We are Darknet Solutions. We build & host darknet (TOR) sites, and we've been around the darknet for over 2 years! What an interesting journey it has been, AMA!

Is TOR still safe? Interesting stories? What are your favorite books? Thanks for doing this!

Yes and no. Many users assume they can download TOR, install it, and they are 100% safe. This is not the case.

Generally (and why is beyond us) TOR defaults to allowing all scripts. Disable this. This prevents any scripts from being executed on the clients side such as JavaScript, Flash, ect.

Another thing you can do is run TOR over a VPN (virtual private networks).

---

Silk Road 1 going down was quite interesting. We lost just under a thousand in escrow, although we only sold petty objects such as silk road memorabilia, 3d printed items, glassware and grinders with the SR camel logo.

At the time we had a few large orders of bongs going out through the USA and that costs us some funds, but nothing critical.

Then the Sheep Market scam was interesting to watch over on /r/darknetmarkets. I think over One hundred million USD in BTc were stolen.

---

Books! Good way to pass the time.

Adam: I don't read much actual literature, if I had to go with something I'd say Adventures of Huck Finn.
Brian: Zombie Survival Guide. Not the best author, but it's been my favorite book even after that horrible movie we dare not speak of.
Chris: Hunt For Red October.

---

You're very welcome!

To clarify: the TOR browser bundle leaves scripts enabled, not TOR itself. TOR is just the router, the browser bundle is TOR built in to Firefox to make it easier for people to use it.

My bad.

Yes, the TOR browser (which has had hundreds of updates) still has the default to script on.

Click the S! icon just to the left of the URL bar and select "Forbit Scripts Globally".

Has there ever been a site you refused to host? If yes, why did you refuse to host it?

Yes, any sites that deal with exploiting children. That's the only type we do not allow, although we are not eager to host any type of porn sites.

Thanks for answering!

No problem.

We also refuse mercenary/hitmen sites, but that's actually never came up.

[deleted]

Well, problem with stings on the darknet is you cannot filter where visitors originate.
While they could prosecute people in their own country, we're not sure of the ramifications of setting up a sting against citizens of other countries.

Most are scams, you rarely get a prank onion site (unless it just calls itself a prank in lieu of scam).

So what is your personal definition of the term "darknet?" I've heard of it but I honestly have no idea what it is.

The part of the internet that is not accessible by standard web browsers, and require some form of authentication and encryption to access providing the users with anonymity.

This covers I2P and TOR, as well as Freenet.

Will tor get faster or slow to a complete stop?

Over time: We have no idea. The network seems to be capable enough as long as people don't host multimedia sites.

In the short term: Yes, Yes, and Yes. You can get a TOR identity that loads at around 10kbps (a quarter of the speed of 56k), and some identities that load pages very quick.
It depends on which TOR nodes you are connected though, sometimes a few ID switches can find a bad connection.

Same goes for onion sites too - if the site is being hosted on nodes that are slow, it doesn't matter how fast your connection is: the site will still be slow until it hops to another connection that is faster.

[deleted]

Eddie Snow-in

...Are you high

He's snowed in in Russia. Get it?

What's the hardest part about being a part of tor?

The disinformation spread mainly by US authorities, and malicious activity.

Misinformation on malicious activities?

That too.

Many markets holding vendor and vbuyer funds have been "hacked" in an impossible way, meaning the owners ran with the funds and blamed malicious activity.

It's still thought this is what happened on SR1 before they had second thoughts.

What coding languages do you use in your business?

php, html5/css3, mysql and limited JavaScript (usually only to tell users they have JS enabled).

How do you feel about CSS3's extended abilities in a Scriptless browser?

It sounds like you're designing websites for the 1995-2003 era. I hate how every web dev assumes I have room to download a 400 kB uncompressed JS file of which they use 1 function out of to click a form. But Javascript was sometimes a necessity to make things look good. Now it looks like a lot of things can be done in CSS3.

If you're behind some websites I use you've made great use of modern HTML5/CSS without bringing along the bloat/insecurities of Javascript. However have you run across into any HTML5/CSS3 security holes?

We like it, but don't use it unless the clients need us to. Honestly TOR sites are not the place you'd be exception (or wanting) animation like CSS3 offers, like you said most are looking for a fast 1995 era site.

But we still use CSS3 plenty in lieu of JS seeing as most TOR users (we hope) disable JS for styling reasons.

