Very interesting reading the obstacles faced by the black market drug trade and how they're overcoming them. It seems like the producer layer is most susceptible to penetration as it is essentially identical to most gangs. It's entirely glossed over here but procuring the product seems like a difficult problem for an anonymized distributor: How do you make sure the product gets to your support layers?
As interesting as it all is, it's also very concerning for Law Enforcement. While petty things like drugs don't really worry me much, the advances in the anonymized distributed networks like this do mean that things that previously required big budgets of national intelligence agencies become easier for common malcontents to use. The article essentially describes a quintessential terror cell structure, but with the added benefit of 0 direct interaction. The separation of layers has always existed with limits (IE you had to have some form of communication) but this potentially allows for goods and services to easily be passed from fully anonymized layers to others without every having any interaction at all.
At the moment that's how it works. If it's true that things are moving in to telegram and other encrypted chat platforms then it could change. It makes it simple enough for the average person to do.
I'm not seeing why this would particularly reduce violence. Some gang violence isn't about drug sales, but the same sort of territorial control that nation-states like to fight over too. And for the violence that is about drug sales, I'm not seeing why that wouldn't continue. Dead drops are just as local as corners are, and there's just as much incentive to fight over business as there was previously.
In the current system, you have to have dealers hanging out on the corners. To take territory, you shoot at the dealers and either kill them or scare them away.
In this system, you have drops. How does a rival gang know where they are? They'd have to buy the product to discover the drop and drops shouldn't be used multiple times. They could watch a user find one, but then that drop wouldn't be used again so they couldn't stake out and wait for their rival to refill it.
It's not clear to me how much gang violence is specifically driven by fights over corners, rather than other kinds of inter-gang fighting. But let's assume it's significant.
I think it's very unlikely a drug business can get to scale without reusing drops; the cost of scouting a good drop is significant, and the number is finite. Regardless, the value of a drop declines the farther it is from customers and from the dealers who supply the drop. So in practice, gangs will still have an incentive to claim turf and to harm other dealers using drops on their turf.
Even if that somehow doesn't happen, they'll still have the same strong competitive incentives. So they'll be very much inclined, as now, to discover rivals and take over their business through violence.
If gangs are claiming turf and excluding other dealers, then those aren't dead drops, which by definition are undetected drops by anonymous parties. It's an open question whether effective dead drops are even possible, but if they are, and come to be widely adopted for trade in contraband, then a significant portion of the source of territorial conflicts between criminal organizations vanishes.
> As interesting as it all is, it's also very concerning for Law Enforcement ... things that previously required big budgets of national intelligence agencies become easier for common malcontents to use.
We'll probably see "white hat" distributed networks with pseudonymous reputation used for the provision of security and crime-prevention services, with no need for traditional Law Enforcement to get involved in any real way other than in a secondary, oversight role. After all, tools that "common malcontents" can use, can also be used by people working for the social good.
Since you are primed on the question. You should read Rainbows End by Vernor Vinge. It's a near-future sci-fi book that tackles these sorts of questions.
As a bit of a "spoiler" his solution is a covenant with the citizens. The government will hack all of our computers, will own the IME equivalents of every machine, and in return they will only use this power to hunt down terrorists and mass murderers, people who are looking to leverage technology to build nuclear weapons, bio-weapons, etc.
Things like parallel construction would have to stop though. Or be considered an immediate dismissal.
People from more or less politically stable countries like the US are very naive in not considering what can happen to the best of governments overnight.
People from Europe have this sort of... experience. Most of us know that trusting the government with our lives is not a good idea.
Shall we wait until it is over before drawing conclusions? It's already gone downhill a lot further than I would have expected, the degree to which people are apparently willing to enable all this is f'ing scary.
The US isn’t naive. In fact, it’s the opposite. It is a country that was so aware of the folly of government that it deliberately inhibited its own government by design. Because it knows damn well what happens when you relinquish control of yourself to another. That’s why the 2nd amendment is so fundamental.
The US doesn’t have to worry about things happening to the govt overnight, because the worry is built in. A successful model exits, it just needs to be followed...
I mean, in the book, this is post terrorist cells using nuclear weapons and bio weapons, facilitated by technology like the OP, a solution was required. And this one could be non-dystopian, making it better than other solutions.
That doesn't sound like near-future fiction. That sounds like 20 years ago but without the part that the government promises to only do this for "good" reasons.
But I disagree on a couple of points, truth is more important than pseudo "pragmatism". A problem with incorrect pragmatism is that we collectively talk each other away from the seemingly impossible... which may in fact turn out to be possible. The study of cryptography (both primitives and protocols and systems) can be viewed as the study of paradoxical possibility. Things that seem to be impossible until they turn out to be possible.
I think the right (though not necessarily the most likely) solution to the problems you allude to is more powerful local governments able to monitor the goods coming into/out-of their jurisdiction, a sort of return to the more decentralized political structure of the feudal era.
In this sort of arrangement, a jurisdiction's authorities could require shipments to be bonded, with forfeiture of the bond if it is found to contain a restricted substance. This would result in policing happening at the edges, by those providing the bonds, and likely relying on trust networks to assess the risk that a package originator is a terrorist.
Such a world would have a lot more trade friction than an idealized world govermment that centralized control of the movement of goods to prevent malevolent behaviour while allowing free trade of benign goods, at least in the earlier stages where localized solutions are not well-developed/efficient, but it would mean a far lower chance of a significant fraction of the world coming under the tyranny of a single malevolent government.
An all-powerful central govermment will always pose a far greater threat to the advancement of society than chaos IMHO.
There's nothing to be worry dangers of this network. I don't believe that our intelligence agencies haven't found a way break this anonymized distribution network. Its a well known fact that IA is indirectly sponsoring this network to get funds for their illicit operations. And I am pretty sure that they have planted backdoor in this network.
> The article essentially describes a quintessential terror cell structure, but with the added benefit of 0 direct interaction.
Isn't "terror cell" a little over-the-top? It's just trade craft. The US does it. Russia and China do it. The various mafias (at least, modern ones) do it.
It's not over the top, it's what I was talking about.
Terror cells have had to operate with reduced resources since the dawn of terrorism. The terror cell structure is trying to keep things as isolated as possible, and I'm saying this structuring and proliferation of dead-drop tech will all boost the potential power of the terror cell.
I'm saying that what they've described is a structure analogous to what exists, just higher tech. The time to adoption of this by terror elements is going to be short.
>As interesting as it all is, it's also very concerning for Law Enforcement. While petty things like drugs don't really worry me much, the advances in the anonymized distributed networks like this do mean that things that previously required big budgets of national intelligence agencies become easier for common malcontents to use.
