1240
We are Darknet Solutions. We build & host darknet (TOR) sites, and we've been around the darknet for over 2 years! What an interesting journey it has been, AMA!
Bio: We started just over 2 years ago designing websites for clients and hosting it on Freedom Hosting. After FH went down (for good reasons) many parts of the darknet were left void, but there were plenty of people that still had their RSA keys. So, we contacted who we could about their sites and sure enough a few of them were interested.
We slowly built up our services offered and team to what we have today. We run a .onion server to host our clients sites, offer design and mockup services for vendor and markets, and we even have our part in designing some upcoming darknet markets and resources.
We just started offering our services to the public without a referral 2 weeks ago, and since then have established a clearnet site for customers that don't want to get on TOR (even though they want a TOR site - yes, this happens quite often).
We've done everything except build an entire public market from scratch - we have built some private markets, dozens of vendor sites, existing marketplace additions or features as well as optimization, and many of the darknet resources you'll find on /r/onions.
Over the last 2 years we have saw drama and mystery and suspicious like no media outlet could offer.
Stories of corruption, stories of murder (attempted), stories of over $100,000,000 USd being stolen and never found, stories of people simply disappearing.The last 2 years of the darknets fight with (mostly) the US government, NSA spying, TOR breaches and zero-day exploits, and even some illegal and dirty work by our own FBI to shut down the largest online blackmarket under very suspicious conditions, at points blatantly lying to the public.
We're not here to rant about politics or markets or any thing specific, we'd just like to share what we have learned over the last 2+ years of wandering the darknet.
And by we, it's a three person team, all of which have been together long before our interest in the darknet.
EDIT We didn't think about it, but for team member specific questions here's an anonymous reference:
Adam - Admin/Client Relations
Brian - Web Design & Mockups
Chris - Backend Coding & HostingProof:
https://darknetsolutions.com/reddit.php
http://darknet47je5xwm6.onion/reddit.phpUPDATE: Logging off for a few hours, I'll be back on later today.
UPDATE: We're Back!
darknetsolutions103 karma
Yes and no. Many users assume they can download TOR, install it, and they are 100% safe. This is not the case.
Generally (and why is beyond us) TOR defaults to allowing all scripts. Disable this. This prevents any scripts from being executed on the clients side such as JavaScript, Flash, ect.
Another thing you can do is run TOR over a VPN (virtual private networks).
Silk Road 1 going down was quite interesting. We lost just under a thousand in escrow, although we only sold petty objects such as silk road memorabilia, 3d printed items, glassware and grinders with the SR camel logo.
At the time we had a few large orders of bongs going out through the USA and that costs us some funds, but nothing critical.
Then the Sheep Market scam was interesting to watch over on /r/darknetmarkets. I think over One hundred million USD in BTc were stolen.
Books! Good way to pass the time.
Adam: I don't read much actual literature, if I had to go with something I'd say Adventures of Huck Finn.
Brian: Zombie Survival Guide. Not the best author, but it's been my favorite book even after that horrible movie we dare not speak of.
Chris: Hunt For Red October.
You're very welcome!
craftkiller14 karma
To clarify: the TOR browser bundle leaves scripts enabled, not TOR itself. TOR is just the router, the browser bundle is TOR built in to Firefox to make it easier for people to use it.
darknetsolutions8 karma
My bad.
Yes, the TOR browser (which has had hundreds of updates) still has the default to script on.
Click the S! icon just to the left of the URL bar and select "Forbit Scripts Globally".
ThatCoolKidcalledPat73 karma
Has there ever been a site you refused to host? If yes, why did you refuse to host it?
darknetsolutions134 karma
Yes, any sites that deal with exploiting children. That's the only type we do not allow, although we are not eager to host any type of porn sites.
darknetsolutions104 karma
No problem.
We also refuse mercenary/hitmen sites, but that's actually never came up.
darknetsolutions11 karma
Well, problem with stings on the darknet is you cannot filter where visitors originate.
