The cypherpunk movement laid the ideological roots of Bitcoin and the online drug market Silk Road; balancing previous emphasis on cryptography, I emphasize the non-cryptographic market aspects of Silk Road which is rooted in cypherpunk economic reasoning, and give a fully detailed account of how a buyer might use market information to rationally buy, and finish by discussing strengths and weaknesses of Silk Road, and what future developments are predicted by cypherpunk ideas.

# Competitors

I know of one competing English Bitcoin+Tor marketplace as of 9 June 2011, named BlackMarket Reloaded which lives at 5onwnspjvuk7cwvk.onion (non-Tor mirror); informed 2011 opinion seemed to be that it is low-volume and stagnant, but it apparently has improved substantially and as of February 2013, has grown substantially with ~$700k monthly turnover and begun to rival SR; with the fall of SR, it attracted substantially more attention, some of which extracted the site’s source code and copied its database, leading BMR to shut down temporarily in 17 October 2013.1 A third rival, Atlantis (atlantisrky4es5q.onion; mirror) was launched 14 March 2013 and has reportedly turned over >$500k between March and June 2013; it had a much more appealing glossy Web-2.0 look than the SR’s relatively old design, but made some questionable choices like providing “convenient” in-browser encryption and using Litecoin rather than Bitcoin. Atlantis shut down in September 2013. The main rival to BMR was a small new site which started up in early 2013, called Sheep Marketplace (sheep5u64fi457aw.onion), which in late November 2013 halted withdrawals, top vendors began scamming users, and Sheep essentially shut down 29 November 2013 after exfiltrating >฿39,644 & apparently selling some on BTC-E. Finally, there was a “Deepbay” (deepbay4xr3sw2va.onion), apparently started in early 2013 as well and going public in June; little has been said about it and its security is unknown, but it reportedly stole all user bitcoins starting somewhere around 4 November 2013.

There are 2 Russian competitors, “RAMP” & “Shop of Magic Products”, which have been compared to SR and BMR (respectively).

# Cypherpunks

Neither Bitcoin nor the Silk Road should be understood outside their ideological and historical context: the now-obscure cypherpunk movement.

The “cypherpunk” group was a loose affiliation of cryptographic researchers and enthusiasts centered on the eponymous email list in the 1980s and 1990s who developed many novel ideas and approaches to communication, economics, and politics. Achievements of theirs included developing anonymous email remailers (inspiring the Tor anonymizing network), helping defeat the Clinton-era Clipper chip and setting a key precedent, and helping defeat USA export restrictions on cryptography (key to safe Internet commerce outside the USA; the costs of export restrictions can be seen to this day in South Korea, which locked itself into a Microsoft/Internet Explorer computer monoculture). No event marked their dissolution, but through the ’90s, they gradually lost cohesion and interest as various ideas were successful and others remained barren. (Timothy C. May remarked in 1994 that an acceptable digital currency may take several years to develop, but that he had been that optimistic years before as well; we could date the fulfillment of the dream to Bitcoin - 14 years later - in 2008.) Former cypherpunks include large corporations to technological innovation (BitTorrent, descending from MojoNation) to niche groups like transhumanism (digital currency inventor Wei Dai) to activism (EFF, Julian Assange’s WikiLeaks) etc.

The cypherpunk paradigm can be summarized as: “replacing centralized systems of interactions enforced by coercion with decentralized systems of voluntary interaction whose rules are enforced by mathematics/economics”. Desiderata for systems include: communications private from all third-parties, anonymous, provably untampered with, and provably from particular parties; social mechanisms like reputation replaced by formalized systems like feedback; and legal mechanisms like anti-fraud statutes superseded by mechanisms such as escrow or bonds (which can be fortified by cryptographic techniques as multiple-party signatures).

The ideal cypherpunk system is self-enforcing, self-regulating, and cannot be attacked directly by outsiders because they do not know where it is or how to affect it.

The new world of the internet, abstracted from the old world of brute atoms, longed for independence. But states and their friends moved to control our new world – by controlling its physical underpinnings. The state, like an army around an oil well, or a customs agent extracting bribes at the border, would soon learn to leverage its control of physical space to gain control over our platonic realm. It would prevent the independence we had dreamed of, and then, squatting on fiber optic lines and around satellite ground stations, it would go on to mass intercept the information flow of our new world – its very essence even as every human, economic, and political relationship embraced it. The state would leech into the veins and arteries of our new societies, gobbling up every relationship expressed or communicated, every web page read, every message sent and every thought googled, and then store this knowledge, billions of interceptions a day, undreamed of power, in vast top secret warehouses, forever. It would go on to mine and mine again this treasure, the collective private intellectual output of humanity, with ever more sophisticated search and pattern finding algorithms, enriching the treasure and maximizing the power imbalance between interceptors and the world of interceptees. And then the state would reflect what it had learned back into the physical world, to start wars, to target drones, to manipulate UN committees and trade deals, and to do favors for its vast connected network of industries, insiders and cronies.

But we discovered something. Our one hope against total domination. A hope that with courage, insight and solidarity we could use to resist. A strange property of the physical universe that we live in. The universe believes in encryption. It is easier to encrypt information than it is to decrypt it. We saw we could use this strange property to create the laws of a new world. To abstract away our new platonic realm from its base underpinnings of satellites, undersea cables and their controllers. To fortify our space behind a cryptographic veil. To create new lands barred to those who control physical reality, because to follow us into them would require infinite resources. And in this manner to declare independence.

The decentralization is key. Centralization is unacceptable for many applications: centralization means any commercial or political interest can interfere for any purpose, be it rent-seeking or taxation, prosecuting economic warfare against another party, intended to hamper organized crime or terrorism, etc.

This fear of centralization is not idle. The ring of power offered by centralization has been grasped on many occasions: ranging from Paypal hampering its competitors to US-led crackdowns on ancient hawala financial systems & Islamic charities in the name of counter-terrorism to the US suing the Intrade prediction market (with the assistance of the Central Bank of Ireland) to credit card companies’ near-fatal boycott of WikiLeaks to Iran’s severe inflation after economic embargoes. Previous centralized digital currencies like E-gold or Liberty Reserve suffered the expected fates, and more pointedly, an earlier online drug market (the “Farmer’s Market”) was shut down and principals indicted using scores of transaction details stored by banks & Paypal & Western Union.

# Bitcoin

The fundamental challenge confronting any electronic currency is coping with the “double-spend problem”: when transactions conflict (eg. spending twice the same unit of currency), which transaction takes priority? Double-spends are difficult to perform with non-electronic money since you cannot give a dollar bill to one person while simultaneously giving it to another, but trivial with electronic messages.

One solution is to centralize transactions: if you overdraw your bank account with 2 checks, the bank will choose one to bounce and one to honor. Similarly for credit card transactions. An electronic currency like Paypal processes each transaction in realtime, so you cannot log into your Paypal account in 2 browsers and send your entire balance to 2 different people. With centralization, there is someone or something which ‘decides’ which of the 2 conflicting transactions will become the real transaction. Centralization appears in many guises in currency systems: cryptographic pioneer David Chaum’s own electronic currency could guarantee complete anonymity to anyone “spending” a coin, solving the double-spend problem by devising things so that a double-spend leaks enough information that the anonymity evaporates, but the math only works with a central “bank” which could be attacked. Chaum’s system never took off, for several reasons, but this centralized point of failure is one.

If we avoid the problems of centralization and resolve on a decentralized system, we face a different but equally severe set of problems: without centralization, in a distributed system in which no party has veto power (and any party can be anonymous or a mask for another party), how and who decides which of 2 conflicting transactions is the “real” transaction? Must a distributed system simply allow double-spends, and thus be useless as money?

No. The underappreciated genius of Bitcoin is that it says that the valid transaction is simply “the one which had the most computing power invested in producing it”. Why does this work? In the Bitcoin distributed system, there are many ‘good’ parties at work producing new transactions, and they will independently latch onto one of the two competing transactions produced by an attacker and incorporate it into future transactions; the amount of computing power necessary to out-invest those other parties quickly becomes too enormous for any one entity to invest. Within hours, one transaction will be universal, and the other forgotten.

Hence, Bitcoin is an acceptable cypherpunk currency: it is decentralized, parties participate out of self-interest, and it is economically infeasible to attack Bitcoin directly.

# Silk Road as Cyphernomicon’s black markets

The Silk Road (SR) is a website accessible through the Tor anonymizing network. Tor is descended from cypherpunk designs for anonymous email: messages are swapped by servers in the “mix” network with changing cryptographic wrappers, so observers cannot tell what server a message ultimately ends up at nor who sent a message. Buyers create accounts, send bitcoins to SR-controlled addresses, browse seller pages, and order quantities similar to any e-commerce site. (Contrary to descriptions of SR as “the eBay of drugs”, SR is more akin to shopping on Amazon Marketplaces than eBay: there are no auction features.) SR has been covered in the media for years and is still operating successfully, indeed, Christin 2013 calculated a monthly turnover of ~$1.2m for annual revenue of ~$15m from 2011-2012, with daily sales volume:

The design of SR could be taken straight out of early ’90s cypherpunk - most of the design can be justified in Timothy C. May’s 1994 Cyphernomicon, itself mostly a summary of much earlier discussions. (In an amusing historical coincidence, May happens to mention an old digital currency proposal called… “The Digital Silk Road”.) The SR is an unregulated black marketplace which is:

• reached via a anonymizing mix network
• made up of pseudonymous entities, who
• communicate privately and securely via public-key cryptography to arrange purchases
• using escrow schemes for payment of sellers only on receipt of goods
• said sellers post the equivalent of bonds as surety before being allowed to sell
• and buyers publicly rate their sellers (so the marketplace avoids becoming a lemon market)

From an economic point of view, several measures serve to make incentives align:

• SR is paid as a percentage of transactions; hence, it is motivated to encourage as high a turnover as possible, and maintain the satisfaction of both buyers and sellers. This makes SR a relatively trustworthy agent because too much abuse will cause buyers or sellers to leave and cease paying the percentage, especially if there are any competing marketplaces. (This is the same dynamic that kept users on Liberty Reserve before it was shut down.)
• Sellers are encouraged to not scam buyers because they will not gain access to bitcoins in escrow and enough violations will forfeit their deposit held by SR
• Buyers have limited incentive to scam sellers because their bitcoins are paid in advance and not under their control; SR arbitrates disputes and more than a few bad transactions can lead to their balances forfeited and being blacklisted, limiting their ability to scam large amounts

And as far as people outside the marketplace are concerned, there is a network effect at play: the better incentives align, the more buyer and sellers there will be, and they will lead to better selections and lower prices. All familiar economic results about normal thick commodity markets, but perhaps unexpected to see in such an exotic marketplace.

## Escrow

One aspect of the incentives deserves coverage as most presciently discussed by the cypherpunks and underappreciated by users: the use of escrow.

Timothy c. May’s chapter 12 (“Legal Issues: Loose Ends: Escrow Agents”) lays out the necessity of escrow when a marketplace uses both pseudonymity and untraceable digital cash:

On-line clearing has the possible danger implicit in all trades that Alice will hand over the money, Bob will verify that it has cleared into his account (in older terms, Bob would await word that his Swiss bank account has just been credited), and then Bob will fail to complete his end of the bargain. If the transaction is truly anonymous, over computer lines, then of course Bob just hangs up his modem and the connection is broken. This situation is as old as time, and has always involved protocols in which trust, repeat business, etc., are factors. Or escrow agents.

…In steps “Esther’s Escrow Service.” She is also untraceable, but has established a digitally-signed presence and a good reputation for fairness. Her business is in being an escrow agent, like a bonding agency, not in “burning” either party. (The math of this is interesting: as long as the profits to be gained from any small set of transactions is less than her “reputation capital,” it is in her interest to forego the profits from burning and be honest. It is also possible to arrange that Esther cannot profit from burning either Alice or Bob or both of them, e.g., by suitably encrypting the escrowed stuff.) Alice can put her part of the transaction into escrow with Esther, Bob can do the same, and then Esther can release the items to the parties when conditions are met, when both parties agree, when adjudication of some sort occurs, etc. (There a dozen issues here, of course, about how disputes are settled, about how parties satisfy themselves that Esther has the items she says she has, etc.)

“Esther” is SR, “on-line clearing” is bitcoins, Alice is a buyer and Bob the seller, but otherwise the logic is clear and unmistakable: lack of escrow leads to a perverse incentive for Bob to scam Alice.

We can see the proof in practice. For various reasons, SR provides buyers the option of releasing their funds from escrow to the seller, called “early finalization”; early finalization is one of the leading mechanisms for seller scams on SR. The cardinal example is the April 2012 scam where a trusted seller took the occasion of a SR-wide sales event (where SR waived its fees) to announce unusually low prices, took in hundreds of large orders totaling thousands of bitcoins (the equivalent of >$50,000) but requiring early finalization, withdrew all funds, and never delivered. A simple enough scam, yet highly effective: as May and other cypherpunks pointed out decades before, one should never entrust a pseudonymous agent with more liquid anonymous cash than its “reputation capital” is worth! One can entrust the agent with less liquid anonymous cash (not enough to burn one’s reputation in exchange for), or one could entrust the agent with more escrowed anonymous cash (so they cannot “rip-and-run”), but not both more and un-escrowed (which is paying them to scam you). (This could be helped slightly by providing more information about sellers, like listing the outstanding balance for sellers so buyers can be wary of any seller with an unusually large outstanding balance; but buyers will still be attracted by sales as excuses for finalizing early, and sellers could simply split their activity over multiple accounts. Escrow remains the best solution.) # Silk Road as a marketplace “Silk Road doesn’t really sell drugs. It sells insurance and financial products,” says Carnegie Mellon computer engineering professor Nicolas Christin. “It doesn’t really matter whether you’re selling T-shirts or cocaine. The business model is to commoditize security.”2 Beyond the basic cryptographic tools and features of the site itself, SR embodies the cypherpunk dream of letting free-market forces operate to inform buyers and let them find sellers with whom they can reach mutually acceptable agreements. There is no better way to demonstrate this dynamic than with a detailed example using real SR data of a hypothetical buyer compiling the information SR provides, making inferences on the provided data, applying his desires to appraise each seller’s wares, trading off various criteria such as risk versus price, and finally settling on a particular product. But one wonders: what is using it like? Does it have a decent selection? Is it safe? Ridden with scammers? Has it succumbed to an Eternal September (“I used SR when it was still underground”)? Shouldn’t we keep quiet about it like Fight Club? ## Quality The purity and safety of SR wares, while varying considerably from seller to seller, batch to batch, and drug to drug, seems to have generally been high. For example, the LSD Avengers’ lab testing kept the LSD section’s quality up, and the FBI in its JTAN search warrant request did its own lab testing: Since November of 2011, law enforcement agents participating in this investigation have made over 70 individual purchases of controlled substances from various vendors on the Silk Road Underground Website. The substances purchased have been various Schedule I and II drugs, including ecstasy, cocaine, heroin, LSD, and others. As of April 2013, at least 56 samples of these purchases have been laboratory-tested, and, of these, 54 have shown high purity levels of the drug the item was advertised to be on Silk Road. ## Safe The safety of using Tor black-markets is a major question (and worries about safety are, according to Barratt et al 2013’s survey analysis, a major reason people don’t use SR), and one I find interesting. Unsurprisingly, it’s hard to find solid information on how many people have been busted using SR or what happened to them, and the consequences will depend on the specific substance and amounts. For example, modafinil seems to be de facto not prosecuted in the US, and the failure rates of importing from online pharmacies seem to be in the <10% range according to buyer anecdotes and 1 seller. Some users report occasional interceptions like when Forbes ordered 3 items in 2013 & 1 failed to arrive, but others claim flawless delivery records (even someone claiming to buy$50k of opiates a year on SR). General descriptions of drug importation also suggest low interception rates (as makes sense given the very large quantities of drugs sold every day); the large Canadian LSD seller Tessellated estimated in July 2013 that “less than 1% of our packages are reported missing (some of this may be customers lying)” and 2 English drug journalists in December 2012 discussing their most recent book:

Q: “How much of the drugs that enter the country are actually seized by police?”

A: “I think the figure that’s quoted in our book is about 1%; it really is a fraction of what gets in. There was one conversation I had with a chap who had access to the Serious Organised Crime Agency who said that if people knew how easy it was, then more people would do it.”

Buyers and sellers seem to be treated differently as well: in the 2012 bust of the insecure Farmer’s Market (see later footnote), the indictment only lists sellers and no buyers. Gawker covers another case of a Canadian cocaine exporter apparently busted because they accepted payment via Western Union.

### SR

#### Australia

An Australian student’s MDMA was intercepted by Customs but the article makes no mention of him being penalized. A later prosecution & conviction of a SR seller was to related to a Customs interception of his large imports from Netherlands/Germany according to the judge’s sentencing verdict. 2 teens made the mistake of ordering so much that their parents turned them in.

Another Australian seller was pulled over by police in April 2012 while driving to the post office to mail shipments, the drugs found, his house searched, and was sentenced to 5 years (discussion). A 7 November 2012 Australian article claims 30 interceptions a month in an area, but mentions nothing specific about arrests. A December 2012 article quotes Customs claiming a 40% increase in seizures, but then quotes a SR seller as claiming a doubling or quadrupling of Australian buyers (hence, implying the interception rate has halved or worse).