Last years state only tech is next years commercial tech. Once upon a time only the clergy were literate, now everyone can read and write whatever they want. Once upon a time the state could control the news. Now anyone with an internet connection can publish stuff. Once upon a time only major powers had tanks and artillery now every podunk warlord has them. Once upon a time only superpowers sent things into space. Now companies are doing it and making a profit. Once upon a time only the three letter agencies could bug a room. Now anyone can buy pinhole cameras for $5.
Trying to stand in the way of that is just stupid. You can't stop the long slow march of technological progress. At best you can quarantine off some small dystopia that you control.
I wonder if dark web markets will ever establish a comprehensive alternative parcel system... that seems like the natural, final extension of these ideas. The technical challenges to this would of course be significant (I'll refrain from listing them and suggesting potential workarounds since I don't really want to give anybody any specific ideas on this LOL)
There are quite a few holes in the scheme as outlined in the article. The author asserts that dead drops are better than post office boxes because they're harder to surveil, but what keeps law enforcement from signing up their own personnel as distributors? Then it's just a matter of staking out their own dead drop and arresting whoever shows up. This is why the first rule of opsec has always been, "Involve as few people as possible." You can't improve security by adding more people to the loop.
The best way to do this is probably for the 'salesperson' to drive to an isolated area and chuck packages into the bushes at random intervals. The packages then send their GPS locations to a LoRaWAN gateway somewhere, to which their buyers have been sold access tokens. LE can still infiltrate the organization in the sales role, but with more difficulty. Adding an extra distribution layer with fixed dead-drop locations just seems pointless.
It's plausible that the beacon need not be directly co-located with the drop, but be near enough. It should also be possible to re-use them for some time. I would imagine that the actual cost overhead would really only be $20 - $30 per active dead-drop location + some percentage for lost or damaged beacons.
I think law enforcement spending all that money to catch consumers is very unlikely, it's the wrong end of the stick. Not to mention once its known they are cops, they'd have to try and reestablish themselves. Doesn't seem too effective to me. If anything it would help create kingpins because certain places would have a good reputation and newcomers would be avoided.
The interesting thing about dead drops is that they are asymmetric, because whoever chooses the dead drop location has first-mover advantage. So, they are harder to surveil for an outsider, but easier for an insider - who can also involve third parties in a distributed way, similar to how the exchanges themselves happen. The article gets into this when it discusses how sellers might adapt to the possibility of a middle-man stealing from the dead-drop, or a supplier surveiling them.
> what keeps law enforcement from signing up their own personnel as distributors?
This only catches the end users, and that's not a great use of police resources. The police would much rather target the distributors, not the end users picking up a small amount of drugs for personal use.
It's not just the cops that will be surveilling a dead drop.
You don't think a heroin addict who couldn't come up with the money for their next buy isn't going to go check every dead drop they ever bought at on the off chance that there is something there?
I mean, just thinking of the old espionage meaning of dead drop, if you have dead drops or safe houses or secret meeting locations that you could only use once a year, to avoid patterns, then researching them would become tremendously expensive. A full time job, really, probably for several people (and someone in logistics managing them all). I can't see how that'd be much different for criminals, and how do you make a profit at that? At least in the espionage case, you would have been State sponsored. You don't have to make money.
great observations. but as for “how do you make a profit at that?” I’m pretty sure it gets priced into the (expensive) product. That premium might be too high for retail, then this gets used for lower frequency, higher quantity and higher trust transactions.
The other issue I see is at some point, all secret hiding spaces will be used. For a consumer, checking previous drop locations may result in finding free goods.
Using telegram for communications with customers also allowed marketing to escape darknet forums and into the walls of public places. Normal people don't even need to know about darknet to buy drugs and what those @usernames on walls are is becoming common knowledge.
Illicit drug and alcohol distribution has traditionally large nominal margins and large expected loss at every layer, commensurate with the efficacy of law enforcement.
So long as there's sufficient profit margin to allow for an acceptable "shrinkage", it just becomes a cost of doing business. The benefits in terms of privacy/security for the typical darknet vendor probably make it well worth low double digit percentage losses, given the assumed margins from source to end user...
The biggest flaw here is the dead drop system. It doesn't scale well and involves many more complex steps and people in the system.
For example, a drone on surveillance duty that continuously watches the area will be able to identify patterns and pick out possible outliers. Combined that video feed with machine learning and it may be possible actively identify dead drop participants.
How do you defend against the eye in the sky, video surveillance or location tracking ?
There seems to be conflicting objectives.
When hiding an object you don't want too many people around to see where you hide it. Yet if you record only two person going to exactly the same non standard spot it's pretty much a red flag, then you follow the person in the recording to identify them.
Most buildings are probably not valid because they can't be entered easily by both parties.
Taking a guess: ML is just too good. Don't forget, it's also a signal to leave surveillance areas, eg "last seen driving into the desert". Any kind of outlier behavior is PART of the detection model ... that's where probabilistic models gain leverage, in fact ...
I think if “he left surveilled areas for no registered reason” is something that law enforcement observes and considers evidence of criminal activity, we’ll have well and truly lost any semblance of being a free society.
This kind of statement is hard to argue, as incentive to conceal technological ability is likely baked into the game. So then what's your threat model?
London is the most surveilled public space on the planet with full access for law enforcement. Somehow crime still happens there.
Technology is not a magic bullet. It also is also neutral and does not choose sides. Crime will exist for as long as it is profitable. There's even crime and black markets in highly secure, structured environments like prison. "Arms Race" between law and outlaw will continue.
Note that I said "could" in the original post ...
Type 1. Some things "could" be with enough power backing them,
Type 2. While others could never be regardless of power backing (eg engineering limits like quantum computing, or even organizational limits like the petro-bolivar?).
With the right backing - political, resources, talent - surveillance tech "could" quickly squash dropgangs, so it belongs to Type 1. (Btw, where talent goes is a key determinant.)
Employ and build trust with a tight circle of local homeless folk, establish delivery methods which circumvent surveillance such as on-foot delivery, chained drops, multiple couriers, etc. Some distribution networks currently employ such methods. It will always be a game of cat and mouse.
in most cities those places are even more heavily monitored through CCTV than a park, so I am not sure if it adds value. On one hand you have the god eye in the sky and in the other CCTV in a metro.
Tonnes of people buy things like this right now, on their personal phones using text messages to people that they actually go and meet (or their drivers), using no encryption whatsover.
Depending on your adversary, you need to be super careful to not make the single mistake that'll blow your cover there. If that burner ever gets switched on or off at your home, or if it only ever gets switched on/off at the same location as a phone registered in your name, or if it commonly travels exactly the same route as your phone...
