The cypherpunk movement laid the ideological roots of Bitcoin and the online drug market Silk Road; balancing previous emphasis on cryptography, I emphasize the non-cryptographic market aspects of Silk Road which is rooted in cypherpunk economic reasoning, and give a fully detailed account of how a buyer might use market information to rationally buy, and finish by discussing strengths and weaknesses of Silk Road, and what future developments are predicted by cypherpunk ideas.

This article was commissioned by Bitcoin Weekly, which ultimately decided to not run it1; it is based on my experiences May-June 2011, and may be out-dated. Trust, but verify. Additional parts came from an essay, part of which was published by A Global Village.

The website Silk Road (SR), a drug marketplace operating in public, needs little introduction at this point, after Gawker’s 2011 article went viral, drawing fire from the likes of US federal Senators Schumer & Manchin. It is probably the single most famous commercial enterprise2 using Bitcoins; some speculated that demand from SR patrons single-handedly pushed the exchange rate up by $5 the weekend of the Gawker article. It has since flourished3. Neither Bitcoin nor the Silk Road should be understood outside their ideological and historical context: the now-obscure cypherpunk movement. # Cypherpunks The cypherpunk group was a loose affiliation of cryptographic researchers and enthusiasts centered on the eponymous email list in the 1980s and 1990s who developed many novel ideas and approaches to communication, economics, and politics. Achievements of theirs included developing anonymous email remailers (inspiring the Tor anonymizing network), helping defeat the Clinton-era Clipper chip and setting a key precedent, and helping defeat USA export restrictions on cryptography (key to safe Internet commerce outside the USA; the costs of export restrictions can be seen to this day in South Korea, which locked itself into a Microsoft/Internet Explorer computer monoculture). No event marked their dissolution, but through the ’90s, they gradually lost cohesion and interest as various ideas were successful and others remained barren. (Timothy C. May remarked in 1994 that an acceptable digital currency may take several years to develop, but that he had been that optimistic years before as well; we could date the fulfillment of the dream to Bitcoin - 14 years later - in 2008.) Former cypherpunks include large corporations to technological innovation (BitTorrent, descending from MojoNation) to niche groups like transhumanism (digital currency inventor Wei Dai) to activism (EFF, Julian Assange’s WikiLeaks) etc. The cypherpunk paradigm can be summarized as: replacing centralized systems of interactions enforced by coercion with decentralized systems of voluntary interaction whose rules are enforced by mathematics/economics. Desiderata for systems include: communications private from all third-parties, anonymous, provably untampered with, and provably from particular parties; social mechanisms like reputation replaced by formalized systems like feedback; and legal mechanisms like anti-fraud statutes superseded by mechanisms such as escrow or bonds (which can be fortified by cryptographic techniques as multiple-party signatures). The ideal cypherpunk system is self-enforcing, self-regulating, and cannot be attacked directly by outsiders because they do not know where it is or how to affect it. The new world of the internet, abstracted from the old world of brute atoms, longed for independence. But states and their friends moved to control our new world – by controlling its physical underpinnings. The state, like an army around an oil well, or a customs agent extracting bribes at the border, would soon learn to leverage its control of physical space to gain control over our platonic realm. It would prevent the independence we had dreamed of, and then, squatting on fiber optic lines and around satellite ground stations, it would go on to mass intercept the information flow of our new world – its very essence even as every human, economic, and political relationship embraced it. The state would leech into the veins and arteries of our new societies, gobbling up every relationship expressed or communicated, every web page read, every message sent and every thought googled, and then store this knowledge, billions of interceptions a day, undreamed of power, in vast top secret warehouses, forever. It would go on to mine and mine again this treasure, the collective private intellectual output of humanity, with ever more sophisticated search and pattern finding algorithms, enriching the treasure and maximizing the power imbalance between interceptors and the world of interceptees. And then the state would reflect what it had learned back into the physical world, to start wars, to target drones, to manipulate UN committees and trade deals, and to do favors for its vast connected network of industries, insiders and cronies. But we discovered something. Our one hope against total domination. A hope that with courage, insight and solidarity we could use to resist. A strange property of the physical universe that we live in. The universe believes in encryption. It is easier to encrypt information than it is to decrypt it. We saw we could use this strange property to create the laws of a new world. To abstract away our new platonic realm from its base underpinnings of satellites, undersea cables and their controllers. To fortify our space behind a cryptographic veil. To create new lands barred to those who control physical reality, because to follow us into them would require infinite resources. And in this manner to declare independence. The decentralization is key. Centralization is unacceptable for many applications: centralization means any commercial or political interest can interfere for any purpose, be it rent-seeking or taxation, prosecuting economic warfare against another party, intended to hamper organized crime or terrorism, etc. This fear of centralization is not idle. The ring of power offered by centralization has been grasped on many occasions: ranging from Paypal hampering its competitors to US-led crackdowns on ancient hawala financial systems & Islamic charities in the name of counter-terrorism to the US suing the Intrade prediction market (with the assistance of the Central Bank of Ireland) to credit card companies’ near-fatal boycott of WikiLeaks to Iran’s severe inflation after economic embargoes. Previous centralized currencies like E-gold suffered the expected fates, and more pointedly, an earlier online drug market (the Farmer’s Market) was shut down and principals indicted using scores of transactions revealed by banks and Paypal and Western Union. # Bitcoin The fundamental challenge confronting any electronic currency is coping with the double-spend problem: when transactions conflict (eg. spending twice the same unit of currency), which transaction takes priority? Double-spends are difficult to perform with non-electronic money since you cannot give a dollar bill to one person while simultaneously giving it to another, but trivial with electronic messages. One solution is to centralize transactions: if you overdraw your bank account with 2 checks, the bank will choose one to bounce and one to honor. Similarly for credit card transactions. An electronic currency like Paypal processes each transaction in realtime, so you cannot log into your Paypal account in 2 browsers and send your entire balance to 2 different people. With centralization, there is someone or something which decides which of the 2 conflicting transactions will become the real transaction. Centralization appears in many guises in currency systems: cryptographic pioneer David Chaum’s own electronic currency could guarantee complete anonymity to anyone spending a coin, solving the double-spend problem by devising things so that a double-spend leaks enough information that the anonymity evaporates, but the math only works with a central bank which could be attacked. Chaum’s system never took off, for several reasons, but this centralized point of failure is one. If we avoid the problems of centralization and resolve on a decentralized system, we face a different but equally severe set of problems: without centralization, in a distributed system in which no party has veto power (and any party can be anonymous or a mask for another party), how and who decides which of 2 conflicting transactions is the real transaction? Must a distributed system simply allow double-spends, and thus be useless as money? No. The underappreciated genius of Bitcoin is that it says that the valid transaction is simply the one which had the most computing power invested in producing it. Why does this work? In the Bitcoin distributed system, there are many good parties at work producing new transactions, and they will independently latch onto one of the two competing transactions produced by an attacker and incorporate it into future transactions; the amount of computing power necessary to out-invest those other parties quickly becomes too enormous for any one entity to invest. Within hours, one transaction will be universal, and the other forgotten. Hence, Bitcoin is an acceptable cypherpunk currency: it is decentralized, parties participate out of self-interest, and it is economically infeasible to attack Bitcoin directly. # Silk Road as Cyphernomicon’s black markets The Silk Road (SR) is a website accessible through the Tor anonymizing network. Tor is descended from cypherpunk designs for anonymous email: messages are swapped by servers in the mix network with changing cryptographic wrappers, so observers cannot tell what server a message ultimately ends up at nor who sent a message. Buyers create accounts, send bitcoins to SR-controlled addresses, browse vendor pages, and order quantities similar to any e-commerce site. (Contrary to descriptions of SR as the eBay of drugs, SR is more akin to shopping on Amazon Marketplaces than eBay: there are no auction features.) SR has been covered in the media for years and is still operating successfully, indeed, Christin 2012 calculated a monthly turnover of ~$1.2m for annual revenue of ~15m from 2011-2012, with daily sales volume: The design of SR could be taken straight out of early ’90s cypherpunk - most of the design can be justified in Timothy C. May’s 1994 Cyphernomicon, itself mostly a summary of much earlier discussions. (In an amusing historical coincidence, May happens to mention an old digital currency proposal called… The Digital Silk Road.) The SR is an unregulated black marketplace which is: • reached via a anonymizing mix network • made up of pseudonymous entities, who • communicate privately and securely via public-key cryptography to arrange purchases • using escrow schemes for payment of vendors only on receipt of goods • said vendors post the equivalent of bonds as surety before being allowed to sell • and buyers publicly rate their vendors (so the marketplace avoids becoming a lemon market) From an economic point of view, several measures serve to make incentives align: • SR is paid as a percentage of transactions; hence, it is motivated to encourage as high a turnover as possible, and maintain the satisfaction of both buyers and sellers • Sellers are encouraged to not scam buyers because they will not gain access to bitcoins in escrow and enough violations will forfeit their deposit held by SR • Buyers have limited incentive to scam sellers because their bitcoins are paid in advance and not under their control; SR arbitrates disputes and more than a few bad transactions can lead to their balances forfeited and being blacklisted, limiting their ability to scam large amounts And as far as people outside the marketplace are concerned, there is a network effect at play: the better incentives align, the more buyer and sellers there will be, and they will lead to better selections and lower prices. All familiar economic results about normal thick commodity markets, but perhaps unexpected to see in such an exotic marketplace. ## Escrow One aspect of the incentives deserves coverage as most presciently discussed by the cypherpunks and underappreciated by users: the use of escrow. Timothy c. May’s chapter 12 (Legal Issues: Loose Ends: Escrow Agents) lays out the necessity of escrow when a marketplace uses both pseudonymity and untraceable digital cash: On-line clearing has the possible danger implicit in all trades that Alice will hand over the money, Bob will verify that it has cleared into his account (in older terms, Bob would await word that his Swiss bank account has just been credited), and then Bob will fail to complete his end of the bargain. If the transaction is truly anonymous, over computer lines, then of course Bob just hangs up his modem and the connection is broken. This situation is as old as time, and has always involved protocols in which trust, repeat business, etc., are factors. Or escrow agents. …In steps Esther’s Escrow Service. She is also untraceable, but has established a digitally-signed presence and a good reputation for fairness. Her business is in being an escrow agent, like a bonding agency, not in burning either party. (The math of this is interesting: as long as the profits to be gained from any small set of transactions is less than her reputation capital, it is in her interest to forego the profits from burning and be honest. It is also possible to arrange that Esther cannot profit from burning either Alice or Bob or both of them, e.g., by suitably encrypting the escrowed stuff.) Alice can put her part of the transaction into escrow with Esther, Bob can do the same, and then Esther can release the items to the parties when conditions are met, when both parties agree, when adjudication of some sort occurs, etc. (There a dozen issues here, of course, about how disputes are settled, about how parties satisfy themselves that Esther has the items she says she has, etc.) Esther is SR, on-line clearing is bitcoins, Alice is a buyer and Bob the seller, but otherwise the logic is clear and unmistakable: lack of escrow leads to a perverse incentive for Bob to scam Alice. We can see the proof in practice. For various reasons, SR provides buyers the option of releasing their funds from escrow to the seller, called early finalization; early finalization is one of the leading mechanisms for seller scams on SR. The cardinal example is the April 2012 scam where a trusted seller took the occasion of a SR-wide sales event (where SR waived its fees) to announce unusually low prices, took in hundreds of large orders totaling thousands of bitcoins (the equivalent of >50,000) but requiring early finalization, withdrew all funds, and never delivered. A simple enough scam, yet highly effective: as May and other cypherpunks pointed out decades before, one should never entrust a pseudonymous agent with more liquid anonymous cash than its reputation capital is worth! One can entrust the agent with less liquid anonymous cash (not enough to burn one’s reputation in exchange for), or one could entrust the agent with more escrowed anonymous cash (so they cannot rip-and-run), but not both more and un-escrowed (which is paying them to scam you).