A teen died accidentally in February 2013 after taking “synthetic LSD” bought by a friend on Silk Road; the friend was prosecuted & sentenced to 12 months’ probation. Reportedly, a June 2013 Parcel Post sting seized 140 packages/$8m & “Six of those arrested were Silk Road members.” As of July 2013, there was “at least one criminal prosecution in WA [Western Australia] that involves Silk Road”, and WA police estimate “47 active Australian-based sellers who use Silk Road”. An Australian investigation starting in January 2013 arrested two fake ID manufacturers in September 2013; coverage does not mention SR, but a Redditor plausibly identifies them as having been the fake ID seller “Ausid” who stopped selling on SR in March 2013. The former Silk Road moderator/employee SSBD/Symmetry was arrested in Brisbane on 20 December 2013 (indictment). At some point in 2013, an Australian man was arrested after 2 packages of 25i & 25c (and possibly an amphetamine package) were intercepted by Customs, and pled guilty in 2014. A Launceston, Tasmania man was convicted in 2014 of possession of 25i & BDMPEA partially (?) bought on SR; it’s unclear how he was caught. Estimating total number of Australian users is difficult, but the 2012 Global Drug Survey reportedly found 184 SR purchasers in its sample of >6600 Australians suggesting a risk of arrest or publicity $<\frac{5}{184}$ (and incidentally, remembering this is a biased sample and the South Australian recent illicit drug use rate is ~14.9%, it suggests a very loose upper bound of all Australian SR users of $23000000×0.149×\frac{184}{6600}<95541$). #### Canada The aforementioned Tessellated claimed “we have not even once had a report of anyone having any legal trouble or ‘love letters’ from our product. On several occasions customs has opened our package, not found the product and sent it intact to the buyer.” In May 2012, the high-volume cocaine Canadian seller “moveitnice” mentioned postal delays and then disappeared; according to buyers in the forum discussion, moveitnice accepted Western Union and the recipient of the WU payments matched the names in the arrests of a family of 4 Ottawans for mailing cocaine which was announced by the RCMP on 18 May. (My search of Canadian court records was unable to find their case; possibly their case has been publication-banned or discharged.) #### England There is an anonymous claim of a May 2013 UK controlled delivery & arrest. A Reddit user claims in June 2014 to have been importing MDMA into the UK from the Netherlands off SR1 for personal consumption & resale through friends for ~6 months; sometime before 2013 a package of 100 pills was detected by customs and he accepted delivery, leading to his house being searched; he was then convicted (in large part due to text messages on his phone & emails on his computer) and given a suspended sentence. After the SR bust in October 2013, the Devon UK seller of accessories like marijuana seeds/MBB+ packaging/kratom (“PlutoPete”), reported he had been raided & questioned and likely charged with his personal drugs3 but not charged over his SR sales. 3 more in Manchester were arrested & charged; the description of a three-man seller mailing from Manchester seems to match at least two SR sellers, “JesusOfRave” and “TechnoHippy”, the former of whom quickly denied being arrested, while the latter last appeared on the SR forums in mid-September 2013, he resurfaced on the SR2 forums likewise denying any involvement. #### France On 14 December 2013, the French vendor “WalkaBoot” (marijuana & amphetamines) was arrested by Customs. #### Germany 4 people were arrested in Germany in July 2013, apparently by tracing another drug seller’s supplier with repeated orders which were sent from the same spot by the couriers (and were easily busted), and then to that SR seller-group (possibly “AfterHour”) & possibly payments via mail (German coverage: 1, 2, 3, 4; partial translation). #### Ireland On 20 December 2013 (indictment), the former SR administrator/moderator/employee “Libertas” (also of Silk Road 2) was arrested in Wicklow, Ireland but apparently made bail & fled. #### Japan A man was arrested for importing 50g of a “stimulant” in May 2014. #### Netherlands In September 2013, 6 Dutchmen were arrested for MDMA sales on SR; the arrests stemmed from a car search turning up thousands of pills in 22 November 2012 and then a raid of their manufacturing location 5 April 2013 (one commenter speculates they were the missing MDMA seller “MedicalM”). On 9 October 2013, following a month of wiretapping & Blackberry observation, 2 Dutchmen (the seller “XTCExpress”) were arrested while making MDMA pills & charged (Daily Mail), ultimately receiving 4-5 years. The MDMA seller “SuperTrips” (profile; DoJ announcement; complaint; charges) was arrested on traveling to the USA in August 2013 to meet a SR1 reseller, “UnderGroundSyndicate”/“BTCMaster” (who was arrested with SuperTrip’s help in October). US Customs intercepted >100 packages mailed by SuperTrips, built up a profile, found fingerprints on the packages, checked the Netherlands’s fingerprint databases & found a match, detained SuperTrips when he attempted to enter the USA, seized & searched his laptop’s files (illustrating the lack of civil rights at borders), he admitted selling during an interview, and eventually reached a plea agreement. His arrest was rumored on forums, and DPR2 of SR2 specifically alluded to SuperTrip’s arrest in late 2013/early 2014 that “it was quite boring the third time law enforcement decided to use the ‘SuperTrips’ moniker and claiming to be him as a free man, when I know just as well as ICE where he is now”, although the case was only publicly announced in April 2014. #### New Zealand A New Zealand Customs officer who likely used SR was charged with possessing & “supplying” methamphetamine but this “was uncovered during police inquiries into another crime”, with the resolution unclear. A young NZer’s MDMA was confiscated by Customs and his house visited, whereupon he admitted guilt to the officers and unsurprisingly was arrested & convicted. What seems to be a third NZer was sentenced to 18 months probation. A NZer was arrested in April 2013 over multiple very large orders from an online site, which may or may not have been SR. That article estimates 52m items passing through Customs in 2012 with 1.4k intercepted as drugs; an earlier NZ article claimed 80 interceptions a month with 7 arrests January-July 2012 or 1 arrest a month (suggesting each interception has a risk of leading to an arrest of ~1/80; the risk per order then depends on how many of the 52m items were drug packages). An August 2012 article elaborates on those figures: “There have been approximately 80 intercepts a month [from] people we believe have utilised the Silk Road enterprise,” Day said. In cases linked to Silk Road from January to July, 13 search warrants were issued, 15 further properties visited and seven arrests made. In April 2013, a student importing cocaine, MDMA, & LSD for resale had packages intercepted by Customs, leading to a search and then sentencing in February 2014. In September 2013, 3 NZers were convicted of importing MDMA & cocaine. Another NZer was convicted of importing methamphetamine. And a fourth NZer’s 2 MDMA & NBOMe shipments were intercepted by Customs, leading to a search of his house & sentencing in April 2014. On 11 December 2013, another 3 NZers were arrested over various orders of “small quantities of LSD, Methamphetamine, MDMA (ecstasy), Class C analogue powders and the psychoactive substance NBOMe” from unspecified black-markets “such as ‘The Silk Road’”. (Inasmuch as Silk Road was busted 2 October 2013, they may have actually been ordering from a replacement such as Sheep MarketPlace.) In April 2014, a NZ man was convicted after 2 packages of methamphetamine from Canada were intercepted in September & November 2013; the search had also turned up LSD and marijuana. #### Sweden 2 Swedish men (the seller “SweExpress”), were arrested 8 October 2013 for selling marijuana; two users on Reddit noted that SweExpress ceased mailing orders a week before the SR raid. #### USA Despite making up much of SR’s customer-base and being one of the largest drug markets in the world, American cases are rarer than one might expect. In September 2011, the Silk Road buyer of LSD & MDMA Stacy Litz was arrested in Pennsylvania after selling LSD to an undercover officer; she became an informant. On 28 October 2013, the Maryland former seller “digitalink” was charged in federal court (previously convicted of a number of offenses in state courts) for his heroin & methylone (banned October 2011) sales a year & a half previously (he stopped in January 2012), and pled guilty. The complaint/indictment does not specify what evidence the case is based on, why such a long delay, or why no arrest; but based on digitalink’s forum posts and forum discussions of him, it seems he was an extremely careless vendor who disdained PGP, retrieved product seized by the Post Office (one forum-user presciently exclaimed in August 2011 “Oh wow, the idiocy is unmatched! It seems very possible that digitalink will be busted sometime soon.”), told other people who his methylone supplier was, gave his phone number to buyers, and ultimately failed to deliver$3500 of methylone to a buyer “thoth” who then threatened to give digitalink’s information to the police.

A pseudonymous Redditor claims to have been arrested & charged over cocaine sometime in 2012, but not convicted.

In December 2012, a New Jersey buyer was busted for marijuana in a controlled delivery when the package was detected in the mail; he cooperated (no additional penalties specified in article) and 2 sellers were eventually arrested & charged in July 2013.

SR forum posters have claimed that a DMT seller, cocaine seller, & 2 others have all been busted but apparently for their offline connections and activities (the poster claims the DMT seller had too many people visiting and his neighbors squealed). A Redditor claims a friend was arrested at his PO box, a second claims his cousin was convicted of ordering marijuana & MDMA without a controlled delivery, and there were several claims to have been arrested or convicted in an August 2013 Reddit discussion (these claims are not verifiable).

In January 2013, according to the SR bust indictments, a seller & SR employee (“chronic pain”/“Flush”) was arrested charged in Maryland after receiving a kilo of cocaine from an undercover agent; he then cooperated with the FBI in pretending to be dead. He was identified in October as Curtis Clark Green (discussion). Green’s plea-agreement (transcript) was released on 7 November 2013, without any details of his cooperation after his arrest in Utah (although “the U.S. attorney’s office said his computer was forensically examined after it was seized”); interestingly, the plea-agreement notes that the undercover agent did not know the cocaine package was being delivered to the SR administrator who had helped him find a seller for his cocaine.

In February 2013, there were two cases of Americans being busted in Florida and Louisiana by signing for MDMA in what is called a “controlled delivery”; the simultaneity, drug type, & amount immediately led to speculation that they were both ordering from the SR MDMA seller “luckylucianno” who was previously having issues with order interceptions, which was confirmed when one of the arrested men posted on the SR forums warning away others and relevant threads were deleted by forum moderators (although a moderator claimed the Louisiana bust was unrelated to SR or the Florida bust).

On 12 April 2013, a South Carolinian man (the seller “Casey Jones”, judging by forum search hits4 and his posts) had ฿11 (then $935) confiscated via a drug law provision (Hughes blames it on the “actions of one of his house guests”); he was arrested in June 2013 and triply charged in Charleston with distribution/possession of marijuana/Clonazepam/DMT/Methylone but he did not seem to be selling marijuana on SR and the available court records do not indicate whether he is being charged due to offline or online drug dealing, but the mention of “two undercover drug buys…in April” imply he was selling off-SR and may have been caught that way. Sometime in March 2013, an Alaskan buyer of heroin & cocaine apparently received a controlled delivery, and received felony charges; he cooperated in the ongoing investigation of his seller, “NOD”, according to the indictment for NOD. An otherwise-unknown female buyer from NOD seems to have been similarly arrested in April/May according to the TSG article on NOD. On 21 March 2013, the large Californian marijuana group seller “SourDieselMan” replaced their profile page with the message “i am down forever” (last forum comment was 18 March 2013); SR users noted that on 19 March, a series of marijuana-related raids were executed in California near where SourDieselMan apparently shipped from, and speculate that SourDieselMan may have been arrested in them (though two users say SourDieselMan was either banned by SR over selling Bitcoins for cash in the mail or traced via this, an activity attested to in the review thread). Additional July news coverage revealed SourDieselMan to be a group, 2 members of which (Gillum & Chan) were arrested & charged with marijuana & finance-related charges. The complaint says the investigation started in August 2012 due to the large sums of cash in mail, did a controlled delivery to a SR marijuana buyer in New Jersey in December 2012, flipped one of the SourDieselMan members, and went from there; for additional details, see the PACER court records and the filings for Gillum & Chan. During May 2013, a teen in Indiana was arrested after his mother informed on him. I also know of another case involving an American who was convicted after a controlled delivery of LSD mailed from the Netherlands; his package was likely detected. A complaint filed 13 June 2013 against a David Lawrence Handel charges him with distributing methylone, 2C-E, and 2C-C; no full complaint is available and it is apparently sealed. Handel is known to be SR-related because the edgarnumbers complaint says so.5 La Moustache suggests that Handel was the research-chemical seller daviddd, based on davidd’s sales volume, public silence since the right time, a rumor that he had been arrested, the coincidence that davidd listed 1kg of methylone for sale just like the LE-controlled Digitalink & edgarnumbers seller profiles had, and a suspicious attempt by the davidd attempt to send a ‘free sample’ to a SR1 moderator. On 28 June 2013, the seller “edgarnumbers” (profile) was raided in Nebraska (he had sold methylone among others on SR, and guns on the short-lived Armory); he cooperated (turning over his customers’ addresses), was eventually arrested 19 February 2014, and his case was unsealed the next day (complaint). He had been busted after “digitalink”6 turned over all his customers’ addresses in November 2011, which included edgarnumbers’s address; he was then targeted for undercover buys and confirmation that he was a drug & gun dealer through his lack of visible income, Gmail & Amazon accounts, Facebook & Google+ profiles, interviews at his local post office & debit card records of many postal purchases, and a return address.7 A New York man was prosecuted in August 2013 after selling Suboxone in person, having his mail monitored, and then his store (with drugs on the premises) raided. In September 2013, two Wisconsin men importing MDMA from Germany saw their package detected by Customs and received a controlled delivery. Also in September, a Vermont student was charged with drug possession; he had purchased them off SR, and was reported to police through complaints of “smells of burnt marijuana”. In October 2013, the founder of SR, DPR, was arrested in San Francisco and charged with a laundry list of crimes. Simultaneous with the SR bust, a Washington state man & his girlfriend, the seller “NOD”, was charged with heroin selling (complaint, docket, interview) with some leniency since they cooperated after their July bust; a pseudonymous Redditor claims to have been a customer of NOD, among other sellers, and to have been searched, arrested & charged on 8 October 2013, with (apparently) another pseudonymous Redditor reporting state charges & posting his indictment. (Interestingly, NOD did a interview for the Drugs Inc. TV series somewhere around March 2013.) The Florida seller “UnderGroundSyndicate”/“BTCMaster” (profile, plea agreement) was arrested near-simultaneously with DPR thanks to the cooperation of his partner/supplier, the Dutch seller SuperTrips, who had been arrested when he tried to fly into the USA in August 2013 with an unencrypted laptop. On 21 November 2013, the seller “MDpro” was arrested in Delaware (seller profile, forum discussions, forum posts, BMR posts under her real name) and charged in federal court (PACER web data, complaint/filings); based on the complaint, it seems her fatal mistake was either using tracking on her shipments through an account registered in her real name or putting valid return addresses on her shipments to a PO box registered to her real name, which allowed the undercover buyer to find her and compile the extensive case against her. Among her many security mistakes included accepting shipments from other sellers to her apartment addressed to her partner (and partner in crime). On 25 November 2013, a possible SR seller, Brandon Howell, was arrested in North Carolina; he & his partner “imported MDMA from China through an online black market…The two then resold the imported drugs using the online currency Bitcoin, according to police.” It is not clear which seller they were or what market they sold on. On 17 December 2013, 4 members of the methamphetamine group seller “hammertime” were arrested in Oregon (PACER, indictment; more coverage). On 19 December 2013 (indictment; girlfriend’s report), the former SR administrator/employee “Inigo” was arrested in Virginia. On 26 January 2014, the Bitcoin seller “BTCKing” (SR1/2) & an accomplice at BitInstant were arrested in Florida & NY (respectively) after an IRS investigation (indictment); BTCKing offered a service in which he sent buyers a bank account number to deposit cash to (which he then converted into bitcoins via BitInstant), then transferred bitcoins to the buyer on Silk Road. He was arrested after an undercover agent (starting in August 2012) made purchases, received the bank account information, and obtained his bank records; the case was further cemented by using the SR messages from the FBI’s copy of the servers (apparently BTCKing did not believe in using PGP), the home IP embedded in BTCKing’s emails with BitInstant (BTCKing used Safe-mail.net but apparently did not connect over Tor), and his accomplice’s Gmail emails & chats obtained. (Ironically, BTCKing had declined Dread Pirate Robert’s July 2013 invitation to join him in creating an “Anonymous Bitcoin Exchange” by pointing out his vulnerability to investigation: “All LE has to do is go to the bank and ask who is the Trustee of RMF Trust and BANG… They will seize the funds and me.”) In early May 2014, the SR2 seller “Xanax King” & his associates were arrested (DEA press release); he ran a very large operation with multiple employees, purchased ingredients using Western Union & wire transfers to China, “sold drugs locally, distributing Xanax tablets, GHB, and steroids”, some sort of clearnet website (xkloves.us, content removed in lieu of a now-defunct Tor hidden service), and had at least one “confidential informant” in his organization (see the anti-bail letter), who was handling their SR2 orders at the end according to a media report (some buyers reported being asked to resend their PGP-encrypted addresses). The fall out from XK’s bust has been substantial: the anti-bail letter claims “In addition to the nine defendants in this case, evidence gathered from Defendant’s enterprise led to the arrest of nearly 60 other people throughout the country”. Several of his customers received controlled deliveries and have been arrested as well. 2 controlled deliveries on 28 May picked up 4 men in Bloomington, Indiana A man in New Orleans, Louisiana whose pickup of a package was surveilled managed to evade arrest on 29 May but was arrested a few days later using cellphone records & Facebook data. In late May 2014, the SR1 oxycodone/hydrocodone seller “CALIGIRL” (profile) was arrested in Dallas, Texas (press release, criminal complaint & excerpts, PACER). An undercover agent had made 2 purchases through SR1 and 6 over Bitmessage after the SR1 bust; CALIGIRL did not vary packaging methods or drop off location, allowing his packages to be profiled, traced back to a sorting facility, where the agent discovered they were all dropped off at a single postal box. In addition, on the last purchase, the agent social-engineered CALIGIRL into accepting part of the payment to his personal bank account. This all fed into a comprehensive investigation of CALIGIRL’s life which drew on information from (but likely not exclusive to): Facebook; Amazon shopping logs and IP; #bitcoin-otc IP & transactions; Local Bitcoin transactions; domain names and telephone; cellphone apps (Ding) usage & callers & IPs; Post Office photos (from automated postal machine); the landlord for his post box; travel records; electronic toll records recording movements of his car; hotels he stayed at (he used places he stayed or was near as return addresses); and financial records from: Xoom (and IP addresses), Wells Fargo, JP Morgan Chase, Western Union, & MoneyGram. There are currently no known controlled deliveries or arrests of CALIGIRL customers (possibly the SR1 bust eliminated most of his business). ### BMR A major BlackMarket Reloaded (BMR) seller seems to have been arrested & charged in Kentucky in August/September 2013 for international gun sales, after packages were intercepted. Another BMR gun dealer (“Gun Wise”) was arrested 7 November 2013. ### LE reports Security-wise, SR seems to be receiving passing grades from law enforcement agencies internally; a leaked FBI report mentioned no attacks against SR, an anonymous federal source reports frustration8 (although these sources may just be echoing public information9), anonymous anecdotes claim the DEA is stymied10, while a May 2012 Australian document reportedly praised the security of seller packaging and general site security, with a pseudonymous SR forums user claiming to summarize it: Recently, I gained access to an internal confidential report distributed to several Australia LE agencies and a few international anti-narcotic bodies regarding possible methods of combating illegal activities involving BC. Of course SR was a main feature of said report…So here are the nuts and bolts of the report, spread the information as far and wide as possible friends: 1. PGP is terrifying them, every new user who learns it and helps others learn, closes a possible loophole they were planning to exploit. 2. User ignorance of the technology being used (Tor, PGP etc) is their single best hope for any kind of serious action against the SR community. 3. Narcotic trade historically involves exploitation and violence. Users working together as a community for a greater good and towards the same goals has made all previous interdiction training basically obsolete. In other words, every user who helps newcomers learn how to be safe and secure especially through the use of PGP for all transactions and communication is a nail in LEO’s coffin. 4. A total lack of violence and exploitation is very much working in our favor. So in other words, the idea of a community working together to protect the new and vulnerable has been identified as a huge obstacle for any kind of serious attempt to stop SR. 5. Their morale regarding fighting SR and BC is very low at the moment, mainly because very few LEO have the capacity to comprehend how the whole system works, but unfortunately, recent media coverage demands some kind of action, so they are going to have to show the public they are doing something to combat SR, they just aren’t sure what yet. ### Vulnerabilities In particular, I am impressed that after years of operation as of April 2013, SR seems to have never been seriously hacked or broken into: in that time, there have been many hacks of other sites and >9 hacks of Bitcoin currency exchanges. There has been a perennial forum spam problem, and in late 2012, there was a SQL injection attack leading to images being corrupted with false addresses and a few people losing their money by not being suspicious, but that seems to be it. And SR is the biggest target out there besides MtGox, for multiple reasons - the sheer amounts that pass through it, the potential of it being a small team rather than a professional group (how do you hire penetration testers when you’re SR?), the unusual products you can order, the notoriety one would earn, and finally, the “lulz” value of their databases (suppose someone were able to harvest addresses & names that are foolishly sent to sellers in the clear & unencrypted; imagine the lulz value of releasing them all in a big dump! People would be wetting their pants worldwide, since despite all warnings, there are always a great number of users who will not bother encrypting their addresses.) My belief is that SR can be taken down; however, I am not sure LE (law enforcement) has permission to use the tactics necessary - explaining the lack of suggested attacks or realistic attacks in the leaked FBI Bitcoin paper and summaries of the leaked Australian SR paper (respectively). My two suggested attacks are 1. DDoSing the SR site, rendering it unusable (and congesting the overall Tor network) 2. fake buyer & seller accounts leading up to a single large scam. Attack #1 would make the site simply unusable, and can be done on any address SR runs on since the address has to be widely known or how will the buyers & sellers know where to go? This would require a few dozen nodes, at least, although I’m not actually sure how hard it is to DDoS a Tor hidden server - reportedly the DDoS which took down SR for weeks was being run by a single individual in their spare time11, and by the very nature of the Tor anonymizing network, it should be difficult to do anything at all about a DoS attack since how do you identify the end-nodes responsible, as opposed to the relays passing on their messages? And the obvious counter-measure, running through many .onion addresses, even one for every user, would substantially reduce the actual anonymity of the SR servers. That a weak DDoS attack was already so successful against SR raises serious doubts in my mind about the ability of hidden services to resist a real DDoS attack like by a medium-sized botnet. Attack #2 would require a fairly substantial financial investment to pay the ~$500 deposit required of each seller account, but depending on how effective the final step is, may actually run at a profit: it’s not hard to get $500 of orders at any time, since you can build up a reputation, and then when you decide to burn the account, you can solicit orders for weeks due to shipping delays, and then delay the resolution even longer. Certainly the many FE scammers like Tony76, who have made off with hundreds of thousands of dollars, have demonstrated that this is perfectly doable and claims to the contrary are wishful thinking; and certainly LE is patient enough to do this tactic since it’s exactly what they did with Farmer’s Market & carder.su & other forums/sites too obscure to be remembered. Repeated, this would massively destroy buyers’ trust in SR, especially since there are usually only a few hundred active sellers at any point. (pine, commenting on how the competing black-market Atlantis did in-browser encryption which I criticized as security theater & Hushmail redux, points out the Eternal September version of this scenario: the more newbie buyers who are too lazy or arrogant to use PGP (~90% of users, according to the Atlantis administrators in June 2013; >30% of Sheep Marketplace users according to the seller “haydenP” on 22 November 2013; DPR2 estimated “between 8% and 12%” on SR2 on 6 December 2013; 90%, an Evolution/The Marketplace seller; <10%, an Agora seller; >75%, the Project Black Flag hacker) the more attractive an attack on SR becomes to pick up all the buyer addresses being sent in the clear and the more feasible a mass raid becomes.) Fortunately, I don’t think LE is authorized to engage in cyberwar (#1) or mass entrapment & fraud (#2) - and who knows, maybe SR could survive both. We’ll see. ## Fight Club Whenever classic (and illegal) cypherpunk applications are implemented using Bitcoin, you are sure to find someone complaining that you must not talk about Fight Club - how will that play in Peoria⸮ You will find quite a few, actually, as much as one would expect Bitcoin to select for hard-core libertarian types12 or techies who have internalized the Streisand effect; indeed, the moderators of the Bitcoin forum have - in a crime against history - deleted the early threads about SR, including the thread that saw SR announced. (I posted a short thread linking this page, and I give it about 25% odds of being moderated/deleted; a few hours later, the thread had been deleted. I had drastically underestimated the cowardice of the forum moderators.) This is a certain double-bind and unfairness in such criticism. Would such critics be congratulating me if this article turned out to help Bitcoin by discussing and documenting a demand driver and important test-case? I suspect they wouldn’t. Their argument is unfalsifiable and based more on their prejudices than hard data. To such people, my general reply is: what makes you think I want Bitcoin to succeed? It’s interesting but that doesn’t mean I have drank the Kool-Aid. If SR coverage hurt Bitcoin, I may not care. And I would argue the contrary: I believe SR coverage helps Bitcoin. SR has not been harmed by its national coverage; the number of accounts and transactions have all increased dramatically, and SR’s admin has stated his satisfaction with the new status quo on the SR forums and on Gawker, and said later that “Silk Road was never meant to be private and exclusive.” (9 January 2012, “State of the Road Address”); as has a co-founder of a British Bitcoin exchange. Not that the SR admin ever sought secrecy - he announced SR’s official opening on the Bitcoin forums! Purchases of Bitcoin noticeably spiked after the Gawker article as already mentioned, and one cannot buy that much publicity. One might say of self-censorship that “C’est pire qu’un crime, c’est une faute. And suppose SR coverage did hurt Bitcoin even to the extent that it would be worth devoting one neuron to thinking about it; I would publish anyway because that would mean that the Bitcoin experiment has failed and must be terminated immediately. If Bitcoin is not safe for the drug dealers, then it is not safe for anyone; if Bitcoin can be hurt by the truth, then it is already doomed - you cannot build on quicksand, and “that which can be destroyed by the truth should be.” Good game, chaps, let’s all meet back here when the next Satoshi Nakamoto figures out how to patch the vulnerabilities. # Preparations But besides all that, how well does it work? No way to know but to go. So, let’s take a ‘brazen’ stroll down the SR. SR’s 2 technical claims to fame are the exclusive use of Bitcoins for payment, and access only through the anonymizing Tor network, on which SR and the SR forum live as hidden sites - both you and the server funnel your requests into a set of Tor nodes and you meet in the middle. (This isn’t as slow as it might sound, and hidden sites eliminate the main security weakness of Tor: evil exit nodes.) Tor itself is secure, but this doesn’t mean as much as one might think it means: while Tor itself is basically the securest software you will ever use (or at least, it is far from the weakest link in your chain), what always kills you is what you choose to communicate over Tor: what you browser sends or doesn’t send, or the personal details you put on your seller page or brag about on Tumblr with pictures, or the mailing address you foolishly choose to send over it plaintext & unencrypted (vulnerable until the item ships) or the revealing message (vulnerable >2 months)13, or the pseudonym you choose to confide in, etc. Tor is a tool which does one thing very well: keeps secret the communication between your computer and someone else’s computer. It does nothing whatsoever about anything that other computer may be able to figure out or record about you or what you choose to send. The perfectly secure envelope does little good if the person you’re mailing your confession to is a policeman. But as any kidnapper knows, you can communicate your demands easily enough, but how do you drop off the victim and grab the suitcase of cash without being nabbed? This has been a severe security problem forever. And bitcoins go a long way towards resolving it. So the additional security from use of Bitcoin is nontrivial. As it happened, I already had some bitcoins. (Typically, one buys bitcoins on an exchange like Mt.Gox, although the routes are always changing, so see the Bitcoin wiki’s buying guide; the era of easy profitable ‘mining’ passed long ago.) Tor was a little more tricky, but on my Debian system, it required simply following the official install guide: apt-get install the Tor and Polipo programs, stick in the proper config file, and then install the Torbutton. Alternately, one could use the Tor browser bundle which packages up the Tor daemon, proxy, and a web browser all configured to work together; I’ve never used it but I have heard it is convenient. Other options include entire OSes like Tails or Liberté Linux, which can be used on bootable Flash drives. (I also usually set my Tor installation to be a Tor server/middleman as well - this gives me more anonymity, speeds up my connections since the first hop/connection is unnecessary, and helps the Tor network & community by donating bandwidth.) # Silk Road With Tor running and the Torbutton enabled in the browser (along with any privacy mode), we can easily connect to SR; we simply visit silkroadvb5piz3r.onion14. (Newbies to Tor might wonder why the gibberish address. The address is derived from the public key of the server, making it more difficult for an attacker to pretend to be the real SR or do a man in the middle attack.) Upon connecting, you will see a bare log-in form: Alternately, you might see an error page like the following; SR is occasionally down for maintenance & new features or temporarily overloaded. Usually waiting a minute is enough, and longer downtimes are discussed on the SR forums. Click on the join, and you will be taken to another page for registering your account, much like any other site. Invitations are not currently required, although to register a seller account is neither easy nor cheap, see later sections. (I suggest picking a strong password15. Learn from the Mt.Gox fiasco.) With your new account, you can now log in and see what there is to see on the main page: Notice at the bottom, below the random selections, is a section listing all the most recent reviews from buyers; feedback from buyers, like on Amazon or eBay, is crucial to keeping the system honest: The stimulants category contains much what you’d expect: Moving on, we have the section for selling forgeries: # Anonymity Well, you’ve browsed through the SR proper. You can also visit the official SR forums at dkn255hz262ypmii.onion. The discussions are indispensable tools for learning about sellers and getting the latest rumors like indicators of FE scams, but the forums are also where official rule changes to SR are announced by the SR administrator. We have window-shopped long enough. It’s time to take the plunge and buy something. Bitcoin developer Jeff Garzik is quoted in the Gawker article as saying that “Attempting major illicit transactions with bitcoin, given existing statistical analysis techniques deployed in the field by law enforcement, is pretty damned dumb.” Fortunately I do not plan ‘major’ transactions, and in any case, I tend to suspect that said statistical techniques are overblown; a few academics have published initial investigations into tracing transactions and examining the larger Bitcoin economy, and have linked transactions to individuals, but as of 2012 have only done so with addresses publicly linked to identities, and not broken the anonymity of people trying to be anonymous. The public nature of transactions means that many interesting connections & graphs can be generated and analyzed. But fortunately, it’s straightforward to anonymize Bitcoin transactions (mixing services16) by a method analogous to the Tor network we are relying upon already: route the money through several intermediaries in several quantities and reconstructing the path backwards becomes nontrivial. My own method was to route 4 bitcoins through Mt.Gox (this was before the hacking, a series of events which confirmed my own resolution to keep a balance at Mt.Gox for as short a time as possible; a retrospective analysis of Bitcoin exchanges suggests that for every month you keep a balance at an exchange, you run a ~1% chance of losing your money), then through MyBitcoin (which at the time was still considered trustworthy)17. This was straightforward - sign up for a throwaway account: Then deposit to the one-use address: A day or three later, I am tired enough of the game to route my Bitcoins into the last set of anonymizing mixes, SR’s own cointumbler. How do we do a deposit? We click on the link in the profile and see: No big surprise there - it’s another one-time address which expired at noon, so there’s no time to shilly-shally: Once deposits have been made or purchases entered into, one’s profile page begins to look like this: # Shopping After some browsing, I personally decided on an offering of the nootropic selegiline. Safe, potentially useful, and not even especially illegal. The price was right: Should I buy it? ## Evaluating sellers Now, you will notice that for most sellers, there is no ‘(99)’ or ‘(100)’ after the seller’s name; for example, this random seller has no such indicator: This is due to the simple fact that when I joined, the post-Gawker rush had resulted in membership jumping from the high-hundreds/low-thousands range to north of 10,000 accounts, and while many transactions had been entered into, the reviews and closures of transactions had only started. So I was not too bothered by the lack of feedback on this seller profile. I also used the handy SR forums and found no bad mentions of the seller. The user number was not terribly high, the description was detailed enough that it looked like he took selling seriously, there are no bad reviews, they posted a public key, etc. So, I was willing to take a chance on him. Both the seller and the example above had standard PGP-compliant public keys posted (the long string of gibberish under that odd header - quite unmistakable), which one will need to encrypt the personal information one sends the seller18. (It is a given on SR that sellers have public keys; any sellers who does not provide public keys should be shunned no matter how good they seem, and you instantly fail at security if you send the seller the address unencrypted. You are also making SR a bigger target by doing stuff in the clear, because the site is holding more valuable information.) Public-key cryptography is an old and vital concept to understand, and there are a great many descriptions or introductions online so I will not explain it further here. I add it to my cart: Notice the address field. Now, I could be a chump and put down my friend’s address in the clear. But what if SR itself is compromised? Right now, SR doesn’t have anything about me, but the address is a good starting place for finding me. So, I go to the seller’s profile, and like the example above, my seller has posted his public key. I want to encrypt the address against that public key. How? ## Encryption There are a great many guides to GPG; the official GPG handbook, the Ubuntu guide, Heinlein’s “Quick Start”, the PGP Encryption Video Tutorial, & /r/SilkRoad wiki work well enough. To summarize what I did: 1. I copy the public key into a text file named key.txt 2. I tell GPG to memorize it: gpg --import key.txt GPG will spit out some output about how it now knows the public key of [email protected] /* <![CDATA[ */ (function(){try{var s,a,i,j,r,c,l,b=document.getElementsByTagName("script");l=b[b.length-1].previousSibling;a=l.getAttribute('data-cfemail');if(a){s='';r=parseInt(a.substr(0,2),16);for(j=2;a.length-j;j+=2){c=parseInt(a.substr(j,2),16)^r;s+=String.fromCharCode(c);}s=document.createTextNode(s);l.parentNode.replaceChild(s,l);}}catch(e){}})(); /* ]]> */  etc. 3. I write down her address in a file, address.txt, 4. and I encrypt it: gpg --recipient [email protected] /* <![CDATA[ */ (function(){try{var s,a,i,j,r,c,l,b=document.getElementsByTagName("script");l=b[b.length-1].previousSibling;a=l.getAttribute('data-cfemail');if(a){s='';r=parseInt(a.substr(0,2),16);for(j=2;a.length-j;j+=2){c=parseInt(a.substr(j,2),16)^r;s+=String.fromCharCode(c);}s=document.createTextNode(s);l.parentNode.replaceChild(s,l);}}catch(e){}})(); /* ]]> */ --encrypt address.txt --output address.gpg --armor Hopefully the options make sense. (We need --armor to get an ASCII text encrypted file which we can copy-and-paste into the shopping cart’s address form, rather than a smaller file of binary gibberish.) An example of doing this right: Now, one might wonder how one would post one’s own public key in case one asks questions and would like the answers from the seller to be as encrypted as one’s addresses. It’s easy to make one with gpg --gen-key and then a gpg --armor --export USERNAME, but where to post it? It used to be that you could simply push a button in your profile to register as a seller and then fill your own profile field with the public key like any seller, and I did just that. But SR closed free seller accounts and required large up-front deposits, and has announced that they are being auctioned off. The justification for this is SR claims to have received an anonymous threat to register many free seller accounts and simply mail poisoned pills out (which he alluded to earlier). Hopefully buyers will soon be able to edit their profile, but until then, there is a thread on the SR forums devoted to buyers posting their public keys. ## Now what? Once you have submitted the order, the ball is in the seller’s court. The order is listed in your shopping cart as ‘processing’: Your balance also instantly decreases by the price, and if you look at your balance/transactions page, you will notice that that amount is listed as in escrow19. SR holds onto your Bitcoins until you finalize20 the transaction with a review - one of the protections for the buyers. It’s worth noting that the buyers bear the real risk on SR. A seller can easily anonymize themselves and send packages without difficulty: simply drive out of town to an obscure post office and mail it, leaving behind fuzzy surveillance recordings, if even that21. Even using the “mail covers” - photographs taken by the USPS of the exterior of all packages mailed in the USA - database would not help because presumably no genuine information about the sender is recorded on packages. (The SR forums had a subforum on shipping, as do the replacement forums.) A buyer, on the other hand, must at some point be physically present to consume the ordered drugs or items. There’s no way to cleanly separate herself from the shipment like the seller can. Shipping is so safe for the seller that many of them will, without complaint, ship worldwide or across national borders because customs so rarely stops drug shipments. For example, only 1 of my shipments of any supplement or substance I have ordered has been held for a signature; the other few dozen have never been stopped or apparently looked at hard by a Customs official. In the 2 SR orders’ cases, this turned out to be irrelevant as both sellers were in-country. Christin 2013 remarks with surprise on how freely sellers sell internationally, but rightly looks to the minimal risks sellers bear and incentive they have for broad markets to explain this casual disregard. One of the corollaries of this shift of risks from the seller to the recipient is that a viable method of attacking someone is to get their address and order, say, heroin for them off SR as happened to security journalist Brian Krebs in July 2013 (Krebs enjoys another dubious distinction: being a victim of Swatting). Sheep Marketplace decided to shut down its gun offerings 8 November 2013 due to “actions undertaken by a particular gun vendor where he threatened to kill a users family and began exposing addresses” (possibly “gunsandammo”). I check in 1 day later: the order still processing. Items apparently aren’t public once you’ve escrowed your dosh. 2 days later: still processing. 3 days later: canceled! My Bitcoins are unlocked, of course, but I’m not keen on ordering again right away. Need to browse more and look for deals. The cancellation message is not very informative: Well sure, but why was it canceled? I speculate the seller decided he didn’t want to send outside the EU despite his listing claiming he would - perhaps shipping cost more than he had factored into his price. (I checked back a few weeks later, and the seller says he canceled all orders and got a new public key because the Mt.Gox exploits have made him paranoid. I can’t really fault him with that rationale. I wish he had mentioned it before, I would have cut him some slack.) ## Try, try again After some more browsing, I decide to go with either the cheapest Adderall or the new modafinil posting, which mentioned being Provigil. (Here it was that I decided my ordering risk is very small, for a variety of reasons22, and to go forward with my investigation.) But is it real branded Provigil or just the usual Indian generics? Also, the Adderall seller has no public key listed! I take this opportunity to message the two, asking for more information and to post a public key, respectively. Both have replied the next day; the Adderall seller has put up his public key, and the modafinil seller clarifies it’s Indian - but it doesn’t matter since the item’s page has disappeared, indicating someone bought it already. Naturally, I reply and then delete all messages. One must assume that SR will be compromised at some point… But the Adderall it is. The listing looks pretty good, and the price per pill is superior to that I was quoted by one of my college-age friends (less than 1/3 the price, although to be fair it was nearing exams time) and also better than the Adderall price quote in the New Yorker,$15 for 20mg:

1 day after ordering: still processing, and 2 days, ‘in transit’:

## Evaluating and reviewing

3rd day: still in transit. 4th day: the package arrived! I go over immediately, and it’s this harmless-looking little padded mailer. One would not suspect it of anything nefarious, not with those cute stamps23:

The contents are as described, 10 blue Adderall, in a double ziplock baggy (the vacuum-sealed bags are not needed for a drug this low on the importance scale - there are no drug dogs for Adderall):

While I have never used Adderall before, the effects are noticeable enough that I am convinced after the first dose that they are genuine (I have continued to experiment with them to somewhat lesser effect). The very sharp-eyed will notice that these are the ‘generic’ Adderall pills, but as it turns out, the generic Adderall pills are manufactured by the exact same pharmacorp as the branded Adderall - the two products are probably a case of price discrimination. Economics can be a counter-intuitive thing. I also ordered generic armodafinil with similar steps since the armodafinil was noticeably cheaper than the regular Indian generic modafinil:

They work fine (I have begun experimenting with them), and I leave the seller a nice review. My third order proceeds as straightforwardly as the second order, and results in an even better packaged shipment of product that seems to be genuine as far as I can tell. Heedful of the risks and probabilities, I leave another nice review; the review form (reached when you click the ‘finalize’ link) is as straightforward as the rest of the process:

Feedback is an important part of the process. I was surprised to revisit one of my seller’s page when 3 or 4 of his transactions has caused him to go from no reviews to 4 positive reviews, and see that his prices had increased a good 30 or 40%. Apparently he had been selling at a considerable discount to drum up reviews. This suggests to me, at least, that existing SR users are a bit too chary of new sellers.

Another transaction; 10x100mg Modalert ordered from an English seller, arrived in larger than one would expect packaging (which contained a pretty nifty way to hide a shipment, but I will omit those details):

The Modalert was what one would expect:

A final example: I search for modafinil:

I finally decide to order 80x150mg armodafinil from a French seller (not so cheap as before):

2 weeks later, it arrived in heavily folded paper inside this envelope:

Containing the agreed-upon purchase:

# LSD case study

With Adderall & modafinil, the seller choices were restricted enough and scams rare enough that I did not need to think hard about the process. When I became interested in running my LSD microdosing self-experiment, I looked at the LSD sellers, and this ease vanished; scammers were an acknowledged plague, and there was a bewildering array of options:

Where does one start? I decided to turn my shopping frustrations into a case study of a systematic approach to evaluating the available information (but mostly an excuse to collect some unusual data and apply some statistical reasoning).

## Seller table

This table of blotter listings <฿12 which ship to USA was compiled 3 September 2012 from SR search results for “LSD”. Note that the table is now entirely obsolete, but I believe the overall appearance is representative of the SR LSD marketplace.

Listing # μg ฿ S&H μg/฿ Transit User Age (days) FE Feedback Weighted μg/฿ Threads LSD reviews Forum hits
Matrix™ 5 250 11.67 1.75 93 international EnterTheMatrix 360 yes? 300(98.7%) 9024 EnterTheMatrix reviews many many
Alice in Wonderland 5 120 6.99 0.42 81 international aakoven 360 no?25 300(93.7%) 74 aakoven reviews >6 18026
Hoffman Now 2 110 2.96 0.34 7027 international PremiumDutch 360 yes 300(97.3%) 67 N/A 2 6028
Synaptic29
5LSD Blotter 5 200 7.45 0.58 125 international juergen2001 360 yes 300(95.1%) 115 juergen2001 reviews >18 90
Trip 5 150 8.02 0 94 domestic lonely kamel 120 no 173(93.4%) 84 LK 1 LK 2 0 2030
2 pcs Maya 2 250 4.12 1.42 104 international VitaCat 120 no? 300(99.9%) 103 VitaCat reviews many many31
5 pcs Maya 5 250 10.21 1.42 107 international VitaCat 120 no? 300(99.9%) 106 VitaCat reviews many many
Premium LSD tabs 5 ? 6.99 0 72 domestic No FE ever 60 no 68(99.1%) 67 NFE 1, NFE 2 2 2232
Mayan 1 1 125 0.83 0.32 143 international nipplesuckcanuck 60 yes? 127(97.6%) 134 nipplesuckcanuck reviews ? 11
Mayan 2 10 125 7.19 0.49 163 international nipplesuckcanuck 60 yes? 127(97.6%) 153 nipplesuckcanuck reviews 3 11
Shiva 2 100 2.18 0.18 85 domestic graffenburg 30 no 76(100%) 82 N/A 0 933
Hoffmann bike rides 5 150 7.53 0 100 international Machine Maid 30 no 10(100%) 74 N/A 0 1
3Jane Latest 5 100 7.36 0.59 63 domestic Molly Want a Cracker 24 no 28(100%) 57 Molly reviews 0 9
Beetles Stamps 5 150 4.28 0 175 domestic USAReshipper 10 no 0(?%) 88 N/A 0 334
5 strip Real Love 5 150? 6.41 0.29 112 domestic Ladylucy 4 ? 0(?%) 56 Ladylucy reviews 0 3
Koi Fish 1 250 2.51 0.6 80 international aciddotcom 7 yes 0(0%) 40 N/A 0 0

An anonymous email provided me in November 2012 with a catalogue from a Dutch bulk seller who sells LSD (among other things); their listed prices serve as a useful comparison:

Blotter brand Dose (μg) Unit-count unit-price (€) min. total cost (€) min. μg/€
Fat & Freddy’s 200-250 100-1000 4.75 475 42.1
Fat & Freddy’s 200-250 2000-4000 4.25 8500 47
Fat & Freddy’s 200-250 5000-9000 3.90 19500 51.3
Fat & Freddy’s 200-250 10000+ “negotiable” ? ?
Ganesha 100-120 100-1000 2.50 250 40
Ganesha 100-120 2000-4000 2.25 4500 44.4
Ganesha 100-120 5000-9000 1.70 8500 58.8
Ganesha 100-120 10000+ “negotiable” ? ?
Hofmann bicycle man 100-120 100-1000 2.50 250 40
Hofmann bicycle man 100-120 2000-4000 2.25 4500 44.4
Hofmann bicycle man 100-120 5000-9000 1.70 8500 58.8
Hofmann bicycle man 100-120 10000+ “negotiable” ? ?

To convert ฿ to € (as of 3 September 2012), we multiply by 8.3. So for comparison, the top Dutch blotter was 58.8μg/€, and the top unweighted SR blotter was 163μg/฿; in €, the SR becomes 163μg/8.3฿ or 19.64μg/€, indicating that a small SR purchase with S&H will have a unit-price 3x of a large Dutch purchase minus S&H.