While they could prosecute people in their own country, we're not sure of the ramifications of setting up a sting against citizens of other countries.
Most are scams, you rarely get a prank onion site (unless it just calls itself a prank in lieu of scam).
Sugar_buddy51 karma
So what is your personal definition of the term "darknet?" I've heard of it but I honestly have no idea what it is.
darknetsolutions82 karma
The part of the internet that is not accessible by standard web browsers, and require some form of authentication and encryption to access providing the users with anonymity.
This covers I2P and TOR, as well as Freenet.
darknetsolutions43 karma
Over time: We have no idea. The network seems to be capable enough as long as people don't host multimedia sites.
In the short term: Yes, Yes, and Yes. You can get a TOR identity that loads at around 10kbps (a quarter of the speed of 56k), and some identities that load pages very quick.
It depends on which TOR nodes you are connected though, sometimes a few ID switches can find a bad connection.
Same goes for onion sites too - if the site is being hosted on nodes that are slow, it doesn't matter how fast your connection is: the site will still be slow until it hops to another connection that is faster.
darknetsolutions81 karma
The disinformation spread mainly by US authorities, and malicious activity.
darknetsolutions13 karma
That too.
Many markets holding vendor and vbuyer funds have been "hacked" in an impossible way, meaning the owners ran with the funds and blamed malicious activity.
It's still thought this is what happened on SR1 before they had second thoughts.
darknetsolutions55 karma
php, html5/css3, mysql and limited JavaScript (usually only to tell users they have JS enabled).
DStoo16 karma
How do you feel about CSS3's extended abilities in a Scriptless browser?
It sounds like you're designing websites for the 1995-2003 era. I hate how every web dev assumes I have room to download a 400 kB uncompressed JS file of which they use 1 function out of to click a form. But Javascript was sometimes a necessity to make things look good. Now it looks like a lot of things can be done in CSS3.
If you're behind some websites I use you've made great use of modern HTML5/CSS without bringing along the bloat/insecurities of Javascript. However have you run across into any HTML5/CSS3 security holes?
darknetsolutions12 karma
We like it, but don't use it unless the clients need us to. Honestly TOR sites are not the place you'd be exception (or wanting) animation like CSS3 offers, like you said most are looking for a fast 1995 era site.
But we still use CSS3 plenty in lieu of JS seeing as most TOR users (we hope) disable JS for styling reasons.
Hopefully we've designed a few of the sites you use, but we are also cautious of any security exploits for them. While the additional features are nice generally the sites we've designed (that are small for single clients) are usually basic 1995 - 2000 era code, no fancy css3 or styling.
DStoo7 karma
I wasn't talking from a "OO wow animated" standpoint but just from an attractive, clean and good looking website. I've seen some absolutely gorgeous CSS3 sites that worked across multiple platforms. (Thank God we don't have IE6 for the most part, and anyone intelligent enough to use Tor can figure out Chrome)
darknetsolutions8 karma
Unless the customer asks for the site to be visually improved usually we leave this alone.
darknetsolutions39 karma
We can't say specifically since we do keep client anonymity.
But the most interesting was what turned out to be an ARG. Apparently someone thought it be interesting to draw users into a online game with .onion sites, so they bought a few and without telling us had some very....odd....photos posted. Nothing illegal, just very disturbing.
Grotesque shapes and creatures, although no gore.
Naturally on first thought we halted the site and contacted them when we found it in our monthly audit, and got everything cleared up quite quickly (within a few hours).
Mikav4 karma
While I respect your policy for keeping client data private...
Anyone wanna PM me the address? I love stuff like this.
darknetsolutions12 karma
That was a year ago, the sites been long gone now. They only paid for 6 months of hosting while it played out.
Not sure what the actual game was, just that when we asked about the gore they showed us their plan and sites.
two_off32 karma
Do you ever get contacted by authorities for information about your clients?
