It's a dark time on the Dark Net. This Tuesday the FBI shuttered Silk Road, a drug market that operated for more than two years with impunity. The Silk Road helped popularize the Dark Net as the Mall of Anarcho-Capitalism, where illegal drugs, stolen credit cards, child porn and weapons are traded openly. But a series of high-profile busts has seriously undermined the premise of the Dark Net.
In fact the mood on the shadow web went sour weeks ago. "There's been so much doubt about it recently," I was told by a guy who calls himself Heisenberg 2.0 last week, before the Silk Road fell. Heisenberg has been directly affected by the Dark Net blues. He was the former social marketing maven for the underground online drug market Atlantis, a Silk Road competitor, but now he's out of a job. Atlantis abruptly shut down last month, citing "security reasons", in a move that now seems eerily prophetic.
In the days leading up to the Silk Road bust, even some Silk Road administrators were voicing doubts about the Tor Network, the technology on which the Dark Net rests. "I was reading some Silk Road administrator saying, 'Seriously, this is not suitable for the purpose anymore and they needed to work on something else,'" Hesienberg said. This Tuesday, the FBI announced they'd tracked down Silk Road's alleged mastermind, 29-year-old San Francisco geek Ross Ulbricht, who went by the handle "Dread Pirate Roberts."
"I guess the last words Atlantis admins said about DPR being in way over his head ring more true now," Heisenberg said today over email.
The Silk Road postmortems have delved deep into the technical details of the FBI's affidavit, but the story of Silk Road is more a classic tale of hubris than futuristic hacker-noir. Silk Road used the Tor Network, but nothing about the bust suggests Tor has been broken. Tor protects internet users' identities by shuffling traffic among many servers in a high-tech shell game. It is used by activists and journalists and drug dealers who want to remain hidden online. Even the NSA can't break the technology, though they've tried, according to new documents revealed by the Guardian.
Silk Road used Tor's Hidden Services feature, which lets operators host their sites without revealing their ip addresses. Only other Tor users can visit Tor Hidden Services, which all use the odd .onion domain. The collected .onion sites form the Dark Net. (Or Deep Web, or Deep Net, there are a lot of names.) Anyone can visit the Dark Net by installing the Tor Browser bundle, which takes about five minutes.
Silk Road's downfall was not embedded in the Tor Networks' code, but in the unrealistic hopes Tor inspired in people like Dread Pirate Roberts: The Dark net is built on the irresistible cyberpunk premise that tech-savvy users can be simultaneously extremely visible and entirely anonymous online. Full capability, no responsibility. Ulbricht was perhaps the most vocal proponent of the Dark Net's utopian/dystopian promise.
"Stop funding the state with your tax dollars and direct your productive energies into the black market," he told me in an article I wrote about Silk Road in 2011, which first brought it to public attention. Ulbricht appears to have been strongly influenced by the free-market economist Ludwig Von Mises, who believed "there is no kind of freedom and liberty other than the kind which the market economy brings about." For Ulbricht, Silk Road was a revolutionary political statement as well as a hugely profitable business. On his LinkedIn profile he described his current project, presumably Silk Road, as an "economic simulation to give people a first-hand experience of what it would be like to live in a world without the systemic use of force."
Before Silk Road, the Dark Net was small and scrappy, much like the regular Web in the early 90s. At the beginning, only a few hardcore criminals and privacy-obsessed geeks knew about it. Sites were hard to find and poorly maintained. That all changed when Silk Road launched in February, 2011. Where previous Dark Net users relied on obscurity as much as technology to keep them safe, Silk Road brazenly announced itself to the world. Dread Pirate Roberts advertised the new "Amazon for drugs" on forums, and gave me an interview where he boasted of the site's robust community.
Silk Road tapped into a widespread fantasy. After that first article, hordes of people who barely knew how to use an iPhone app were learning about the Tor Network and the cryptocurrency Bitcoin, the only money good on the Road. Bitcoin prices soared, and if I had a Bitcoin for every email I've received from some aspiring internet drug consumer inquiring about the URL of Silk Road I would be rich as a Winkelvoss. New York Sen. Chuck Schumer also learned of the site, though, and he called on the DEA to shut Silk Road down. But months went by and Silk Road grew and the myth of the Dark Net grew with it. A paper estimated Silk Road was hauling in $22 million per year. Competitors sprung up.
The Dark Net developed in tandem with Silk Road. New services like Tormail and a Tor Reddit clone came only after the influx of new users attracted by news of The Road. An outfit called Freedom Hosting became the Dark Net's first dedicated hosting service, making setting up a new Hidden Service as easy as securing an invite. By 2013, the Dark Net seemed as permanently fixed to the underbelly of the "clearnet" as a shadow. When Atlantis announced the launch of their Silk Road competitor this summer with a slick viral video and an aggressive social media campaign, it underscored how secure the Dark Net felt to its users. This, even though the Tor Network's own developers have always made it clear that it is not a silver bullet for privacy.
"Keeping an operation like Silk Road going, while staying anonymous, means you have to do an enormous number of things right, and one slip-up is all it takes," said Roger Dingledine, director of the Tor Project. But what's a warning like this compared to $22 million a year and the promise of a Libertarian cyber-utopia?