A factor of 3 seems pretty reasonable, given the very large markups along the LSD supply-chain. 2003 trial testimony35 for the American LSD chemist William Leonard Pickard stated that his wholesale customers paid him ~$0.3 per 100μg, or (as of 3 September 2012) 0.0286฿ per 100μg, or 3497μg/฿. (A stark contrast to 163μg/฿!) ## Description Some general observations on this table of a subset of LSD sellers: 1. There’s a striking number of new sellers: listings from ‘young’ accounts (<=2 months old) make up more than half the table. I’ve seen many complaints about a lack of US sellers but it seems the market is responding. 2. There are dismayingly few LSD reviews on the forums for any seller except EnterTheMatrix; this seems to be partially due to the presence of many sellers not specializing in LSD. 3. Long-term feedback below 95% is a warning sign. Of the 3 ‘old’ sellers with ~95% or less feedback (aakoven, juergen2001, & lonely kamel), all 3 have plenty of bad feedback on the forums. If it were just one that had both bad feedback and bad forum comments, it might be some sort of astroturfing or ‘hating’ (as aakoven pre-emptively accuses his bad feedback rating), but when all 3 have both bad forums and feedback ratings? Makes one wonder… Nor is that the ‘cost of doing business’ for very old seller accounts, since we see that the similarly old EnterTheMatrix36 & PremiumDutch ratings are solidly better. Since their μg/฿ are not stellar (save juergen2001’s), it’s not clear why anyone would buy from them. 4. Some of the new sellers seem to have a lot of feedback (eg. No FE ever or nipplesuckcanuck), but looking at their feedback, we see a great deal of early finalization! This renders them pretty suspect. And of course, the 3 youngest sellers have no feedback at all. This is a problem because scammers are a serious problem with LSD sellers; a quick read of forum threads lists 5 scammers over the past 3 months: Kat, Gar, Bloomingcolor, Fractaldelic, & DiMensionalTraveler. 5. The range of μg/฿ is interesting: a full order of magnitude is represented, from the low of 63μg/฿ to 175μg/฿. Perhaps surprisingly, this range doesn’t go away when I try to adjust for risk based on reviews: now the full range is 40μg/฿ (aciddotcom) to 153μg/฿ (nipplesuckcanuck). ## Analysis ### Quantitative In my modafinil article I discussed some basic statistical techniques for optimizing orders under uncertainty: one-shot ordering, repeated ordering with free learning, & repeated ordering with expensive learning. In this case, it’s a single order, so one-short ordering it is. One-shot ordering simply counsels ordering from a mix of the cheapest and the safest seller - what maximizes one’s expected value (EV), which is just $\mathrm{\text{risk}}×\mathrm{\text{reward}}=\mathrm{\text{EV}}$. The reward is easy: total dose divided by total cost. The risk is harder: the sellers do not conveniently volunteer how likely you are to be scammed. The obvious way to quantify risk is to just take the feedback at face-value: a 97% rating says I am taking a 3% chance I will be screwed over. Multiply that by the reward, sort to find the largest EV, and we’re done. An objection: “Are you seriously saying that a seller with 1 bad review out of 100 is equally trustworthy as a seller with 3 bad reviews out of 300, and that both of them are less trustworthy than a vendor with 0 bad reviews out of 10?” It does seem intuitive that the 300 guy’s 99% is more reliable than the 100 guy’s 99%; the 10 guy may have a perfect 100% now, but could easily wind up with something much lower after he’s sold 100 or 300 things, and we would rather not be one of the buyers who causes those shifts downward. So. Suppose we pretended reviews were like polling or surveys which are drawing votes from a population with an unknown number of bad apples. We could call it a draw from a binomial distribution. We’re not interested in the optimistic question of “how good could these sellers turn out to be?”, but rather we are interested in finding out how bad these sellers might truly be. What’s the worst plausible vendor future rating given their existing ratings? We can ask for a confidence interval and look at the lower bound. (Lower bounds remind us no vendor is 100% trustworthy, and indeed, pace the hope function, the higher their rating the greater their incentive to require FEs and disappear with one last giant haul; the actual SR feedback system seems to use some sort of weighted average.) This gives us the pessimistic percentage of feedback which we can then interpret as the risk that we will be one of those bad feedbacks, and then we can finally do the simple expected-value calculation of “μg/฿ times probability of being happy”. What are the results? The numbers were calculated as follows: # Frequentist analysis: # http://en.wikipedia.org/wiki/Binomial_proportion_confidence_interval#Clopper-Pearson_interval y <- function(ugbtc,n,pct) {((binom.test(round((pct/100)*n),n,conf.level=0.90))$conf.int):1 * ugbtc}
# Binomial CI doesn't work on 0 data; what do we do? Punt with the age-old 50%/coin-flip/equal-indifference
# Why 90% CIs? Fake feedback skews the stats up and down, so we might as well get narrower intervals...
c(y(63,28,100), y(70,300,97.3), y(72,68,99.1), 90*0.5, y(81,300,93.7), y(85,76,100), y(93,300,98.7),
y(94,173,93.4), y(100,10,100), 112*0.5, y(125,300,95.1), y(143 127,97.6), y(163,127,97.6), 175*0.5)
[1]  56.60766  66.66799  67.11326  45.00000  73.58456  81.71468  90.18671
[8]  84.31314  74.11344  56.00000 115.50641 134.43170 153.23333  87.50000

# Question: what if we use a Bayesian Jeffreys interval?
# http://en.wikipedia.org/wiki/Binomial_proportion_confidence_interval#Jeffreys_interval
install.packages("MKmisc")
library(MKmisc)
y <- function(ugbtc,n,percent) {binomCI(x=round((percent/100)*n),n=n,conf.level=0.90,

# Finis

There is no proof of all of the above - anything here could have been faked with Photoshop or simply reused (perhaps I have a legitimate Adderall prescription). Take it for what it is and see whether it convinces you: argument screens off authority.

But looking back, I have been lucky: from reading the forums, it’s clear that there are scammers on SR37, and shipments do get lost in the mail or seized or otherwise not delivered. (I do not expect any legal problems; law enforcement always go after the sellers, to achieve maximum impact, and SR presents both technical and jurisdictional problems for law enforcement.) This is inherent to the idea of an anonymous marketplace, but the system worked for me. SR describes it well in one of his messages:

Things are going really well here. There are many new buyers and sellers working well together, our servers are secure and humming along, and you may even start to feel comfortable. DO NOT get comfortable! This is not wal-mart, or even amazon.com. It is the wild west and there are as many crooks as there are honest businessmen and women. Keep your guard up and be safe, even paranoid. If you buy from someone without reputation, get to know them really well through pm, and even then be suspicious. Unfortunately it only takes one bad apple to spoil the bunch, and there are bad apples out there.

On SR, there are lions and tigers and pigs oh my, but: alea iacta est! Like Bitcoin, SR may live another few months, or another few years, but will it? Like using SR, there’s no way to know but to go.

# Future Developments

So, we have seen that Bitcoin satisfies an old dilemma bedeviling the early cypherpunks; and we have covered how SR follows recommended design principles in achieving their dream of self-enforcing marketplaces, and then went through a lengthy example of how buyers can rationally order and thereby contribute to the necessary dynamics.

The drug market has grown and thrived beyond all expectations, despite an extraordinary - perhaps unprecedented - level of media coverage and transparency of operation. By its mere existence, it lays bare the universality of illicit drug use; by its sales volume, it provides a benchmark for understanding what estimates of the global black market really mean: if the SR has turnover of $20m a year and the black market turn over closer to$100b a year, then the latter is equivalent to 5000 SRs. By its use of public technology (even immature & hard to use technologies) and ordinary postal services, it demonstrates the infeasibility of the long-standing War on Drugs; and by taming drug use, turning it from a violence-prone seamy affair to a smooth commercial transaction, it suggests that there is no necessity for the War on Drugs.

What is next?

No one foresaw Bitcoin in 2008; and the success of SR in 2011 took many by surprise (including the author) who had assumed that it would quickly be shut down by law enforcement, fall victim to hackers seeking a lucrative payday, or at best devolve into a lemon market with a few overpriced goods. All three of these possibilities still exist; lengthy SR downtime in November 2012 fueled speculation that law enforcement had finally found a viable attack or that SR was suffering a Denial of Service (DoS) attack. SR’s administrator stated the downtime was due to “record” numbers of users; but if large numbers of legitimate users can accidentally take down the site, clearly a full-fledged DoS attack is feasible. A real DoS attack by a single attacker in April 2013 degraded access for a week and essentially blocked all access for ~2 days, prompting SR to suspend its commissions for several days to encourage purchases.

But supposing that SR continues to have an annual turnover of millions of dollars of drugs and other goods? Two striking possibilities come to mind.

1. the next development may be “information markets”: black markets for leaked data, whistleblowers, corporate espionage, personal information such as credit card numbers, etc. Existing “carding forums” may be a market niche to usurp, as they have had problems with law enforcement infiltration and would benefit from increased security. Similarly, WikiLeaks has reportedly tried to auction off access to documents in its possession, and while the auctions apparently failed, this may be due to defections and severe internal turmoil and not flaws in the fundamental idea.
2. The most extreme cypherpunk proposal was Jim Bell’s “assassination markets” concepts published the 1997 essay “Assassination Politics”: a prediction market in which participants lay bets on when the exact day a particular person will die; when the total bets become large enough, they function as a bounty on that person - inasmuch as a would-be hit man knows when the person will die and can profit handsomely. Assassination markets were to be a weapon against government oppression, but such markets could be used against any non-anonymous but powerful humans.

This would seem to be much less plausible than either a drug market or an information market: both drug & information black markets are markets which exist offline and online already, with illegal drugs representing a global market best measured in hundreds of billions of dollars of turnover (against the SR’s millions) with scores of millions of drug users worldwide, so cypherpunk-style implementations are in a certain sense just ‘business as usual’ with a very large customer base eager to participate and moral respectability to salve the conscience. Demand for hit men, on the other hand, is rare outside organized crime and governments, difficult for any ordinary person to justify the use of, and usually confined to particular regions such as Mexico or Afghanistan. Further, a large drug delivery facilitated via SR will usually go unnoticed by the world as the recipient has no incentive to reveal it; a ‘large’ assassination, on the other hand, will be global news and may trigger a backlash large enough to take down the site, or in general degrade Tor & Bitcoin to the point where they cannot support large enough bounties on any individual to matter.

In July 2013, claiming to be inspired by Silk Road, the pseudonymous programmer “Kuwabatake Sanjuro” (Yojimbo) set up what he claimed to be the first functioning assassination market at assmkedzgorodn7o.onion (21 November 2013 mirror) named simply “Assassination Market”; he publicized it in November 2013 with an interview with Forbes. The obvious interpretation is that it is a scam: while it provides public Bitcoin addresses allowing verification that ~฿150 are at those addresses, and its protocol should allow a participant to prove that they were not paid, none of the targets are likely to die for years, if not decades, at which point Sanjuro can simply steal all the bitcoins trusted to him - it doesn’t matter if participants can then prove they were not paid and Assassination Market was a scam, because he would have made off with more than enough to justify the total effort of writing & running Assassination Market. This raises an interesting observation: a drug black-market can bootstrap from nothing through users risking relatively low-cost transactions like buying $50 of a drug to test the market out, and Silk Road did just this (with Ulbricht reportedly growing mushrooms to sell at the very start); but how does an assassination market bootstrap? Murders come in discrete units: someone is either dead or not. Even if AM is for real and there is a market out there for it and it would not be destroyed by any backlash, assassination markets may turn out to be impossible because there is no way to incrementally build up trust between its “buyers” and “sellers”. Overall, I am skeptical it will last very long, and I certainly don’t expect any of the targets to be assassinated. Regardless, 2 key pieces of cypherpunk technology are now in place and already enabling remarkable new systems. Both researchers and digital entrepreneurs may benefit from taking a look back at some forgotten pioneers and re-evaluating their proposals in the light of recent successes. # Post-mortem ## Recommendations If you’re gonna play the game, boy, ya gotta learn to play it right: You got to know when to hold ’em, know when to fold ’em, Know when to walk away – know when to run.38 Watching the fall of Atlantis, SR, and BMR, I have derived some basic recommendations for future black market operators (which I do not expect to be popular among them because it’s additional work some recommendations reduce their potential profits or ability to scam users): 1. data retention policies should be as aggressive as feasible. Data should be deleted the moment it is not necessary. Avoid unnecessary precision; for example, there is no need to keep track of how many orders a seller has carried out beyond, say, 300. Private messages should be automatically deleted after weeks, not months. And so on. 2. use of PGP encryption should be mandatory. One good way is to have the site verify that all address submissions and private messages are PGP messages and reject unencrypted messages. This will annoy buyers & sellers, but this is for their own good. (The libertarians may complain that they should be free to be lazy & endanger themselves, but this is bullshit which ignores the negative externalities of not using PGP: it damages herd immunity.) It may also be a good idea to require sellers to rotate their PGP key every so often, as a partial way to attain forward secrecy. (They would post the new public key signed by the old public key, and then hopefully delete the old secret key.) 3. the black market operators should specify in advance how long they will run the site, at what level of commissions they will cash out, and precommit to shutting down the site or handing it over to a new operator whenever either condition comes to pass. This enforces compartmentalization, impedes any ongoing investigations or later information leaks, and the operator avoids committing gambler’s ruin and becoming arrogant - where they never stop operating the site, and just keep running it until they are finally arrested. If Ross Ulbricht had passed SR on as he claimed in the Forbes interview, say after he made his first ฿111k, it is likely that SR would not have been busted as soon as it was, he may never have been arrested because he could not be irrefutably tied to operating the site, and he would have had a chance to enjoy his fortune. An old proverb comes to mind: If you must play, decide on three things at the start: the rules of the game, the stakes, and the quitting time. 4. some post-SR buyer busts seem to be tied to the sellers keeping copies of the buyers’ addresses. There is nothing a site operator can do directly about this problem, as they cannot know what goes on in the seller’s computer, but they can at least institute a clear “death penalty” for any seller who reveals a buyer’s address, threatens to reveal it, or claims to reveal it. The site operators of SR and BMR declined to sanction their sellers who did this (eg. MMM/Moramoru on BMR), and thereby simultaneously put all buyers at risk and incentivized police raids on sellers (there is speculation that the SR seller Plutopete, who sold legal products, was targeted because they hoped to seize buyer addresses from him). This does not conflict with the mandatory use of PGP encryption, as if a buyer claims a seller threatened him in a PGP-encrypted message, the site operator can demand the secret key from the buyer - since they’re making the claim, the onus is on them, after all - and decrypt the stored copy of the seller’s message to the buyer. If the buyer’s claims are true, the seller is immediately banned and their Bitcoin balance confiscated; while if the buyer lied, they are banned instead. To incentivize revelation of the sellers’ misbehavior, the site operator can offer as a bounty to buyers whatever Bitcoin balance the seller had. 5. Early Finalization should not be offered as a feature, or if it is, it should be automatically limited only to young buyer accounts or similar situations. 6. A large part of site commissions should be earmarked for hiring penetration testers and security bounties, and de-anonymizing attacks on the site operator. Post on forums that you’re offering a Bitcoin bounty. (Heck, with Bitcoin, you can probably even script up a block which automatically pays - for example, you could announce that you’ve created a dummy user X, with an unknown password Y, which unlocks a bitcoin transaction of 100btc. Anyone who can break into the user database can extract the password Y, and claim the bounty.) 7. Backup withdrawal addresses should be implemented. In particular, the withdrawal addresses should be mandatory for users, and beyond that, balances should be flushed at intervals. The fall of SR caused tremendous problems for many users because they had foolishly let balances build up in SR rather than get around to withdrawing them. SR had an “auto-withdrawal” feature (documented on the SR wiki), but the millions of dollars’ worth of Bitcoin seized on the SR server proves that very few sellers used it. Policies must be exercised or they are worthless. 8. Source code for the site should be available. Security through obscurity does not work. We learned what SR & BMR were hiding behind their obscurity - a blatant breach of anonymity (DPR’s hardwired non-Tor IP login), and incompetent code with SQL injection vulnerabilities among other issues (BMR’s source code leak). If a site operator mentally quails at releasing the source code - good! That subconscious fear means they have just realized that they have linked their black market with their real identity, or they left in some detail like DPR’s IP address, or there’s vulnerabilities that need to be fixed. Source code also means that users can verify that many of the security features are in fact implemented and workable (so the site operator would have to be outright malicious to keep more data than claimed, etc). 9. PHP should be avoided. 10. Role-separation & the principle of least privilege: accounts should be locked as buyers, sellers, and staff, and no mingling permitted. Sellers who buy from other sellers using a known seller pseudonym are painting a target on their back. A staffer ordering from a seller is a perfect target for a controlled delivery if the seller is an undercover agent or has been or will be flipped. (If a seller wants to buy, they can simply register a new buyer account like everyone else.) This has been a serious problem thus far: Silk Road 1 was busted due to lack of compartmentalization (a staffer took an order from an undercover agent; Ulbricht bought marijuana & fake IDs, additional evidence against him); at least one Silk Road 1 seller was successfully targeted apparently because they bought from a flipped seller using their seller account (while the flipped seller’s other, normal, customers seem to have been spared; see digitalink); Utopia Marketplace’s entire staff was arrested when an investigation of their BMR activities (based initially on offline sales but adding in their online sales) wound up. A marketplace is naturally compartmentalized and resistant to infiltration - if everyone sticks to their assigned roles. # See also # Colophon The first version of this article was commissioned by Bitcoin Weekly, which ultimately decided to not run it39; it is based on my experiences May-June 2011, and may be out-dated. “Trust, but verify.” Additional parts came from an essay published by A Global Village. I have been continually expanding and updating it ever since. # Appendices ## Interviews ### BBC questions In mid-January 2012, a reporter from BBC Radio’s “5 Live Investigates” emailed me asking whether I’d answer questions for their 5 February show they were doing on Bitcoin & Silk Road; I agreed. The following is the transcript: How did you find out about Silk Road? I saw the original announcement of it on the Bitcoin forums when it was linked on Reddit. I figured it would fail, and then a few months later, I saw the Gawker article on it and apparently Silk Road was actually working! What attracted you to using Silk Road? Once I heard, I just had to look into it more - it was too interesting not to. Timothy May and other cypherpunks had been speculating about black market websites using cryptocurrency since the early ’90s, and here was a real live example. I looked at their offerings and saw they had some offers I might want at reasonable price, and that settled it for me. What is the difference between ordering your drugs from Silk Road and getting them on the street? Modafinil is pretty hard to get on the street because everyone gets it either with a prescription or from an online pharmacy, so I have no idea. While I was still checking out Silk Road, I asked a friend in college how much Adderall would be and he told me he could get them for$9-10 a pill (it was close to the end of the semester); it cost half that on Silk Road, so I went with them rather than him. I’ve always found it hard to resist a ‘bargain’.

How is Silk Road different to other websites where you can buy drugs?

My first-hand experience with modafinil is that I much prefer to buy on Silk Road than the pharmacies.

With them, your dollar payment can fail at any point. For example, MoneyGram once blocked a payment of mine. Very frustrating! Bitcoin is much more reliable: I can see where my bitcoins go until they enter Silk Road proper.

And then there’s the split between Silk Road itself and all the sellers, which makes things safer - everyone encrypts their physical address before submitting it to Silk Road, and the seller decrypts it himself. If Silk Road is untrustworthy, they can only steal my bitcoins but not my address; if the seller is untrustworthy, they can only steal my address and not my bitcoins. Whereas with the pharmacies, they both get my money and my address.

What have you ordered from the site and how often?

I don’t order very often because I like to thoroughly experiment with things, and my tests take a while to set up and run. I think so far I’ve done one order of Adderall, one order of armodafinil, and two orders of modafinil; another order of selegiline was canceled.

How important is anonymity to you? Do you think the technology really protects your identity?

It’s not very important because I have little interest in the drugs law enforcement is most interested in, like heroin or cocaine. Modafinil can be shipped without much danger, with Customs only seizing the package if they notice it and nothing more. Adderall isn’t very dangerous either - everyone knows it’s all over college campuses, so what are they going to do, arrest me? I don’t even have any Adderall left!

(To make a historical analogy, it’s like having some wine during Prohibition; no one thinks much of it, and the cops are busy with the gangsters.)

How important is Bitcoin?

I’d say the Bitcoin part is probably even more important than Tor. Law enforcement is not known for its NSA-style traffic analysis because it wouldn’t be usable in court40, and the other benefit is that there’s no domain name to be seized or filtered; but neither of these is very important. They can be gotten around or dealt with.

But being able to get money to the sellers, and the sellers being able to turn it back into usable cash on Mt.Gox or another exchange, that is crucial. You cannot buy and sell drugs for free.

What do you think the future holds for Silk Road, do you think the authorities will shut it down or do you think it will continue to grow?

I would be fairly surprised if it was shut down; there’s no obvious way to do so. The real danger is internal: that the community itself might be skewed towards scammers and buyers just give up and buy somewhere else. It’s the same dilemma eBay faced: you don’t want to scare off the sellers by too many rules, but if you don’t do something, scammers will fleece the buyers. So far, the administrators have done a pretty good job of keeping everything running and maintaining the balance.

How important is the community side of Silk Road.

Extremely. The community is what determines whether Silk Road will decline or continue growing with the general growth of Bitcoin.

What sort of people use the site?

It’s hard to tell, but from reading the forums, it seems like it is mostly technically adept young people in Western Europe and America. Tor and Bitcoin and encryption are a challenge to use for most people, and older people have contacts they know how to use when they want various drugs.

Is Silk Road just about scoring drugs safely or you and other users feel you are making a greater statement about society the drugs law?

I know other users disagree and take it only as a useful service or something of a FU to The Man, but many of us do see it as a principled statement. I believe that I am capable of researching and evaluating drugs, that I can accept the risks, and see how they do or do not work, and that the government should not be coercively imposing its beliefs on me.

I am also horrified by the effects of the War on Drugs, which has been a greater disaster than Prohibition (which we at least had the sense to repeal after a few years). Buying on the Silk Road and writing about it is, if you will, my bit of patriotism. It’s not very heroic, and I’ve never claimed to be a hero or to be doing anything particularly noteworthy, but perhaps it will change someone’s mind - either that drugs are not so bad or that the War is not so practicable.

