Slashdot Mirror
DarkMarket, the Decentralized Answer To Silk Road, Is About More Than Just Drugs
Daniel_Stuckey (2647775) writes "If you were anywhere near the internet last week, you would have come across reports of 'DarkMarket', a new system being touted as a Silk Road the FBI could never seize. Although running in a similar fashion on the face of things — some users buy drugs, other sell them — DarkMarket works in a fundamentally different way to Silk Road or any other online marketplace. Instead of being hosted off a server like a normal website, it runs in a decentralized manner: Users download a piece of software onto their device, which allows them to access the DarkMarket site. The really clever part is how the system incorporates data with the blockchain, the part of Bitcoin that everybody can see. Rather than just carrying the currency from buyer to seller, data such as user names are added to the blockchain by including it in very small transactions, meaning that its impossible to impersonate someone else because their pseudonymous identity is preserved in the ledger. Andy Greenberg has a good explanation of how it works over at Wired. The prototype includes nearly everything needed for a working marketplace: private communications between buyers and sellers, Bitcoin transfers to make purchases, and an escrow system that protects the cash until it is confirmed that the buyer has received their product. Theoretically, being a decentralized and thus autonomous network, it would still run without any assistance from site administrators, and would certainly make seizing a central server, as was the case with the original Silk Road, impossible."
"Is About More Than Just Drugs"
But really...it's about drugs. You don't need to sell Beanie Babies anonymously.
But .but........they never arrived! Damn that UPS tracking system......
Well, if the FBI were smart, then it would have been them writing that software. Or asked the NSA to do it for them. As a bonus, they get all other information on the participant's computers.
Most ACs are not even worth the keystrokes to insult them. Be generically insulted by this and ignored otherwise.
So let me get this straight:
There is this site. A site designed for illegal activities...
And all I need to do is load their software onto my computer? Gosh, where do I sign up.
I mean, I always trust software from shady characters. That sounds totally safe.
If a UPS delivery guy delivers a gun (without knowing it is a gun, and it looks like ordinary package), and the gun is used to kill someone. Is the UPS delivery guy an accessory to murder?
If you were anywhere near the internet last week, you would have come across reports of 'DarkMarket'
Can we get some editors to remove this crap? It's just a stupid marketing gimmick -- "What, you haven't heard of [PRODUCT_NAME]? You must be living under a rock! Everyone who's anyone knows about [PRODUCT_NAME]!"
It depends - does the guy work for UPS? Probably not.
Does the guy work for "DARK SHIPMENTS ANONYMOUS - ANYTHING DELIVERED ANY TIME OF DAY TO ANYWHERE, BUT NOTHING ILLEGAL, HEH HEH HEH Incorporated"? If he does, there's a pretty easy case that he's an accessory.
I doubt there will be any "legitimate" uses of this particular technology.
However, it may be a model on which we can base future online retail. The existing model is utterly broken: I really don't want databases all over the world holding my username, password, credit card details and billing address waiting for the next SQL or SSL vulnerability to vomit the information into the hands of criminals. Nor do I want to trust, use or respect services like paypal.
View this as an iteration towards a more secure and decentralised system for legitimate commerce which keeps credit card and escrow companies out of the equation. Surely that is a good thing?
Testiculos habet et bene pendentes.
Devil's advocate - what about "Dallas Buyer's Club"?
"I say we take off, nuke the site from orbit. It's the only way to be sure."
I like Cuban rum and cigars, and I disagree with the outdated embargo law that prevents me from getting them at the local rum and cigar store.
You disagree with a law doesn't give you a moral right to break it.
I like that you're not even bothering to argue that the law is unjust or unfair - just that you don't like it. While I appreciate the honestly, I don't think this counts as a legitimate use.
Plus, it's not like either of those things are even vaguely difficult to get.
Also, I seriously doubt you actually like either Cuban rum or cigars.
If the law is wrong - and the Embargo is - you sure as fuck bet you have a moral right to break it!
Granting the illegal bit, illegal does not equate to "causing harm to someone". Would that it did -- that would be so very rational. However, there are plenty of things one might want to spend money on that are illegal but harm no one but arguably yourself. Drugs is one obvious example, but in many parts of the world buying pornography or sexual toys/aids is illegal, all the way up to being a capital crime. In China or much of the Moslem world, an enormous number of things are illegal that don't harm anyone or anything but the nominal reputation of Islam or Mohammed or Allah, or that represent freedom for repressed majorities like women. We're not really talking only about the relatively permissive US or Western Europe, in other words.
Of course people will use this to do some things that are directly intended to harm others in non-victimless-crime ways: Steal/pirate and resell IP of various sorts, fence stolen goods, arrange for a hit on your alimony-hungry ex-wife (maybe, dunno if that is a "commodity" it can handle), engage in human trafficking, sell arms. But some people will use it to buy freedom from oppressive governments that have made a whole lot of things that harm no one illegal because they violate some statement made in a piece of pure scriptural crack if you squint your eyes just right when you read it. Because there is rarely any percentage in prosecuting crimes of this sort once one cannot detect them or stop them for long enough for violations to become commonplace, it might even motivate social change.