I'm guessing "they" won't go to those sort of investigative lengths for theoretical retail customers of a theoretical Dropgang. I'd expect a vendor to be targeted using those sorts of techniques though.
And none of that data ever goes away... Who knows what law enforcement might choose to do with those sorts of leads in the future?
Dead drops can’t compete with USPS. They require a court order to open your package and even then can’t charge anyone with possession. All they do is send you a “love letter” and people have reported receiving future packages just fine.
Millions of people use dark net marketplaces. The war on drugs has fueled their growth and more serious crimes like identity theft have benefited from it.
The war on drug has to be one of the top contributors and financiers of crime and criminal gangs.
Imagine a world where criminal gangs don't have access to the money they make through drugs and a government that doesn't have to spend huge amount of money on drug laws enforcement because drug trafficking would be much less lucrative in the existence of legal access and you get fewer and very cash-strapped drug gangs, and government making money from taxing drugs.
Surely such massive savings and earnings can be spent to help problem users and reduce violence, no?
The war on drugs is also a big contributor to the LEGAL gangs such as police,distric attornies, defence attorneys, prison officials and worst of all judges.
Definitely an industrial economic complex similar to the Military Industrial Complex.
And protects the market of big pharma as well as the tobacco and alcohol industry. There is a reason these are among the top contributes for campaigns against the legalization of illegal drugs.
>The war on drugs is also a big contributor to the LEGAL gangs such as police,distric attornies, defence attorneys, prison officials and worst of all judges.
I agree with your sentiment but I find it odd that you think judges are the worst. Of all the people in the system judges are probably the least worst because they don't have as many incentives to do things that are bad for society but good for them personally the way all the other actors do (i.e. they do not directly benefit from the war on drugs).
Based on your measure of what makes them "most or least worst" you may be correct, but I disagree with the premise that whether or not their motives are virtuous makes a difference. The fact is judges rule over the system and that in itself make them the worst of the bunch, and actually the fact that they have less incentives yet continue to enable such a broken system to hurt people might be the best reason they are the worst.
They don't have the incentive to ruin people's lives to game their performance metrics (like prosecutors do). They don't have incentive to make much to do over nothing to justify their budget (like cops do). They don't have incentive to keep people in the system as long as possible to milk money from them and the state (like the prison system does). They don't have incentive to perpetuate the war on drugs to sell crap we don't need like tasers (police abuse them) and post-release monitoring (an overpriced joke that plays fast and loose with people's lives).
The bad incentive for judges seems to be that most of them have a desire to not rock the boat too much which is pretty benign compared to all the other actors who go out of their way to perpetuate and further the status quo because they materially benefit from it.
I find it hard to fault the judges for apathetically presiding over a flawed system when every other group you mentioned is doubling down to further that system.
I would concede that your arguments are all valid, unfortunately if we look at where most judges were employed before becoming judges the majority were the best-worst of the people in "every other group I mentioned". I think we will have to agree to disagree on this one, but I do appreciate your well thought out argument.
There are plenty of illegal activities which can be used by gangs to generate revenue. If certain drugs are decriminalized, they still have theft, fencing, prostitution, sex trafficking, intimidation, computer crimes, etc.
That is hardly the case, while criminal cartels tend to commit various crimes, nothing comes close to profitability of drugs as demonstrated by the high profile drug turf wars and involvement of various agencies.
Criminal networks do benefit from a bread-and-butter businesses like drug distribution. These innovations likely wouldn't be taking place at all if altering one's own consciousness with substances hadn't been criminalized - when the law is made to be at odds with society, society adapts to being at odds with the law.
But unlike say murder, "identity theft" isn't some serious crime - it's in the same basket as "war on drugs" in that they both attempt to fortify a nonsensical top-down design at odds with the underlying reality. It's arbitrage against a broken authorization paradigm, and will continue as long as banks (et al) choose to just bear the cost rather than actually fix their systems.
"Identity Theft" is a marketing spin on "broken identification". An identity is unique by definition and can't be stolen. But if you use an inadequate identification technique, like my birthday that's on my facebook and everywhere else in combination with my social security number that I have to give out to just about everybody, anyone can aquire those two pieces of information and impersonate me.
The ways to fix it are numerous, but most of them would involve a widely used national identity card that's actually designed for identification (as opposed to social security numbers which were never meant to be used like this). Alternatively have the banks pay fines for each instance of "identity theft" they suffer, and watch how they figure out better ways to identify people (probably verifying them in person).
This is something that has always frustrated me when reading about identity theft in the US. It's a problem that can only be fixed through legislation, yet I haven't heard of any even remotely successful attempts at establishing an official form of identification. Smart cards would be ideal, but even a simple national ID card with a picture would prevent the vast majority of identity theft.
I've done some research around social engineering and the no. 1 thing that stopped us from getting into bank accounts etc. was that to do anything remotely dangerous, you had to present your ID card. Even if you got your hands on someone's IBAN, name, address, bday and national ID number - no card, no deal.
It's not impossible to get fake IDs, but it's a significant investment to do so, which stops the kind of drive-by identity theft I read about from the states.
Strengthening the technicals of verifying identity won't solve it. In fact, doing so will serve as justification to double down on the crutch rather than fixing the root problem of incorrect security assertions, causing the individual victims even more problems.
The real legislation that is needed is to statutorily shore up the banks' liability for the damage their negligence causes. A person that has to deal with fall out from a bank being defrauded (eg repudiating that bank's and surveillance bureaus' libel) should receive a decent hourly wage in liquidated damages.
That's a fair point - more accountability is definitely needed.
But while I agree that tech alone wouldn't fix much, using a single number (with no biometrics whatsoever) for identification is just asking for trouble. Even my bus pass has my picture on it!
Using a simple number for an identity makes sense. Using knowledge of that number to verify identity does not.
The real problem in the US is that for any newly proposed identity system, any protections that keep the private sector from hooking into it for their own commercial surveillance will get scrapped due to lobbying. At the present, even social security and license plates are just basic government mandates, but form a foundation for unrestrained commercial actors to implement totalitarian surveillance.
So given that, the sensible freedom-preserving USian position is to be against any new identity systems until some laws have actually been passed to prohibit abuses of the current ones.
> my birthday that's on my facebook and everywhere else in combination with my social security number that I have to give out to just about everybody
And that's generally the best case. Name, state, and birthday are considered unique in a terrifying number of settings, including traffic stops, DMV records, and voter registrations. It's baffling to me that a police officer can 'run a license' and act on the results without making use of the unique ID already provided on the license, but it apparently happens.
