Security in darknet markets is a subject that can be looked at from several angles depending on how a particular individual is using a hidden site.
Certain procedural measures put in place by any particular marketplace have the potential of compromising the safety and security of the user base.
For this reason, it is paramount for a person to analyze their activity to determine the precautions to take each time they access the dark web to undertake a particular task.
Use of Anonymity Tools
There are several anonymity tools which all work hand in hand to boost a user’s safety when using darknet markets.
Virtual Private Networks (VPNs), for instance, are meant to hide the location and IP address of a person online. Technically, the act of using VPNs is not complicated. All that’s required is to identify the VPN you want to use, purchase it (if it’s not free), download the software and turn it on before accessing the dark web.
If one has no preference for a location, then the VPN will automatically assign the individual a server which can change at specific intervals depending on the settings.
Another essential anonymity tool is Pretty Good Privacy, an encryption technique that takes in to account the use of a private and public key in the process of communicating with others on the dark web.
The private key is put into use by the receiver of the message to decrypt content; whereas the sender of the message uses the public key. A point to note is that the public key is given to the sender by the receiver.
Measures Put in Place by a Site
The various sites in the darknet market community understand that anonymity and privacy are of the essence on the dark web. And as such, no one who creates an account with them is required to enter personally identifiable information, such as names and date of birth.
Among the things needed is a username, which should not be similar to the actual name of an account owner so as to protect their identity from being exposed.
Evident to the fact that sites operating on the clearnet tend to request a person to sign up using email addresses, dark web markets generally do not this. Though, depending on the market, when one is signing up, they can have the option of entering their Jabber or ICQ details.
In summary, Jabber and ICQ are among the various anonymous messaging applications used by darknet market users for communications due to their primary characteristics. The features of these apps have enabled both buyers and sellers to communicate effectively. However, these apps have been used perpetrate fraud on various occasions.
The other key security feature, which is usually built-in on darknet markets, is Two Factor Authentication (2FA). Many markets require the user to have a PGP key in order activate it. Therefore, to add an extra layer of security to an account, the owner of the account must provide their public key. For most of the big markets, it is compulsory that all vendors set up a 2FA.
Depending on the message that a buyer intends to send to the seller, they may choose to use PGP or not because they have the sellers public key at their disposal. But vendors are categorically clear that they don’t expect a potential buyer to use the encryption method when they send them certain non-sensitive messages, such as a greeting.
Additionally, many markets employ another security method known as a mnemonic. This method was adopted by AlphaBay Market, which was one of the largest-ever darknet markets before it was shut down last year.
The mnemonic is a phrase that contains words generated in a random order. During the registration process, the mnemonic is generated, and the account owner is requested by the site to store it in a place they cannot forget because they may be required to provide them in future.
A good instance is when one is withdrawing funds from an account—Since in most cases, a PIN is used, there is a possibility that one can forget it. Then, the obvious thing to do is to contact support, and if the site employs the use of a mnemonic, then one will be required to provide it.
Failure to do so means that no assistance can be offered by a support agent, no matter the explanation. It is, therefore, paramount to store the mnemonic in a safe place. The latest market to adopt the use of this feature is the newly launched Empire Market, which is built to model the former AlphaBay Market.
In one of the latest developments within the world of darknet markets, Empire has gone to the extent of advising their members to use tumbling services. In the balance sections, users can see .onion links of both Bitcoin and Litecoin tumbling services.
This market understands that law enforcement agencies and other investigative bodies have found ways to trace cryptocurrency transactions based on the available records. Even though altcoins employ the use of stealth addresses and ring signatures, law enforcement agencies have still been able to trace coin transfers to a particular source.
Much more can be discussed and examined from different perspectives, but it remains the sole responsibility of market users to understand how to protect themselves. And the very act of learning from the mistakes of others can be a good starting point to achieve this protection.
A case study of Silk Road founder and admin William Ross Ulbricht, also known by his alias “Dread Pirate Roberts (DPR),” shows the mistakes he made that ultimately led the authorities to catch up with him after months of investigation. Several simple mishaps—including linking online accounts to his real name—are what traced Ulbricht’s online activities back to his identity and location, prompting his ultimate arrest.
Despite the fact that one may know how to use various tools and employ different tactics to keep safe on the dark web, it is vital that some further steps are put in place to maintain a low profile.
Darknet users—irrespective of whether they are site admins, vendors or buyers—can learn from Ulbricht’s case, to avoid seemingly minor oversights which could later be termed as colossal blunders.
Increasingly, investigators are adopting cunning ways of infiltrating into marketplaces in a bid undertake operations, such as a recent case in which an undercover cop bought AR15 rifles. It shows that no one is truly safe, as the police are willing to do whatever it takes to accomplish their mission—irrespective of the market’s safety protocols that are designed to hinder them from doing so.
This is why darknet market users should always be mindful of their own safety and security.