How informed do you find that potential clients are when they want to start up on the darknet?
darknetsolutions46 karma
Not yet, no. We went with a hosting company for the clearnet site, so there is a chance that might be taken down but we doubt it.
We have had customers asking about our clients, as well as customers asking about personal information of vendors which we obviously don't have, and if we did it would not be something we share.
We have had contact with authorities: anonymous emails any time we find a child pornography site. We also refuse any contact with those that are looking for CP sites, and it is sickening how many there are.
Generally we find clients that are already selling on the darknet, and know most of the absics for using it in a safe manner. But there's the occasional "I have $50 and want a vendor site and market accounts, help me" that we simply have to explain it costs much more than that.
The largest issue is some new vendors assume our vendor sites means they get market accounts, and are upset when we correct them. You'd be surprised how many people want to become darknet vendors but don't want to pay any money for vendor accounts.
darknetsolutions11 karma
For a full vendor shop, we charge $40 USD monthly for hosting (discounts for 3,6,12 months) plus any additional services ordered.
The basic price doesn't include bitcoin integration or automatic ordering, but it does give you a operable CMS system for showcasing your products and making manual orders.
Prices are in USD, and it seems we forgot our payment data: Bitcoins & Darkcoins (and more to come).
darknetsolutions3 karma
We're still waiting to expand into those types of domains. As we currently have no server for hosting them, we do not want a site on a network we cannot yet host on.
gankindustries26 karma
How much coding experience do you and your partners have?
Has your knowledge improved while in this field?
What did you do before you built and hosted TOR sites?
What was your favorite project that you've worked on (without giving away too much)?
darknetsolutions43 karma
We each have between 8-12 years and have professional careers in web development.
It has greatly improved, we just wish this was available a decade ago when we were still paying off student loans.
Same thing we do now: work as legal web developers.
One of our current ones - it's a website based off one of the Archer FX series characters.
darknetsolutions9 karma
Owner says he's not getting into vending and just aiming it a static archer site, no relation to the darknet markets. Also says no problem posting it since it doesn't have to be private anymore.
Also a forum here but client says he doesn't want to pay for both sites, probably just keeping the ascii one at a discount since it's low resource.
http://krieger2g7smvd5n.onion/
We'd like to stress we did message the owner/client about this prior to posting it.
They gave us permission to post the URL on this thread of both their sites.
Seanachaidh26 karma
What've been the highest and lowest points you've been through since starting this service?
darknetsolutions40 karma
Highest would be when bitcoins hit $1,200 and we cashed out some of our funds.
Lowest would probably be when Freedom Hosting went down, many of our favorite sites went down as well.
However it was shut down for good reason (hosting the majority of CP on TOR).
Joeskyyy20 karma
Out of curiosity, do y'all do anything with other "darknets" such as hyperboria and the like?
I'm so extremely fascinated with how all these things are starting to explode, it's great (: Thanks for the AMA!
darknetsolutions46 karma
We tried I2P for a time but it just didn't get any customers, but we haven't ventured out any further than TOR and I2P.
It is great to see so many darknet sites come from the takedown of SR1.
"If you cut off one head, two more will grow in it's place"
HAIL HYDRA
Joeskyyy11 karma
Neat! Y'all should check out the work that goes on over at /r/darknetplan (: Lot's of crazy ideas and fun times over there!
darknetsolutions9 karma
Looks interesting, although how anonymous is it?
Still reading over the getting started guide.
Joeskyyy12 karma
Quite anonymous, routes are all handled through an open source routing protocol.
The idea behind hyperboria is that you would eventually be able to access this without an actual internet connection.
You may have heard the term "meshnet" before, hyperboria is supposed to be part of a huge world wide meshnet.
The only way you can actually establish a connection to it is by knowing someone who can give you a key access to one of their meshnet servers. After that, you can't even see the hops that happen between you and the destination. All traffic is encrypted from end to end as well! Pretty damn neat. Haven't found a way to expose anything yet!