(This could be helped slightly by providing more information about sellers, like listing the outstanding balance for vendors so buyers can be wary of any vendor with an unusually large outstanding balance; but buyers will still be attracted by sales as excuses for finalizing early, and vendors could simply split their activity over multiple accounts. Escrow remains the best solution.)

# Silk Road as a marketplace

Beyond the basic cryptographic tools and features of the site itself, SR embodies the cypherpunk dream of letting free-market forces operate to inform buyers and let them find sellers with whom they can reach mutually acceptable agreements. There is no better way to demonstrate this dynamic than with a detailed example using real SR data of a hypothetical buyer compiling the information SR provides, making inferences on the provided data, applying his desires to appraise each seller’s wares, trading off various criteria such as risk versus price, and finally settling on a particular product.

But one wonders: what is using it like? Does it have a decent selection? Is it safe? Ridden with scammers? Has it succumbed to an Eternal September (I used SR when it was still underground)? Shouldn’t we keep quiet about it like Fight Club?

Unsurprisingly, it’s hard to find solid information on how many people have been busted using SR or what happened to them, and the consequences will depend on the specific substance and amounts. For example, modafinil seems to be de facto not prosecuted in the US, and the failure rates of importing from online pharmacies seem to be in the <10% range according to buyer anecdotes and 1 seller. Some users report occasional interceptions, but others claim flawless delivery records (even someone claiming to buy $50k of opiates a year on SR). General descriptions of drug importation also suggest low interception rates (as makes sense given the very large quantities of drugs sold every day); for example, 2 English drug journalists discussing their most recent book: Q: How much of the drugs that enter the country are actually seized by police? A: I think the figure that’s quoted in our book is about 1%; it really is a fraction of what gets in. There was one conversation I had with a chap who had access to the Serious Organised Crime Agency who said that if people knew how easy it was, then more people would do it. Buyers and sellers seem to be treated differently as well: in the 2012 bust of the insecure Farmer’s Market (see later footnote), the indictment only lists sellers and no buyers. Gawker covers another case of a Canadian cocaine exporter apparently busted because they accepted payment via Western Union. An Australian student’s MDMA was intercepted by Customs but the article makes no mention of him being penalized, a later prosecution & conviction of a SR vendor seems to have been related to a Customs interception of his large imports from Netherlands/Germany, and 2 teens made the mistake of ordering so much that their parents turned them in. Another Australian vendor was pulled over by police in April 2012 while driving to the post office to mail shipments, the drugs found, his house searched, and was sentenced to 5 years (discussion). A 7 November 2012 Australian article claims 30 interceptions a month in an area, but mentions nothing specific about arrests. A December 2012 article quotes Customs claiming a 40% increase in seizures, but then quotes a SR seller as claiming a doubling or quadrupling of Australian buyers (hence, implying the interception rate has halved or worse). Estimating total number of Australian users is difficult, but the Global Drug Survey reportedly found 184 SR purchasers in its sample of >6600 Australians suggesting a risk of arrest or publicity $<\frac{5}{184}$ (and incidentally, remembering this is a biased sample and the South Australian recent illicit drug use rate is ~14.9%, it suggests a very loose upper bound of all Australian SR users of $23000000×0.149×\frac{184}{6600}<95541$). A New Zealand Customs officer who likely used SR was charged with possessing & supplying methamphetamine but this was uncovered during police inquiries into another crime, with the resolution unclear. A young NZer’s MDMA was confiscated by Customs and his house visited, whereupon he admitted guilt to the officers and unsurprisingly was arrested & convicted. What seems to be a third NZer was sentenced to 18 months probation. A NZer was arrested in April 2013 over multiple very large orders from an online site, which may or may not have been SR. That article estimates 52m items passing through Customs in 2012 with 1.4k intercepted as drugs; an earlier NZ article claimed 80 interceptions a month with 7 arrests January-July 2012 or 1 arrest a month (suggesting each interception has a risk of leading to an arrest of ~1/80; the risk per order then depends on how many of the 52m items were drug packages). American cases are much harder to find. A GlobalPost article mentions 8 arrests in connection with online drug trafficking, although none involved Silk Road. In February 2013, there were two cases of Americans being busted in Florida and Louisiana by signing for MDMA in a controlled delivery; the simultaneity, drug type, & amount immediately led to speculation that they were both ordering from the SR MDMA vendor luckylucianno who was previously having issues with order interceptions, which was confirmed when one of the arrested men posted on the SR forums warning away others and relevant threads were deleted by forum moderators (although a moderator claimed the Louisiana bust was unrelated to SR or the Florida bust). A teen in Indiana was arrested in 2013 after his mother informed on him. I also know of another case involving an American who was convicted after a controlled delivery of LSD mailed from the Netherlands; his package was likely detected. SR forum posters have claimed that a DMT vendor, a cocaine vendor, and 2 other vendors have all been busted but apparently for their offline connections and activities (eg. the poster claims the DMT vendor had too many people visiting and his neighbors squealed). Security-wise, SR seems to be receiving passing grades from law enforcement agencies internally; a leaked FBI report mentioned no attacks against SR, anonymous anecdotes claim the DEA is stymied4, while a May 2012 Australian document reportedly praised the security of vendor packaging and general site security. My belief is that SR can be taken down; however, I am not sure LE (law enforcement) has permission to use the tactics necessary - explaining the lack of suggested attacks or realistic attacks in the leaked FBI Bitcoin paper and summaries of the leaked Australian SR paper (respectively). My two suggested attacks are 1. DDoSing the SR site, rendering it unusable (and congesting the overall Tor network) 2. fake buyer & seller accounts leading up to a single large scam. Attack #1 would make the site simply unusable, and can be done on any address SR runs on since the address has to be widely known or how will the buyers & sellers know where to go? This would require a few dozen nodes, at least, although I’m not actually sure how hard it is to DDoS a Tor hidden server. Attack #2 would require a fairly substantial financial investment, but depending on how effective the final step is, may actually run at a profit. Repeated, this would massively destroy buyers’ trust in SR, especially since there are usually only a few hundred active sellers at any point. (pine, commenting on how the competing black-market Atlantis does in-browser encryption which I criticized as security theater & Hushmail redux, points out the Eternal September version of this scenario: the more newbie buyers who are too lazy or arrogant to use PGP, the more attractive an attack on SR becomes to pick up all the buyer addresses being sent in the clear and the more feasible a mass raid becomes.) Fortunately, I don’t think LE is authorized to engage in cyberwar (#1) or mass entrapment & fraud (#2) - and who knows, maybe SR could survive both. We’ll see. In particular, I am impressed that after years of operation as of April 2013, SR seems to have never been seriously hacked or broken into: in that time, there have been many hacks of other sites and >9 hacks of Bitcoin currency exchanges. There has been a perennial forum spam problem, and in late 2012, there was a SQL injection attack leading to images being corrupted with false addresses and a few people losing their money by not being suspicious, but that seems to be it. And SR is the biggest target out there besides MtGox, for multiple reasons - the sheer amounts that pass through it, the potential of it being a small team rather than a professional group (how do you hire penetration testers when you’re SR?), the unusual products you can order, the notoriety one would earn, and finally, the lulz value of their databases (suppose someone were able to harvest addresses & names that are foolishly sent to vendors in the clear & unencrypted; imagine the lulz value of releasing them all in a big dump! People would be wetting their pants worldwide, since despite all warnings, there are always users who will not bother encrypting their addresses.) ## Fight Club Whenever classic (and illegal) cypherpunk applications are implemented using Bitcoin, you are sure to find someone complaining that you must not talk about Fight Club - how will that play in Peoria⸮ You will find quite a few, actually, as much as one would expect Bitcoin to select for hard-core libertarian types5 or techies who have internalized the Streisand effect; indeed, the moderators of the Bitcoin forum have - in a crime against history - deleted the early threads about SR, including the thread that saw SR announced. (I posted a short thread linking this page, and I give it about 25% odds of being moderated/deleted; a few hours later, the thread had been deleted. I had drastically underestimated the cowardice of the forum moderators.) This is a certain double-bind and unfairness in such criticism. Would such critics be congratulating me if this article turned out to help Bitcoin by discussing and documenting a demand driver and important test-case? I suspect they wouldn’t. Their argument is unfalsifiable and based more on their prejudices than hard data. To such people, my general reply is: what makes you think I want Bitcoin to succeed? It’s interesting but that doesn’t mean I have drank the Kool-Aid. If SR coverage hurt Bitcoin, I may not care. And I would argue the contrary: I believe SR coverage helps Bitcoin. SR has not been harmed by its national coverage; the number of accounts and transactions have all increased dramatically, and SR’s admin has stated his satisfaction with the new status quo on the SR forums and on Gawker, and said later that Silk Road was never meant to be private and exclusive. (9 January 2012, State of the Road Address (non-Tor mirror)); as has a co-founder of a British Bitcoin exchange. Not that the SR admin ever sought secrecy - he announced SR’s official opening on the Bitcoin forums! Purchases of Bitcoin noticeably spiked after the Gawker article as already mentioned, and one cannot buy that much publicity. One might say of self-censorship that C’est pire qu’un crime, c’est une faute. And suppose SR coverage did hurt Bitcoin even to the extent that it would be worth devoting one neuron to thinking about it; I would publish anyway because that would mean that the Bitcoin experiment has failed and must be terminated immediately. If Bitcoin is not safe for the drug dealers, then it is not safe for anyone; if Bitcoin can be hurt by the truth, then it is already doomed - you cannot build on quicksand, and that which can be destroyed by the truth should be. Good game, chaps, let’s all meet back here when the next Satoshi Nakamoto figures out how to patch the vulnerabilities. # Preparations But besides all that, how well does it work? No way to know but to go. So, let’s take a brazen stroll down the SR. SR’s 2 technical claims to fame are the exclusive use of Bitcoins for payment, and access only through the anonymizing Tor network, on which SR and the Silk Road forum live as hidden sites - both you and the server funnel your requests into a set of Tor nodes and you meet in the middle. (This isn’t as slow as it might sound, and hidden sites eliminate the main security weakness of Tor: evil exit nodes.) Tor itself is secure, but this doesn’t mean as much as one might think it means: while Tor itself is basically the securest software you will ever use (or at least, it is far from the weakest link in your chain), what always kills you is what you choose to communicate over Tor: what you browser sends or doesn’t send, or the mailing address you foolishly choose to send over it plaintext & unencrypted (vulnerable until the item ships) or the revealing message (vulnerable >2 months)6, or the pseudonym you choose to confide in, etc. Tor is a tool which does one thing very well: keeps secret the communication between your computer and someone else’s computer. It does nothing whatsoever about anything that other computer may be able to figure out or record about you or what you choose to send. The perfectly secure envelope does little good if the person you’re mailing your confession to is a policeman. But as any kidnapper knows, you can communicate your demands easily enough, but how do you drop off the victim and grab the suitcase of cash without being nabbed? This has been a severe security problem forever. And bitcoins go a long way towards resolving it. So the additional security from use of Bitcoin is nontrivial. As it happened, I already had some bitcoins. (Typically, one buys bitcoins on an exchange like Mt.Gox; the era of easy profitable mining passed long ago.) Tor was a little more tricky, but on my Debian system, it required simply following the official install guide: apt-get install the Tor and Polipo programs, stick in the proper config file, and then install the Torbutton. Alternately, one could use the Tor browser bundle which packages up the Tor daemon, proxy, and a web browser all configured to work together; I’ve never used it but I have heard it is convenient. Other options include entire OSes like Tails or Liberté Linux, which can be used on bootable Flash drives. (I also usually set my Tor installation to be a Tor server as well - this gives me both more anonymity, speeds up my connections since the first hop/connection is unnecessary, and helps the Tor network & community by donating bandwidth.) # Silk Road With Tor running and the Torbutton enabled in the browser (along with any privacy mode), we can easily connect to Silk Road; we simply visit http://silkroadvb5piz3r.onion7. (Newbies to Tor might wonder why the gibberish address. The address is derived from the public key of the server, making it more difficult for an attacker to pretend to be the real SR or do a man in the middle attack.) Upon connecting, you will see a bare log-in form: Alternately, you might see an error page like the following; SR is occasionally down for maintenance & new features or temporarily overloaded. Usually waiting a minute is enough, and longer downtimes are discussed on the SR forums. Click on the join, and you will be taken to another page for registering your account, much like any other site. Invitations are not currently required, although to register a seller account is neither easy nor cheap, see later sections. (I suggest picking a strong password8. Learn from the Mt.Gox fiasco.) With your new account, you can now log in and see what there is to see on the main page: Notice at the bottom, below the random selections, is a section listing all the most recent reviews from buyers; feedback from buyers, like on Amazon or eBay, is crucial to keeping the system honest: The stimulants category contains much what you’d expect: Moving on, we have the section for selling forgeries: # Anonymity Well, you’ve browsed through the SR proper. You can also visit the official SR forums at http://dkn255hz262ypmii.onion9. The discussions are fairly active, but most importantly, the forums are where official rule changes to SR are announced by the SR administrator. We have window-shopped long enough. It’s time to take the plunge and buy something. Bitcoin developer Jeff Garzik is quoted in the Gawker article as saying that Attempting major illicit transactions with bitcoin, given existing statistical analysis techniques deployed in the field by law enforcement, is pretty damned dumb. Fortunately I do not plan major transactions, and in any case, I tend to suspect that said statistical techniques are overblown; a few academics have published initial investigations into tracing transactions and examining the larger Bitcoin economy, and have linked transactions to individuals, but as of 2012 have only done so with addresses publicly linked to identities, and not broken the anonymity of people trying to be anonymous. The public nature of transactions means that many interesting connections & graphs can be generated and analyzed. But fortunately, it’s straightforward to anonymize Bitcoin transactions (mixing services) by a method analogous to the Tor network we are relying upon already: route the money through several intermediaries in several quantities and reconstructing the path backwards becomes nontrivial. My own method was to route 4 bitcoins through Mt.Gox (this was before the hacking, a series of events which confirmed my own resolution to keep a balance at Mt.Gox for as short a time as possible; a retrospective analysis of Bitcoin exchanges suggests that for every month you keep a balance at an exchange, you run a ~1% chance of losing your money), then through MyBitcoin (which at the time was still considered trustworthy)10. This was straightforward - sign up for a throwaway account: Then deposit to the one-use address: A day or three later, I am tired enough of the game to route my Bitcoins into the last set of anonymizing mixes, SR’s own cointumbler. How do we do a deposit? We click on the link in the profile and see: No big surprise there - it’s another one-time address which expired at noon, so there’s no time to shilly-shally: Once deposits have been made or purchases entered into, one’s profile page begins to look like this: # Shopping It’s a good idea to read the documentation like the SR wiki on Making a successful purchase and the Buyer’s guide (Scammed is good too) before ordering anything. After some browsing, I personally decided on an offering of the nootropic selegiline. Safe, potentially useful, and not even especially illegal. The price was right: Should I buy it? ## Evaluating sellers Now, you will notice that for most sellers, there is no (99) or (100) after the seller’s name; for example, this random seller has no such indicator: This is due to the simple fact that when I joined, the post-Gawker rush had resulted in membership jumping from the high-hundreds/low-thousands range to north of 10,000 accounts, and while many transactions had been entered into, the reviews and closures of transactions had only started. So I was not too bothered by the lack of feedback on this seller profile. I also used the handy SR forums and found no bad mentions of the seller. The user number was not terribly high, the description was detailed enough that it looked like he took selling seriously, there are no bad reviews, they posted a public key, etc. So, I was willing to take a chance on him. Both the seller and the example above had standard PGP-compliant public keys posted (the long string of gibberish under that odd header - quite unmistakable), which one will need to encrypt the personal information one sends the seller11. (It is a given on SR that sellers have public keys; any sellers who does not provide public keys should be shunned no matter how good they seem, and you instantly fail at security if you send the seller the address unencrypted. You are also making SR a bigger target by doing stuff in the clear, because the site is holding more valuable information.) Public-key cryptography is an old and vital concept to understand, and there are a great many descriptions or introductions online so I will not explain it further here. I add it to my cart (no one-click checkout, so at least SR doesn’t have to worry about Amazon!): Notice the address field. Now, I could be a chump and put down my friend’s address in the clear. But what if SR itself is compromised? Right now, SR doesn’t have anything about me, but the address is a good starting place for finding me. So, I go to the seller’s profile, and like the example above, my seller has posted his public key. I want to encrypt the address against that public key. How? ## Encryption There are a great many guides to GPG; the official GPG handbook or Ubuntu guide work well enough. (The SR wiki page mostly discusses where to get PGP-like software.) To summarize what I did: 1. I copy the public key into a text file named key.txt 2. I tell GPG to memorize it: gpg --import key.txt GPG will spit out some output about how it now knows the public key of [email protected] /* <![CDATA[ */ (function(){try{var s,a,i,j,r,c,l,b=document.getElementsByTagName("script");l=b[b.length-1].previousSibling;a=l.getAttribute('data-cfemail');if(a){s='';r=parseInt(a.substr(0,2),16);for(j=2;a.length-j;j+=2){c=parseInt(a.substr(j,2),16)^r;s+=String.fromCharCode(c);}s=document.createTextNode(s);l.parentNode.replaceChild(s,l);}}catch(e){}})(); /* ]]> */  etc. 3. I write down her address in a file, address.txt, 4. and I encrypt it: gpg --recipient [email protected] /* <![CDATA[ */ (function(){try{var s,a,i,j,r,c,l,b=document.getElementsByTagName("script");l=b[b.length-1].previousSibling;a=l.getAttribute('data-cfemail');if(a){s='';r=parseInt(a.substr(0,2),16);for(j=2;a.length-j;j+=2){c=parseInt(a.substr(j,2),16)^r;s+=String.fromCharCode(c);}s=document.createTextNode(s);l.parentNode.replaceChild(s,l);}}catch(e){}})(); /* ]]> */ --encrypt address.txt --output address.gpg --armor Hopefully the options make sense. (We need --armor to get an ASCII text encrypted file which we can copy-and-paste into the shopping cart’s address form, rather than a smaller file of binary gibberish.) An example of doing this right: Now, one might wonder how one would post one’s own public key in case one asks questions and would like the answers from the seller to be as encrypted as one’s addresses. It’s easy to make one with gpg --gen-key and then a gpg --armor --export USERNAME, but where to post it? It used to be that you could simply push a button in your profile to register as a seller and then fill your own profile field with the public key like any seller, and I did just that. But SR closed free seller accounts and required large up-front deposits, and has announced (non-Tor mirror using Tor2Web) that they are being auctioned off. The justification for this (mirror) is SR claims to have received an anonymous threat to register many free seller accounts and simply mail poisoned pills out (which he alluded to earlier (mirror)). Hopefully buyers will soon be able to edit their profile, but until then, there is a thread on the SR forums (mirror) devoted to buyers posting their public keys. ## Now what? Once you have submitted the order, the ball is in the seller’s court. The order is listed in your shopping cart as processing: Your balance also instantly decreases by the price, and if you look at your balance/transactions page, you will notice that that amount is listed as in escrow12. SR holds onto your Bitcoins until you finalize13 the transaction with a review - one of the protections for the buyers. It’s worth noting that the buyers bear the real risk on SR. A seller can easily anonymize themselves and send packages without difficulty: simply drive out of town to an obscure post office and mail it, leaving behind fuzzy surveillance recordings, if even that14. (See the SR subforum on shipping (mirror).) A buyer, on the other hand, must at some point be physically present to consume the ordered drugs or items. There’s no way to cleanly separate herself from the shipment like the seller can. Shipping is so safe for the seller that many of them will, without complaint, ship worldwide or across national borders because customs so rarely stops drug shipments. For example, I have never had a shipment of anything I have ordered from any site stopped or apparently even looked at hard by a Customs official. In the 2 SR orders’ cases, this turned out to be irrelevant as both sellers were in-country. Christin 2012 remarks with surprise on how freely sellers sell internationally, but rightly looks to the minimal risks sellers bear and incentive they have for broad markets to explain this casual disregard. I check in 1 day later: the order still processing. Items apparently aren’t public once you’ve escrowed your dosh. 2 days later: still processing. 3 days later: canceled! My Bitcoins are unlocked, of course, but I’m not keen on ordering again right away. Need to browse more and look for deals. The cancellation message is not very informative: Well sure, but why was it canceled? I speculate the seller decided he didn’t want to send outside the EU despite his listing claiming he would - perhaps shipping cost more than he had factored into his price. (I checked back a few weeks later, and the seller says he canceled all orders and got a new public key because the Mt.Gox exploits have made him paranoid. I can’t really fault him with that rationale. I wish he had mentioned it before, I would have cut him some slack.) ## Try, try again After some more browsing, I decide to go with either the cheapest Adderall or the new modafinil posting, which mentioned being Provigil. (Here it was that I decided my ordering risk is very small, for a variety of reasons15, and to go forward with my investigation.) But is it real branded Provigil or just the usual Indian generics? Also, the Adderall seller has no public key listed! I take this opportunity to message the two, asking for more information and to post a public key, respectively. Both have replied the next day; the Adderall seller has put up his public key, and the modafinil seller clarifies it’s Indian - but it doesn’t matter since the item’s page has disappeared, indicating someone bought it already. Naturally, I reply and then delete all messages. One must assume that SR will be compromised at some point… But the Adderall it is. The listing looks pretty good, and the price per pill is superior to that I was quoted by one of my college-age friends (less than 1/3 the price, although to be fair it was nearing exams time) and also better than the Adderall price quote in the New Yorker,$15 for 20mg:

1 day after ordering: still processing, and 2 days, in transit:

## Evaluating and reviewing

3rd day: still in transit. 4th day: the package arrived! I go over immediately, and it’s this harmless-looking little padded mailer. One would not suspect it of anything nefarious, not with those cute stamps16:

The contents are as described, 10 blue Adderall, in a double ziplock baggy (the vacuum-sealed bags are not needed for a drug this low on the importance scale - there are no drug dogs for Adderall):

While I have never used Adderall before, the effects are noticeable enough that I am convinced after the first dose that they are genuine (I have continued to experiment with them to somewhat lesser effect). The very sharp-eyed will notice that these are the generic Adderall pills, but as it turns out, the generic Adderall pills are manufactured by the exact same pharmacorp as the branded Adderall - the two products are probably a case of price discrimination. Economics can be a counter-intuitive thing. I also ordered generic armodafinil with similar steps since the armodafinil was noticeably cheaper than the regular Indian generic modafinil:

They work fine (I have begun experimenting with them), and I leave the seller a nice review. My third order proceeds as straightforwardly as the second order, and results in an even better packaged shipment of product that seems to be genuine as far as I can tell. Heedful of the risks and probabilities, I leave another nice review; the review form (reached when you click the finalize link) is as straightforward as the rest of the process:

Feedback is an important part of the process. I was surprised to revisit one of my seller’s page when 3 or 4 of his transactions has caused him to go from no reviews to 4 positive reviews, and see that his prices had increased a good 30 or 40%. Apparently he had been selling at a considerable discount to drum up reviews. This suggests to me, at least, that existing SR users are a bit too chary of new sellers.