### Mike Power questions

#### November 2013

On 29 November 2013, journalist Mike Power (of Drugs 2.0) asked me a few questions

1. What will be the cultural and technological impact of the Silk Road bust, in your view?

The cultural impact is that even more people are aware of SR. The flurry of coverage, while very negative and unflattering to SR (the attempted hits have badly tarnished SR’s reputation), still serves to spread the news that there was a real functioning drug black market just as claimed, and that it worked fabulously well. This part of the pro-drug movement in America right now, in conjunction with the fact that marijuana legalization seems to be basically working out in the West, with minimal “reefer madness”, is helping normalize illicit drug consumption and make a mockery of the War on Drugs. It’s one thing for people to wonder if the persecution is more harmful than treatment would be, and to note that drugs continue to be available on the street, and quite another to realize it’s almost as easy as ordering off Amazon!

2. What future do you see for bitcoin, Tor and the new Silk Road?

Bitcoin seems to be going from strength to strength. As an admirer of Bitcoins from when I first learned of them in 2010, I am pleased by its success and I think it will make the Internet much more useful for commerce. (I should note that the current price increases seem unsustainable to me, and I expect there to be a large correction at some point before ~$2600/btc, which is apparently roughly where this bubble will equal the previous bubble’s percentage increases, but though there will no doubt be many nay-sayers at that point, I expect Bitcoin to keep steadily growing.) I don’t expect Tor to be affected. Tor’s problems stem from the recent research on it plus the revelations about the state of NSA attacks on Tor from 6 years ago; I would not be surprised if the NSA could now identify hidden servers. The question is whether they are willing to use that capability on black-markets. Given how many black-markets fall to internal factors (Atlantis, PBF, Deepbay, Sheep), the NSA wouldn’t need to spend a cutting-edge attack on them. The black-markets themselves seem to be following the path set by BitTorrent: now that the business model has been proven beyond a doubt with audited figures about profitability (you can thank the FBI for that one), every geek in the world understands that they can become a millionaire if they dare41. It’s back to whack-a-mole: new markets will pop up, and will run until they get hammered down or rip-and-run. Evolution means the ones who leak their identities like Silk Road or Sheep, or who write bad code, like BMR, will either fix their problems or get weeded out & replaced. 3. How would you summarise and characterise your experiences with LSD microdosing? I found no benefits from it, and I’m not sure how meaningful my results are for other people. I wouldn’t call it my best self-experiment ever, but not a waste of time either. 4. Do you feel that governments have the right to police the computer activity, or the mindstates, of those who elect them? I think computer activity is, like any other activity, subject to government intervention if it is really justified (which it rarely is); taking place on a computer does not make it unreal or exempt. Policing mindstates, on the other hand, should basically be banned for all the same reasons we have free speech. 5. What do you think of the marketplace, over on I2P? is it as serious as it looks to a non-coder, like myself? I have not actually set up I2P yet, so I’ve seen none of the I2P markets. #### May 2014 From 26 May 2014, for a Guardian article: 1. Is the dark net drug scene growing or contracting since the silk road bust (disclaimer, I know it’s growing, just need someone with insight such as yours to tell me on the record :-) The black-market scene is overall growing, although it has fragmented a great deal. Due to this fragmentation and to the lax moderation on some of the largest sites like Pandora and Silk Road 2, it’s difficult to say how much larger or how fast it’s growing, but it does seem safe to say that it’s recovered from the fall of Silk Road 1. I suspect it’s growing slower than before because of the additional trouble users have in finding trustworthy vendors & markets during the turmoil of December 2013-April 2014; we may see an uptick in the next half-year or so as the markets sort themselves out, multi-sig escrow becomes more common, and business resumes as usual. 2. How busy are these sites – is this a niche interest or is it becoming more popular? Judging by the decreasing technical competence of users on the relevant forums and subreddits, the black-markets seem to be reaching a wider audience and not just geeks. 3. Why do you think people use them? Is it the quality of drugs sold, the buzz of adding a bunch of illegal stuff to a basket, the minimal risk of capture, or the variety and purity of the offering? The advantage I see mentioned time and again is the convenience & minimal risk of capture for buyers, followed by the sheer variety of offerings on the largest markets, then the relative safety & purity of the drugs themselves; I don’t think there’s much of a buzz after the first order. 4. Which is the fastest growing market? Why is it doing so well? The current fastest growing market seems to be Evolution. It’s a centralized Tor site which recently got some multisig support and runs faster & more reliably than some of its competitors like Agora; otherwise, it has no unique technical features. Its main advantage seems to be that it grew out of the Tor Carding Forum community, which had been doing person-to-person trades for drugs and fraud-related items until the forum was hacked, and this meant the market had a community from day 1, which helped it pick up sellers and then buyers, and network effects have helped it grow ever since. ### NYT On 16 December, Alan Feuer of The New York Times emailed me with some questions about the recent (29 November 2013) failure of Sheep MarketPlace & theft of its user funds. I answered as best I could: 1. Why in general were you skeptical about SMP’s survival in the first place? What about it struck you as unsustainable? In general, black-markets are not very stable: the market dynamics that power them and render them self-regulating and made Silk Road such a wonderful way to buy drugs require specific conditions to work, but conditions are always changing. This doesn’t mean you can’t get drugs from them, any more than restaurants always going out of business means you can’t get good Mexican food when you want it, but it does mean that any particular black-market can’t be expected to hang around more than a year or two. The SR model, with a single centralized site both buyers and sellers have to trust, did work but that trust can be abused by the site operator42. So inherently one expects black-markets to have fairly short lifetimes. (They are surprisingly like regular businesses or websites in this respect.) Sheep MarketPlace in particular struck me as dubious because it was so obviously modeled after SR (indicating a lack of originality and possible get-rich-quick mentality), the operators did not speak English well (despite English being the international language of programmers), it was hardly used (meaning that there was no feedback and it had not withstood any hackers the way SR had), and it received the lion’s share of the post-SR market for no particular merit of its own other than its visual appearance and lingering distrust of BlackMarket Reloaded. 1. What do you feel is the most convincing evidence that Jiřikovský is/was connected to SMP? The clearnet site. It was exactly the sort of rookie error I expected from someone with a casual attitude to security: that they could promote their site as they pleased, and as long as they maintained some level of plausible denialability, it was safe. Except security & anonymity are not a courtroom with all its legal niceties, circumstantial evidence is powerful, and once you began examining Tomas, everything falls into place. At that point, it’s almost irrelevant if you find something like, for example, Tomas being the first person online to discuss the existence of Sheep Marketplace (the same mistake Ross Ulbricht/“altoid” made, incidentally). You’ve already done most of the intellectual work necessary to identify the operator of SMP. Simply by being so closely associated with a server that could only have been set up by someone working with SMP, he forfeited most of his anonymity and claims to innocence. (To understand what I mean by “most of the work”, it may be helpful to read my hopefully-entertaining essay on anonymity in Death Note.) Incidentally, you should probably see the Reddit translation & discussion of Tomas’s interview with Lidové Noviny on SMP for Tomas’s general failure to respond to the presented evidence, failure to say who was running the clearnet site on his server if not him, and in some cases, like his early mention of SMP, clear lying. 3. I had a bit of difficultly understanding the facts and significance of the Clearnet site. Would you help me understand that? See above. The clearnet site is very similar to how “altoid” posted on some forums about a new site called Silk Road, was the first identifiable person to ever discuss Silk Road, and then proved to be the account of a guy called Ross Ulbricht. It’s incredibly suspicious and exactly what you might expect the operator to do in an attempt to drum up interest and attract attention and so is the best starting point for an investigation. It’s not enough to prove in court he ran Silk Road - but we are not in court. 4. Is it your belief that the “heist” was in fact perpetrated by SMP’s admins themselves? The heist was clearly perpetrated by the operator of SMP; even the SMP forum moderators admit as much. If you mean the story about “EBOOK101” hacking the site… I am agnostic on the topic. While it is a reasonable trigger for why Tomas might decide to grab the money and run, and we saw a similar hack prompt backopy to decide to close down BMR fully, the problem with the story is that no one seems to have ever dealt with an EBOOK101, EBOOK101 has not left any taunting messages or clues like the BMR hacker did, and SMP in retrospect seems to have been orchestrating the scam for at least a week in advance by shutting down withdrawals (on the pretext of adding tumbling), coaxing people into depositing even more money, and delaying tactics like adding a fancy countdown timer. And in any event, it’s mostly a moot point: SMP stole far more money from its users than EBOOK101 was supposed to have. And suppose the story were true - Tomas’s willingness to immediately give up after the hack suggests to me that he would not have been continuing SMP much longer regardless… 5. And your take on the FBI’s role in all of this? I only know what my informant has told me; since he presented a convincing case for Tomas to me which he did not have to, I assumed he was also telling me the truth about him telling the FBI and them being very interested in what he had to say. So I assumed that they were on the case and understood the need for prompt action. But the FBI has issued no statements on the topic, I have not contacted Christopher Tarbell myself, and thus far there have been no arrests or other law enforcement action I am aware of. I am a little bewildered by the complete silence. So I no longer have any idea on their role. For all I know, they’ve completely given up. Or maybe they’ll announce arrests tomorrow. You should ask Tarbell. I’m curious what you think about the subreddit postings by the two hackers who ostensibly “chased” the thief through cyberspace. Was it real chase against the wrong perpetrator or another part of Jiřikovský’s ruse? It was a real chase, but neither of them are very familiar with blockchain analysis, and so they wound up eventually reaching false conclusions like “Sheep stole 97k bitcoins”. This is a common problem with blockchain analysis. People at first think that Bitcoin transactions are completely anonymous, then when they learn the truth, they vulgarly go to the opposite extreme and assume that because every transaction is public, it’s completely trackable and there is no privacy and analysis is a simple matter of following transactions - not realizing that at every transaction, you have to make a mental leap and assume you are still following the same person or bitcoins, an assumption which is fragile, easily broken, and difficult to ever justify.43 Also did your informant tell you why he/she reached out to you instead of him posting the suspicions about SMP online himself? Well, he didn’t post publicly at the time because he didn’t want to interfere with the FBI investigation. Why didn’t he post after Tomas had been doxed by the other Redditor, when I felt free to post his results? I’m not sure. I get the impression he doesn’t much care about publicity or helping out the black-market communities, so while he allowed me to post what I knew, he felt no particular need to post anything himself. As well, my precommitment and reputation meant that any posting would mean more coming from me. ### Capital On 7 February 2013, I answered some questions from Paul-Philipp Hanske of the German magazine Capital about the black-market and Sheep in particular: So, I would take the liberty of asking some questions about the SMP scam and black markets in general. As I told it before: many thanks in advance for answering them… According to this report the chase for the thief went wrong. What’s your estimation? What happened? What happened was simple: the bitcoins got moved around, and at some point, the thief was given unlinked bitcoins, without the hobbyists realizing it. The problem with the blockchain is that people start off thinking Bitcoin is completely anonymous; when they realize they are wrong, they flip to assuming it’s completely public & transparent & any transaction can be easily understood, which is less wrong but still not right. At any transaction, control can be transferred without any visible sign. The transaction could have been to an online wallet, an exchange, a prediction market, a black market, a laundry/mixer, Shared Send, etc. The blockchain merely records transactions among addresses and it does not give you any meaning beyond that. People forget the limitations and escalating uncertainty, and so the Sheep chasers found themselves at a BTC-E cold wallet address. Presumably the Sheep thief then withdrew bitcoins (being paid from the then-hot-wallet) or sold & withdrew some fiat or both. If the chasers traced the wrong amount of bitcoins: how could the thief hide such a big amount? Do you think he sold it? The amount in Bitcoins can be easily hidden: just scatter it among multiple addresses to make the balances small enough they would not draw any attention. I don’t know if he sold it. I think he should not sell much, as to handle a large amount would require an exchange which might require paperwork & using his real identity; but then, I would not have wasted hundreds of bitcoins trying to send such a huge sum through the Bitcoin Fog mix, so I do not think the Sheep thief is the most rational or knowledgeable person around. what’s your estimation how much was stolen? The best estimate right now seems to be ~฿39k, although some of this may have been what the hacker (apparently a Profesorhouse) earned. Is there still strong evidence that Jiřikovský is part of the scam? The evidence remains largely the same, I think. Jiřikovský backed down on his threats of legal action against a Czech redditor, and he gave a strange interview with a Czech papers which struck me as ignoring most of the circumstantial evidence, arrogant, and making incoherent/wrong technological claims. I have heard of no related arrests, but that doesn’t mean much: Ross Ulbricht wasn’t arrested for almost a year after paying for a hit with his Australian bank account, after all, and many investigations take longer. If he (or his group) would be part of it: isn’t it now terribly dangerous for them? A lot of people are angry… Probably. But it’s unlikely anyone will act on speculation. What’s your latest estimation about the role of the FBI in this case? I don’t think they’re doing much but waiting. If there’s active investigations, I’d guess all the work is being done by agencies in the EU with physical access. Do you think anyone complained to the police because of the scam? No. I’m impressed that Plutopete has the chutzpah to challenge the Silk Road seizure, but I still can’t see anyone actually complaining to the police about losses on an illegal black-market. One last question concerning black markets: I’m very fascinated by operators of these websites. What do you think is their motivation? Only earning money? Of the operators of the ~20 sites active at this moment, the majority seem to be entirely non-ideological and pragmatic: a few seem to have mixed motives relating to cryptopunk or marijuana or public service, and SR2’s DPR2/Defcon/Hux may be libertarians (assuming they’re not just imitating Ulbricht), but the rest? They’re in it for the money. One of the interesting parts of the post-SR fallout and the new crop of marketplaces is seeing to what extent SR’s longevity was due to Ulbricht’s principles. It may be that we overestimated the value of running a marketplace, that the incentives to scam first-generation marketplaces (without multi-signature escrow) are too great. Or also some libertarian beliefs as Ross Ulbricht claimed to have? I don’t see any reason for skepticism about that. In general: how strong do you think is the connection between black markets and libertarian thinking? It was strong in the beginning, but like Bitcoin itself, I think it’s become too popularized to remain strongly ideological. I suspect most users strongly agree with the libertarian position on the War on Drugs, but maybe not much beyond that. What do you think is the best black markets in the moment? From a design perspective, I’m interested in The Marketplace for pioneering what I think may be the next step forward for black-markets, multi-signature escrow; they’ve used it longest, and from a security perspective, that puts them ahead of almost all of their competitors. From a more practical perspective, SR2 still seem to have the widest selection and most business, although their problems with getting basic functionality working has driven off a lot of buyers & sellers. Where did the most vendors go to? (it would be great if this market would be so big that you could also browse for German vendors… ;) It’s hard to estimate since I haven’t yet extracted counts of products and vendors, but the biggest sites seem to be SR2, Agora, Pandora, Blue Sky, and The Marketplace. I’m sure there are German sellers on some of them. The authorities are really upset about the Tor/deep-net-market-thing. What can they do against it? Do they have any possibilities? Do you think the deep-net-market-scene will still exist in 5 years? Even if Tor turns out to be irredeemably compromised, there’s still I2P, and beyond I2P, there’s also Freenet. When current markets are busted or go down, given how many people have tasted the forbidden fruit, there will still be plenty of demand for replacements. I expect there will still be a black market scene in 5 years using one of the networks, and if there isn’t, it’ll be because some technically superior approach has obsoleted all the current markets. (Periodically people sketch out designs for fully distributed black markets; none of them have made any serious progress, but on the other hand, people were speculating about digital currencies for many years before Bitcoin came along…) ## Reddit advice A list of tips from an anonymous Redditor, presented for what they are worth (not all are necessarily important): This guy’s mistakes: • Getting 41 pounds of weed sent to him. That’s a lot of weed. • Getting weed sent through the mail at all (it’s easy to detect). • Signing under a false name. • Signing for a package at all44. • Had a scale in his house at the time of delivery. • Never sign for packages. Never get them sent under false names. Do not open them immediately. Never have paraphernalia or anything incriminating in your house at the time of delivery. Always use bitcoin. Use PGP wherever possible. Always ask for a lawyer but otherwise don’t talk to cops. General: • Be sure to read both the guides for seller’s and buyer’s on Silk Road. • Make sure that your vendor ships via USPS. Rationale: USPS must get a warrant to open your mail. Also, USPS handles much more mail than UPS or FEDEX. I don’t know this for sure, but I’d bet their screening/tracking of suspected drug importers is probably laxer than UPS/FEDEX. • Open a large PO box (big enough to hold a USPS Priority mail envelope (11.625 inches X 15.125) without folding). Rationale: Most samples will fit in an envelope less than this in size. Ordering a big mailbox means that you don’t have to go to the counter to pick it up. • Open your box at a “Mom and Pop” service, not a UPS store or USPS PO Box. “Mom and Pop” shops don’t have the resources to track suspicious packages. And USPS PO Box’s won’t accept packages from UPS or FEDEX. (While you specify that you only accept USPS, you should be prepared to accept packages from other vendors.) • Make sure you have 24 hour access. Rationale: Pick it up after hours without meeting face to face. Also allows for faster pickup–the less time spent in the system, the better. • Send a test package before ordering drugs. Rationale: You want to make sure you can receive mail at that address without problems before ordering drugs. • Order only from domestic sources. Rationale: If it doesn’t cross an international border, it doesn’t have to go through customs screening. • If you must order from overseas, order from UK or Germany, not Netherlands or other common drug source country. Rationale: Anecdotal reports suggest that shipments from common drug source countries get closer screening. • Order small amounts (gram or less). Rationale: Law enforcement has limited resources. Odds are, they’re not going to bother with small amounts. • Use your real name and address on all forms. Rationale: Anyone (such as a vindictive ex, or an enemy) could send you drugs. If you get caught receiving mail with drugs in it, you can deny that it’s yours. A fake name destroys your plausible deniability, as it indicates an intent to deceive. • Order normal stuff to your box on a regular basis. Rationale: You want to make your box stand out as little as possible. • Refuse to sign for any drug package. Rationale: Remember, those drugs aren’t yours. If you sign for it, it’s evidence that you were expecting the package. • Don’t order too many drugs at once. Rationale: Many vendors don’t include any identifying info., so you may end up with a bunch of packets of white powder, with little idea of what’s in each packet. • Use GPG to encrypt your messages to the vendors. Rationale: While this doesn’t protect you if the vendor is compromised, it does prevent your name and address from being stored ‘in the clear’ in Silk Road’s database. • Don’t order out of escrow. Rationale: Your only protection from bad vendor behavior is their reputation and escrow. And some vendor’s don’t care about their reputation. • Read up on vendor’s in the forums. Rationale: You’ll get a much better idea of their product quality than you can get from their official ratings/reviews alone. ## A mole? ### “J’accuse!” In March 2013, I learned of a rumor that a particular seller on SR was actually a federal mole. It came from a person who claimed that the carding forum carder.su which had been busted in early 2012, was undone by an agent who infiltrated it over 2 years as a user named “celtic” by selling high-quality fake IDs to members (according to Wired’s July 2013 coverage, Celtic was a real carder who had been busted & his identity assumed). This is perfectly plausible as one of the standard law enforcement strategies to take down carding or drug forums is infiltrating forums (eg. ShadowCrew, CardersMarket, CarderPlanet, fakeplastic.net), taking them over, or even setting up their own fake forums as honeypots (the “Carder Profit” forum). He thought that the seller had a similar modus operandi, making the following comparisons: 1. celtic sold fake custom IDs from 15 states; the seller likewise sells these specific states 2. celtic sold a large variety of IDs; the seller sells a wider variety than others, 3. celtic advertised with lengthy detailed descriptions; the seller has descriptions which are much more than a few lines, like some other SR sellers 4. celtic sold expensive high-quality IDs, with difficult new security features; likewise 5. celtic advertised his wares as “novelty IDs” 6. celtic implied he was Russian 7. celtic asked for the necessary information to be sent via email and required 2 email addresses 8. celtic had his non-anonymous payments sent within Nevada 9. celtic had operated on the forum for over 2 years; the seller was at the 1 year mark. They also mentioned that after contacting the SR admins, they were blocked from accessing SR under that or other accounts. ### Objections This rumor struck me as unusually detailed, plausible, and interesting. It would also be cool to scoop an investigation. So I looked into the matter more deeply; I started by compiling an archive of all KOC’s listings, reviews on Reddit, and listings by other ID sellers for comparison (archive; contains MAFF & MHT), and noted the following: 1. the carder.su mole supposedly sold 15 states’ IDs and so does KOC. But KOC’s current profile lists only the following: Product Price Montana Driver’s License (Holograms + Scannable) ฿6.61 Indiana Driver’s License (Holograms + Scannable) ฿6.61 Wisconsin Driver’s License (Holograms + Scannable) ฿6.61 Alaska Driver’s License (Holograms + Scannable) ฿6.61 New California Drivers License (Holograms + Scans) ฿6.61 Rhode Island Driver’s License (Hologram+Scannable) ฿6.60 Idaho Driver’s License (Holograms + Scannable) ฿6.60 Tennessee Driver’s License (Holograms + Scannable) ฿6.60 Arizona Driver’s License (Holograms + Scannable) ฿6.60 New York Driver’s License (Hologram + Scannable) ฿6.60 Ontario Driver’s License (Raised Lettering, Scans) ฿6.60 New Texas Drivers License(Raised LTR, Holo, Scans) ฿6.60 Texas Drivers License (Holograms + Scannable) ฿6.60 subtotal: 13 New South Wales Driving License (Holograms+Scans) ฿6.61 Manitoba Driver’s License (Scannable Tracks 1,2,3) ฿6.60 Quebec Driver’s License (Scannable Magstripe1,2,3) ฿6.60 Alberta Driver’s License (Holo, Raised LTR, Scans) ฿6.60 UK Driving License (Holograms + Scannable) ฿6.60 subtotal: 5 total: 18 (excludes combo offers) No matter how you sum it, that’s not 15 states. 2. It’s not clear that celtic or KOC’s variety is unusual. For example, in the indictment 2 of the defendants, Haggerty or “Wave” & John Doe or “Gruber”, actually sound almost identical to this “celtic”: they counterfeited driver’s licenses in 15 states; this does not seem consistent with their story and undermines the value of any observation of KOC selling 15 states since that’s at least 2 people who also sold for 15 states - suggesting that 15 states is simply what is easily handled by available equipment/techniques, are favored due to having many residents being tourists, or something like that. 3. On the SR side of things, KOC does not seem all that unusual. Some sellers talk a lot and sell a lot, others don’t. For example, the seller namedeclined has something like 21 different items in the forgery & fake ID sections, and is positively prolix about one I randomly clicked on, his fake Geico insurance card. 4. If his cards were being done with government equipment, or top of the line anyway, they ought to be excellent and might as well be cheap to attract as many suspects as possible. But there are many complaints in the SR forums & Reddit that his rather expensive cards weren’t very good and in some cases were very poor. He also isn’t all that cool with customers, easily losing his temper. All this is reflected in his feedback score, which is not terrible but also is not great. 5. KOC using the term “novelty ID” doesn’t mean much. As far as I know, all the Chinese/Asian sellers use that excuse as well: “oh, they’re not fake IDs, they’re novelty IDs; we can’t be blamed if our customers misuse them.” 6. KOC doesn’t make it sound like he’s Russian. He comes off as American, and his listings imply he’s shipping domestically. 7. obviously in buying custom fake IDs, customers need to provide the relevant info like age and a photo of the person who will be using the ID. KOC provides a public key, accepts encrypted private messages on SR for the form, and links repeatedly to a hidden service for image uploads; he does list a tormail.org email address as an option, but you can just connect to tormail.org’s hidden service (that’s the point of it) and send an email via them. You would have to be lazy or foolish to send such an email from your regular email address before he would have access to your email, and there is no mention of requiring 2 email addresses 8. while KOC seems to have accepted Western Union, Moneygram, and Moneypak early on (like a mole might), he seems to have dropped them entirely: his profile specifically disclaims accepting anything but bitcoin. Why would a mole do that? 9. Many sellers are less than 2-3 years old, since SR is still relatively new and it wasn’t clear early on that it would survive or be worth doing business on; given that new sellers probably drop quickly as they stop selling for various reasons (they were scammers, it turned out to be too much work, whatever), we would expect to see mostly medium-aged accounts selling. Two additional points I would make: • while the media does confirm that carder.su members used fake IDs, this is common to many or all carding forums; more importantly, I cannot confirm their account of the demise of carder.su based on the 2012 indictment, and no one in Google mentions any “celtic” in combination with carder.su. The redactions make it difficult to be sure, but they do not seem to have usually redacted the usernames or pseudonyms or nicks (eg pg40), and in the lists of redacted defendants’ offenses, few short-names come off with large quantities of forged items or other such violations. While the Farmers Market indictment listed enough details that I could be sure that it was mostly due to Hushmail rolling over (as indeed proved to be the case), here I’m not sure of anything; the indictment goes into the wrong details for me to feel I can infer anything. • At least one of their claims seems false: yes, SR might ban an account for filing a false report against a seller. But it can’t lock you out based on your IP or something like that; the Tor hidden service architecture simply doesn’t allow for that, as far as I know. The most it could do is maybe set a cookie and not let anyone with a cookie from a banned account log in or register an account, but that is trivially bypassed by deleting all cookies or using an incognito mode or using a different browser. A counter-objection is that celtic-KOC might have deliberately dropped Nevada IDs and non-bitcoin payment to throw off anyone familiar with the previous identity. But in this scenario, presumably the absence would be for public consumption and anyone requesting either would get what they asked for as they became juicy targets for his investigation. This can be easily tested just by asking; so 2 throwaway accounts messaged KOC on those issues: 1. First conversation: • “I know they’re not listed, but would it be possible for you to do either a Utah or Nevada license? (Ideally with UV and hologram.)” • “I won’t be able to do Nevada but I may be able to do Utah with UV and holos, i’ll get back to you in the next couple days on that” 2. Second: • “bro how are you, do you make Nevada license and do you accept WU OR MG thanks” • “I don’t do Nevada DL’s at the moment but I can do a bunch of different states that aren’t listed, what else are you interested in? I don’t accept WU or MG but if you go under the ‘Money’ section of SR and go to the vendor ‘FreeMoney’ he will be able to exchange your WU or MG or Moneypak for ฿. Regards.” While his consistent disavowal of both non-bitcoin payments and making Nevada licenses might simply be trying to be consistent in his persona, that would imply considerable paranoia on his part about being recognized - and makes this possibility that much more unlikely. ### Resolution When will we know? The carder.su indictment was signed 10 January 2012. The earliest dates mentioned in it are in 2007, but most of the early dates seem to be in 2009, in line with a >2 year infiltration which suggests a 2-3 year lag (or possibly as much as 5 years). The KOC account is listed as 1 year old and consistent with that, he has initial forum posts dating back to March 2012. That suggests any busts will come March 2014-2015, up to 2017. (I can’t guess whether the hypothetical SR bust would be faster or slower than carder.su: SR is much more secure and decentralized from a seller’s point of view, so one might expect it to take longer; but SR is also much higher profile as far as I can tell and so one could expect there to be much more pressure to deliver some sort of victory.) What’s my current opinion? Reading through all of the above, thinking about the difficulties of attacking SR (KOC can only have access to small fry buyers, not SR staff like Dread Pirate Roberts), I feel that I can only assign 20% to a prediction that by March 2015, “there will have been a bust (>10 named defendants) related to forged IDs eg. driver’s licenses, linked to the SR vendor KOC”. We’ll see. ## Bitcoin exchange risk “Beware the Middleman: Empirical Analysis of Bitcoin-Exchange Risk” compiles a list of Bitcoin exchanges and which ones have died or failed to return one’s money; I was interested in the average risk per day, but the paper did not include the relevant figure, so I copied the raw data and partially replicated their analysis in R: exchange <- read.csv("http://www.gwern.net/docs/2013-moorechristin-bitcoinexchanges.csv") # log transform busy-ness per paper exchange$ActiveDailyVolume <- log1p(exchange$ActiveDailyVolume) # calculate lifetime lengths exchange$Days <- as.integer(as.Date(exchange$Dates) - as.Date(exchange$Origin))
# but the paper says "The median lifetime of exchanges is 381 days"!
# The difference may be due to me defaulting each exchange opening/closing to the 1st of the month,
# since the paper's table on pg3 only specifies month/year.
summary(exchange$Days) Min. 1st Qu. Median Mean 3rd Qu. Max. 15 168 344 365 565 930 # Rough daily risk percentage calculation: # of lossy exchange-days / total exchange-days: (sum(exchange$Repaid==0, na.rm=TRUE) / sum(exchange$Days)) * 100 [1] 0.03421 # eg. so leaving funds on an exchange for a month is ~1% (0.03 * 30 = 0.899 ~= 1) # replicate Cox model survival curve & regression library(survival) # plot aggregate survival curve surv <- survfit(Surv(exchange$Days, exchange$Closed, type="right") ~ 1) plot(surv, xlab="Days", ylab="Survival Probability") # http://i.imgur.com/lFZEKbv.png # see how the moderators help predict exchange death cmodel <- coxph(Surv(Days, Closed) ~ Breached + ActiveDailyVolume + AML, data = exchange) summary(cmodel) ... n=40, number of events=18 coef exp(coef) se(coef) z Pr(>|z|) Breached 0.80309 2.23242 0.57129 1.41 0.160 ActiveDailyVolume -0.22233 0.80065 0.10493 -2.12 0.034 AML 0.00156 1.00157 0.04230 0.04 0.970 exp(coef) exp(-coef) lower .95 upper .95 Breached 2.232 0.448 0.729 6.840 ActiveDailyVolume 0.801 1.249 0.652 0.983 AML 1.002 0.998 0.922 1.088 Concordance= 0.696 (se = 0.08 ) Rsquare= 0.116 (max possible= 0.94 ) Likelihood ratio test= 4.91 on 3 df, p=0.178 Wald test = 5.22 on 3 df, p=0.156 Score (logrank) test = 5.41 on 3 df, p=0.144 predict(cmodel, type="risk") [1] 1.0062 1.2807 1.8416 1.4132 0.6280 0.6687 2.5166 1.4629 1.3860 1.3283 0.8558 1.6955 1.1386 [14] 0.9682 0.6275 1.9333 0.5593 1.1443 1.1941 1.8569 1.9889 3.6656 0.9899 0.9849 0.5649 0.6393 [27] 0.5527 0.4847 0.5212 0.8798 0.5222 0.8132 0.8166 0.5222 0.4404 1.2850 0.6114 1.0574 0.9704 [40] 1.8765 # difference between the paper's risk ratios and the calculated risks: predict(cmodel, type="risk") - exchange$Risk.Ratio
[1] -0.1138438  0.0007105 -0.1684229 -0.1768372 -0.0219620  0.0586867 -1.3333981 -0.1070626
[9] -0.0639567 -0.1416868 -0.0841594 -0.1044674 -0.1013990 -0.0117733  0.0174954  0.0533416
[17]  0.0293197  0.0543248  0.0540563 -0.2930878 -0.2411229 -0.7444104 -0.0901261  0.0348886
[25]  0.0348513  0.0392880  0.0327111  0.0347424  0.0311519 -0.0302076  0.0321711  0.0532302
[33]  0.0165801 -0.0178064 -0.0095536 -0.1650013 -0.0186322 -0.0825834 -0.0696364 -0.3535190
summary(predict(cmodel, type="risk") - exchange$Risk.Ratio) Min. 1st Qu. Median Mean 3rd Qu. Max. -1.3300 -0.1090 -0.0203 -0.0992 0.0323 0.0587 # Moving on; replicate the logistic regression they ran on predicting breaches: lbreach <- glm(Breached ~ ActiveDailyVolume + I(Days/30), family="binomial", data = exchange) summary(lbreach) ... Deviance Residuals: Min 1Q Median 3Q Max -1.158 -0.671 -0.283 -0.102 2.982 Coefficients: Estimate Std. Error z value Pr(>|z|) (Intercept) -4.4996 1.7666 -2.55 0.011 ActiveDailyVolume 0.7730 0.3182 2.43 0.015 I(Days/30) -0.1048 0.0698 -1.50 0.133 Null deviance: 42.653 on 39 degrees of freedom Residual deviance: 32.113 on 37 degrees of freedom AIC: 38.11 Moore has provided his original R source code, his exchange data, and anti-money-laundering-laws data, so his original analysis can be replicated by anyone interested in the topic. ## Estimating DPR’s fortune minus expenses & exchange rate Ron & Shamir 2013, based on blockchain analysis, estimates SR/DPR earned ฿633,000 in commissions; the FBI indictment states that it was ฿614,305, presumably based on the seized site databases. It’s been suggested that the expense of running SR, and the large changes in the exchange rate, may substantially reduce how many bitcoins DPR actually could have saved up, possibly to as low as ฿“150-200k”. (The logic here is that if SR earns commissions of ฿100 in 2011 but needs to pay$100 of hosting bills, it needs to sell all ฿100 but in 2013, it would need to sell only ฿1.)