I'd recommend trying it out locally on say 2 servers, and see if you can establish a connection. This can be done over a public internet connection and just creating a tun interface. (Linux here of course).
_TheMightyKrang_16 karma
For anyone wondering, 'eggs in a basket' is where you cut a circle out of the middle of a slice of bread, then crank open an egg and fry it in the middle. Ends up as fried egg and toast together.
darknetsolutions9 karma
Best part is dribble some butter and honey on the circle and fry that with it. Best part.
darknetsolutions5 karma
Edibles are. We've never ordered any, but we have tried some medical edibles and they are amazing. Very, very potent in our case.
EDIT: Replied to the wrong comment, sorry.
It is amazing.
darknetsolutions17 karma
Well, we never offered our services to the public until after the fall. however the small items (compared to some other vendors, our loss was around 0.5% of what large vendors lost) did make us think twice about using markets.
One of the first markets we assisted with was Budster, although we only deigned the theme. It's a shame the site turned out to be a scammer site.
We no longer sell items on the markets, and the income from web services is enough for us to enjoy our free time with our families and pad our income.
It's also taught us to embrace multisignature escrow in case this happens to another market.
darknetsolutions12 karma
We use the digital signature part much more than its counterpart in generation of custom onions and bitcoin addresses, but that's about it.
darknetsolutions27 karma
There used to be a grilled cheese sandwich on Silk Road, although there are THC edible vendors that sell cakes, truffles, candies (seriously, south patch kids and reeses cups), and other cannabis infused food.
Not sure how it would hold up in the mail though....
Anon-sama9 karma
Which is the better brand of peanut butter, Kraft or JIF? Also crunchy or smooth?
StinkyGeek8 karma
Does running a TOR node constitute facilitating child porn or has the alleged facilitator been framed by the FBI?
'The High Court has refused to allow an Irishman described as "the largest facilitator of child porn in the world", to take a legal challenge against the DPP's decision not to prosecute him in Ireland.'
darknetsolutions8 karma
It does not constitute facilitating it in the US unless your exit node is traced to being a source of CP.
We've never ran a exit node non-anonymously so we don't really worry though.
xNS57 karma
Where can I find tor directories with sites that work? I tried opening many links, and all didn't work.
darknetsolutions6 karma
http://vault43z5vxy3vn3.onion/wiki is a great place, we actually designed parts of the site although mostly just hosting it.
NorthDPole7 karma
Thanks for the AMA. some questions:
What's your most usual website requests? Are you using any popular cms or are you developing your own? In your website is see that the subdomain generation takes time and is based on the number of letters can you explain why that's different than a normal subdomain where you have to only update the dns?
finally "Hardened Gentoo with PaX,SELinux, & TPE Enabled" <-- That's some properly secured servers right there Do you have any custom modules for monitoring or security?
darknetsolutions3 karma
Most popular seem to be Vendor shops.
We prefer to use existing CMS or custom ones built on bootstrap.
The generation is for full domains like dpolezbmujmbcqze.onion and dpoletuchcwxcmvc.onion, which require that many different private keys be generated until the script (scallion) finds a matching one.
For the ones above this was nearly instant with a query of "dpole", but adding more custom letters makes it exponentially harder and thus longer.
But we do have subdomains working, meaning that you can have something like north.dpolezbmujmbcqze.onion
We don't have many custom modules other than a few that let customers know they are going over resource caps, alerts us, and send them a BTC invoice.
its2ez7 karma
If there was one thing about the "darknet" that seems to be understood by people who frequently use it, but isn't really made public, what would it be?
darknetsolutions13 karma
I don't think the number of people that utterly hate all aspects of child abuse/CP and use TOR is accurately portrayed to the public.
The majority of community members are actively against it, it's one of the only thing you can get dark net surfers to actually report, and nearly all .o0nion hosts ban this meaning that most CP is hosted on someones personal TOR server.