One "extreme" way would be for debts to require better documentation in order to be collectible. E.g. the credit card company would have to have an authenticated video of the debtor stating "I am Jane Doe and as of this date, January 14 2019, I owe "Capital One" five hundred dollars." Stealing social security numbers wouldn't be enough to accomplish "identity theft", if that were the requirement.
(Re)design systems so that they rightfully treat eg SSN as a mere database key rather than negligently imagining it some kind of shared secret. How this gets applied and the implications differ for each trust relationship.
For example, if you have a bank account at a brick-and-mortar bank (and haven't setup online access), anybody can obtain online access to that account by going to the bank's website and entering your name, social security number, and maybe the recent account balance. This is in fact the exact process a bank rep does when you open a new account if they setup that access for you, or sometimes they even tell you to go home and do this yourself! Similarly, if you forget your online banking password, you can reset it entirely online with access to your email account, making your email account more trusted than the bank account!
In actuality, your being in the bank in person is the primary trust relationship, and that needs to be leveraged for the above scenarios. So online access should only ever be setup in a branch, and perhaps password resets should even require going down there as well.
(Obviously this is just an example and does not also apply to online-only banks. As I said, the key is to stop treating quasi-public information as a shared secret)
> All they do is send you a “love letter” and people have reported receiving future packages just fine.
well, that's what the end user sees, but we can't pretend to know what happens behind the scenes from a data perspective, and how that data might be used in the future.
> They require a court order to open your package and even then can’t charge anyone with possession.
this is not true. only first-class mail (13oz and under) is subject to any fourth amendment protections at all,[1] and your mail can be opened without warrant if it comes from overseas.[2] USPS can also x-ray and use other imaging techniques on whatever they want, they even describe it as a best practice.[3]
this isn't to say dead drops are a better idea; there are plenty of reasons not to go that route as well.
> 4. Can Postal Inspectors open mail if they feel it may contain something illegal?
First-Class letters and parcels are protected against search and seizure under the Fourth Amendment to the Constitution, and, as such, cannot be opened without a search warrant. If there is probable cause to believe the contents of a First-Class letter or parcel violate federal law, Postal Inspectors can obtain a search warrant to open the mailpiece. Other classes of mail do not contain private correspondence, and therefore may be opened without a warrant.
Whoa, that's news to me. I didn't realize that any class of mail besides First class is considered to not contain private correspondence.
Postal Inspectors have some strange powers (read up about Comstock laws) - also in the UK BT Security (aka SD or IB) inherited quasi legal powers from its days as part of the post office - you did not want to be investigated by them.
And the only time they even find drugs is when a package busts open and they can see it. Otherwise they have neither the time nor budget to have even a single digit fraction of packages be dog sniffed or xrayed. And how often will they be legal shit they open up and find anyways?
odd goods like you might find in craiglist's for sale section. shared passwords or accounts for streaming websites. books. paintings. collectibles. there are often good deals on any dark net marketplace that pops up. All the way back to Silk Road 1.0.
It just echoes what the parent post said, which states millions of people use darknet marketplaces. they see the whole catalogue whether they go straight to the opioids section or not.
sometimes they even list! lower fees than Ebay. Maybe Ebay and Amazon write those Ask Reddit posts about the "scariest thing you've seen on the dark web" to perpetuate that its scary.
I haven't ordered drugs via USPS but have ordered illegal items. I received a letter from customs basically saying "we are not accusing you of anything, but don't do it again.". I received the new package in a couple weeks and the letter 6 months later. This wasn't even a dark market, just a regular website that takes visa.
Sit down. You're not going to like what I'm about to say.
This is going to start happening to you (us, really) more and more. Things that happened in the 00's happened a 'long time ago' to a larger and larger group of loud people with Internet access. People who can drink legally were born in '98. What's up with that shit?
https://en.wikiquote.org/wiki/William_Gibson#Quotes has a citation for him saying it in '99 and an unsupported assertion that it might have been said in '93. I've been hearing this long enough that I believe the '99 date, but I'm skeptical about '93.
My biggest problem with using the Darknet, messaging apps, or old school methods such as dial a dope or hitting up the guy on the street corner to buy drugs is the same. How can I really trust someone willing to break the rules and sell drugs or other non legal goods? You lay down with dogs you get fleas!! Last thing I would want is to eat, smoke or snort something from someone I have never met even if they have a 5 star rating on a darknet review board. Don't even get me started on messaging out to someone whos' contact info is written out next to a pay phone or on a bathroom wall and the likes!
Generally speaking, if you can't trust someone directly then the next best thing is consensus among others. Ideally, a connection only occurs in real life because one or more mutual acquaintances have decided they trust both parties involved. Relying on the word of others, on a network of trust, is paramount. Remember, these distributors also have their own set of problems when it comes to trusting others.
Most open marketplaces on the internet, not just darknet markets, provide reputation systems for this purpose.
Even Amazon has a review and rating system in place, which was integral towards building initial trust with its buyers and sellers.
But you can protect yourself. Whenever you have a new batch of some street drug, you test with a small dose. Maybe 10% of what you'd normally use. If it's too little, test with maybe twice as much. Waiting as appropriate, if tolerance is an issue (as with LSD). And then use what you need, to get the desired effect.
In most cases, bad drugs are either cut way too much, or adulterated with some other drug. But it's pretty rare for someone to be selling outright poison. So maybe an amphetamine in the MDMA or LSD. But nothing that's likely to kill at 10% of a typical dose.
The one key exception is fentanyl. So yes, some idiot may indeed sell you heroin (or even cocaine) containing too much fentanyl. However, you can still protect yourself by initially testing a small dose.
If something is illegal, it operates outside of the law and therefore lacks the normal protections which the law affords consumers. It has nothing to do with morality.
Yeah, drugs can be cut with some horrible things. The worst offenders are dealers at large events e.g. festivals where they easily get away with selling drugs cut with (inert at best, toxic at worst) adulterants to increase volume and still sold at great markup.
This is one of the reasons I hugely support legalized drug testing, and having law enforcement keep out of the way of drug testing orgs, because it's a public health risk.
Reagent testing kits are pretty easy for the individual consumer to buy (legally) and test their substances with before use.
In the UK, the charity The Loop is making great strides with testing and harm-reduction awareness, they've been running stalls at large festivals for a few years now and have a few permanent centers in large cities. When they discover drugs being sold with dangerous adulterants, they make it known on social media, and relay the info to paramedics and welfare. Has definitely saved a few lives!
It's cool to see serious tradecraft applied to this stuff. Especially compartmentalization.
And yes, using traditional shipping systems is a serious problem for old-school dark markets. I've thought off and on for several years about the potential for using dead drops with accurate GPS. I mean, geocaching. Many years ago, when I was dealing LSD, it was pretty common to use dead drops. But then, they were typically rental lockers in bus and train stations.
