Darknet Vendors Add Chat Accounts on Their Marketplace Profiles

Updated on:
530
Chat Member Login Register Social Network Connection Avatar Icon
An in-depth examination of the new trend of encrypted messaging services on darknet markets as a second contact method for vendors.

Darknet vendors who rely on the marketplaces to sell drugs and other goods have begun adding alternative contact methods besides email to their vendor profiles. This is likely due to the cloud that hangs over every centralized marketplace: the risk of a market exit scam.

The alternative communication options normally include an encrypted chat app available on a cell phone, one such as Wickr.

Your TOR usage is being watched

While this might be more convenient than the rather cumbersome PGP encryption standard through email or pushing a PGP messages through the marketplace’s internal messaging system, there may be new risks in this form of contact: the necessity to “trust” more devices and software, and ultimately placing more trust in the vendor themselves.

What These Apps Actually Do

End-to-end chat programs essentially assign a phone number or an account with a “PGP style” public and private key.

These keys are used to seamlessly pass messages back and forth without having to manually encrypt each of the messages yourself.

This might be seen as minor convenience, and anyone making any purchases on a marketplace should take a step back to consider the implications of their actions.

The information they’re sending is basically passing through a honey pot server for law enforcement.

Every darknet marketplace should be considered a major honey pot for law enforcement. Last year, Dutch law enforcement officers obtained physical access to Hansa Market’s servers—they then ran the marketplace for a short window before officially shutting it down, attempting to collect valuable evidence on high-value suspects.

The reality is that these apps themselves are quite good. They are generally open-source and employ high standards of encryption. A risk may enter into it in the form of the device the application is on. Android phones are notoriously unsecure. And a malicious attacker might be able to gain control over the whole handset, including the messaging application.

The Age-Old Trade-Off

Security vs convenience. It’s the never-ending battle, each side with merits, each side with issues. And it’s impossible to have both perfectly.

That’s where risk assessment and threat modelling enter the picture. If you’re a vendor of a dark web marketplace, you are at a significantly higher risk than one of your customers.

You likely have much higher standards for security, because you would hold more goods in your possession.

Yet, by adding an alternative contact method, it can be a way of protecting yourself further.

So long as the app like Wickr is on a separate burner cell phone (which, if you’re a vendor, it probably is) then it can actually be seen as a safer method of contact. This is because it’s data being sent through a second “service,” away from the uncertified onion site that is the darknet market.

Now take it from the buyer’s perspective. As a purchaser, you’ll likely want to keep everything within the confines of the marketplace, to keep things simple.

You probably have less operational security than a vendor, since you’re at significantly lower risk (unless you’re purchasing significant items or quantities).

What’s the Big Deal? Does It Matter?

It’s difficult to say. These apps are now on vendor profiles because of the bigger problems that the dark web marketplaces, and the users, have as yet failed to address.

Multisig wallets should be the absolute norm for all marketplace purchases, but they simply aren’t. There shouldn’t be an alternative, because there isn’t a better alternative yet.

Why isn’t this the standard and required form of payment? Perhaps because the marketplaces want the option to “exit scam” if the heat gets too close and they need to close up shop.

Operating a darknet market can get you into a ton of trouble, with a ton of unsavory people. Think back to last year, when the Canadian co-founder of AlphaBay was found dead in a Thai prison. You’d be a piece of a supply chain that contains a decent bit of illicit goods and services: dangers are incredibly real.

With a multisig wallet created for the sole purpose of the transaction, a backup communication channel should be utilized. It’s all about fail-safes and backups. It’s about preparing for “the end,” for the dreaded yet insanely common “exit scam.”

Enter the third-party communication app. Having this will certainly allow you to contact the vendor, should something happen. But this communication is outside of the scope of the marketplace.

Forget a moderator getting involved if something goes wrong. You need to place a huge amount of trust in a vendor if you have an issue and need to get a refund or need the product resent.

But, arguably, you need to place this trust in the vendor regardless, in every purchase.

Is This Trend a Good Thing?

PGP is presented in the form of binary code, 3D illustration
Darknet vendors who rely on the marketplaces to sell drugs and other goods have begun adding alternative contact methods besides email to their vendor profiles.

The additional means of communication between buyer and vendor is an overall positive step. It provides a fail-safe, albeit one that relies on significant trust between all parties.

Regardless, this is like a Band-Aid stuck on a gunshot. It simply isn’t enough to raise the standards of operation on the darknet markets.

It’s something we’ve seen over and over again, but it rings true—the markets desperately need full adoption of multisig support for every single transaction.

All users once had no idea how PGP worked. Then they had no idea how Whonix or Tails worked.

And now another hurdle, seemingly, for the significant userbase, is for the full use of multisig support. The additional channel for communication, overall, is positive, regardless of the device concerns.

The problem is that it is the rabbit being pulled out of a hat, while the “left” hand continues to watch what is in a darknet market escrow.

Con

Con

Con's education background is law, where he's published on crypto-currency regulation. His opinion editorials range across the relationships between people and technology and the societal challenges it presents. His passion is for information security and the intertwining legal issues
Con
Write for us

Disclaimer:

The articles and content found on Dark Web News are for general information purposes only and are not intended to solicit illegal activity or constitute legal advice. Using drugs is harmful to your health and can cause serious problems including death and imprisonment, and any treatment should not be undertaken without medical supervision.

3 COMMENTS

  1. Anonymous

    how good is dark web hacking lessons becuase i see it as child play

  2. Anonymous

    I want to be in the darkweb world, can you teach me?

  3. Anonymous

    I HAVE TOR BROWSER AND ALSO NORD VPN.BUT I CAN’T ACCESS DARK LINK

LEAVE A REPLY

Please enter your comment!
Please enter your name here

This site uses Akismet to reduce spam. Learn how your comment data is processed.