to remove the chance that a market owner will run with hundreds of millions of dollars. Instead of simply trusting a faceless administrator with everyone’s money, funds are put into an independent wallet that requires multiple signatures from the buyer, seller, and market to be released. 

Using I2P and enforcing relatively strict security rules has kept The Marketplace’s population down. Like Tor in its early days, I2P is difficult for the average person to grasp and access. Developers are working to remedy that. Even so, the network can take some time before it’s working at full capacity. The market’s security rules require a fair bit of learning as well, further raising the entry level and killing interest from a large casual crowd.

“Does anyone else think this marketplace, as seemingly safe as it is, is just too freaking complicated for its own good?” wrote the user Goblin. “I can’t make heads or tails out of most everything on it, and I don't consider myself an idiot, far from it. But I don't live and breath microchip dust, if you know what I mean.”

But these choices ultimately make complete sense. People who sell pounds of heroin and talk about it on unencrypted channels with Javascript enabled are the kind of people who get caught. That threatens users and, in the long term, the market itself. 

By coming down on the side of strict security, The Marketplace has positioned itself for success. It’s not bulletproof by any means. Individuals are still vulnerable, and there hasn’t been enough research about I2P to say how well it would stand up to big league attackers. 

But the people behind TMP seem well aware of many potential pitfalls. Even though they promote themselves on other Deep Web black markets and around relevant areas of reddit, they politely shun bigger spotlights.

“Publicity for markets like this is rarely a good thing,” user AtomosRaw wrote. “Especially in light of recent events. There's too many under informed people out there who will see this site as a menace the same way many people saw Silk Road.”

Schultz, the site’s owner, declined to comment on this story and shut down my attempt to publicly reach out to TMP customers. 

Unlike many of the bombastic black market operators that have come before him, Schultz seems set on a quieter rise. It’s a strategy reminiscent of Backopy, proprietor of Black Market Reloaded, the second most successful Deep Web black market of all time. And it’s a strategy likely to win some customers even if the big security pushes others away.

“This will always be a cat and mouse game,” wrote one anonymous user, “between law enforcement and people who are doing illegal things of their own free will.”

This time, at least, the mouse is taking a new approach to the cheese.

Photo via DarkAura/Flickr