I agree that ubiquitous surveillance is a problem. However, it's ~clueless customers and low-level distributors who'll most likely get pwned. And they won't know anything important about the operation overall.
> However, it's ~clueless customers and low-level distributors who'll most likely get pwned.
INTERPOL has made some large busts in the past, but afaik it always has come down to failure to maintain proper OPSEC.
There's also the issue of possible directives in the future to prosecute customers en masse after major domestic busts using backlogged USPS analytics. As traffic obfuscation methods continuously improve, the economics of such directives will begin to look more and more reasonable when the goal is not to stop trade directly, but by establishing fear with precedent.
The problem with dead drops is that on a large scale where the level of trust is sufficiently low, it inevitably requires an escrow and resolution system with human moderation. And then you've just centralized trust instead of circumventing it. Dropgangs in the form described by the article do not provide the full package.
The article itself claims dropgangs and off-market platforms are the future and then goes on to state:
> Cryptocurrencies are still the main means of payment, but due to the higher customer-binding, and vetting process by the merchant, escrows are seldom employed. Usually only multi-party transactions between customer and merchant are established, and often not even that.
The author doesn't seem to make the connection that higher levels of trust means less scalability. The success of these platforms however is directly related to their scalability. Yes, this is a dangerous, criminal activity for both parties and I definitely do not appreciate the explosion in popularity of these kinds of markets. I have seen regular people get serious federal prison time due to the Dunning-Kruger effect.
The barrier for entry is much higher for new distributors as well, because A) at this membrane exists highest ratio of undercover law enforcement and B) establishing initial trust is key to something like dead drops, which typically will involve high-dollar, distributor-to-distributor transactions. Open markets help to facilitate initial trust-building by providing a trustworthy platform.
Anonymous, decentralized transactions using dead drops only works with side-channels for reputation, or with security deposits.
Side-channels for reputation like posting cryptographic proof on darknet forums isn't scalable or reliable.
And security deposits without a third-party adjudicator just move the trust issue around without eliminating it.
One ideal solution could be a cryptocurrency with on-chain confirmation of the real-world transaction by both parties after the fact.
When both parties to the transaction can point to a series of successful transactions through a web of trust, then the central marketplace for reputation or escrow is no longer needed.
> You give the greatest trust to reviews provided by the anonymous identities you have transacted with.
I don’t quite follow. Consumers deal with merchants. Consumers give reviews to merchants. So the anonymous identities you mention will be customers that I don’t know. Merchants won’t review each other, I presume.
In other words, as I understand it, the “anonymous identities I’ve transacted with” will be merchants, who don’t review other merchants.
> If a merchant creates 1000 sock-puppet consumers, they won't be reachable from your trust network, so you'll give them little if any weight.
What if do a successful deal with this merchant? Will I then trust that all those 1000 fake transactions took place? And will the people who trust me also believe that?
Few years ago it was revealed USPS was photographing all senders and recipient addresses on all mail in order to 'backtrack' packages in order to aid in investigations.
The current method of reporting sales experience on forums is open to spamming and manipulation since it is hard to show that a deal even took place.
It is likely that forums and merchants develop best practices to solve this problem. There is the potential that merchants will start to issue “proofs of sale” in a cryptographic form, that customers then use to make statements about the performance of the merchant in public forums.
Could a blockchain or some other kind of public ledger be used to create a public sales rating record? I don't see how such a thing can respond to spamming and deliberate manipulation, however.
Another thought I just had: could some combination of drones and self driving cars revolutionize dead drops?
> “The Silk Road” was the first of a phenomenon that became widely known: Darknet Markets.
The history is way off here, Silk Road was one of the first two completely public darknet markets (the other being the short-lived Open Vendor Database) but there were private darknet markets long before, e.g. The Farmer's Market.
> Use of the Internet to facilitate the marketing and sales of physical goods - drugs, weapons, false identification papers - began latest in the late 1990s, but usually focused on local geographic markets in major cities. This was due to the fact that payment and delivery still required in person meetings.
Not so, back then and still to this day drug dealers simply throw a stack of cash in the mail. The clearnet markets for "research chemicals" all operated this way and went basically unchecked until Operation Web Tryp in 2004, which began an era of harsher enforcement of the Federal Analogue Act.
If you really look at how the big names have gotten busted, you will see that their opsec is bad with no exceptions. Apparently people that actually know the craft don't see enough upside to running a marketplace like that, which should make you wonder about the ones that still exist.
Yes, indeed. I did look, rather carefully, a couple years ago. And OPSEC failure (sometimes spectacular) explained all of the the major busts that were widely reported.[0]
However, I did not research criminal court records. Accessing that data is nontrivial, especially for someone using a pseudonym, who can't show up physically, has no ID, and can't pay with a mainstream credit/debit card. Few, if any, courts accept Bitcoin etc.
Also, I made no effort to check for parallel construction, except by looking for inconsistencies among published accounts of investigations. And I do understand that the US DEA's Special Operations Division (SOD) funnels information from the NSA, CIA, etc to federal investigators.[1] With the understanding that "the utilization of SOD cannot be revealed or discussed in any investigative function".[2] And that includes outright perjury, if necessary. Just as we've seen regarding the use of Stinger intercepts.
It's hard to say whether people who know tradecraft well just prudently avoid running dark markets, as you say. Or whether they do, but don't get caught. Time will tell, I guess. At least, if remaining ones do get busted. But if they don't, there's the implication that the operators practice good OPSEC. Or, that they're honeypots ;)
194 comments
[ 81.8 ms ] story [ 3363 ms ] threadAs interesting as it all is, it's also very concerning for Law Enforcement. While petty things like drugs don't really worry me much, the advances in the anonymized distributed networks like this do mean that things that previously required big budgets of national intelligence agencies become easier for common malcontents to use. The article essentially describes a quintessential terror cell structure, but with the added benefit of 0 direct interaction. The separation of layers has always existed with limits (IE you had to have some form of communication) but this potentially allows for goods and services to easily be passed from fully anonymized layers to others without every having any interaction at all.
it seems better from their perspective than street gangs shooting each other over turf imo. an improvement for everyone involved, frankly.
>How do you make sure the product gets to your support layers?
through dead drops, of course ;)
In this system, you have drops. How does a rival gang know where they are? They'd have to buy the product to discover the drop and drops shouldn't be used multiple times. They could watch a user find one, but then that drop wouldn't be used again so they couldn't stake out and wait for their rival to refill it.