The first shock came in July. Freedom Hosting was dismantled as part of an international child porn investigation and its alleged owner arrested in Ireland. Because Freedom Hosting was so popular, huge swaths of the Dark Net went black, including Tormail, the favorite mode of communication for Silk Road dealers. With Freedom Hosting gone, the Dark Net was immediately diminished.
"Now even small sites have to do the hosting themselves," said BTCX, the proprietor of OnionNews, a regularly-updated Dark Net news blog. "I noticed a lot fewer people coming to my website."
More important than the blow to the infrastructure, the Freedom Hosting bust shook Dark Net users' confidence in Tor's Hidden Services. Earlier this year, a paper from three researchers at the University of Luxembourg outlined a new technique for de-anonymizing Hidden Services. Called "Trawling for Tor Hidden Services: Detection, Measurement, Deanonymization," the paper came to the unsettling conclusion that "attacks to deanonymize hidden services at a large scale are practically possible with only a moderate amount of resources." Although the FBI used a technique that attacked the Tor Browser rather than the Network itself, the bust gave legitimacy to the idea, already bubbling up on Dark net forums and social media, that the Dark Net wasn't as dark as widely believed.
People began fleeing the Dark Net after the Freedom Hosting bust. One person especially spooked was Chisquare, the owner of the old-school Dark Net site All You're Base, and author of an early guide to Hidden Services. Chisquare announced in August he was moving his entire operation to i2p, a less well-known anonymity network.
"Tor Hidden Services are pretty much abandoned by the Tor Project, there have been studies pointing out systemic design flaws and things are starting to heat up with the whole alleged Freedom Hosting bust," he wrote.
The Tor Project disputes Chisquare's gloomy picture. "Hidden service development hasn't been abandoned," said Tor Project Development Director Karen Reilly. "In fact, we just got started work on a simplified installation process." Reilly acknowledged weaknesses with Tor's Hidden Services, but argued that attacking "server software" and "taking advantage of user behavior" is easier than defeating the Tor Network itself.
Chisquared and Reilly represent two competing takes—pessimistic and optimistic—on the recent turmoil on the Dark Net. Each has vastly different implications for the future of the Dark Net, and anonymity on the internet in general. Much of the tech press has optimistically echoed Reilly, framing the Silk Road takedown as the result of Ross Ullbricht's sloppy security practices. Most notably, Ulbricht left a comment on a programming forum using a handle easily linkable to his real gmail account. Slate called it "the bonehead mistake that brought down an online drug-dealing empire."
The idea is that someone smarter than Ulbricht could run Silk Road safely as long as they were impeccable about protecting themselves. Ulbricht was careless and so the FBI could simply connect the dots, like any old-fashioned investigation.
Then there are the Chisquares, who see the problem as more fundamental. The imperfection of the Tor Network isn't something that can be overcome by a smarter drug lord. It's an unavoidable achilles heel that the Feds, or whoever, will always be able to strike, if the target gets big enough to be worth their time.
International Computer Science Institute computer security researcher Nicholas Weaver speculates that the takedown was the result of a rather sophisticated FBI hack attack that neutralized Tor, rather than Ulbricht's "bone-headed" mistakes. His guess, based only on a close reading of the affidavit, is that the FBI's hackers were able break into Silk Road's server directly, tricking it into transmiting its locations in the clear, circumventing Tor's protections and de-anonymizing it. This version of Silk Road's demise suggests no amount of precaution can keep a high-profile target safe.
"Tor is still solid, but web servers and clients aren't," said Weaver. "If someone is motivated enough, they will probably find a way to compromise the server, and once they compromise the server, they can identify the server. Anyone who tries to run a Silk Road copycat will probably face the same problems."
I buy Weaver's take. The lesson of the Silk Road takedown isn't that Ulbricht was sloppy about security. It's that the idea of a world famous, anonymous illegal market is fatally contradictory. Ullbricht made some technical mistakes, but his biggest one was conceptual: buying his own hype that high-tech tricks would let him implement a radical free market fundamentalism that could never work politically. The extent to which he was enthralled with the amorality of the free market is suggested by the two hits he allegedly ordered to protect his creation.
The Dark Net as an extension of Ullbricht's libertarian dream is dead, but the Dark Net itself will persist, albeit in a quieter, more parochial form. Many reports have noted that Silk Road dealers have scattered quickly to smaller knockoffs, a sign of resilience, if not strength. BTCX of OnionNews believes that the post-Silk Road Dark Net will eventually regroup and be more robust than ever.
"Busts will just make sure it's way more decentralized in 1-2 years, with even more users because of all the press lol," he wrote.
But in the same email BTCX acknowledges the real blow delivered by Dread Pirate Roberts' downfall. "DPR was an idealist and a hero, and people knew he would never scam them or hurt them in any other way," he said. Who would want to be the next Dread Pirate Roberts, and, given DPR's fate, who would want to follow him? The Dark Net was always an idea as much as a technology, and that idea is compromised, even if the technology proves to be bulletproof.