I don't know what it is about people who run these criminal enterprises on the darknet, but they constantly seem to be failing even the most basic of opsec. Re-using identities across multiple services, using e-mail addresses with real names, posting photos with identifiable information (and before websites stripped metadata for them, often posted with metadata), etc. I mean it's nice that they are making it easier to catch themselves, but at the same time I can only wonder how some genius can invent some novel and complex ransomware operation just to turn around and use the email they've had since they were 13 to register the services that operate it.
It's not a particularly high bar, but I suspect the majority of technically apt people would fail it.
People with lucrative work available legally have more to lose and less desperation to engage in activities that are both illegal and malicious
Being in 85th-99th is no longer attractive. Because of extreme level of taxation people who earn real money are not included in those statistics, as in they are not paid a salary.
In my country (UK) being in 85th-99th percentile, means you'll have okay-ish life. After years of saving you may be able to afford an old terraced house, second hand, couple of years old car. Oh and if you decide to have family and your spouse won't be working, then you are screwed.
These indicators are no longer what they used to be.
My point is that those mistakes are made by plenty of ransomware gangs, some of the largest dark markets to ever exist (AlphaBay, Silk Road, etc.), Freedom Hosting, and more. All of which were, at some point, major entities on the darknet making absolutely rudimentary opsec mistakes.
as unfair as it may be, a huge part of the usefulness of information is its accessibility, and these search engines currently hold a near-monopoly on which sites can generally be considered readily accessible, ie the 'surface web' above the deep web
They key is to ensure only legal stuff goes out on your IP and the illegal stuff is anonymised. Which is easier said than done.
When running a darknet site you don't want associated with the clearnet, step one should be only having the http server listen on the Tor onion domain!
https://www.spiceworks.com/it-security/cyber-risk-management...
20 year old memories of proxying my ssh traffic through InterNIC just came flooding back!
SSL may stop your roommate or isp but they provide another vector for linking to other entities.
I wonder how many are using this technique to link web properties together.
For end-users TLS and Tor both provide privacy; since you don't need to identify yourself in order to use https. In fact, with ESNI and DoH the only thing anyone snooping wire traffic can see is that you're connecting to whatever data center is owned by the company hosting the website.
The sites in the original article are criminal enterprises, which means they have the unique problem of needing the origin server to remain anonymous so that their hosting provider can't find out what they are doing. This is the one thing Tor does that TLS doesn't; and they were deanonymized by them insisting on providing a self-signed cert anyway. However, this is a particularly unusual threat model that is far harder to maintain. Even the whole anticensorship thing is usually just hiding what sites you're visiting from, say, the Great Firewall - we don't care that China can also use Tor to learn where Google's servers are.
Generally, though, TLS is not designed with privacy of the server in mind. The data exchanged between the client and the server is kept private between the two parties, but that's it.
If you wish to anonymise your connection, technologies like Tor will help. You'll still have to pay attention though. In a great many cases, security and usability are polar opposites, and a balance must be struck to find a workable solution. In this case the best balance is probably in-depth knowledge of how web servers work combined with reading through the documentation of the Tor project.
Anyway, these all seem like pretty obvious opsec fails where the darknet website is also served over the regular internet, which is just atrocious.
Good advice
>they do provide privacy against snooping exit node
onion services don't use exit nodes. Your client and the service build circuits to nominated middle relays so https only offers very marginal increases in privacy. However, you are right to assume than any exit node may (or probably is) monitored.
Right now, SSL(or PKI to be precise) is a very privacy respecting technology. For both the server and the client.