I think it's very unlikely a drug business can get to scale without reusing drops; the cost of scouting a good drop is significant, and the number is finite. Regardless, the value of a drop declines the farther it is from customers and from the dealers who supply the drop. So in practice, gangs will still have an incentive to claim turf and to harm other dealers using drops on their turf.
Even if that somehow doesn't happen, they'll still have the same strong competitive incentives. So they'll be very much inclined, as now, to discover rivals and take over their business through violence.
We'll probably see "white hat" distributed networks with pseudonymous reputation used for the provision of security and crime-prevention services, with no need for traditional Law Enforcement to get involved in any real way other than in a secondary, oversight role. After all, tools that "common malcontents" can use, can also be used by people working for the social good.
As a bit of a "spoiler" his solution is a covenant with the citizens. The government will hack all of our computers, will own the IME equivalents of every machine, and in return they will only use this power to hunt down terrorists and mass murderers, people who are looking to leverage technology to build nuclear weapons, bio-weapons, etc.
Things like parallel construction would have to stop though. Or be considered an immediate dismissal.
Still a fine line to walk.
People from Europe have this sort of... experience. Most of us know that trusting the government with our lives is not a good idea.
I would have agreed with that assessment in the past but in the present I really can't.
The US isn’t naive. In fact, it’s the opposite. It is a country that was so aware of the folly of government that it deliberately inhibited its own government by design. Because it knows damn well what happens when you relinquish control of yourself to another. That’s why the 2nd amendment is so fundamental.
The US doesn’t have to worry about things happening to the govt overnight, because the worry is built in. A successful model exits, it just needs to be followed...
History suggests that is not long.
Another post on the same site as the root post discusses the surveillance state, he roughly justifies what is happening currently:
https://opaque.link/post/fog_of_cryptowar/
But I disagree on a couple of points, truth is more important than pseudo "pragmatism". A problem with incorrect pragmatism is that we collectively talk each other away from the seemingly impossible... which may in fact turn out to be possible. The study of cryptography (both primitives and protocols and systems) can be viewed as the study of paradoxical possibility. Things that seem to be impossible until they turn out to be possible.
It is in this sense that I wrote:
https://news.ycombinator.com/item?id=16947652
Perhaps I should be writing science fiction stories instead...
In this sort of arrangement, a jurisdiction's authorities could require shipments to be bonded, with forfeiture of the bond if it is found to contain a restricted substance. This would result in policing happening at the edges, by those providing the bonds, and likely relying on trust networks to assess the risk that a package originator is a terrorist.
Such a world would have a lot more trade friction than an idealized world govermment that centralized control of the movement of goods to prevent malevolent behaviour while allowing free trade of benign goods, at least in the earlier stages where localized solutions are not well-developed/efficient, but it would mean a far lower chance of a significant fraction of the world coming under the tyranny of a single malevolent government.
An all-powerful central govermment will always pose a far greater threat to the advancement of society than chaos IMHO.
The best counter to terrorism is a homogeneous population.
Isn't "terror cell" a little over-the-top? It's just trade craft. The US does it. Russia and China do it. The various mafias (at least, modern ones) do it.
Terror cells have had to operate with reduced resources since the dawn of terrorism. The terror cell structure is trying to keep things as isolated as possible, and I'm saying this structuring and proliferation of dead-drop tech will all boost the potential power of the terror cell.
I'm saying that what they've described is a structure analogous to what exists, just higher tech. The time to adoption of this by terror elements is going to be short.
Last years state only tech is next years commercial tech. Once upon a time only the clergy were literate, now everyone can read and write whatever they want. Once upon a time the state could control the news. Now anyone with an internet connection can publish stuff. Once upon a time only major powers had tanks and artillery now every podunk warlord has them. Once upon a time only superpowers sent things into space. Now companies are doing it and making a profit. Once upon a time only the three letter agencies could bug a room. Now anyone can buy pinhole cameras for $5.
Trying to stand in the way of that is just stupid. You can't stop the long slow march of technological progress. At best you can quarantine off some small dystopia that you control.
The best way to do this is probably for the 'salesperson' to drive to an isolated area and chuck packages into the bushes at random intervals. The packages then send their GPS locations to a LoRaWAN gateway somewhere, to which their buyers have been sold access tokens. LE can still infiltrate the organization in the sales role, but with more difficulty. Adding an extra distribution layer with fixed dead-drop locations just seems pointless.
Fascinating idea, however.
This only catches the end users, and that's not a great use of police resources. The police would much rather target the distributors, not the end users picking up a small amount of drugs for personal use.
You don't think a heroin addict who couldn't come up with the money for their next buy isn't going to go check every dead drop they ever bought at on the off chance that there is something there?
I mean, just thinking of the old espionage meaning of dead drop, if you have dead drops or safe houses or secret meeting locations that you could only use once a year, to avoid patterns, then researching them would become tremendously expensive. A full time job, really, probably for several people (and someone in logistics managing them all). I can't see how that'd be much different for criminals, and how do you make a profit at that? At least in the espionage case, you would have been State sponsored. You don't have to make money.
The Trystero!
Did you read the article?
For example, a drone on surveillance duty that continuously watches the area will be able to identify patterns and pick out possible outliers. Combined that video feed with machine learning and it may be possible actively identify dead drop participants.
But really, other than this fatal flaw, it's a great narrative of the internet spilling into and interfacing with analog markets
Technology is not a magic bullet. It also is also neutral and does not choose sides. Crime will exist for as long as it is profitable. There's even crime and black markets in highly secure, structured environments like prison. "Arms Race" between law and outlaw will continue.
Note that I said "could" in the original post ... Type 1. Some things "could" be with enough power backing them, Type 2. While others could never be regardless of power backing (eg engineering limits like quantum computing, or even organizational limits like the petro-bolivar?).
With the right backing - political, resources, talent - surveillance tech "could" quickly squash dropgangs, so it belongs to Type 1. (Btw, where talent goes is a key determinant.)
Even when the dead drop could be as subtle as attaching something under a public bench or dropping something in a trash can?
A mobile phone has become a de facto a requirement for illegal commerce, as described, and to me presents a pretty huge single point of failure.
And yes, I know, EVERYBODY has a phone. But I don't. Why would I want to carry a police officer in my pocket? Especially if I'm a criminal.
As well as several of the methods outlined for protecting/locating the dead drops. WiFi hotspots, bluetooth beacons, etc.
I'm guessing "they" won't go to those sort of investigative lengths for theoretical retail customers of a theoretical Dropgang. I'd expect a vendor to be targeted using those sorts of techniques though.
And none of that data ever goes away... Who knows what law enforcement might choose to do with those sorts of leads in the future?
Tourists are having a hard time buying sim cards when they come here. Don't even know if it's possible at all.