DPR surely spent some of the commissions on running SR & himself, but running a website isn’t that expensive, and how badly the exchange rate bites will depend on details like how it fluctuated over time, how sales grew over time, and how big the expenses really are. The reduction could be tiny, or it could be huge. It’s hard to tell based just on a gut estimate.

So: below, I take estimates of SR growth from Christin 2013’s crawl and the FBI indictment, infer linear growth of SR sales, estimate daily expenses, and combine it with historical Bitcoin exchange rates to show that DPR probably has most of his bitcoins and 200k or lower is right out.

### Model

My strategy is to model Silk Road’s growth as linear in dollar amounts, but with different amounts of bitcoins each day depending on the exchange rate, subtract a daily operating cost, and then sum the commissions.

So say that on 1 January 2012, SR did $10k of business, and the exchange rate was 1:100, so ฿100 in turnover, and SR gets an average commission of 7.4%, so it would get ฿7.4. To do this, I need to estimate the revenue each day, the expenses each day, the commission each day, and the exchange rate each day. Then I can multiply revenue by commission, subtract the expense, and sum the left overs to get an estimate of the total bitcoins available to DPR which he could (or could not) have spent. ### Expenses 1. Employees: we know that Libertas and one or two others were employed at salaries of$1-2k per week. I’ll assume there were 2 others, and each was paid the max of $2k per week, which means total daily employee expenses is (2 * 2000) / 7 =$571 per day. (Unfortunately, the indictment doesn’t give any clear indication of their numbers, just referring to them as ‘they’.)

This is a conservative estimate since I’m pretty sure that SR was a one-man operation until probably in 2012.
2. The servers: we know there were at least 2 servers (the main site, and the forums). The task of hosting the sites does not seem to be too bandwidth or disk-space intensive, and servers are extremely cheap these days. The use of DataClub.biz and GigaTux suggest DPR was using cheap VPSes. I’ll estimate a monthly expense of $500 ($250 a piece) which per day is $16. This is also very conservative. 3. DPR: his rent of$1000/month has been widely bruited about, and in general he reportedly spent little. Makes sense to me, I’ve met and seen the rooms of a few well-paid geeks in SF like DPR, and I would believe them if they said they didn’t spend much money on anything but rent & food. I’ll bump this up by $1000 for food and all expenses, since he apparently didn’t even eat out very much. So$2000/31=$65. Doubling his rent for total expenses is probably also conservative; for most people, rent is not >50% of income, but SF is incredibly expensive to live in. This gives a daily expense of$652 (or a monthly total of $19.1k in expenses). As you can see, the employees are by far the most expensive part of running SR in my estimate, which makes me wonder if maybe Libertas was the only employee. #### Hitmen Assuming the details about DPR hiring hitmen in the indictments are reasonably accurate, we can throw in two large expenses: 1. an$80k expenditure for killing his Maryland employee. The first payment of $40k was made on 4 February 2013 and the second/final payment of$40k was made on 1 March 2013 (pg9). If we use the exchange rate of those two days, then the hit cost DPR (40000 / 20.42) + (40000 / 34.24) = ฿3127
2. the second hit was priced in bitcoins (pg23):

Through further messages exchanged on March 31, 2013, DPR and redandwhite agreed upon a price of 1,670 Bitcoins

So the hits cost DPR somewhere around ฿4797. An extremely large and painful amount, by most standards, but still nowhere near ฿10k - much less higher.

### Revenue over time: first and last days

Christin:

Table 3 provides a breakdown of the feedback ratings from 184,804 feedback instances we collected…In Figure 12, we plot an estimate of the daily commissions collected by Silk Road operators as a function of time. We simply reuse the previous estimates, and apply both the fixed 6.23% rate, and the schedule of Table 4 to each item. We find that the new schedule turns out to yield on average a commission corresponding to approximately 7.4% of the item price.

The FBI:

From February 6, 2011 to July 23, 2013 there were approximately 1,229,465 transactions completed on the site…$79.8 million (USD) in commissions. According to Bitcoin Charts, on 23 July 2013, the MtGox price was$91. (As the most famous exchange, any FBI estimate almost certainly used it.) So that implies $79,800,000/91=฿876,923. Or to put it the other way, at$79.8m in transactions, then using Christin’s 7.4% estimate, total sales were $1,078,000,000 or ฿10,780,000. Wikipedia says “These transactions involved 146,946 unique buyer accounts, and 3,877 unique vendor accounts.”, and “The total revenue generated from transactions was 9,519,664 bitcoins. Commissions collected from the sales by Silk Road amounted to 614,305 bitcoins.” (So the numbers aren’t too different: 614k vs 876k and 10.8m vs 9.5m.) We’ll set 6 February 2011 to$10 in sales (probably not too far from the truth). But what about 23 July 2013? pg20 of the indictment says:

For example, on July 21, 2013 alone, DPR received approximately 3,237 separate transfers of Bitcoins into his account, totaling approximately $19,459. Virtually all of these transactions are labeled “commission”. 19459 / 0.074 =$262,959 that day. $20k in commissions is extremely impressive, since Christin estimates only$4k/day commissions as late as the end of July 2012 - so SR must have grown by 500% from 2012 to 2013. We use this revenue estimate as our endpoint and interpolate from $10 to$262,959 over the ~900 days SR existed. This is a conservative way of modeling SR, since the graphs in Christin indicate that SR saw sigmoid growth in 2012, and 2013 would’ve seen even more growth (to be consistent with the 2013 July commission datapoint being 5x the 2012 July commission datapoint).

### Exchange rate

I grab weighted price for each day between 6 February 2011 & 23 July 2013, and stuff it in a CSV.

### Analysis

R> sr <- read.csv("http://www.gwern.net/docs/sr/dpr-exchangerate.csv")
R> sr$Sales <- c(10, rep(NA, 890), 262959, NA, NA) R> # revenue increased by$300 a day:
R> l <- lm(Sales ~ as.numeric(Date), data=sr); l

Coefficients:
(Intercept)  as.numeric(Date)
-285               295
R> sr$Sales <- predict(l, newdata=sr) R> sum(with(sr, (Sales * 0.074 - 652) / ExchangeRate)) [1] 803397 Or we can run the estimate the other way: if DPR had to spend$652 a day and converted at that day’s exchange rate, and we took into account the hitmen, how many bitcoins would he have spent in total?

R> sum(with(sr, 652 / ExchangeRate))
[1] 127154
R> (614305 - 127154) - 4797
[1] 482354

### Conclusion

Obviously ฿803k > ฿614k, which implies that the linear model overestimates sales in the early life of SR; but going the other direction and estimating just from costs & hitmen & total commission, we still wind up with nearly ฿500k (and that was after making a bunch of highly conservative assumptions). The fewer sales (and commissions) early on, the less of a fixed number of bitcoins will be sold. So, while it may initially sound plausible that DPR could have been forced to part with say ฿400k to pay for SR and sundry expenses, the distribution of sales and fluctuations of Bitcoin value mean that this simply does not seem to be the case.

Unless there are some abandoned yachts floating around the SF Bay Area, DPR/Ross Ulbricht probably has ฿500k-614k.

## The Bet: BMR or Sheep to die in a year (by Oct 2014)

On 30 October 2013, I offered to any comers 4 escrowed Bitcoin bets relating to whether BlackMarket Reloaded and Sheep Marketplace would survive the next year. I posted it to

Reactions were generally extremely negative, accusing me of scamming, being LE, pretending to be the escrow nanotube, etc. No one took any of the bets and I shut the books on 6 November 2013. For posterity, I am archiving a copy of my statement below.

### Original

BMR & Sheep have demonstrated their danger, but few black-market-users seem to genuinely appreciate this. I am publicly betting that they will fail in the near-future. If you think I am wrong, just try to take my money and prove me wrong! Otherwise, spare us your cheap talk.

Hi! I’m Gwern Branwen. You may remember me from such black-market webpages as Silk Road: Theory & Practice, and /r/silkroad. Today I’m here to talk to you about BlackMarket Reloaded & Sheep Marketplace.

(A signed version of this 30 October 2013 post will be posted as a comment, because I wish to use Markdown formatting; my PGP key is available.)

#### Background

With the fall of SR, we’re all very sad: it was a good site which performed a useful function. But life goes on, so it’s no surprise we’re all moving on to new black markets. That said, I am concerned by the accumulating pattern I am seeing around BMR and Sheep, and by the delusional optimism of many of the users.

##### BMR

BlackMarket Reloaded, since the fall, has been marked by a pattern of arrogance, technical incompetence, dismissal of problems, tolerance for sellers keep buyer addresses & issuing threats, astounding tolerance for information leaks (all the implementation information, and particularly the VPS incident with the user data leak; mirrors: 1, 2), etc. We know his code is shitty and smells like vulnerabilities (programmer in 3 different IRC channels I frequent quoted bits of the leaked code with a mixture of hilarity & horror), yet somehow backopy expects to rewrite it better, despite being the same person who wrote the first version and the basic security principle that new versions have lots of bugs. (I’m not actually bothered by the DoS attacks; they’re issues for any site, much less hidden services.)

And then there’s the things he’s not telling us. Atlantis shut down because they were worried about contacts from LE, and thus far this shut down seems to have saved them; but BMR has been around several times longer than Atlantis - would it not beggar belief if LE had not made contacts, attempted SR-style stings, or infiltrated BMR staff? And remember how we were able to discover all sorts of leaks in DPR’s opsec once we had the indictment and knew what to look for? Or consider the claims being made about the Project Black Flag Leaks, where someone claims to have accessed laundry list of information from its internals - only after Metta DPR decided to rip-and-run. If this is what we see publicly for BMR, what on earth is going on behind the scenes?

backopy should have handed on BMR weeks ago, but is still around. He seems to plan to repeat SR/DPR’s mistakes exactly: leak information all over the place, never retire, and just keep on until he is busted and takes who-knows-how-many people down to prison with him. He has learned nothing. What, exactly, is his exit strategy? What goals does he have and when will they ever be satisfied? He has been running BMR for more than 2 years now, and has not left. How does this story end: of a man who does not know his limits, does not have ability equal to the task, and refuses to quit while he’s ahead? It ends with a party-van, that’s how it ends.