Also, there is no such thing as TOR hitmen. Scams. All of them.
xcrimsonstormx7 karma
Does that stuff actually work? I mean ordering drugs and hitmen? It seems so foreign and unreal. If so how does it work?
darknetsolutions14 karma
Drugs: Yes. Dear god when we first figured out it was real and legitimate (mostly) it was like a dream come true.
As long as you pick a good vendor, the success rates are around 95% with the 5% being small delays.
As far as hitmen, we don't think we've seen a single legitimate hitman site.
xcrimsonstormx6 karma
So how does it actually work I mean ordering illegal contraband not get the Feds involved? What happens when you complete order.
darknetsolutions9 karma
Buy bitcoins, find a market, find a trustworthy vendor, place the order.
Your funds are held in the markets escrow, and once the item is delivered you go back on the site and release the escrow to the vendor.
Never finalize early, or release escrow early. This is how many people are scammed.
xcrimsonstormx1 karma
What sorry for all the questions but what is escrow and how do you know if they are a trustworthy vendor?
darknetsolutions4 karma
Escrow is a third party that holds funds until the buyers items are received. Always assume people are looking to steal your money.
Markets have rating systems for vendors, but /r/darknetmarkets and /r/darknetmarketnoobs generally are much better since they have vendors from across the markets in one place.
Djmahoganyy6 karma
If one wants to start exploring the darknet and such, how does one go about that?
darknetsolutions8 karma
Downloading TOR and browsing directories of onions.
/r/tor and /r/onionsa re good subreddits for this.
http://vault43z5vxy3vn3.onion/wiki is a great source for sites
https://www.torproject.org is where you can download TOR
ImRoreee6 karma
Thanks for doing this AMA it's really interesting to read.
Do people in your real life know about what you do? If so what do they think about it?
darknetsolutions6 karma
Nobody. Or everybody. Depends.
We actually work as web developers for careers, so people do know we design websites, they just don't know the extent and how deep on the darknet our services go. Actually nobody really knows we deal on the deepnet, we think most assume we either get really good pay or have a side company we work for in our spare time (the latter of which is closest to being correct).
DDPMM6 karma
Not too familiar w/ the dark net although I have some knowledge of it. What are the legalities on going on the dark net? I want to explore it but I'm a bit scared tbh. Where would you recommend somebody completely new to it to start and what programs to download and use?
darknetsolutions14 karma
Completely legal. Made by the US Navy to assist in journalism.
If you are scared, just use a Virtual Private Network (VPN), start it and connect, then open TOR. This means that not even your ISP can see you are using TOR.
You should take a look at /r/tor and /r/onions
TOR - https://www.torproject.org
Private Internet Access - https://www.privateinternetaccess.com
tinkletwit5 karma
I am a bit confused. In another comment you said specifically not to connect to the vpn prior to connecting to tor.
darknetsolutions6 karma
I'll try and correct that comment, but the VPn should be started first, then start TOR. This is to hide the TOR traffic (encrypted but ISP can tell it's TOR) from your ISP through the VPN.
darknetsolutions6 karma
You'll want your VPN operating first.
Your ISP can tell what type of traffic it is when you use TOR, so using a VPN between TOR and the ISP means the ISP cannot know what type of traffic is going through since it's encrypted through the VPN.
Remember, this setup is for browsing TOR sites only with the TOR browser.
However you could set it up to use a VPN over TOR for clearnet sites, but TOR>VPN is still better for this as well.
swagbucksta2 karma
I have tried using tails. Do you recommend against using tails and a vpn?
darknetsolutions3 karma
We've heard TAILS is not as secure as once thought, but as long as you are not a vendor or doing anything illegal, you should not have any issue using a normal OS (win,mac,lin) and the VPN.
darknetsolutions5 karma
Adam: No much of a coder, but usually jazz or soft rock. Brian: Classic Rock, Oldies Chris: Usually relaxation videos in headphones. Helps me concentrate.
johnnywalker945 karma
Thanks for taking your time for an AMA! I am a Linux System Administrator who has a large background in security and I would really appreciate any questions you can answer.