Dealers don't rotate their numbers so much any more, so I was told.
Awful to read.
Millions of people use dark net marketplaces. The war on drugs has fueled their growth and more serious crimes like identity theft have benefited from it.
Imagine a world where criminal gangs don't have access to the money they make through drugs and a government that doesn't have to spend huge amount of money on drug laws enforcement because drug trafficking would be much less lucrative in the existence of legal access and you get fewer and very cash-strapped drug gangs, and government making money from taxing drugs.
Surely such massive savings and earnings can be spent to help problem users and reduce violence, no?
I agree with your sentiment but I find it odd that you think judges are the worst. Of all the people in the system judges are probably the least worst because they don't have as many incentives to do things that are bad for society but good for them personally the way all the other actors do (i.e. they do not directly benefit from the war on drugs).
The bad incentive for judges seems to be that most of them have a desire to not rock the boat too much which is pretty benign compared to all the other actors who go out of their way to perpetuate and further the status quo because they materially benefit from it.
I find it hard to fault the judges for apathetically presiding over a flawed system when every other group you mentioned is doubling down to further that system.
https://en.wikipedia.org/wiki/Kids_for_cash_scandal
https://en.wikipedia.org/wiki/Prison%E2%80%93industrial_comp...
But unlike say murder, "identity theft" isn't some serious crime - it's in the same basket as "war on drugs" in that they both attempt to fortify a nonsensical top-down design at odds with the underlying reality. It's arbitrage against a broken authorization paradigm, and will continue as long as banks (et al) choose to just bear the cost rather than actually fix their systems.
The ways to fix it are numerous, but most of them would involve a widely used national identity card that's actually designed for identification (as opposed to social security numbers which were never meant to be used like this). Alternatively have the banks pay fines for each instance of "identity theft" they suffer, and watch how they figure out better ways to identify people (probably verifying them in person).
I've done some research around social engineering and the no. 1 thing that stopped us from getting into bank accounts etc. was that to do anything remotely dangerous, you had to present your ID card. Even if you got your hands on someone's IBAN, name, address, bday and national ID number - no card, no deal.
It's not impossible to get fake IDs, but it's a significant investment to do so, which stops the kind of drive-by identity theft I read about from the states.
The real legislation that is needed is to statutorily shore up the banks' liability for the damage their negligence causes. A person that has to deal with fall out from a bank being defrauded (eg repudiating that bank's and surveillance bureaus' libel) should receive a decent hourly wage in liquidated damages.
But while I agree that tech alone wouldn't fix much, using a single number (with no biometrics whatsoever) for identification is just asking for trouble. Even my bus pass has my picture on it!
The real problem in the US is that for any newly proposed identity system, any protections that keep the private sector from hooking into it for their own commercial surveillance will get scrapped due to lobbying. At the present, even social security and license plates are just basic government mandates, but form a foundation for unrestrained commercial actors to implement totalitarian surveillance.
So given that, the sensible freedom-preserving USian position is to be against any new identity systems until some laws have actually been passed to prohibit abuses of the current ones.
And that's generally the best case. Name, state, and birthday are considered unique in a terrifying number of settings, including traffic stops, DMV records, and voter registrations. It's baffling to me that a police officer can 'run a license' and act on the results without making use of the unique ID already provided on the license, but it apparently happens.
https://www.theguardian.com/us-news/2017/apr/03/identity-the...
For example, if you have a bank account at a brick-and-mortar bank (and haven't setup online access), anybody can obtain online access to that account by going to the bank's website and entering your name, social security number, and maybe the recent account balance. This is in fact the exact process a bank rep does when you open a new account if they setup that access for you, or sometimes they even tell you to go home and do this yourself! Similarly, if you forget your online banking password, you can reset it entirely online with access to your email account, making your email account more trusted than the bank account!
In actuality, your being in the bank in person is the primary trust relationship, and that needs to be leveraged for the above scenarios. So online access should only ever be setup in a branch, and perhaps password resets should even require going down there as well.
(Obviously this is just an example and does not also apply to online-only banks. As I said, the key is to stop treating quasi-public information as a shared secret)
well, that's what the end user sees, but we can't pretend to know what happens behind the scenes from a data perspective, and how that data might be used in the future.
> They require a court order to open your package and even then can’t charge anyone with possession.
this is not true. only first-class mail (13oz and under) is subject to any fourth amendment protections at all,[1] and your mail can be opened without warrant if it comes from overseas.[2] USPS can also x-ray and use other imaging techniques on whatever they want, they even describe it as a best practice.[3]
this isn't to say dead drops are a better idea; there are plenty of reasons not to go that route as well.
1. https://postalinspectors.uspis.gov/contactUs/faq.aspx
2. https://help.cbp.gov/app/answers/detail/a_id/114
3. https://about.usps.com/securing-the-mail/best-practices.htm
Whoa, that's news to me. I didn't realize that any class of mail besides First class is considered to not contain private correspondence.
Orders over 13 oz could simply be split into multiple sub-13 oz shipments, although then that means a possible increased risk of detecting a package.
Millions of people know this and routinely check them for good deals, the propaganda machine has failed to make them "scary"
cheaper than listing on ebay.
Its just cheaper mate
All DNMs offer an expanded audience and borderless payment system that wont freeze your account
That's a pretty big number, would be curious if based on anything more than a guess.
sometimes they even list! lower fees than Ebay. Maybe Ebay and Amazon write those Ask Reddit posts about the "scariest thing you've seen on the dark web" to perpetuate that its scary.
<google google google>
It's from 2003.
https://www.goodreads.com/quotes/681-the-future-is-already-h...
https://en.wikiquote.org/wiki/William_Gibson#Quotes has a citation for him saying it in '99 and an unsupported assertion that it might have been said in '93. I've been hearing this long enough that I believe the '99 date, but I'm skeptical about '93.
And I would have gotten away with it too, if it weren't for you meddling kids and your damned dog...
-- Old Man Big from The Haunted Amusement Park
Most open marketplaces on the internet, not just darknet markets, provide reputation systems for this purpose.
Even Amazon has a review and rating system in place, which was integral towards building initial trust with its buyers and sellers.
But you can protect yourself. Whenever you have a new batch of some street drug, you test with a small dose. Maybe 10% of what you'd normally use. If it's too little, test with maybe twice as much. Waiting as appropriate, if tolerance is an issue (as with LSD). And then use what you need, to get the desired effect.
In most cases, bad drugs are either cut way too much, or adulterated with some other drug. But it's pretty rare for someone to be selling outright poison. So maybe an amphetamine in the MDMA or LSD. But nothing that's likely to kill at 10% of a typical dose.