Another transaction; 10x100mg Modalert ordered from an English seller, arrived in larger than one would expect packaging (which contained a pretty nifty way to hide a shipment, but I will omit those details):

The Modalert was what one would expect:

A final example: I search for modafinil:

I finally decide to order 80x150 armodafinil from a French seller (not so cheap as before):

2 weeks later, it arrived in heavily folded paper inside this envelope:

Containing the agreed-upon purchase:

# LSD case study

With Adderall & modafinil, the vendor choices were restricted enough and scams rare enough that I did not need to think hard about the process. With LSD, this ease vanished: there was a bewildering array of options and scammers were an acknowledged plague. This means that a hypothetical LSD order would serve as motivation for a case study of a systematic approach to evaluating the available information (but mostly an excuse to collect some unusual data and apply some statistical reasoning).

## Vendor table

Background reading: Official discussion thread of current LSD vendors & Collective Acid Database.

This table of blotter listings <฿12 which ship to USA was compiled 3 September 2012 from SR search results for LSD. Note that the table is now entirely obsolete and not useful for ordering; this and following material are presented as merely an example of how one could have ordered at that time.

Listing # μg ฿ S&H μg/฿ Transit User Age (days) FE Feedback Weighted μg/฿ Threads LSD reviews Forum hits
Matrix™ 5 250 11.67 1.75 93 international EnterTheMatrix 360 yes? 300(98.7%) 9017 EnterTheMatrix reviews many many
Alice in Wonderland 5 120 6.99 0.42 81 international aakoven 360 no?18 300(93.7%) 74 aakoven reviews >6 18019
Hoffman Now 2 110 2.96 0.34 7020 international PremiumDutch 360 yes 300(97.3%) 67 N/A 2 6021
Synaptic22
5LSD Blotter 5 200 7.45 0.58 125 international juergen2001 360 yes 300(95.1%) 115 juergen2001 reviews >18 90
Trip 5 150 8.02 0 94 domestic lonely kamel 120 no 173(93.4%) 84 LK 1 LK 2 0 2023
2 pcs Maya 2 250 4.12 1.42 104 international VitaCat 120 no? 300(99.9%) 103 VitaCat reviews many many24
5 pcs Maya 5 250 10.21 1.42 107 international VitaCat 120 no? 300(99.9%) 106 VitaCat reviews many many
Premium LSD tabs 5 ? 6.99 0 72 domestic No FE ever 60 no 68(99.1%) 67 NFE 1, NFE 2 2 2225
Mayan 1 1 125 0.83 0.32 143 international nipplesuckcanuck 60 yes? 127(97.6%) 134 nipplesuckcanuck reviews ? 11
Mayan 2 10 125 7.19 0.49 163 international nipplesuckcanuck 60 yes? 127(97.6%) 153 nipplesuckcanuck reviews 3 11
Shiva 2 100 2.18 0.18 85 domestic graffenburg 30 no 76(100%) 82 N/A 0 926
Hoffmann bike rides 5 150 7.53 0 100 international Machine Maid 30 no 10(100%) 74 N/A 0 1
3Jane Latest 5 100 7.36 0.59 63 domestic Molly Want a Cracker 24 no 28(100%) 57 Molly reviews 0 9
Beetles Stamps 5 150 4.28 0 175 domestic USAReshipper 10 no 0(?%) 88 N/A 0 327
5 strip Real Love 5 150? 6.41 0.29 112 domestic Ladylucy 4 ? 0(?%) 56 Ladylucy reviews 0 3
Koi Fish 1 250 2.51 0.6 80 international aciddotcom 7 yes 0(0%) 40 N/A 0 0

An anonymous email provided me in November 2012 with a catalogue from a Dutch bulk vendor who sells LSD (among other things); their listed prices serve as a useful comparison:

Blotter brand Dose (μg) Unit-count unit-price (€) min. total cost (€) min. μg/€
Fat & Freddy’s 200-250 100-1000 4.75 475 42.1
Fat & Freddy’s 200-250 2000-4000 4.25 8500 47
Fat & Freddy’s 200-250 5000-9000 3.90 19500 51.3
Fat & Freddy’s 200-250 10000+ negotiable ? ?
Ganesha 100-120 100-1000 2.50 250 40
Ganesha 100-120 2000-4000 2.25 4500 44.4
Ganesha 100-120 5000-9000 1.70 8500 58.8
Ganesha 100-120 10000+ negotiable ? ?
Hofmann bicycle man 100-120 100-1000 2.50 250 40
Hofmann bicycle man 100-120 2000-4000 2.25 4500 44.4
Hofmann bicycle man 100-120 5000-9000 1.70 8500 58.8
Hofmann bicycle man 100-120 10000+ negotiable ? ?

To convert ฿ to € (as of 3 September 2012), we multiply by 8.3. So for comparison, the top Dutch blotter was 58.8μg/€, and the top unweighted SR blotter was 163μg/฿; in €, the SR becomes 163μg/8.3฿ or 19.64μg/€, indicating that a small SR purchase with S&H will have a unit-price 3x of a large Dutch purchase minus S&H.

A factor of 3 seems pretty reasonable, given the very large markups along the LSD supply-chain. 2003 trial testimony28 for the American LSD chemist William Leonard Pickard stated that his wholesale customers paid him ~$0.3 per 100μg, or (as of 3 September 2012) 0.0286฿ per 100μg, or 3497μg/฿. (A stark contrast to 163μg/฿!) ## Description Some general observations on this table of a subset of LSD vendors: 1. There’s a striking number of new sellers: listings from young accounts (<=2 months old) make up more than half the table. I’ve seen many complaints about a lack of US sellers but it seems the market is responding. 2. There are dismayingly few LSD reviews on the forums for any vendor except EnterTheMatrix; this seems to be partially due to the presence of many vendors not specializing in LSD. 3. Long-term feedback below 95% is a warning sign. Of the 3 old vendors with ~95% or less feedback (aakoven, juergen2001, & lonely kamel), all 3 have plenty of bad feedback on the forums. If it were just one that had both bad feedback and bad forum comments, it might be some sort of astroturfing or hating (as aakoven pre-emptively accuses his bad feedback rating), but when all 3 have both bad forums and feedback ratings? Makes one wonder… Nor is that the cost of doing business for very old vendor accounts, since we see that the similarly old EnterTheMatrix29 & PremiumDutch ratings are solidly better. Since their μg/฿ are not stellar (save juergen2001’s), it’s not clear why anyone would buy from them. 4. Some of the new sellers seem to have a lot of feedback (eg. No FE ever or nipplesuckcanuck), but looking at their feedback, we see a great deal of early finalization! This renders them pretty suspect. And of course, the 3 youngest sellers have no feedback at all. This is a problem because scammers are a serious problem with LSD vendors; a quick read of forum threads lists 5 scammers over the past 3 months: Kat, Gar, Bloomingcolor, Fractaldelic, & DiMensionalTraveler. 5. The range of μg/฿ is interesting: a full order of magnitude is represented, from the low of 63μg/฿ to 175μg/฿. Perhaps surprisingly, this range doesn’t go away when I try to adjust for risk based on reviews: now the full range is 40μg/฿ (aciddotcom) to 153μg/฿ (nipplesuckcanuck). ## Analysis ### Quantitative In my modafinil article I discussed some basic statistical techniques for optimizing orders under uncertainty: one-shot ordering, repeated ordering with free learning, & repeated ordering with expensive learning. In this case, it’s a single order, so one-short ordering it is. One-shot ordering simply counsels ordering from a mix of the cheapest and the safest vendor - what maximizes one’s expected value (EV), which is just $\mathrm{\text{risk}}×\mathrm{\text{reward}}=\mathrm{\text{EV}}$. The reward is easy: total dose divided by total cost. The risk is harder: the vendors do not conveniently volunteer how likely you are to be scammed. The obvious way to quantify risk is to just take the feedback at face-value: a 97% rating says I am taking a 3% chance I will be screwed over. Multiply that by the reward, sort to find the largest EV, and we’re done. An objection: Are you seriously saying that a vendor with 1 bad review out of 100 is equally trustworthy as a vendor with 3 bad reviews out of 300, and that both of them are less trustworthy than a vendor with 0 bad reviews out of 10? It does seem intuitive that the 300 guy’s 99% is more reliable than the 100 guy’s 99%; the 10 guy may have a perfect 100% now, but could easily wind up with something much lower after he’s sold 100 or 300 things, and we would rather not be one of the buyers who causes those shifts downward. So. Suppose we pretended reviews were like polling or surveys which are drawing votes from a population with an unknown number of bad apples. We could call it a draw from a binomial distribution. We’re not interested in the optimistic question of how good could these vendors turn out to be?, but rather we are interested in finding out how bad these vendors might truly be. What’s the worst plausible vendor future rating given their existing ratings? We can ask for a confidence interval and look at the lower bound. (Lower bounds remind us no vendor is 100% trustworthy, and indeed, pace the hope function, the higher their rating the greater their incentive to require FEs and disappear with one last giant haul; the actual SR feedback system seems to use some sort of weighted average.) This gives us the pessimistic percentage of feedback which we can then interpret as the risk that we will be one of those bad feedbacks, and then we can finally do the simple expected-value calculation of μg/฿ times probability of being happy. What are the results? The numbers were calculated as follows: # Frequentist analysis: # http://en.wikipedia.org/wiki/Binomial_proportion_confidence_interval#Clopper-Pearson_interval y <- function(ugbtc,n,pct) {((binom.test(round((pct/100)*n),n,conf.level=0.90))$conf.int):1 * ugbtc}
# Binomial CI doesn't work on 0 data; what do we do? Punt with the age-old 50%/coin-flip/equal-indifference
# Why 90% CIs? Fake feedback skews the stats up and down, so we might as well get narrower intervals...
c(y(63,28,100), y(70,300,97.3), y(72,68,99.1), 90*0.5, y(81,300,93.7), y(85,76,100), y(93,300,98.7),
y(94,173,93.4), y(100,10,100), 112*0.5, y(125,300,95.1), y(143 127,97.6), y(163,127,97.6), 175*0.5)
[1]  56.60766  66.66799  67.11326  45.00000  73.58456  81.71468  90.18671
[8]  84.31314  74.11344  56.00000 115.50641 134.43170 153.23333  87.50000