To me personally, the tool is not going to be terribly useful. I'm heterosexual and married, my primary vices are at least quasi-legal and tolerated where I live, and I consider buying stolen goods of most varieties to be unethical. It isn't clear that I'd resort to it if I lived in e.g. a Moslem country and had a thing for porn -- no matter how nominally secure, the penalties are pretty horrendous. But I'm guessing that there are those who will value it who aren't planning to use it to hurt others.
rgb
Even when the experts all agree, they may well be mistaken. --- Bertrand Russell.
A little hint: A fair load of people who know how to use disassemblers didn't start out in the IT security business.
Do you think this piece of software existed for more than a few seconds before it was fed to a DA and analyzed 'til it croaked?
We used to have a Bill of Rights. Now, with the rights gone, all we have left is the bill.
Maybe I'm confused, but it sounds to me like what 'DarkMarket' is doing is irrevocably marking some transactions as being associated with DarkMarket. That strikes me as much like writing 'I was used to buy drugs' on a $50 note except that someone can check the entire transaction history of the $50 note back to the beginning of time.
I guess it will be interesting for researchers assess the proportion of BC that is being used for dubious purposes (unless you actually believe things like 'banned books' are going to be traded on DarkMarket except at the very margins), and feds who want to find people selling drugs (because BC itself is not anonymous).
You're that guy who gets in the carpool lane and drives at exactly the speed limit, aren't you?
Considering how long it too to find Heartbleed and that it was found not by source-code analysis but because some people noticed extra bytes in the keep-alive messages, people feeling secure using this thing are likely just kidding themselves. And if there is any real crypto in it, the typical ordinary "hacker" with a big ego and rather pathetic skills does not stand a chance to find or understand anything.
Most ACs are not even worth the keystrokes to insult them. Be generically insulted by this and ignored otherwise.
You are naive. This piece of software has probably not seen one single competent analysis even now.
You'd be surprised. The union of people who are competent with IDA Pro (and similar tools) and people interested in Bitcoin is a surprisingly large set. Find a provable backdoor in an application like this and you've got yourself a very good candidate for at least a DEFCON talk, maybe a job at Matasano.
I do not deploy Linux. Ever.
I wouldn't know because I've been fortunate to live in a country that doesn't suffer from fundamentalist, totalitarian rule. Maybe there are some christians in North Korea that would want to buy a bible?
You're obviously struggling to disconnect the tech from what it could be used for though. You're question was why this tech should exist. I gave you a very benign purpose that one could use it for as an example, thinking you could extrapolate on what other uses you might take for granted that not every person in the world is allowed. The medication example I used was meant to be the more compelling argument.
This is why you encrypt EVERYTHING. Nothing should be sent in the clear, it makes it really friggin hard to identify what might be illegal and what might just a SSL session with your bank.
Will people EVER learn this? Encrypt, always, everywhere, excessively.
A law has to be very, very wrong to have a moral mandate to break it. Most people breaking laws out of "principle" are just doing it because they find the law inconvenient. Laws and rules are the oil of social machinery. Don't be the sand in the crankcase.
http://www.rootstrikers.org/
Lets tackle your premises one by one.
First point- services granting anonymity are not automatically 'bad' or 'evil' or used to commit crimes. Don't take my word for it, look at what the Turkey government did .
But wait- DarkMarket is different because it sells "opium and kitty porn and services to kill people", right? Wrong. Why don't we let its creators tell you what its for :-
Don't be so quick to assume illegal = evil. Remember that selling alcohol was once illegal in the US, during the Prohibition.
I don't want colleagues or (future) employers to know what music I listen to, what my political preference is, where I go for entertainment, what kind of kinky fetishes I might have and such. I don't like targeted ads, since they tend to target me in any situation, private or not, with ads that are also based on my *personal* preferences.
Even if all I do is legal *now*, it may be illegal in the future and frowned upon when people watch logs.
Keep in mind that every person commits two felonies and dozens of misdemeanour's every day. If everything you do is tracked, you will get penalized for all af them, putting *everyone* in prison. Laws are there so that if somebody really crosses a boundary that society won't accept, there is a fair reason to put them trough court. If we start to automatically punish everyone for every crime they commit, because we give up privacy, our world stops functioning. We need privacy to remain the default in order to function as individuals *and* as a society.
Yes, privacy isn't the same as anonymity but in order to remain private in the current society you almost always need anonymity if you're doing it online, so in practice they are synonymous.
I was promised a flying car. Where is my flying car?
It's a python app, so there is no binary.
Assorted stuff I do sometimes: Lemuria.org
The DarkMarket daemon incorporates a library of commands for peer-to-peer networking known as ZeroMQ, which allows the user’s PC to become a node in a distributed network where every user can communicate directly with every other user.
At the moment, DarkMarket displays only a bare IP address for every user, but the system’s creators say it will eventually show a pseudonym for each one and also allow product searches.
They do mention in the article that this isn't done yet, but this feature - an anonymous buyer being able to reliably, securely reach an anonymous source and transfer real money in exchange for products - seems somewhat central to the whole idea.
Rampant carbon sequestration destroyed the Dinosaurs' tropical paradise. I'm here to help repair the damage.
Why do we need prescriptions to buy drugs?
Drug resistance, drug abuse, personal danger taking some drugs with out any sort of warning or medical intervention?
Non impediti ratione cogitationus.