The one key exception is fentanyl. So yes, some idiot may indeed sell you heroin (or even cocaine) containing too much fentanyl. However, you can still protect yourself by initially testing a small dose.
This is one of the reasons I hugely support legalized drug testing, and having law enforcement keep out of the way of drug testing orgs, because it's a public health risk.
Reagent testing kits are pretty easy for the individual consumer to buy (legally) and test their substances with before use.
In the UK, the charity The Loop is making great strides with testing and harm-reduction awareness, they've been running stalls at large festivals for a few years now and have a few permanent centers in large cities. When they discover drugs being sold with dangerous adulterants, they make it known on social media, and relay the info to paramedics and welfare. Has definitely saved a few lives!
And yes, using traditional shipping systems is a serious problem for old-school dark markets. I've thought off and on for several years about the potential for using dead drops with accurate GPS. I mean, geocaching. Many years ago, when I was dealing LSD, it was pretty common to use dead drops. But then, they were typically rental lockers in bus and train stations.
I agree that ubiquitous surveillance is a problem. However, it's ~clueless customers and low-level distributors who'll most likely get pwned. And they won't know anything important about the operation overall.
Anyway, time will tell.
INTERPOL has made some large busts in the past, but afaik it always has come down to failure to maintain proper OPSEC.
There's also the issue of possible directives in the future to prosecute customers en masse after major domestic busts using backlogged USPS analytics. As traffic obfuscation methods continuously improve, the economics of such directives will begin to look more and more reasonable when the goal is not to stop trade directly, but by establishing fear with precedent.
The problem with dead drops is that on a large scale where the level of trust is sufficiently low, it inevitably requires an escrow and resolution system with human moderation. And then you've just centralized trust instead of circumventing it. Dropgangs in the form described by the article do not provide the full package.
The article itself claims dropgangs and off-market platforms are the future and then goes on to state:
> Cryptocurrencies are still the main means of payment, but due to the higher customer-binding, and vetting process by the merchant, escrows are seldom employed. Usually only multi-party transactions between customer and merchant are established, and often not even that.
The author doesn't seem to make the connection that higher levels of trust means less scalability. The success of these platforms however is directly related to their scalability. Yes, this is a dangerous, criminal activity for both parties and I definitely do not appreciate the explosion in popularity of these kinds of markets. I have seen regular people get serious federal prison time due to the Dunning-Kruger effect.
The barrier for entry is much higher for new distributors as well, because A) at this membrane exists highest ratio of undercover law enforcement and B) establishing initial trust is key to something like dead drops, which typically will involve high-dollar, distributor-to-distributor transactions. Open markets help to facilitate initial trust-building by providing a trustworthy platform.
Side-channels for reputation like posting cryptographic proof on darknet forums isn't scalable or reliable.
And security deposits without a third-party adjudicator just move the trust issue around without eliminating it.
One ideal solution could be a cryptocurrency with on-chain confirmation of the real-world transaction by both parties after the fact.
When both parties to the transaction can point to a series of successful transactions through a web of trust, then the central marketplace for reputation or escrow is no longer needed.
How do you prevent merchants from just creating a thousand fake transactions to make them look reputable?
You give the greatest trust to reviews provided by the anonymous identities you have transacted with.
You give progressively less trust to reviews by identities 1, 2, ..., n hops away from those you have transacted with.
If a merchant creates 1000 sock-puppet consumers, they won't be reachable from your trust network, so you'll give them little if any weight.
I don’t quite follow. Consumers deal with merchants. Consumers give reviews to merchants. So the anonymous identities you mention will be customers that I don’t know. Merchants won’t review each other, I presume.
In other words, as I understand it, the “anonymous identities I’ve transacted with” will be merchants, who don’t review other merchants.
> If a merchant creates 1000 sock-puppet consumers, they won't be reachable from your trust network, so you'll give them little if any weight.
What if do a successful deal with this merchant? Will I then trust that all those 1000 fake transactions took place? And will the people who trust me also believe that?
https://www.offthegridnews.com/privacy/vast-postal-surveilla...
http://www.washingtonpost.com/wp-dyn/content/article/2008/02...
It is likely that forums and merchants develop best practices to solve this problem. There is the potential that merchants will start to issue “proofs of sale” in a cryptographic form, that customers then use to make statements about the performance of the merchant in public forums.
Could a blockchain or some other kind of public ledger be used to create a public sales rating record? I don't see how such a thing can respond to spamming and deliberate manipulation, however.
Another thought I just had: could some combination of drones and self driving cars revolutionize dead drops?
(Number of bitcoin on the address times time it’s been there.)
The history is way off here, Silk Road was one of the first two completely public darknet markets (the other being the short-lived Open Vendor Database) but there were private darknet markets long before, e.g. The Farmer's Market.
> Use of the Internet to facilitate the marketing and sales of physical goods - drugs, weapons, false identification papers - began latest in the late 1990s, but usually focused on local geographic markets in major cities. This was due to the fact that payment and delivery still required in person meetings.
Not so, back then and still to this day drug dealers simply throw a stack of cash in the mail. The clearnet markets for "research chemicals" all operated this way and went basically unchecked until Operation Web Tryp in 2004, which began an era of harsher enforcement of the Federal Analogue Act.
And its OPSEC was over-the-top lame. I mean, Hushmail?
But then, DPR was also very sloppy.
However, I did not research criminal court records. Accessing that data is nontrivial, especially for someone using a pseudonym, who can't show up physically, has no ID, and can't pay with a mainstream credit/debit card. Few, if any, courts accept Bitcoin etc.
Also, I made no effort to check for parallel construction, except by looking for inconsistencies among published accounts of investigations. And I do understand that the US DEA's Special Operations Division (SOD) funnels information from the NSA, CIA, etc to federal investigators.[1] With the understanding that "the utilization of SOD cannot be revealed or discussed in any investigative function".[2] And that includes outright perjury, if necessary. Just as we've seen regarding the use of Stinger intercepts.
It's hard to say whether people who know tradecraft well just prudently avoid running dark markets, as you say. Or whether they do, but don't get caught. Time will tell, I guess. At least, if remaining ones do get busted. But if they don't, there's the implication that the operators practice good OPSEC. Or, that they're honeypots ;)
0) https://www.ivpn.net/privacy-guides/online-privacy-through-o...
1) https://www.deamuseum.org/wp-content/uploads/2015/08/042215-...
2) http://www.reuters.com/article/us-dea-sod-idUSBRE97409R20130...
> Now, goods are hidden in publicly accessible places like parks and the location is given to the customer on purchase.
Then the merchant can wait and see who picks the package. The merchant might be someone with a machete.