# Question: what if we use a Bayesian Jeffreys interval?
# http://en.wikipedia.org/wiki/Binomial_proportion_confidence_interval#Jeffreys_interval
install.packages("MKmisc")
library(MKmisc)
y <- function(ugbtc,n,percent) {binomCI(x=round((percent/100)*n),n=n,conf.level=0.90,
method ="jeffreys")$CI:1 * ugbtc } c(y(63,28,100), y(70,300,97.3), y(72,68,99.1), 90*0.5, y(81,300,93.7), y(85,76,100), y(93,300,98.7), y(94,173,93.4), y(100,10,100), 112*0.5, y(125,300,95.1), y(143,127,97.6), y(163,127,97.6), 175*0.5) [1] 58.85933 66.81522 67.96488 45.00000 73.74114 82.88563 90.39917 [8] 84.64024 82.92269 56.00000 115.75319 135.22059 154.13256 87.50000 # Answer: it's almost identical. # If Bayesian and frequentist methods differed much, one would be wrong and no one would use it! # let's look in further, how *exactly* do the ug/btc ratings differ? binom <- c(56.60766, 66.66799, 67.11326, 45.00000, 73.58456, 81.71468, 90.18671, 84.31314, 74.11344, 56.00000, 115.50641, 134.43170, 153.23333, 87.50000) jeffreys <- c(58.85933, 66.81522, 67.96488, 45.00000, 73.74114, 82.88563, 90.39917, 84.64024, 82.92269, 56.00000, 115.75319, 135.22059, 154.13256, 87.50000) mapply(function(x,y) round((x-y)/y * 100,digits=2), binom, jeffreys) [1] -3.83 -0.22 -1.25 0.00 -0.21 -1.41 -0.24 -0.39 -10.62 0.00 [11] -0.21 -0.58 -0.58 0.00 # in 1 case, for Machine Maid, the ug/btc estimates differ by 10.62%, which is interesting (This demonstrates, incidentally, that feedback ratings don’t start yielding very high assurance until a surprisingly large number of reviews have been made.) Now we have risk factored in from just the quantitative data of the feedback amount & percentage. But we must be more subjective with the other factors. ### Qualitative We have to look at more qualitative information and start comparing & ranking possibilities. There are a few criteria that one should value; in roughly descending order of importance: 1. old > new 2. high weighted-μg/฿ 3. many reviews on SR & forums 4. no FE > FE 5. domestic > international 6. has feedback thread For a first cut, we look at all items meeting #2, where a good cut off seems to be weighted-μg/฿>90; this is just EnterTheMatrix, juergen2001, VitaCat, and nipplesuckcanuck. A second cut is #1, which deletes nipplesuckcanuck for being too new. #3 is useless, but #4 is helpful: we can scrap juergen2001 for requiring FE; #5 is now useless as both are international, as is #6 since both have feedback threads. So we’re down to VitaCat and EnterTheMatrix. On most of the listed metrics, they are about equal - EnterTheMatrix seems to have an edge in feedback due to greater volume, but it’s hard to say for sure. Going with VitaCat promises to save a little bit of money since his weighted-μg/฿ is ~10 greater. So our analysis winds up with the conclusion of ordering from VitaCat Was this the right choice? I have no idea. The best I can say is that checking the SR forums in December 2012, by which time any September order would have been delivered or not, there were no reports of that vendor being a scammer or having engaged in a rip-and-run, while some of the lower-ranked vendors seem to have disappeared. ### VoI: Ehrlich test We have one last question about ordering: should we buy an Ehrlich test? An Ehrlich test is a reagant for indole alkaloids, a category which includes psychedelics like LSD & psilocybin. As such, it can be used as a kind of quality check. However, while any LSD product will probably trigger a positive, so will other chemicals; and the test itself may simply be wrong. Is an Ehrlich test worth buying? This sounds like a classic Value of Information problem. The only SR listing for an Ehrlich test is a Synaptic listing (a vendor who I have already criticized for shoddy security practice) which both costs >$40 and has a highly negative review! Googling on the open web leads quickly to eztestkits selling for £4.99, which with S&H is probably $10-15, and Avalon Magic Plants for a similar price. The former is clearly a fool’s buy, but the latter may not be. The fundamental question of a VoI analysis is: how would this information change your actions? If the test being positive rather than negative would not lead you to do anything differently, then the information has no (direct) value. # Finis There is no proof of all of the above - anything here could have been faked with Photoshop or simply reused (perhaps I have a legitimate Adderall prescription). Take it for what it is and see whether it convinces you: argument screens off authority. But looking back, I have been lucky: from reading the forums, it’s clear that there are scammers on SR30, and shipments do get lost in the mail or seized or otherwise not delivered. (I do not expect any legal problems; law enforcement always go after the sellers, to achieve maximum impact, and SR presents both technical and jurisdictional problems for law enforcement.) This is inherent to the idea of an anonymous marketplace, but the system worked for me. SR describes it well in one of his messages: Things are going really well here. There are many new buyers and sellers working well together, our servers are secure and humming along, and you may even start to feel comfortable. DO NOT get comfortable! This is not wal-mart, or even amazon.com. It is the wild west and there are as many crooks as there are honest businessmen and women. Keep your guard up and be safe, even paranoid. If you buy from someone without reputation, get to know them really well through pm, and even then be suspicious. Unfortunately it only takes one bad apple to spoil the bunch, and there are bad apples out there. On SR, there are lions and tigers and pigs oh my, but: alea iacta est! Like Bitcoin, SR may live another few months, or another few years, but will it? Like using SR, there’s no way to know but to go. # Future Developments So, we have seen that Bitcoin satisfies an old dilemma bedeviling the early cypherpunks; and we have covered how SR follows recommended design principles in achieving their dream of self-enforcing marketplaces, and then went through a lengthy example of how buyers can rationally order and thereby contribute to the necessary dynamics. The drug market has grown and thrived beyond all expectations, despite an extraordinary - perhaps unprecedented - level of media coverage and transparency of operation. By its mere existence, it lays bare the universality of illicit drug use; by its sales volume, it provides a benchmark for understanding what estimates of the global black market really mean: if the SR has turnover of$20m a year and the black market turn over closer to $100b a year, then the latter is equivalent to 5000 SRs. By its use of public technology (even immature & hard to use technologies) and ordinary postal services, it demonstrates the infeasibility of the long-standing War on Drugs; and by taming drug use, turning it from a violence-prone seamy affair to a smooth commercial transaction, it suggests that there is no necessity for the War on Drugs. What is next? No one foresaw Bitcoin in 2008; and the success of SR in 2011 took many by surprise (including the author) who had assumed that it would quickly be shut down by law enforcement, fall victim to hackers seeking a lucrative payday, or at best devolve into a lemon market with a few overpriced goods. All three of these possibilities still exist; lengthy SR downtime in November 2012 fueled speculation that law enforcement had finally found a viable attack or that SR was suffering a Denial of Service (DoS) attack. SR’s administrator stated the downtime was due to record numbers of users; but if large numbers of legitimate users can accidentally take down the site, clearly a full-fledged DoS attack is feasible. A real DoS attack by a single attacker in April 2013 degraded access for a week and essentially blocked all access for ~2 days, prompting SR to suspend its commissions for several days to encourage purchases. But supposing that SR continues to have an annual turnover of millions of dollars of drugs and other goods? Two striking possibilities come to mind. 1. the next development may be information markets: black markets for leaked data, whistleblowers, corporate espionage, personal information such as credit card numbers, etc. Existing carding forums may be a market niche to usurp, as they have had problems with law enforcement infiltration and would benefit from increased security. Similarly, WikiLeaks has reportedly tried to auction off access to documents in its possession, and while the auctions apparently failed, this may be due to defections and severe internal turmoil and not flaws in the fundamental idea. 2. The most extreme cypherpunk proposal was Jim Bell’s assassination markets: a market in which participants lay bets on when a particular person will die; when the total bets become large enough, they function as a bounty on that person - inasmuch as a would-be hit man knows when the person will die and can profit handsomely. Assassination markets were to be a weapon against government oppression, but such markets could be used against any non-anonymous but powerful humans. This would seem to be much less plausible than either a drug market or an information market: both drug & information black markets are markets which exist offline and online already, with illegal drugs representing a global market best measured in hundreds of billions of dollars of turnover (against the SR’s millions) with scores of millions of drug users worldwide, so cypherpunk-style implementations are in a certain sense just business as usual with a very large customer base eager to participate and moral respectability to salve the conscience. Demand for hit men, on the other hand, is rare outside organized crime and governments, difficult for any ordinary person to justify the use of, and usually confined to particular regions such as Mexico or Afghanistan. Further, a large drug delivery facilitated via SR will usually go unnoticed by the world as the recipient has no incentive to reveal it; a large assassination, on the other hand, will be global news and may trigger a backlash large enough to take down the site, or in general degrade Tor & Bitcoin to the point where they cannot support large enough bounties on any individual to matter. Regardless, 2 key pieces of cypherpunk technology are now in place and already enabling remarkable new systems. Both researchers and digital entrepreneurs may benefit from taking a look back at some forgotten pioneers and re-evaluating their proposals in the light of recent successes. # See also # Appendices ## BBC questions In mid-January 2012, a reporter from BBC Radio’s 5 Live Investigates emailed me asking whether I’d answer questions for their 5 February show they were doing on Bitcoin & Silk Road; I agreed. The following is the transcript: How did you find out about Silk Road? I saw the original announcement of it on the Bitcoin forums when it was linked on Reddit. I figured it would fail, and then a few months later, I saw the Gawker article on it and apparently Silk Road was actually working! What attracted you to using Silk Road? Once I heard, I just had to look into it more - it was too interesting not to. Timothy May and other cypherpunks had been speculating about black market websites using cryptocurrency since the early ’90s, and here was a real live example. I looked at their offerings and saw they had some offers I might want at reasonable price, and that settled it for me. What is the difference between ordering your drugs from Silk Road and getting them on the street? Modafinil is pretty hard to get on the street because everyone gets it either with a prescription or from an online pharmacy, so I have no idea. While I was still checking out Silk Road, I asked a friend in college how much Adderall would be and he told me he could get them for$9-10 a pill (it was close to the end of the semester); it cost half that on Silk Road, so I went with them rather than him. I’ve always found it hard to resist a bargain.

How is Silk Road different to other websites where you can buy drugs?

My first-hand experience with modafinil is that I much prefer to buy on Silk Road than the pharmacies.

With them, your dollar payment can fail at any point. For example, MoneyGram once blocked a payment of mine. Very frustrating! Bitcoin is much more reliable: I can see where my bitcoins go until they enter Silk Road proper.

And then there’s the split between Silk Road itself and all the sellers, which makes things safer - everyone encrypts their physical address before submitting it to Silk Road, and the seller decrypts it himself. If Silk Road is untrustworthy, they can only steal my bitcoins but not my address; if the seller is untrustworthy, they can only steal my address and not my bitcoins. Whereas with the pharmacies, they both get my money and my address.

What have you ordered from the site and how often?

I don’t order very often because I like to thoroughly experiment with things, and my tests take a while to set up and run. I think so far I’ve done one order of Adderall, one order of armodafinil, and two orders of modafinil; another order of selegiline was canceled.

How important is anonymity to you? Do you think the technology really protects your identity?

It’s not very important because I have little interest in the drugs law enforcement is most interested in, like heroin or cocaine. Modafinil can be shipped without much danger, with Customs only seizing the package if they notice it and nothing more. Adderall isn’t very dangerous either - everyone knows it’s all over college campuses, so what are they going to do, arrest me? I don’t even have any Adderall left!

(To make a historical analogy, it’s like having some wine during Prohibition; no one thinks much of it, and the cops are busy with the gangsters.)

How important is Bitcoin?

I’d say the Bitcoin part is probably even more important than Tor. Law enforcement is not known for its NSA-style traffic analysis because it wouldn’t be usable in court, and the other benefit is that there’s no domain name to be seized or filtered; but neither of these is very important. They can be gotten around or dealt with.

But being able to get money to the sellers, and the sellers being able to turn it back into usable cash on Mt.gox or another exchange, that is crucial. You cannot buy and sell drugs for free.

What do you think the future holds for Silk Road, do you think the authorities will shut it down or do you think it will continue to grow?

I would be fairly surprised if it was shut down; there’s no obvious way to do so. The real danger is internal: that the community itself might be skewed towards scammers and buyers just give up and buy somewhere else. It’s the same dilemma eBay faced: you don’t want to scare off the sellers by too many rules, but if you don’t do something, scammers will fleece the buyers. So far, the administrators have done a pretty good job of keeping everything running and maintaining the balance.

How important is the community side of Silk Road.

Extremely. The community is what determines whether Silk Road will decline or continue growing with the general growth of Bitcoin.

What sort of people use the site?

It’s hard to tell, but from reading the forums, it seems like it is mostly technically adept young people in Western Europe and America. Tor and Bitcoin and encryption are a challenge to use for most people, and older people have contacts they know how to use when they want various drugs.

