The Silk Road, for all its clever uses of security protections like Tor and Bitcoin to protect the site’s lucrative drug trade, still offered its enemies a single point of failure. When the FBI seized the server that hosted the market in October and arrested its alleged owner Ross Ulbricht, the billion-dollar drug bazaar came crashing down.
If one group of Bitcoin black market enthusiasts has their way, the next online free-trade zone could be a much more elusive target.
At a Toronto Bitcoin hackathon earlier this month, the group took home the $20,000 first prize with a proof-of-concept for a new online marketplace known as DarkMarket, a fully peer-to-peer system with no central authority for the feds to attack. If DarkMarket’s distributed architecture works, law enforcement would be forced to go after every contraband buyer and seller one by one, a notion that could signal a new round in the cat-and-mouse game of illicit online sales.
“What doesn’t kill you makes you stronger,” said Amir Taaki, one of DarkMarket’s creators and the founder of the anarchist group Unsystem, in a short speech at the Toronto Bitcoin Expo unveiling the project. He compared DarkMarket’s improvements on the now-defunct Silk Road to the advent of Bittorrent, a decentralized technology that revamped Napster’s more vulnerable model of filesharing and flummoxed copyright enforcers. “Like a hydra, those of us in the community that push for individual empowerment are in an arms race to equip the people with the tools needed for the next generation of digital black markets.”
DarkMarket, Taaki and its other developers admit, is still just an experimental demonstration. They have yet to integrate anonymity protections like Tor into the software; currently every user’s IP address is listed for every other user to see. And black market enthusiasts shouldn’t expect DarkMarket’s creators to finish the open source project themselves any time soon–Taaki says he’s focused on polishing his anonymous Bitcoin software project Dark Wallet, and his co-creators Damian Cutillo and William Swanson say they’re tied up with their own Bitcoin startup known as Airbitz.
“This is just a simple prototype, but we wanted to show people that it’s possible,” Taaki says. “But this is going to happen. If not us, someone else will do it.”
Taaki argues that DarkMarket’s code, posted to GitHub, already has all the basic ingredients that made Silk Road a giant underground success: the ability for buyers and sellers to communicate privately and make payments to each other, pages where sellers can show their wares, a reputation system for sellers with ratings and reviews, and an escrow system that protects payment until goods are received by the buyer. “And it’s all totally decentralized,” says Taaki.
Achieving those functions, while also preventing scams and fraud, is no simple task. Two of DarkMarket’s creators, Swanson and Cutillo, gave WIRED a demo of the software along with a step-by-step explanation of how a typical deal would go down. What they revealed is a Rube Goldberg machine of checks and balances designed to prevent users from cheating each other, without ever requiring oversight from an administrator or other authority figure.
Here’s how it works:
A user downloads the DarkMarket software, which runs as a daemon in the background of the user’s operating system, allowing them to connect to the DarkMarket network through any browser. The DarkMarket daemon incorporates a library of commands for peer-to-peer networking known as ZeroMQ, which allows the user’s PC to become a node in a distributed network where every user can communicate directly with every other user.
Any DarkMarket user can become a seller on the market simply by editing an HTML file that DarkMarket designates as his or her seller page, adding pictures and descriptions of items for sale just as he or she would on the Silk Road or eBay. (For users with nothing to sell, the page remains blank.) Buyers can browse the market by clicking on other users’ DarkMarket nodes or search for a seller’s nickname to view their seller pages. At the moment, DarkMarket displays only a bare IP address for every user, but the system’s creators say it will eventually show a pseudonym for each one and also allow product searches.
When a user wants to buy something, he or she sends an order message (“I’ll take ten of your finest MDMA doses”) to the seller. If the seller agrees, the buyer and seller together choose what DarkMarket calls an “arbiter.” Since the market doesn’t have any central authority, the arbiter’s job is to settle any disputes–to serve as a tie breaker in any stalemate that might arise if the deal goes sour. Both the buyer and seller can keep a list of approved arbiters, and one will be chosen at random from the overlapping names on their lists. “The arbiter is just another peer on the network,” says Swanson. “Just as anyone can be a buyer or seller, anyone can be an arbiter.”
Once the buyer, seller and arbiter for a transaction are chosen, DarkMarket creates a new Bitcoin address that will serve as the escrow, holding the buyer’s money until the transaction is complete. But this isn’t any run-of-the-mill Bitcoin address; It combines the three users’ public encryption keys, created based on a private encryption key generated when they installed DarkMarket, to offer what’s known as a “multisignature” address. That address is designed so that once the buyer’s bitcoins go into it, they can only be moved again if two out of three of the parties agrees and signs that transaction with the private key that controls their Bitcoins.
The buyer moves his or her money to the escrow address. If the product is shipped and arrives, the buyer and seller both sign a transaction to move the escrowed bitcoins to the seller. If the product doesn’t arrive–or if it’s defective, or some other dispute arises–the buyer and the seller may both try to move the bitcoins into their own account. In that case the arbiter can choose which transaction to sign, which determines where the coins end up. The arbiter can also demand a payment for his or her services, which would be split off from the bitcoins.
After a transaction, every participant can leave ratings and reviews for every other participant. Those reputation measurements are cryptographically signed with the writer’s private key so that they can’t be forged, and copied to other nodes on the network. When a user visits a seller page, the ratings and reviews for that seller are pulled from other nodes to display the seller’s track record, preventing fraud and rewarding good customer service.
To create consistent identities and prevent untrustworthy users from impersonating trusted ones, DarkMarket nodes keep a list of all the public keys and nicknames of every user on the network. This ledger of names and keys is periodically put through a cryptographic function known as a hash and added to the Bitcoin blockchain by including it in a small transaction. That trick prevents anyone from altering the ledger to steal someone’s identity; When a user searches for a nickname on DarkMarket, the software looks at the blockchain to check the user’s key against the ledger before displaying that user’s seller page. (So far, Taaki has added DarkMarket’s identities to the Bitcoin blockchain manually, but he says he plans to automatic the process.)
If DarkMarket improves and catches on among contraband traders, it’s not exactly clear what legal risks Taaki and his fellow coders might be taking. Taaki argues that he’s merely distributing a program–not running a criminal conspiracy. “I’m just a humble coder,” he says. “Code is a form of expression. You can’t imprison someone for speaking an idea.”
And if the creators of a fully peer-to-peer black market were to be locked up? If all goes according to plan, their leaderless community would go about business as usual.
Here’s a video made by an audience member at Taaki and Swanson’s presentation of DarkMarket at the Toronto Bitcoin Expo.
Author: Andy Greenberg
Short Link: http://drk.li/27