What actions do you take to protect your users privacy(Web application firewalls, IDS/IPS, kernel hardening, etc.)?
What extra methods do you have to take to ensure the privacy of the IPv4 address?
Do you prefer a specific management panel software(cPanel, Ajenti, etc.) or just plain linux servers?
Can you tell us where you host your sites?
Do you offer email with your services and if so do you use encryption?
Also do you use popular CMSs or do you use plain code? What protections do you take if a customer requests CMSs?
Also do you encrypt your customers files on the web server? Would you feel there is any need to do so?
darknetsolutions6 karma
All server traffic is tunneled through a transparent TOR proxy, so the server couldn't give out it's IP even if it wanted to.
We have PaX, SELinux, and GRSecurity enabled for the kernel.
Other than the tor proxy we also make sure the servers information is not leaked through error pages or any malicious scripts.
We prefer linux servers although we've several inquiries about offering cPanel for clients. Right now it's SFTP and SSH access only.
We can't say where we host the sites.
We do offer email integration, although we do not run a SMTorP service. We can integrate safe-mail and lelantos into users services.
We use both existing CMS/scripts as well as custom code usually built on Bootstrap. We try to enable all possible security features and migrate any JS features to php or css3, as well as providing code optimization for TOR.
We have psuedo encryption, in that the server encrypts important files that customers do not need access to, but we have access to all user files and the encryption keys. Otherwise we'd have a very hard time making sure Child Pornography stays off our servers.
darknetsolutions4 karma
We are looking for additional graphics designers as well as journalists.
treymeister20055 karma
I have always had suspensions regarding price hacks based on IP address from airlines and other goods. I have been temped to go to the darknet to price shop anonymously. Does the darknet even have flights and merchandise available for sale? If so is it at a fair cost?
darknetsolutions8 karma
Eh, I'd be cautious with airfare. I could see the USA turning that into some terrorist plan "Blackmarket Plane Tickets".
But there are travel services and discount merchandise which in and of itself is not illegal on several of the markets.
RoseEsque5 karma
Your awesome! Do you ever want to/hope to expand? If more people will use TORs, would you?
darknetsolutions6 karma
Always. We'd like to get a few decent sized sites to hire us on as regulars, and possibly branch out our resourcing to other areas.
We're always looking for any way to get more people to use TOR, so idf theres a site you'd like to see on TOR let us know and we'll try our best to get it up.
Mew_3 karma
Have you guys read the /r/nosleep stories on the Shadow Web
Has anything like that ever existed? Or tried to?
darknetsolutions5 karma
Let's jut go with "The majority of TOR users believe that such sites are fake, and for entertainment only".
There are some very scary parts of the deepnet.
TheyShootBeesAtYou3 karma
What percentage of TOR usage would you estimate consists of CP? How about the drug trade?
darknetsolutions9 karma
We believe the numbers are around 40% for drugs and 20% for CP?
No real idea though, just guessing from a really really old report before FH shutdown.
darknetsolutions6 karma
Probably when people come onto public forums for talking about TOR, drugs, helping new membrs, ect. and post CP or gore.
PM_ME_YOUR_SHIT_pls2 karma
Do you get attacket often?Like DDoS attacks? Does police visited you for hosting on the darknet?
darknetsolutions3 karma
Not really, we try not to host any sites that attract malicious activity like Markets.
We are fully anonymous, so even if the police did have a problem with us they wouldn't know whom is responsible.
darknetsolutions8 karma
We are a 3 person team so having 3 grown men kicking 100 duck sized horses is just a cruel site.
123choji88 karma
Is TOR still safe? Interesting stories? What are your favorite books? Thanks for doing this!
View HistoryShare Link