Is Silk Road just about scoring drugs safely or you and other users feel you are making a greater statement about society the drugs law?

I know other users disagree and take it only as a useful service or something of a FU to The Man, but many of us do see it as a principled statement. I believe that I am capable of researching and evaluating drugs, that I can accept the risks, and see how they do or do not work, and that the government should not be coercively imposing its beliefs on me.

I am also horrified by the effects of the War on Drugs, which has been a greater disaster than Prohibition (which we at least had the sense to repeal after a few years). Buying on the Silk Road and writing about it is, if you will, my bit of patriotism. It’s not very heroic, and I’ve never claimed to be a hero or to be doing anything particularly noteworthy, but perhaps it will change someone’s mind - either that drugs are not so bad or that the War is not so practicable.

A list of tips from an anonymous Redditor, presented for what they are worth (not all are necessarily important):

This guy’s mistakes:

• Getting 41 pounds of weed sent to him. That’s a lot of weed.
• Getting weed sent through the mail at all (it’s easy to detect).
• Signing under a false name.
• Signing for a package at all31.
• Had a scale in his house at the time of delivery.
• Never sign for packages. Never get them sent under false names. Do not open them immediately. Never have paraphernalia or anything incriminating in your house at the time of delivery. Always use bitcoin. Use PGP wherever possible. Always ask for a lawyer but otherwise don’t talk to cops.

General:

• Make sure that your vendor ships via USPS. Rationale: USPS must get a warrant to open your mail. Also, USPS handles much more mail than UPS or FEDEX. I don’t know this for sure, but I’d bet their screening/tracking of suspected drug importers is probably laxer than UPS/FEDEX.
• Open a large PO box (big enough to hold a USPS Priority mail envelope (11.625 inches X 15.125) without folding). Rationale: Most samples will fit in an envelope less than this in size. Ordering a big mailbox means that you don’t have to go to the counter to pick it up.
• Open your box at a Mom and Pop service, not a UPS store or USPS PO Box. Mom and Pop shops don’t have the resources to track suspicious packages. And USPS PO Box’s won’t accept packages from UPS or FEDEX. (While you specify that you only accept USPS, you should be prepared to accept packages from other vendors.)
• Make sure you have 24 hour access. Rationale: Pick it up after hours without meeting face to face. Also allows for faster pickup–the less time spent in the system, the better.
• Send a test package before ordering drugs. Rationale: You want to make sure you can receive mail at that address without problems before ordering drugs.
• Order only from domestic sources. Rationale: If it doesn’t cross an international border, it doesn’t have to go through customs screening.
• If you must order from overseas, order from UK or Germany, not Netherlands or other common drug source country. Rationale: Anecdotal reports suggest that shipments from common drug source countries get closer screening.
• Order small amounts (gram or less). Rationale: Law enforcement has limited resources. Odds are, they’re not going to bother with small amounts.
• Use your real name and address on all forms. Rationale: Anyone (such as a vindictive ex, or an enemy) could send you drugs. If you get caught receiving mail with drugs in it, you can deny that it’s yours. A fake name destroys your plausible deniability, as it indicates an intent to deceive.
• Order normal stuff to your box on a regular basis. Rationale: You want to make your box stand out as little as possible.
• Refuse to sign for any drug package. Rationale: Remember, those drugs aren’t yours. If you sign for it, it’s evidence that you were expecting the package.
• Don’t order too many drugs at once. Rationale: Many vendors don’t include any identifying info., so you may end up with a bunch of packets of white powder, with little idea of what’s in each packet.
• Use GPG to encrypt your messages to the vendors. Rationale: While this doesn’t protect you if the vendor is compromised, it does prevent your name and address from being stored in the clear in Silk Road’s database.
• Don’t order out of escrow. Rationale: Your only protection from bad vendor behavior is their reputation and escrow. And some vendor’s don’t care about their reputation.
• Read up on vendor’s in the forums. Rationale: You’ll get a much better idea of their product quality than you can get from their official ratings/reviews alone.

## A mole?

### J’accuse!

In March 2013, I learned of a rumor that a particular vendor on SR was actually a federal mole. It came from a person who claimed that the carding forum carder.su which had been busted in early 2012, was undone by an agent who infiltrated it over 2 years as a user named celtic by selling high-quality fake IDs to members. He thought that the vendor had a similar modus operandi, making the following comparisons:

1. celtic sold fake custom IDs from 15 states; the vendor likewise sells these specific states
2. celtic sold a large variety of IDs; the vendor sells a wider variety than others,
3. celtic advertised with lengthy detailed descriptions; the vendor has descriptions which are much more than a few lines, like some other SR vendors
4. celtic sold expensive high-quality IDs, with difficult new security features; likewise
5. celtic advertised his wares as novelty IDs
6. celtic implied he was Russian
7. celtic asked for the necessary information to be sent via email and required 2 email addresses
9. celtic had operated on the forum for over 2 years; the vendor was at the 1 year mark.

They also mentioned that after contacting the SR admins, they were blocked from accessing SR under that or other accounts.

### Objections

This rumor struck me as unusually detailed, plausible, and interesting. It would also be cool to scoop the investigation. So I looked into the matter more deeply:

1. the carder.su mole supposedly sold 15 states’ IDs and so does KOC. But KOC’s current profile lists only the following:

Product Price
Montana Driver’s License (Holograms + Scannable) ฿6.61
Indiana Driver’s License (Holograms + Scannable) ฿6.61
Wisconsin Driver’s License (Holograms + Scannable) ฿6.61
New California Drivers License (Holograms + Scans) ฿6.61
Rhode Island Driver’s License (Hologram+Scannable) ฿6.60
Idaho Driver’s License (Holograms + Scannable) ฿6.60
Tennessee Driver’s License (Holograms + Scannable) ฿6.60
Arizona Driver’s License (Holograms + Scannable) ฿6.60
New York Driver’s License (Hologram + Scannable) ฿6.60
Ontario Driver’s License (Raised Lettering, Scans) ฿6.60
New Texas Drivers License(Raised LTR, Holo, Scans) ฿6.60
Texas Drivers License (Holograms + Scannable) ฿6.60
subtotal: 13
New South Wales Driving License (Holograms+Scans) ฿6.61
Manitoba Driver’s License (Scannable Tracks 1,2,3) ฿6.60
Quebec Driver’s License (Scannable Magstripe1,2,3) ฿6.60
Alberta Driver’s License (Holo, Raised LTR, Scans) ฿6.60
UK Driving License (Holograms + Scannable) ฿6.60
subtotal: 5
total: 18 (excludes combo offers)
No matter how you sum it, that’s not 15 states.
2. It’s not clear that celtic or KOC’s variety is unusual. For example, in the indictment 2 of the defendants, Haggerty or Wave & John Doe or Gruber, actually sound almost identical to this celtic: they counterfeited driver’s licenses in 15 states; this does not seem consistent with their story and undermines the value of any observation of KOC selling 15 states since that’s at least 2 people who also sold for 15 states - suggesting that 15 states is simply what is easily handled by the equipment, are favored due to having many residents being tourists, or something like that.
3. On the SR side of things, KOC does not seem all that unusual. Some vendors talk a lot and sell a lot, others don’t. For example, the vendor namedeclined has something like 21 different items in the forgery & fake ID sections, and is positively prolix about one I randomly clicked on, his fake Geico insurance card.
4. If his cards were being done with government equipment, or top of the line anyway, they ought to be excellent and might as well be cheap to attract as many suspects as possible. But there are many complaints in the SR forums & Reddit that his rather expensive cards weren’t very good and in some cases were very poor. He also isn’t all that cool with customers, easily losing his temper. All this is reflected in his feedback score, which is not terrible but also is not great.
5. KOC using the term novelty ID doesn’t mean much. As far as I know, all the Chinese/Asian vendors use that excuse as well: oh, they’re not fake IDs, they’re novelty IDs; we can’t be blamed if our customers misuse them.
6. KOC doesn’t make it sound like he’s Russian. He comes off as American, and his listings imply he’s shipping domestically.
7. obviously in buying custom fake IDs, customers need to provide the relevant info like age and a photo of the person who will be using the ID. KOC provides a public key, accepts encrypted private messages on SR for the form, and links repeatedly to a hidden service for image uploads; he does list a tormail.org email address as an option, but you can just connect to tormail.org’s hidden service (that’s the point of it) and send an email via them. You would have to be lazy or foolish to send such an email from your regular email address before he would have access to your email, and there is no mention of requiring 2 email addresses
8. while KOC seems to have accepted Western Union, Moneygram, and Moneypak early on (like a mole might), he seems to have dropped them entirely: his profile specifically disclaims accepting anything but bitcoin. Why would a mole do that?
9. Many vendors are less than 2-3 years old, since SR is still relatively new and it wasn’t clear early on that it would survive or be worth doing business on; given that new vendors probably drop quickly as they stop selling for various reasons (they were scammers, it turned out to be too much work, whatever), we would expect to see mostly medium-aged accounts selling.

Two additional points I would make:

• while the media does confirm that carder.su members used fake IDs, this is common to many or all carding forums; more importatly, I cannot confirm their account of the demise of carder.su based on the 2012 indictment, and no one in Google mentions any celtic in combination with carder.su. The redactions make it difficult to be sure, but they do not seem to have usually redacted the usernames or pseudonyms or nicks (eg pg40), and in the lists of redacted defendants’ offenses, few short-names come off with large quantities of forged items or other such violations. While the Farmers Market indictment listed enough details that I could be sure that it was mostly due to Hushmail rolling over (as indeed proved to be the case), here I’m not sure of anything; the indictment goes into the wrong details for me to feel I can infer anything.
• At least one of their claims seems false: yes, SR might ban an account for filing a false report against a vendor. But it can’t lock you out based on your IP or something like that; the Tor hidden service architecture simply doesn’t allow for that, as far as I know. The most it could do is maybe set a cookie and not let anyone with a cookie from a banned account log in or register an account, but that is trivially bypassed by deleting all cookies or using an incognito mode or using a different browser.

A counter-objection is that celtic-KOC might have deliberately dropped Nevada IDs and non-bitcoin payment to throw off anyone familiar with the previous identity. But in this scenario, presumably the absence would be for public consumption and anyone requesting either would get what they asked for as they became juicy targets for his investigation. This can be easily tested just by asking; so 2 throwaway accounts messaged KOC on those issues:

1. First conversation:

• I know they’re not listed, but would it be possible for you to do either a Utah or Nevada license? (Ideally with UV and hologram.)

• I won’t be able to do Nevada but I may be able to do Utah with UV and holos, i’ll get back to you in the next couple days on that

2. Second:
• bro how are you, do you make Nevada license and do you accept WU OR MG thanks

• I don’t do Nevada DL’s at the moment but I can do a bunch of different states that aren’t listed, what else are you interested in? I don’t accept WU or MG but if you go under theMoney" section of SR and go to the vendor FreeMoney he will be able to exchange your WU or MG or Moneypak for BTC. Regards."

While his consistent disavowal of both non-bitcoin payments and making Nevada licenses might simply be trying to be consistent in his persona, that would imply considerable paranoia on his part about being recognized - and makes this possibility that much more unlikely.

### Resolution

When will we know? The carder.su indictment was signed 10 January 2012. The earliest dates mentioned in it are in 2007, but most of the early dates seem to be in 2009, in line with a >2 year infiltration which suggests a 2-3 year lag (or possibly as much as 5 years). The KOC account is listed as 1 year old and consistent with that, he has initial forum posts dating back to March 2012. That suggests any busts will come March 2014-2015, up to 2017. (I can’t guess whether the hypothetical SR bust would be faster or slower than carder.su: SR is much more secure and decentralized from a vendor’s point of view, so one might expect it to take longer; but SR is also much higher profile as far as I can tell and so one could expect there to be much more pressure to deliver some sort of victory.)