And hardly anyone seems troubled by this! The BMR subreddit is full of bustle; people are even hailing backopy as a “hero” for allowing withdrawal of bitcoins. (How generous of him.)

##### Sheep

Is Sheep any better? No. BMR is troubled and probably infiltrated at this point, but Sheep may well be a dead market walking at this point. No one has a good word to say about its coding, so there may well be BMR-style issues in its future. More importantly: the veriest Google search would turn up that clearnet site, and it has been pointed out that the clearnet Czech site hosted by HexaGeek was uncannily similar to the actual hidden service. It uses almost the same exact technology, and the official explanation is that they had “fans” (fans? who set up, many months ago, before anyone gave a damn about Sheep, an entire functioning mirror while cloning the software stack and being in a foreign non-English-speaking country just like the Sheep admins?). Ridiculous! DPR may have set up a WordPress site, but at least ‘altoid’ didn’t run an entire SR mirror! (He left that to onion.to & tor2web.org.). Sheep’s likely about one subpoena of HexaGeek away from fun party times in the party-van.

#### The Wager

I am uninterested in seeing Sheep/BMR busted and lots of newbies caught because they can’t appreciate the patterns here. People don’t take mere criticism seriously, and even if I lay it all out like here, and I mention that I have an excellent track record of predictions, they still won’t because anyone can doom-monger and issue warnings, it won’t get through to them. I want to get through to them - I want them to understand the risks they’re taking, I want them to reflexively use PGP, and I want them to leave balances on sites for as short a time as possible. So! I am putting my money where my mouth is.

I and 3 others are publicly wagering ฿4 ($816 at today’s rate), ฿1 each, on the following 4 bets: 1. BMR will not be operating in 6 months: 25%; 1:3 (you risk ฿3 and if BMR is still operating, you win our ฿1, else you lose the ฿3 to us) 2. BMR will not be operating in 12 months 40%; 1:1.5 (you risk ฿1.5 & BMR is operating in a year, you win our ฿1, else lose ฿1.5) 3. Sheep will not be operating in 6 months 30%; 1:2.3 (your ฿2.3 against our ฿1) 4. Sheep will not be operating in 12 months 60%; 1:0.66 (you risk ฿0.66 against our ฿1) The ฿4 are currently stored in 1AZvaBEJMiK8AJ5GvfvLWgHjWgL59TRPGy (proof of control: IOqEiWYWtYWFmJaKa29sOUqfMLrSWAWhHxqqB3bcVHuDpcn8rA0FkEqvRYmdgQO4yeXeNHtwr9NSqI9J79G+yPA= is the signature by 1Az of the string "This address contains bitcoins for the BMR/Sheep bet run by gwern."). ##### Definitions • BMR = kss62ljxtqiqdfuq.onion • Sheep = sheep5u64fi457aw.onion • The exact definition of ‘not operating’ includes but is not limited to this: on noon EST of 30 April 2013 (6-months) or 30 October 2014 (12-months), if Nanotube can visit the relevant black-market, create a buyer account, deposit bitcoins, and order an item, then the site is operating. If deposits or new accounts or purchases are not allowed or not possible, it is not operating. At his own discretion, the arbitrator can take into account other factors, like widespread reports that a market has been raided and turned into a sting operation. ##### Escrow Arbitration & escrow are being provided by Nanotube, a long-time Bitcoin user & -otc trader, who has handled some past bets (most famously, the ฿10,000 bet between the Ponzi schemer pirateat40 & Vandroiy) and I believe can be trusted to escrow this one as well; he has agreed to a nominal fee of 1%. (I am not using Bets of Bitcoin because they have a dishonest & exploitative rule-set, and I am not sure Predictious would allow these bets.) ##### HOWTO If you disagree and are man enough to take our bets, post the amount you are betting on which bet, and Nanotube will supply an address for you to transfer your bitcoin to. When it arrives in his wallet, then our bet will be in effect. May the most accurate beliefs win. ### Statistical considerations In my past betting & predicting, I have found it useful to start with some simple base rates & statistical calculations as a way of anchoring my subjective considerations. Neither approach is extremely reliable, but they can help us figure out what are reasonable-looking estimates and we can increase or decrease them based on the observed security issues to get a final estimate which will be better than either random guessing based on gut-feel or blind acceptance of numbers spat out by a model. In my bet, I used an earlier version of this analysis, and after looking at the various results, settled on gut-estimates as follows: 1. BMR 6-month shutdown risk: 35% 2. BMR 12-month: 50% 3. Sheep 6-month: 40% 4. Sheep 12-month: 50% After expanding the data to include Deepbay and continuing to observe the black markets, I would personally decrease the risk for BMR and increase for Sheep (a choice vindicated when Sheep shut down with a scam in late November, not long after my analysis). #### Basic data I am interested in websites selling drugs over Tor or i2p, using cryptocurrencies like Bitcoin/Litecoin/Dogecoin, allowing multiple sellers other than the site operators, and providing some sort of escrow functionality. This excludes clearnet sites like Topix, single-vendor shops like Modern Culture or Bungee54, carding shops like Tor Carders Market, hosting services like Cryuserv or Bad Wolf, black-market-focused forums like The Hub, and forums for buyers & sellers to deal directly with each other like The Majestic Gardens. This data is current as of 12 November 2013 and is used in the following survival analysis: Market Started Ended/currently Months operating Status Notes Silk Road January 2011 October 2013 33 closed Raided Atlantis 26 March 2013 September 2013 6 closed Voluntary shut down; scam? Losses not clear Deepbay June 2013 4 November 2013 5 closed scam Budster 10 October 2013 20 October 2013 0 closed scam? Project Black Flag 14 October 2013 28 October 2013 0 closed scam BlackMarket Reloaded June 2011 November 2013 30 open Sheep Marketplace February 2013 November 2013 10 open BuyItNow April? 2013 November 2013 8 open buyitnowquyft7dx.onion Pandora 21 October 2013 November 2013 1 open pandorajodqp5zrr.onion Silk Road 2 6 November 2013 November 2013 0 open Tormarket 7 November 2013 November 2013 0 open tormarkozaegyvco.onion; no reports of sales yet #### Survival analysis I have some basic familiarity with survival analysis from my lengthy analysis of how long Google services survive, so I thought I’d take a stab at a survival analysis of the black markets: library(survival) library(rms) market <- read.csv(stdin(),header=TRUE, colClasses=c("factor","Date","Date","logical","factor")) Marketplace,Started,Ended,Dead,Cause SR,2011-01-27,2013-10-02,TRUE,external Atlantis,2013-03-26,2013-09-21,TRUE,internal Deepbay,2013-06-05,2013-11-04,TRUE,internal Budster,2013-10-20,2013-10-21,TRUE,internal ProjectBlackFlag,2013-10-14,2013-10-21,TRUE,internal BMR,2011-06-10,2013-11-12,FALSE,NA Sheep,2013-02-15,2013-11-12,FALSE,NA BuyItNow,2013-04-02,2013-11-12,FALSE,NA Pandora,2013-10-21,2013-11-12,FALSE,NA SR2,2013-11-06,2013-11-12,FALSE,NA Tormarket,2013-11-07,2013-11-12,FALSE,NA market$Days <- as.integer(market$Ended - market$Started)
surv <- survfit(Surv(market$Days, market$Dead, type="right") ~ 1)
summary(surv)

time n.risk n.event survival std.err lower 95% CI upper 95% CI
1     11       1    0.909  0.0867        0.754            1
7      8       1    0.795  0.1306        0.577            1
152      6       1    0.663  0.1628        0.410            1
179      5       1    0.530  0.1761        0.277            1
979      1       1    0.000     NaN           NA           NA

# Confidence intervals show not enough datapoints to really estimate!
# 6-month mortality:
sixm <- 1 - (1-((1-0.53)/179))^(365.25/2); sixm
[1] 0.3813
# 12-month mortality
1 - (1-((1-0.53)/179))^(365.25)
[1] 0.6172

plot(surv, xlab="Days", ylab="Survival Probability function with 95% CI")

So, a 40% risk of failing in 6 months and 62% in a year. Not good news. But can we do better?

##### Expanded sample: Bitcoin exchanges

As it happens, I previously wrote some R code to do another survival analysis as well, this one of Bitcoin exchanges like MtGox, checking a published paper’s results. A Bitcoin exchange is an online website which trades in Bitcoins, is a target for hackers, and is often of questionable legality - so they’re actually quite a bit like black markets in some respects. What if we try to borrow strength by combining the black markets & exchanges into a single dataset, include a dummy variable indicating black market or exchange, estimate a survival curve from that dataset, and predict?

Continuing from before:

market$Type <- as.factor("black.market") exchange <- read.csv("http://www.gwern.net/docs/2013-moorechristin-bitcoinexchanges.csv") exchange <- with(exchange, data.frame(Marketplace=Exchange, Started=as.Date(Origin), Ended=as.Date(Dates), Dead=as.logical(Closed), Cause=NA)) exchange$Days <- as.integer(as.Date(exchange$Ended) - as.Date(exchange$Started))
exchange$Type <- as.factor("exchange") allSites <- rbind(exchange, market) # plot aggregate survival curve surv <- survfit(Surv(allSites$Days, allSites$Dead, type="right") ~ 1) plot(surv, xlab="Days", ylab="Survival Probability function with 95% CI") We can try asking whether the black markets seem to be riskier: cpmodel <- cph(Surv(Days, Dead) ~ Type, data = allSites, x=TRUE, y=TRUE, surv=TRUE) cpmodel ... Coef S.E. Wald Z Pr(>|Z|) Type=black.market 0.2128 0.5644 0.38 0.7061 The risk does seem to be higher (odds ratio of 1.24) but unsurprisingly we can’t have much confidence in the estimate yet. With the survival curve and an estimate of black-market risk, we can extract survival estimates for the still-living black markets: conditionalProbability <- function (d, followupUnits) { chances <- rep(NA, nrow(d)) # stash results for (i in 1:nrow(d)) { # extract chance of particular subject surviving as long as it has: beginProb <- survest(cpmodel, d[i,], times=(d[i,]$Days))$surv if (length(beginProb)==0) { beginProb <- 1 } # set to a default tmpFollowup <- followupUnits # reset in each for loop while (TRUE) { # extract chance of subject surviving as long as it has + an arbitrary additional time-units endProb <- survest(cpmodel, d[i,], times=(d[i,]$Days + tmpFollowup))$surv # survival curve may not reach that far! 'survexp returns 'numeric(0)' if it doesn't; # so we shrink down 1 day and try again until 'survexp' *does* return a usable answer if (length(endProb)==0) { tmpFollowup <- tmpFollowup - 1} else { break } } # if 50% of all subjects survive to time t, and 20% of all survive to time t+100, say, what chance # does a survivor - at exactly time t - have of making it to time t+100? 40%: 0.20 / 0.50 = 0.40 chances[i] <- endProb / beginProb } return(chances) } allSites$SixMonth <- conditionalProbability(allSites, (365/2))
allSites$OneYear <- conditionalProbability(allSites, 365) allSites[allSites$Type=="black.market" & !allSites$Dead,][c(1,8,9)] Marketplace SixMonth OneYear 46 BMR 1.0000 0.3679 47 Sheep 0.8084 0.6429 48 BuyItNow 0.8248 0.7286 49 Pandora 0.6934 0.5720 50 SR2 0.6765 0.5579 51 Tormarket 0.6765 0.5579 While it seems reasonable to expect these markets to survive with high confidence for a few months, I am left quizzical by the estimate that BMR has a 100% chance of surviving for half a year, yet a 37% chance of surviving for a year. I could accept the 37% estimate, but 100% is bizarre and reflects the limits of this approach. #### Laplace A nifty way of estimating some things come from Laplace’s rule of succession (additional derivations): $s$ failures and $n$ total chances to fail, is $\frac{s+1}{n+2}$. Nsheppard offers a more general formula: the probability that the next site will last for at least ‘z’ time, given total running of all black markets of ‘t’ months with ‘n’ shutdowns is $\left(t/\left(t+z\right){\right)}^{n+1}$. Pooled, all-markets (SR+BMR+Sheep+Deepbay+BIN+PBF+Budster+SR2+Tormarket), # of failures vs # number of live months: • by Laplace: 5/(33+6+5+0+0+30+10+8+1+0+0) = 5/93 = 0.0434 = 5.4% chance of closure per month; generally: 1 - (93 / (93+1))^5 = 100 - 95% = 5% chance of closure in the first month 1. 6 month survival: (93 / (93+6))^5 = 73% chance of survival = 27% closure 2. 12-month survival: (93 / (93+12))^5 = 54% chance of survival = 46% closure By market: • BMR: 1. 6-month: 33 / (6 + 33) = 0.84 = 84% survival = 16% closure 2. 12-month: 33 / (12 + 33) = 0.73 = 73% survival = 27% closure • Sheep: 1. 6-month: 9 / (6 + 9) = 0.60 = 60% survival = 40% closure 2. 12-month: 9 / (12 + 9) = 0.43 = 43% survival = 57% closure I believe both sets of estimates are lower than the true risk, given what I have discussed about the sites’ security & anonymity. ## Precommitment 43a4c3b7d0a0654e1919ad6e7cbfa6f8d41bcce8f1320fbe511b6d7c38609ce5a2d39328e02e9777b339152987ea02b3f8adb57d84377fa7ccb708658b7d2edc ## Archives of SR pages For myself & other people, I sometimes archive sets of black-market pages; they may be of interest to others, so I provide a list here: 1. Given the execrable & amateur quality of the PHP code which powered BMR, it is difficult to see how anyone sane could trust the site again. 2. “Meet The Dread Pirate Roberts, The Man Behind Booming Black Market Drug Website Silk Road”, pg2 (September 2013 Forbes). 3. “My solicitor is confidant [sic] I’ve broken no UK laws in selling my products, but they did find a small amount of class A and class B drugs that were for my own personal use so i will be charged with that at the very least.” 4. Website archives on this page are provided in the .maff Mozilla Archive Format; it improves on MHTML by storing multiple webpages in a single container (useful for compiling a set of web pages all on the same topic, such as multiple forum threads) and by compressing the contents (important for extremely long forum threads). Firefox users can view the archives using the Firefox extension. 5. “There are several related cases. The owner and operator of Silk Road, Ross Ulbricht [DPR], is charged with Murder for hire…Other individuals charged in the District of Maryland connection with the Marco Polo task force include Jacob Theodore George IV (CCB-13-0593) [Digitalink], Curtis Clark Green (CCB-13-0592) [Chronicpain], and David Lawrence Handel (CCB-13-0313) [???]. Other individuals have been charged with crimes involving from Silk Road in jurisdictions around the United States and in foreign countries.” 6. The complaint calls the source “cS-1”, but given the date November 2011, the presence of methylone, the mention of spending counterfeit in Baltimore, and his arrest, it is highly unlikely that CS-1 is anyone other than digitalink. 7. Some relevant excerpts from the complaint: “Starting in November 2011, agents with Homeland Security Investigations conducted several interviews with a source in Maryland (CS-1) [Digitalink?]. CS-1 had been selling illegal drugs on Silk Road. CS-1 explained how Silk Road worked to the agents, and voluntarily provided access to CS-1’s Silk Road accounts, email accounts, and Bitcoin accounts that documented CS-1’s own involvement in Silk Road. CS-1’s computer was also found to contain CS-1’s”customer records“, including names and addresses of hundreds of individuals (in the United States and other countries) that received drug shipments from CS-1. [CS-1 was initially not truthful about being a drug dealer on Silk Road. CS-1 was also arrested because he continued to use illegal drugs after his first interview with agents. However, the information provided by CS-1 relied upon in this affidavit has been corroborated by agents’ review of the CS-1’s Silk Road and email accounts, and files contained on CS-1’s computer.]…Among the information provided by CS-1, were records of drugs sold to Sheldon Kennedy, using the alias”edgarnumbers“, and shipped to 2222 N. Cotner Blvd, Lincoln, Nebraska, 68505 (the”Residence“)…Undercover agents also communicated with Kennedy and made purchases from Kennedy on Silk Road using aliases (including the online identity of CS-1). Kennedy sold these products via Silk Road under the alias”edgarnumbers“. These purchases were made from product Kennedy listed as available for sale on Silk Road, and were paid for in Bitcoin. In each case, Kennedy shipped the contraband from Nebraska to an undercover agent in Maryland…Agents queried Kennedy on www.facebook.com and discovered a publicly available profile identified as”Sheldon Kennedy“…Kennedy had made posts on his Facebook page stating he had firearms for sale…On June 28, 2013, a federal search warrant was executed at Kennedy’s residence…After signing a written Miranda form, Kennedy also made a voluntary statement to investigators. He admitted he started seling drugs and guns on Silk Road in Summer 2011. He admitted to selling a variety of drugs via Silk Road, including cocaine, methylone, and prescription medication. Kennedy advised that he buys narcotics from China, India, and Serbia. Kennedy admitted to obtaining 24 grams of cocaine from an online vendor which was”fronted“. He said he split up the 24 grams and sold them on Silk Road and made approximately$2,500 to $3,000…Kennedy admitted to selling drugs on the Silk Road. He also admitted to selling firearms through Silk Road. Kennedy also voluntarily provided agents with control of his Silk Road account, email accounts, and electronic records showing shipping information (including name and address) for Kennedy’s sales of drugs and/or firearms. Kennedy also provided control of his financial accounts used to facilitate his criminal activity, including an account [on] the online Bitcoin exchange mtgox.com. A review of these accounts corroborated Kennedy’s statement.” 8. “So far, unfortunately, their system has been somewhat successful,” said a federal law enforcement source involved in the investigation into the site. “Our goal is to make sure that doesn’t continue to be the case.” Federal charges have yet to be brought against the site or its administrators, but another law enforcement source involved in the Silk Road probe said high-tech investigative methods used by the government are helping investigators build a case. Those methods include encryption-cracking technology and the exploitation of security weaknesses in some encrypted email and instant message software used by Silk Road customers, the source said. Efforts to find any known operator of Silk Road were unsuccessful. The encrypted chat program may be TorChat (given its popularity) or Cryptocat (given its serious security issues & its known use by the Atlantis administrators, who shut down in September 2013 citing security issues); the “encrypted email” is almost certainly a reference to Tor Mail, which allowed emails set in the clear & which server was seized in the July/August FBI raids on Freedom Hosting. 9. For example, the British Channel 4 writes in “How illegal drugs are bought and sold on the dark web”: However, Silk Road is still up and running. A source close to the FBI told Channel 4 News that it has “exceptionally good operational security”, and its owners avoid personal meetings in order to stay under the radar. This sounds like the FBI might know quite a bit about DPR - except that month before, Andy Greenberg had written in Forbes: At one point during our eight-month pre-interview courtship, I offer to meet him at an undisclosed location outside the United States. “Meeting in person is out of the question,” he says. “I don’t meet in person even with my closest advisors.” When I ask for his name and nationality, he’s so spooked that he refuses to answer any other questions and we lose contact for a month. 10. A poster on the SR forums claims: The beauty of this system is that the buyer has no idea who is selling them the drugs. I still talk to some people I used to work with and they talk about this place. They don’t know what to do about it. In general, the police are interested in getting drug dealers. They will arrest buyers to get to the dealers. They try to flip small time dealers to get to bigger dealers, but that rarely happens. Usually they are just getting other small dealers. The only way I know of that they could prove you were using SR is by seizing your computer and finding evidence on it or by you telling them. Even if that happens, they still won’t be able to get to the dealer. SR is very frustrating to law enforcement. I just talked to a cop who was at a conference where the DEA was talking about SR. According to him, they don’t have a clue with how to bust this place and the DEA guy was one of their computer experts. 11. DPR publicly claims the attack was sophisticated and featured zero-days; from his 2013 Forbes interview: Q: What can you tell me about the cyberattack that hit the Silk Road in May? How big was it? How long did it last? Is it still going on? Do you know anything about who is responsible? A: It lasted nearly a week if I recall correctly. Hackers and scammers are constantly trying to attack Silk Road anyway they can. Everyone knows there’s a lot of money flowing through here, so we are the biggest target on the Tor network by far. This has been a blessing and a curse. For one, our systems are incredibly resilient to attack and are constantly being tested. On the other hand, we are on the front-line dealing with and reacting to all of the latest exploits. We do our best to stay at least one step ahead, but as we saw last month, sometimes we get taken by surprise by someone with a zero day exploit. This one was by far the most sophisticated we’ve seen to date. I’d rather not comment on the parties responsible for the attack or the specifics of the attack itself. Q: So this was not merely a distributed denial of service attack? It was a zero day exploit? Did it gain access to any data or simply knock the site offline? A: I’m not one hundred percent on this, but I don’t think it’s possible to do a DDoS over Tor, or at least it is much harder than doing it over the clear net. The effect of the attack was to block access to Silk Road. No data was leaked, in fact we’ve never had a data leak. Q: Do you believe the attack was orchestrated by your competitors at Atlantis, as many have suggested? A: I’d rather not comment on the parties responsible for the attack. 12. Which includes SR founder Dread Pirate Roberts and his successor; for a selection of their writings on the topic, see Greenberg’s “Collected Quotations Of The Dread Pirate Roberts, Founder Of Underground Drug Site Silk Road And Radical Libertarian”. 13. Dread Pirate Roberts on SR’s data retention policy c. July/August 2012: • addresses are kept on record until your vendor has marked your item as shipped. I encourage everyone to encrypt their address to their vendor’s public key just in case. • messages are kept for two months. again, sensitive data transmitted through our messaging system should be encrypted. • transaction records, including feedback are kept for 4 months. I said 3 in another thread, but upon double checking, it is 4. We do this because the data contained in the transaction record, including the buyer, is used to weight the feedback for that transaction. After 4 months, the age weight has pretty much reduced the weight to zero anyway, so we no longer need the data. If you want further explanation about this, check out the wiki page and forum thread about the feedback weighting system. • the accounting log is kept for 3 months. Only 2 weeks are displayed so an adversary who gains access to your account won’t be able to see all of that history. • withdrawal addresses are not kept, but everyone should realize that the time and amount of the withdrawal could narrow down which transaction it was in the blockchain quite a bit, especially if it was an uncommon amount. • deleted items are kept for 4 months. this is to preserve the integrity of the link to the transactions associated with the item. • user accounts with a zero balance and no activity for 5 months are deleted. …These time parameters were arrived at through trial and error. They are as tight as we can make them without sacrificing the integrity of the market. Could they be a little tighter? Maybe by a week or two, but please think through the implications of policy changes before you call for them. That SR1 did have such a data retention policy has been confirmed by the FBI in its JTAN search warrant request, but it’s unclear whether the retention policy was undermined by the SR1 backup system: In analyzing the configuration of the Silk Road Web Server, the FBI has discovered that the server regularly purges data from these databases older than 60 days. Thus, the image of the Silk Road Web Server possessed by the FBI contains data reflecting only 60 days of user activity, counting back from the date the server was imaged…However, the FBI has also discovered computer code on the Silk Road Web Server that periodically backs up data from the server and exports that data to another server. Testing of this backup script has revealed the IP address of the server to which this backup data is exported – namely, the IP address of the TARGET SERVER. Based on analysis of the backup script, it does not appear that previously backed-up data is deleted when new back-ups are made. Therefore, I believe it is likely that the TARGET SERVER contains records of user activity on the Silk Road website spanning a much longer date range than the data kept on the Silk Road Web Server. 14. Note that this is not a normal WWW site; there are no normal WWW sites for the SR. There was http://silkroadmarket.org which was apparently controlled in some fashion by SR (probably to stop domain squatting or scam sites pretending to be SR), but whatever it was, it wasn’t important; not updated regularly and no longer working. The bad thing about .onion URLs is that they are not human-memorable (see Zooko’s triangle), and so it is especially easy to spread a fake link. In particular, SR has been the target of many phishing attacks, where a random .onion hidden server is set up to look like SR and either pretends to be SR or just does a man in the middle attack, proxying for the real SR server. For example, one such site has already been linked in the comments on this page; it was easy to detect as it was even slower than SR (since there are two hidden servers involved), and it blindly forwarded me to the real SR .onion with the fake user/password pair, apparently expecting that I would be logged in without problem. Later, SR introduced PINs required for any withdrawal of bitcoins, so phishers adapted their login forms to ask for PINs as well. A 2012-2013 example of such a phishing page: A research paper documented how to observe traffic volumes to particular hidden services, so a blogger observed hidden node traffic April-May 2013, and recorded what .onions were being visited; no surprise, a substantial number were SR phishing attempts (“I have confirmed that some users were directed to these phishing pages from links on the ‘The Hidden Wiki’ (.onion).”). Summing the official & phishing URLs for the 2 days his nodes were in charge of SR, he gets a lower bound of 27,836 visitors to SR & 327 to SR phishing sites (so 1.17% of would-be SR visitors were exposed to a phishing site) and an upper bound of 167,016/1,962 (respectively). Another way to measure hidden-service traffic is to run a DNS server and see how many clients accidentally try to lookup a hidden service’s .onion address; Thomas & Mohaisen 2014 collected leaks 10 September 2013 to 31 March 2014 and found SR1 was 1.4% of leaked requests & Agora 1.1%, which given that Agora is growing & SR1 is gone, suggests Agora may now be as large as SR1 was. Naturally, nothing stops the .onion URLs supplied on this page from themselves being part of a phishing/man-in-the-middle attack! This is a fundamental security problem: how do you bootstrap yourself into a web of trust? In this case, if you don’t know the SR admins, about all you can do is Google the URLs I have listed, and see whether enough other people claim that they are the true URLs that you will trust the URLs. Caveat emptor. 15. Specifically, one that will be very difficult to brute-force the hash. This won’t protect you from some compromises of SR (for example, the server being controlled by an attacker and harvesting passwords as they are entered by live users), but it will protect you from others - for example, if the database is stolen, a long password helps frustrate an attempt to derive the original password and let them log into your account and engineer endless nefarious misdeeds. 16. Mixing services are run by various people and not always reliable. Meiklejohn et al 2013 reported that one cointumbler service stole their bitcoins, and Möser 2013 tested 3 cointumblers & found 1 was broken. 17. Mt.Gox and MyBitcoin offer a doubly instructive lesson into why one trusts Bitcoin third-parties as little as possible, keeps one’s bitcoins locally, and regularly back it up; the large Polish exchange Bitomat offers a third. 18. Addresses ought always to be encrypted, and further, one must do the encryption oneself. If a single person, tool, or site is doing the encryption for your SR ordering, and only SR encryption, then they are an obvious target for attackers like law enforcement. This is a very real concern: in September 2011, an older online drug market, “Farmer’s Market”, was busted and 8 administrators or sellers were indicted. No users/buyers seem to have been arrested, indicted, or convicted yet, but reportedly former customers have gotten love-letter-equivalents from the Department of Justice warning them & asking for information. The indictment doesn’t reveal how all the evidence was obtained (aside from the drugs purchased by and mailed to agents), but the defendants all used a Canadian email service called Hushmail which provides a Web interface for emails encrypted using PGP. Hushmail either provides or runs the encryption code for the user, and as such, can compromise users at any time, and indeed, has turned over decrypted emails to law enforcement in the past (“Operation Raw Deal” yielded “12 CDs” of emails). I personally stopped using Hushmail when this was revealed in 2007, but it seems the defendants did not. In October 2012, a Tor developer attended an FBI conference where a DEA agent told them that “they just had random Americans receive the Paypal payments, take a cut, and then turn them into a Panama-based digital currency [Pecunix], and the Panama company didn’t want to help trace where the money went…the two main people used Hushmail to communicate. After a subpoena (and apparently a lot of patience since Canada still isn’t quite the same as the US), Hushmail rolled over and gave up copies of all the emails.” (The litany of detailed financial records in the indictment is also a vivid demonstration of how insecure non-Bitcoin services can be.) Another sobering example comes from an Australian child pornography ring which practiced remarkable operational security in its use of PGP and Usenet message groups (as described in the 2008 Castleman affidavit & a summary by Baal): after a member was flipped due to offline activities, the length investigation succeeded in prosecuting less than half of its members, principally those members which had placed their trust in a third-party email/VPN service called Privacy.LI. Finally, Tor Mail was popular with black-market users for providing a hidden service, and while it did not betray its users, its French servers were seized in the Freedom Hosting raid and its emails have since been employed by the FBI. 19. I only used the standard Bitcoin escrow. (Needless to say, Paypal is completely out of the question.) SR has another escrow scheme where the escrowed amount is tied to the current exchange rate, in order to protect the seller against exchange rate volatility; that escrow is documented in the announcement and the “Escrow hedge” section of the Buyer’s Guide. 20. “Finalization” can be done before the package arrives, but obviously this leaves you open to a bad seller. I have never finalized early, and I regard as idiots anyone who does - an opinion borne out by reports of a SR scam in April 2012 where the highly-rated seller Tony76 held an attractive sale requiring early finalization; the hundreds of orders never appeared, and he left with thousands of bitcoins. (See the SR forum thread for Tony76 reviews for discussion ad nauseam.) He ran a private store as well, and that has been estimated at stealing >5,800 bitcoins. The procedure is also interesting; captainjojo: From every indication Tony76 was setting everything up for this a couple of weeks in advance. He refused to send via express or priority or any type of tracked shipment, so it would take longer before people could say their package wasn’t coming. He asked for FE from basically everybody, he opened up international. He then told everyone he was going offline to get caught up, further obscuring things. The simplest answer would seem to be he just completed one of the biggest scams on SR and is relaxing seaside with a Margarita with 60-100k of everybody’s money. This failure mode was foreseen by cypherpunks back in the 1980s & 1990s; Timothy C. May’s comments on the issue have already been quoted. The 2012 draft of Christin 2013 gives us a SR-wide look into the practice of FE: We observe that 20,884 instances of feedback contain variations of “F.E.,” “finalizing early,” or “finalize early.” This shows that finalizing early is a rather common practice on SR. There does not appear to be [substantially] more problems reported with feedback including such strings (only 342 of them map to a rating of 1 or 2). This seems to show that established sellers that are offered the option of requesting early finalization from their customers do not abuse that privilege….A third observation is that item 4 stops being sold immediately after April 20. The last time it is observed on the site is April 25, before being de-listed. From discussions in SR forums [6], it appears that the seller of that item abruptly left the marketplace, potentially leaving a large number of paid, finalized early, orders unfulfilled. In other words, there is suspicion of a “whitewashing attack [12],” whereby a seller creates an excellent reputation, before using that reputation to defraud users and leaving the system. In hindsight, the 20% drop in price occurring just prior to April 20 was considerably steeper than all the other promotional discounts. This could have been an indicator that the seller was not intending on fulfilling their orders and was instead artificially lowering prices in hopes of attracting large numbers of customers to defraud. I’d note that this doesn’t show that one can F.E. heedlessly, since it is a description of the current status quo in which users know not to F.E. lightly; this only proves a claim like ‘existing sellers requesting early finalization have not yet majorly abused it’. Another major issue is that these estimates are an upper bound due to 3 sources of underestimating negative reviews (personal communication, 2013): Christin’s crawl had access issues in April 2012 and so did not capture any non-FE post-4/20 reviews left for Tony76; the deletion of banned seller pages - Tony76’s page was gone by the time the crawl resumed - means that negative reviews are much more likely to not be publicly accessible; and people who were scammed do not seem to reliably update their “5/5 FE” reviews. The final 2013 paper reads We observe that 20,884 instances of feedback contain variations of “F.E.”, or “finalizing early”, accounting for spelling variations (“finalize” vs. “finalise”) and word order (“early finalization” vs “finalize early”). Feedback including such strings does not, at first glance, appear [substantially] worse: only 342 of them map to a rating of 1 or 2. There is however a [substantial] caveat behind this finding. A buyer that finalizes early, leaves a good rating, and ends up being defrauded, does not have to lower their rating; doing so is purely voluntary, and other than by sheer altruism, there is little incentive to do so. In fact, buyers may not even have the possibility of updating their feedback, if a rogue seller shuts their page down after having absconded with their victims’ money. 21. To quote a SR seller: I don’t think I’m risking much. It would be almost impossible for law enforcement to find me. They would need to find out where the package came from, and go to that mailbox, and have a police officer wait a few weeks for me to return to that mailbox. All just because they found a 100mg of a Schedule II drug in an envelope. Also, they wouldn’t suspect me. My criminal record is perfectly clean. Not even a parking misdemeanor…I doubt that I could be caught. They would need to find out the mailbox that I’ve been putting the packages in, and then have someone wait there and watch me, and then they would need to prove that I was the one who put it in the mailbox. So if they could back-track and find out where the package came from, then maybe they could catch me. Also, there are many different mailboxes around me, so I put the packages in different mailboxes each time. Definitely can’t hurt. A Redditor comments on the jurisdictional advantages of going through USPS (as is usually recommended in seller discussions); I do not know if he is correct, but the description sounds plausible: Also, once it’s in the mailbox, it’s property of the US postal service, and they’re VERY particular about what happens to it. No one (including other agencies) can carry weapons in a post office except for postal inspectors, nor can they investigate mail on their own; it has to go through the post office itself. 22. I was not worried at all. I’ve researched very carefully how many modafinil users have ever been prosecuted for any reason, and it is a handful at most out of millions of users, and that includes people ordering from online pharmacies which are far less secure than SR. As well, the most similar example, Farmer’s Market (see previous footnote) showed no prosecutions of their customers, and they had terrible security. So I was safe on multiple levels: I was buying something almost never prosecuted, I was a customer & not a seller, I was buying on a secure site, and I was buying small quantities. 23. I have no idea why the stamps are not canceled; Wikipedia mentions that sometimes the stamp cancellation machines fail and the stamps get a pen cancel instead. One seller mentions that sometimes he receives uncanceled stamps, and asking older relatives, they did too (and sometimes the package or envelope was canceled - just not on the stamps). 24. This metric is the per-unit cost weighted by an expected-value interpretation of what feedback implies about the risk; see the later Quantitative section for the full explanation. 25. See the threads “AAKOVEN SELECTIVE SCAMMER!” & “AAkoven - US Buyers Beware” 26. For unit prices <฿3, I increase the unit count until it fits within ฿7.5; otherwise, μg/฿ is calculated the obvious way: dose times quantity divided by price plus shipping. 27. The prolific seller Synaptic was excluded for failing to provide a public key; public keys are not optional. 28. The second transcript of testimony by Skinner (co-conspirator, turned state’s evidence) has this passage on page 7-8: [Skinner:] …This [aspirin pill] weighs approximately a gram. And if it was ground up and everything, this would be about 10,000 doses of LSD in the pure crystalline form. Q. And what would then a dosage unit sell for? A. At the wholesale level to the largest customers in the world, approximately 29.75 cents per dosage. Q. And what would it sell for then on the street at the retail level, if you know? A. Well, I - I’ve heard as - figures as high as…$10 per dose.

Q. (by Mr. Hough) So when a kilogram was manufactured at this lab and it was then given -

A. Fronted out to Petaluma Al.

Q. Fronted out to Petaluma Al, what was the understanding of what that was worth and what -

A. $2,975,000 approximately. 29. Illustrating the danger of early finalization even for top sellers, he did a “sale” FE rip-and-run in February 2013 which netted >฿700 (>$21k); reportedly he left a Wire quote on his profile page: “But, the game’s out there, and it’s play or get played. That simple.” To which one might add, “Silly woman, you knew I was a snake”. ETM’s scam played out as it slowly became apparent that another LSD seller, LucyDrop, was pulling the same thing and probably hadn’t shipped any of their >600 outstanding orders (>$70k). I am increasingly disgusted watching these FE scams: while suckers will always be suckers and people scammed by FE have mostly themselves to blame, equally to blame is the SR staff/DPR, for enabling these scams. They could at any time simply ban FE, and choose not to. Nor am I alone in this; discussing events with several people, the conversation invariably went something like this: • me: [mentions latest FE scam] • them: What’s FE? • me: Oh, that’s where you deliberately release your payment from escrow to the seller before the goods have arrived. • them: ??? Why would you ever do that? • me: Well, there’s a couple reasons. You could do it to be nice to the seller, maybe make their cashflow easier. Or because you’re a new buyer and should bear some more risk. And… that’s mostly it, really. • them: Those don’t sound terribly important. Am I missing anything? • me: Not that I know of. • them: I see. How much did you say these two big recent FE scams lost? • me: We think that they made away with$40-140k, but it could be more depending on how many people haven’t left feedback, how many will continue ordering, what exchange rate they cash out at, etc.
• them: And how much does SR sell a month?
• me: Christin 2012 estimates something like $1.2m a month. • them: So this month SR buyers have lost to just 1 or 2 scammers the equivalent of a tenth of the entire monthly turnover of SR, as much as SR itself takes in commissions, all thanks to an almost entirely useless ‘feature’, and the SR staff have done nothing about it? • me: Looks like it. • them: [hopeful] Did this ‘early finalization’ feature just get added? • me: No. It’s been there since the start ~3 years ago. [helpfully] There’s been lots of big scams before this too, like Tony76 who made off with, I think, >$100k in total.
• them: This looks like the Worst Idea Ever, unless the SR staff hates the buyers and wants them to suffer as much as possible. Am I insane - or are the SR staff incompetent, insane, or evil?
• me: I have no idea.

The competing Atlantis marketplace prided itself on its less abusive early finalization system

Restricted Finalize Early (we only allow our trusted sellers [see seller guide for requirements] to request Finalize Early, the option is not physically available for other sellers, and requesting it will have them banned. This has proven to be a priceless technique for protecting users and weeding out scammers.)

30. Looking at the reviews posted to the front page and sentiment on the forum, I would hazard a guesstimate that scammers are 0-10% of the marketplace, and probably to the low end of that spectrum. In the January 2012 one-year anniversary message, “State of the Road Address”, the administrator claimed that “over 99% of all transactions conducted within the escrow system are completed to the satisfaction of both buyer and seller, or a mutually agreed upon resolution is found.” Christin 2013’s analysis found 99.1% of feedbacks giving 4-5 stars (similar to eBay rankings) but notes that this cannot pick up scams done out of escrow (as one might expect many scams to be done).

31. Don Schlitz’s “The Gambler”.

32. While BW held up its end of the deal and I understand why its operator might fear the legal consequences, I am a little disappointed that he chose not to publish it; I was reminded of Hamlet:

Thus conscience does make cowards of us all,
And thus the native hue of resolution
Is sicklied o’er with the pale cast of thought,
And enterprises of great pith and moment,
With this regard their currents turn awry,
And lose the name of action.

33. Dismissal of LE as too incompetent to mount attacks feasible for the NSA has become much less tenable as the news has leaked how the NSA has shared data with the DEA’s “Special Operations Division”. Given the mounting weaknesses in the Tor network & hidden services, it is likely the NSA could find SR if it wants. The only positive aspect to the Snowden leaks for SR is that the documents show that the NSA goes to considerable effort to reveal data gathered through its advanced capabilities only when it is possible to come up with a more innocent possible source (a “parallel construction”), and there doesn’t seem to be any obvious way to do that for a SR bust. The most obvious place that parallel construction might enter into SR is the Customs search which - mirabile dictu - just happened to uncover Ulbricht’s fake IDs, inasmuch as the DEA training materials on parallel construction emphasize the value of searches.

34. The operator of the failed (hacked) post-SR2 market FloMarket provides an explicit example in his post-shutdown interview:

myself: who are you in real life, personally and professionally?

Flole: I have developed software for some people, but I never did it professionally. I did it just as hobby, and I learned all programming skills as hobby.

Flole: Personally I am a 15 year old pupil, living in EU, who has fun developing software. I am doing it for several years now.

Flole: As a side note i can add that I have never tried any drugs, never smoked cigarettes and never drink alcohol.

myself: How did you ended to develop and admin a DarkMarket? and Why? what were you expecting from it?

Flole: I saw that silkroad has been seized and I thought there should be something replacing it (Silkroad 2.0 has been faster). I have read, that backopy, admin of BMR, made 440.000\$ per days, so I though: sounds interesting I mainly expected money and fun from it. I wanted to buy expensive DJ equipment, so I started the site.

myself: what do you think about all the new darkmarkets that have been created lately?

Flole: they tried the same thing I did: Making profit from SR and BMR shutdown. I think we can’t trust to any of the new sites, since they haven’t been tested for exploits. I will and like my site: Some time all works well, and then they get hacked… They just want to make money easy and fast…

35. If we were to classify Silk Road / BMR / Atlantis / SMP as the first generation of Bitcoin+Tor black-markets and analogize them to Napster, then the second generation of black-markets, the BitTorrent of black-markets, will - I think - be the new black-markets which make use of “multi-signature escrow” to remove the weak point of a centralized site handling deposits/escrow which can then be hacked or stolen. “The Market Place” seems to be the pioneer here, but it’s still too early to say whether multi-signatures work in practice like they do in theory or whether black-market users value the convenience of a centralized site too much.

36. A lesson that must be relearned with every major theft or loss of Bitcoins. For example, core developer Gregory Maxwell rebuking blockchain sleuths on 27 February 2014 after the MtGox bankruptcy:

What people are doing is loading up a famous 424k BTC transaction MTGox made in 2011. (Or at later 550k BTC transaction for which I’m aware of no solid evidence belonged at the time to MTGox - Just some speculation by Dooglus) and then clicking around on the movement of funds until they find an address with a large amount of coin available to it.

The problem is that you would expect a large portion of all withdraws from MTGox to be linked in such a manner and certainly all very high value ones. Once you’ve gone even one hop you cannot be sure that the coins are controlled by MTGox anymore. The alternative hypotheses that these were large manual withdraws to big purchasers is equally supported by the data. A significant fraction of all circulating coins are “linked” to MTGox - but this doesn’t mean that MTGox currently controls them.

37. Dealing with a controlled delivery by signing and then having “thrown it in the trash” did not work in the case of Matthew Nelson. I’m not clear on whether just signing and then not taking it anywhere is culpable or if it was due to the triggered search warrant which turned up additional contraband and then enabled a charge on possession of the package.