What’s my current opinion? Reading through all of the above, thinking about the difficulties of attacking SR (KOC can only have access to small fry buyers, not SR staff like Dread Pirate Roberts), I feel that I can only assign 20% to a prediction that by March 2015, there will have been a bust (>10 named defendants) related to forged IDs eg. driver’s licenses, linked to the SR vendor KOC.

We’ll see.

## Bitcoin exchange risk

Beware the Middleman: Empirical Analysis of Bitcoin-Exchange Risk compiles a list of Bitcoin exchanges and which ones have died or failed to return one’s money; I was interested in the average risk per day, but the paper did not include the relevant figure, so I copied the raw data and partially replicated their analysis in R:

exchange <- read.csv("http://www.gwern.net/docs/2013-moorechristin-bitcoinexchanges.csv")
# log transform busy-ness per paper
exchange$ActiveDailyVolume <- log1p(exchange$ActiveDailyVolume)
exchange$Days <- as.integer(as.Date(exchange$Dates) - as.Date(exchange$Origin)) # but the paper says "The median lifetime of exchanges is 381 days"! # The difference may be due to me defaulting each exchange opening/closing to the 1st of the month, # since the paper's table on pg3 only specifies month/year. summary(exchange$Days)
Min. 1st Qu.  Median    Mean 3rd Qu.    Max.
15     168     344     365     565     930

# Rough daily risk percentage calculation: # of lossy exchange-days / total exchange-days:
(sum(exchange$Repaid==0, na.rm=TRUE) / sum(exchange$Days)) * 100
[1] 0.03421
# eg. so leaving funds on an exchange for a month is ~1% (0.03 * 30 = 0.899 ~= 1)

# replicate Cox model survival curve & regression
library(survival)
# plot aggregate survival curve
surv <- survfit(Surv(exchange$Days, exchange$Closed, type="right") ~ 1)
plot(surv, xlab="Days", ylab="Survival Probability")
# http://i.imgur.com/lFZEKbv.png

# see how the moderators help predict exchange death
cmodel <- coxph(Surv(Days, Closed) ~ Breached + ActiveDailyVolume + AML, data = exchange)
summary(cmodel)
...
n=40, number of events=18

coef exp(coef) se(coef)     z Pr(>|z|)
Breached           0.80309   2.23242  0.57129  1.41    0.160
ActiveDailyVolume -0.22233   0.80065  0.10493 -2.12    0.034
AML                0.00156   1.00157  0.04230  0.04    0.970

exp(coef) exp(-coef) lower .95 upper .95
Breached              2.232      0.448     0.729     6.840
ActiveDailyVolume     0.801      1.249     0.652     0.983
AML                   1.002      0.998     0.922     1.088

Concordance= 0.696  (se = 0.08 )
Rsquare= 0.116   (max possible= 0.94 )
Likelihood ratio test= 4.91  on 3 df,   p=0.178
Wald test            = 5.22  on 3 df,   p=0.156
Score (logrank) test = 5.41  on 3 df,   p=0.144

# I have trouble with the risk ratios, though; most of them are very similar, but some are dramatically
# different, particularly for "Brasil Bitcoin Market"! Asked Moore, he doesn't know why the difference.
predict(cmodel, type="risk")
[1] 1.0062 1.2807 1.8416 1.4132 0.6280 0.6687 2.5166 1.4629 1.3860 1.3283 0.8558 1.6955 1.1386
[14] 0.9682 0.6275 1.9333 0.5593 1.1443 1.1941 1.8569 1.9889 3.6656 0.9899 0.9849 0.5649 0.6393
[27] 0.5527 0.4847 0.5212 0.8798 0.5222 0.8132 0.8166 0.5222 0.4404 1.2850 0.6114 1.0574 0.9704
[40] 1.8765
# difference between the paper's risk ratios and the calculated risks:
predict(cmodel, type="risk") - exchange$Risk.Ratio [1] -0.1138438 0.0007105 -0.1684229 -0.1768372 -0.0219620 0.0586867 -1.3333981 -0.1070626 [9] -0.0639567 -0.1416868 -0.0841594 -0.1044674 -0.1013990 -0.0117733 0.0174954 0.0533416 [17] 0.0293197 0.0543248 0.0540563 -0.2930878 -0.2411229 -0.7444104 -0.0901261 0.0348886 [25] 0.0348513 0.0392880 0.0327111 0.0347424 0.0311519 -0.0302076 0.0321711 0.0532302 [33] 0.0165801 -0.0178064 -0.0095536 -0.1650013 -0.0186322 -0.0825834 -0.0696364 -0.3535190 summary(predict(cmodel, type="risk") - exchange$Risk.Ratio)
Min. 1st Qu.  Median    Mean 3rd Qu.    Max.
-1.3300 -0.1090 -0.0203 -0.0992  0.0323  0.0587

# Moving on; replicate the logistic regression they ran on predicting breaches:
lbreach <- glm(Breached ~ ActiveDailyVolume + I(Days/30), family="binomial", data = exchange)
summary(lbreach)
...
Deviance Residuals:
Min      1Q  Median      3Q     Max
-1.158  -0.671  -0.283  -0.102   2.982

Coefficients:
Estimate Std. Error z value Pr(>|z|)
(Intercept)        -4.4996     1.7666   -2.55    0.011
ActiveDailyVolume   0.7730     0.3182    2.43    0.015
I(Days/30)         -0.1048     0.0698   -1.50    0.133

Null deviance: 42.653  on 39  degrees of freedom
Residual deviance: 32.113  on 37  degrees of freedom
AIC: 38.11

1. While BW held up its end of the deal and I understand why its operator might fear the legal consequences, I am a little disappointed that he chose not to publish it; I was reminded of Hamlet:

Thus conscience does make cowards of us all,
And thus the native hue of resolution
Is sicklied o’er with the pale cast of thought,
And enterprises of great pith and moment,
With this regard their currents turn awry,
And lose the name of action.

2. I know of one competing English Bitcoin+Tor marketplace as of 2011, named Black Market Reloaded which apparently lives at http://5onwnspjvuk7cwvk.onion/ (non-Tor mirror); informed 2011 opinion seemed to be that it is low-volume and stagnant, but it apparently has improved substantially and as of February 2013, has grown substantially and begun to rival SR. There are 2 Russian competitors, RAMP and Shop of Magic Products, which have been compared to SR and BMR (respectively).

3. Estimates of SR’s size can be done several ways: most purchases entail a review at the end, and reviews are displayed on the front page, so one can monitor the front page and extrapolate to estimate average number of transactions per day or week, and from there estimate turnover and what SR’s commissions total to: eg. ~100 transactions a day over 2 years and averaging ~$150 is $200×365×2×150=10,950,000$. Traveling the Silk Road: A measurement analysis of a large anonymous online marketplace (Christin 2012) spidered Silk Road for 8 months (2011-2012) and did something similar by recording all public prices, feedback indicating how much had been sold, and calculating a monthly turnover of$1.2m for annual revenue of ~$15m; the difference in estimates seems explained by my estimate of daily transactions being considerably too low. Another way is to look in the blockchain for SR-related addresses or transactions; one possible address had a 23 June 2012 balance of 450,825btc or$2,885,280. Since it is unlikely there are ~$3m of transactions active or sitting in wallets that day on SR when the largest previous Silk Road scammer (Tony76) - pulling out all the stops - got away with an order of magnitude less money, this is highly likely to represent Silk Road’s profits or profits plus balances & escrows; which at a commission of 5-10% implies a total Silk Road turnover of >$28m. Interestingly, Christin 2012’s analysis concluded that Silk Road was by July 2012 receiving $92k monthly or$1.7m yearly in commissions (and twice that yearly figure is larger than that address balance - as it should be, being an upper bound). On 9 April 2013, a single transaction of 69471btc was made by the address 1BAD...GuYZ, and may have been related to the SR tumbler.

4. A poster on the SR forums (mirror) claims:

The beauty of this system is that the buyer has no idea who is selling them the drugs. I still talk to some people I used to work with and they talk about this place. They don’t know what to do about it. In general, the police are interested in getting drug dealers. They will arrest buyers to get to the dealers. They try to flip small time dealers to get to bigger dealers, but that rarely happens. Usually they are just getting other small dealers. The only way I know of that they could prove you were using SR is by seizing your computer and finding evidence on it or by you telling them. Even if that happens, they still won’t be able to get to the dealer. SR is very frustrating to law enforcement. I just talked to a cop who was at a conference where the DEA was talking about SR. According to him, they don’t have a clue with how to bust this place and the DEA guy was one of their computer experts.

5. Which includes SR founder Dread Pirate Roberts; for a selection of his writings on the topic, see Greenberg’s Collected Quotations Of The Dread Pirate Roberts, Founder Of Underground Drug Site Silk Road And Radical Libertarian.

6. Dread Pirate Roberts on SR’s data retention policy c. July/August 2012:

• addresses are kept on record until your vendor has marked your item as shipped. I encourage everyone to encrypt their address to their vendor’s public key just in case.
• messages are kept for two months. again, sensitive data transmitted through our messaging system should be encrypted.
• transaction records, including feedback are kept for 4 months. I said 3 in another thread, but upon double checking, it is 4. We do this because the data contained in the transaction record, including the buyer, is used to weight the feedback for that transaction. After 4 months, the age weight has pretty much reduced the weight to zero anyway, so we no longer need the data. If you want further explanation about this, check out the wiki page and forum thread about the feedback weighting system.
• the accounting log is kept for 3 months. Only 2 weeks are displayed so an adversary who gains access to your account won’t be able to see all of that history.
• withdrawal addresses are not kept, but everyone should realize that the time and amount of the withdrawal could narrow down which transaction it was in the blockchain quite a bit, especially if it was an uncommon amount.
• deleted items are kept for 4 months. this is to preserve the integrity of the link to the transactions associated with the item.
• user accounts with a zero balance and no activity for 5 months are deleted.

…These time parameters were arrived at through trial and error. They are as tight as we can make them without sacrificing the integrity of the market. Could they be a little tighter? Maybe by a week or two, but please think through the implications of policy changes before you call for them.

7. Note that this is not a normal WWW site; there are no normal WWW sites for the SR. There was http://silkroadmarket.org which was apparently controlled in some fashion by SR (probably to stop domain squatting or scam sites pretending to be SR), but whatever it was, it wasn’t important; not updated regularly and no longer working.

The bad thing about .onion URLs is that they are not human-memorable (see Zooko’s triangle), and so it is especially easy to spread a fake link. In particular, SR has been the target of many phishing attacks, where a random .onion hidden server is set up to look like SR and either pretends to be SR or just does a man in the middle attack, proxying for the real SR server. For example, one such site has already been linked in the comments on this page; it was easy to detect as it was even slower than SR (since there are two hidden servers involved), and it blindly forwarded me to the real SR .onion with the fake user/password pair, apparently expecting that I would be logged in without problem. Later, SR introduced PINs required for any withdrawal of bitcoins, so phishers adapted their login forms to ask for PINs as well. A 2012-2013 example of such a phishing page:

A blogger observed hidden node traffic April-May 2013, and recorded what .onions were being visited; no surprise, a substantial number were SR phishing attempts (I have confirmed that some users were directed to these phishing pages from links on the The Hidden Wiki (.onion).). Summing the official & phishing URLs for the 2 days his nodes were in charge of SR, he gets a lower bound of 27,836 visitors to SR & 327 to SR phishing sites (so 1.17% of would-be SR visitors were exposed to a phishing site) and an upper bound of 167,016/1,962 (respectively).

Naturally, nothing stops the .onion URLs supplied on this page from themselves being part of a phishing/man-in-the-middle attack! This is a fundamental security problem: how do you bootstrap yourself into a web of trust? In this case, if you don’t know the SR admins, about all you can do is Google the URLs I have listed, and see whether enough other people claim that they are the true URLs that you will trust the URLs. Caveat emptor.

8. Specifically, one that will be very difficult to brute-force the hash. This won’t protect you from some compromises of SR (for example, the server being controlled by an attacker and harvesting passwords as they are entered by live users), but it will protect you from others - for example, if the database is stolen, a long password helps frustrate an attempt to derive the original password and let them log into your account and engineer endless nefarious misdeeds.

9. Mt.Gox and MyBitcoin offer a doubly instructive lesson into why one trusts Bitcoin third-parties as little as possible, keeps one’s bitcoins locally, and regularly back it up; the large Polish exchange Bitomat offers a third.

10. Addresses ought always to be encrypted, and further, one must do the encryption oneself. If a single person, tool, or site is doing the encryption for your SR ordering, and only SR encryption, then they are an obvious target for attackers like law enforcement.

This is a very real concern: in September 2011, an older online drug market, Farmer’s Market, was busted and 8 administrators or sellers were indicted. No users/buyers seem to have been arrested, indicted, or convicted yet, but reportedly former customers have gotten love-letter-equivalents from the Department of Justice warning them & asking for information.

The indictment doesn’t reveal how all the evidence was obtained (aside from the drugs purchased by and mailed to agents), but the defendants all used a Canadian email service called Hushmail which provides a Web interface for emails encrypted using PGP. Hushmail either provides or runs the encryption code for the user, and as such, can compromise users at any time, and indeed, has turned over decrypted emails to law enforcement in the past. I personally stopped using Hushmail when this was revealed in 2007, but it seems the defendants did not. In October 2012, a Tor developer attended an FBI conference where a DEA agent told them that they just had random Americans receive the Paypal payments, take a cut, and then turn them into a Panama-based digital currency, and the Panama company didn’t want to help trace where the money went…the two main people used Hushmail to communicate. After a subpoena (and apparently a lot of patience since Canada still isn’t quite the same as the US), Hushmail rolled over and gave up copies of all the emails. (The litany of detailed financial records in the indictment is also a vivid demonstration of how insecure non-Bitcoin services can be.)

11. I only used the standard Bitcoin escrow. (Needless to say, Paypal is completely out of the question.) SR has another escrow scheme where the escrowed amount is tied to the current exchange rate, in order to protect the seller against exchange rate volatility; that escrow is documented in the announcement (mirror) and the Escrow hedge section of the Buyer’s Guide.

12. Finalization can be done before the package arrives, but obviously this leaves you open to a bad vendor. I have never finalized early, and I regard as idiots anyone who does - an opinion borne out by reports of a SR scam in April 2012 where the highly-rated vendor Tony76 held an attractive sale requiring early finalization; the hundreds of orders never appeared, and he left with thousands of bitcoins. (See the SR forum thread for Tony76 reviews (mirror) for discussion ad nauseam.) He ran a private store as well, and that has been estimated at stealing >5,800 bitcoins (mirror). The procedure is also interesting; captainjojo (mirror):

From every indication Tony76 was setting everything up for this a couple of weeks in advance. He refused to send via express or priority or any type of tracked shipment, so it would take longer before people could say their package wasn’t coming. He asked for FE from basically everybody, he opened up international. He then told everyone he was going offline to get caught up, further obscuring things. The simplest answer would seem to be he just completed one of the biggest scams on SR and is relaxing seaside with a Margarita with 60-100k of everybody’s money.

This failure mode was foreseen by cypherpunks back in the 1980s & 1990s; Timothy C. May’s comments on the issue have already been quoted. Christin 2012 gives us a SR-wide look into the practice of FE:

We observe that 20,884 instances of feedback contain variations of F.E., finalizing early, or finalize early. This shows that finalizing early is a rather common practice on SR. There does not appear to be significantly more problems reported with feedback including such strings (only 342 of them map to a rating of 1 or 2). This seems to show that established sellers that are offered the option of requesting early finalization from their customers do not abuse that privilege….A third observation is that item 4 stops being sold immediately after April 20. The last time it is observed on the site is April 25, before being de-listed. From discussions in SR forums [6], it appears that the seller of that item abruptly left the marketplace, potentially leaving a large number of paid, finalized early, orders unfulfilled. In other words, there is suspicion of a whitewashing attack [12], whereby a seller creates an excellent reputation, before using that reputation to defraud users and leaving the system. In hindsight, the 20% drop in price occurring just prior to April 20 was considerably steeper than all the other promotional discounts. This could have been an indicator that the seller was not intending on fulfilling their orders and was instead artificially lowering prices in hopes of attracting large numbers of customers to defraud.

I’d note that this doesn’t show that one can F.E. heedlessly, since it is a description of the current status quo in which users know not to F.E. lightly; this only proves a claim like existing vendors requesting early finalization have not yet significantly abused it. Another major issue is that these estimates are an upper bound due to 3 sources of underestimating negative reviews (personal communication, 2013): Christin’s crawl had access issues in April 2012 and so did not capture any non-FE post-4/20 reviews left for Tony76; the deletion of banned vendor pages - Tony76’s page was gone by the time the crawl resumed - means that negative reviews are much more likely to not be publicly accessible; and people who were scammed do not seem to reliably update their 5/5 FE reviews.

13. To quote a SR seller:

I don’t think I’m risking much. It would be almost impossible for law enforcement to find me. They would need to find out where the package came from, and go to that mailbox, and have a police officer wait a few weeks for me to return to that mailbox. All just because they found a 100mg of a Schedule II drug in an envelope. Also, they wouldn’t suspect me. My criminal record is perfectly clean. Not even a parking misdemeanor…I doubt that I could be caught. They would need to find out the mailbox that I’ve been putting the packages in, and then have someone wait there and watch me, and then they would need to prove that I was the one who put it in the mailbox. So if they could back-track and find out where the package came from, then maybe they could catch me. Also, there are many different mailboxes around me, so I put the packages in different mailboxes each time. Definitely can’t hurt.

A Redditor comments on the jurisdictional advantages of going through USPS (as is usually recommended in seller discussions); I do not know if he is correct, but the description sounds plausible:

Also, once it’s in the mailbox, it’s property of the US postal service, and they’re VERY particular about what happens to it. No one (including other agencies) can carry weapons in a post office except for postal inspectors, nor can they investigate mail on their own; it has to go through the post office itself.

14. I was not worried at all. I’ve researched very carefully how many modafinil users have ever been prosecuted for any reason, and it is a handful at most out of millions of users, and that includes people ordering from online pharmacies which are far less secure than SR. As well, the most similar example, Farmer’s Market (see previous footnote) showed no prosecutions of their customers, and they had terrible security. So I was safe on multiple levels: I was buying something almost never prosecuted, I was a customer & not a seller, I was buying on a secure site, and I was buying small quantities.

15. I have no idea why the stamps are not canceled; Wikipedia mentions that sometimes the stamp cancellation machines fail and the stamps get a pen cancel instead. One seller mentions that sometimes he receives uncanceled stamps, and asking older relatives, they did too (and sometimes the package or envelope was canceled - just not on the stamps).

16. This metric is the per-unit cost weighted by an expected-value interpretation of what feedback implies about the risk; see the later Quantitative section for the full explanation.

17. See the threads AAKOVEN SELECTIVE SCAMMER! & AAkoven - US Buyers Beware

18. For unit prices <฿3, I increase the unit count until it fits within ฿7.5; otherwise, μg/฿ is calculated the obvious way: dose times quantity divided by price plus shipping.

19. The prolific vendor Synaptic was excluded for failing to provide a public key; public keys are not optional.

20. The second transcript of testimony by Skinner (co-conspirator, turned state’s evidence) has this passage on page 7-8:

[Skinner:] …This [aspirin pill] weighs approximately a gram. And if it was ground up and everything, this would be about 10,000 doses of LSD in the pure crystalline form.

Q. And what would then a dosage unit sell for?

A. At the wholesale level to the largest customers in the world, approximately 29.75 cents per dosage.

Q. And what would it sell for then on the street at the retail level, if you know?

A. Well, I - I’ve heard as - figures as high as…$10 per dose. Q. (by Mr. Hough) So when a kilogram was manufactured at this lab and it was then given - A. Fronted out to Petaluma Al. Q. Fronted out to Petaluma Al, what was the understanding of what that was worth and what - A.$2,975,000 approximately.

21. Illustrating the danger of early finalization even for top vendors, he did a sale FE rip-and-run in February 2013 (mirror) which netted >฿700 (>$21k); reportedly he left a Wire quote on his profile page: But, the game’s out there, and it’s play or get played. That simple. To which one might add, Silly woman, you knew I was a snake. ETM’s scam played out as it slowly became apparent that another LSD vendor, LucyDrop, was pulling the same thing and probably hadn’t shipped any of their >600 outstanding orders (>$70k).

I am increasingly disgusted watching these FE scams: while suckers will always be suckers and people scammed by FE have mostly themselves to blame, equally to blame is the SR staff/DPR, for enabling these scams. They could at any time simply ban FE, and choose not to. Nor am I alone in this; discussing events with several people, the conversation invariably went something like this:

• me: [mentions latest FE scam]
• them: What’s FE?
• me: Oh, that’s where you deliberately release your payment from escrow to the seller before the goods have arrived.
• them: ??? Why would you ever do that?
• me: Well, there’s a couple reasons. You could do it to be nice to the vendor, maybe make their cashflow easier. Or because you’re a new buyer and should bear some more risk. And… that’s mostly it, really.
• them: Those don’t sound terribly important. Am I missing anything?
• me: Not that I know of.
• them: I see. How much did you say these two big recent FE scams lost?
• me: We think that they made away with $40-140k, but it could be more depending on how many people haven’t left feedback, how many will continue ordering, what exchange rate they cash out at, etc. • them: And how much does SR sell a month? • me: Christin 2012 estimates something like$1.2m a month.
• them: So this month SR buyers have lost to just 1 or 2 scammers the equivalent of a tenth of the entire monthly turnover of SR, as much as SR itself takes in commissions, all thanks to an almost entirely useless feature, and the SR staff have done nothing about it?
• me: Looks like it.
• them: [hopeful] Did this early finalization feature just get added?
• me: No. It’s been there since the start ~3 years ago. [helpfully] There’s been lots of big scams before this too, like Tony76 who made off with, I think, >\$100k in total.
• them: This looks like the Worst Idea Ever, unless the SR staff hates the buyers and wants them to suffer as much as possible. Am I insane - or are the SR staff incompetent, insane, or evil?
• me: I have no idea.
22. Looking at the reviews posted to the front page and sentiment on the forum, I would hazard a guesstimate that scammers are 0-10% of the marketplace, and probably to the low end of that spectrum. In the January 2012 one-year anniversary message, State of the Road Address (non-Tor mirror), the administrator claimed that over 99% of all transactions conducted within the escrow system are completed to the satisfaction of both buyer and seller, or a mutually agreed upon resolution is found. Christin 2012’s analysis found 99.1% of feedbacks giving 4-5 stars (similar to eBay rankings) but notes that this cannot pick up scams done out of escrow (as one might expect many scams to be done).

23. Dealing with a controlled delivery by signing and then having thrown it in the trash did not work in the case of Matthew Nelson. I’m not clear on whether just signing and then not taking it anywhere is culpable or if it was due to the triggered search warrant which turned up additional contraband and then enabled a charge on possession of the package.