Hopefully we've designed a few of the sites you use, but we are also cautious of any security exploits for them. While the additional features are nice generally the sites we've designed (that are small for single clients) are usually basic 1995 - 2000 era code, no fancy css3 or styling.

I wasn't talking from a "OO wow animated" standpoint but just from an attractive, clean and good looking website. I've seen some absolutely gorgeous CSS3 sites that worked across multiple platforms. (Thank God we don't have IE6 for the most part, and anyone intelligent enough to use Tor can figure out Chrome)

Unless the customer asks for the site to be visually improved usually we leave this alone.

What are some of the strangest things you have hosted?

We can't say specifically since we do keep client anonymity.

But the most interesting was what turned out to be an ARG. Apparently someone thought it be interesting to draw users into a online game with .onion sites, so they bought a few and without telling us had some very....odd....photos posted. Nothing illegal, just very disturbing.

Grotesque shapes and creatures, although no gore.

Naturally on first thought we halted the site and contacted them when we found it in our monthly audit, and got everything cleared up quite quickly (within a few hours).

While I respect your policy for keeping client data private...

Anyone wanna PM me the address? I love stuff like this.

That was a year ago, the sites been long gone now. They only paid for 6 months of hosting while it played out.

Not sure what the actual game was, just that when we asked about the gore they showed us their plan and sites.

Do you ever get contacted by authorities for information about your clients?

How informed do you find that potential clients are when they want to start up on the darknet?

Not yet, no. We went with a hosting company for the clearnet site, so there is a chance that might be taken down but we doubt it.

We have had customers asking about our clients, as well as customers asking about personal information of vendors which we obviously don't have, and if we did it would not be something we share.

We have had contact with authorities: anonymous emails any time we find a child pornography site. We also refuse any contact with those that are looking for CP sites, and it is sickening how many there are.

---

Generally we find clients that are already selling on the darknet, and know most of the absics for using it in a safe manner. But there's the occasional "I have $50 and want a vendor site and market accounts, help me" that we simply have to explain it costs much more than that.

The largest issue is some new vendors assume our vendor sites means they get market accounts, and are upset when we correct them. You'd be surprised how many people want to become darknet vendors but don't want to pay any money for vendor accounts.

So what DOES it cost for an onion shop?

For a full vendor shop, we charge $40 USD monthly for hosting (discounts for 3,6,12 months) plus any additional services ordered.

The basic price doesn't include bitcoin integration or automatic ordering, but it does give you a operable CMS system for showcasing your products and making manual orders.

Prices are in USD, and it seems we forgot our payment data: Bitcoins & Darkcoins (and more to come).

Host your clear net site with .bit

We're still waiting to expand into those types of domains. As we currently have no server for hosting them, we do not want a site on a network we cannot yet host on.

Can you recommend a flashlight?

Surefire P2XD-A-BK

What've been the highest and lowest points you've been through since starting this service?

Highest would be when bitcoins hit $1,200 and we cashed out some of our funds.

Lowest would probably be when Freedom Hosting went down, many of our favorite sites went down as well.
However it was shut down for good reason (hosting the majority of CP on TOR).

How much coding experience do you and your partners have?

Has your knowledge improved while in this field?

What did you do before you built and hosted TOR sites?

What was your favorite project that you've worked on (without giving away too much)?

We each have between 8-12 years and have professional careers in web development.

It has greatly improved, we just wish this was available a decade ago when we were still paying off student loans.

Same thing we do now: work as legal web developers.

One of our current ones - it's a website based off one of the Archer FX series characters.

Plus 1 billion upvotes for Archer

Owner says he's not getting into vending and just aiming it a static archer site, no relation to the darknet markets. Also says no problem posting it since it doesn't have to be private anymore.

http://kriegersfu4qy4xa.onion

Also a forum here but client says he doesn't want to pay for both sites, probably just keeping the ascii one at a discount since it's low resource.

http://krieger2g7smvd5n.onion/

---

We'd like to stress we did message the owner/client about this prior to posting it.
They gave us permission to post the URL on this thread of both their sites.

Well you do build sites in the . . . Danger Zone

http://kriegersfu4qy4xa.onion/

You tell us =)

Out of curiosity, do y'all do anything with other "darknets" such as hyperboria and the like?

I'm so extremely fascinated with how all these things are starting to explode, it's great (: Thanks for the AMA!

We tried I2P for a time but it just didn't get any customers, but we haven't ventured out any further than TOR and I2P.

It is great to see so many darknet sites come from the takedown of SR1.

"If you cut off one head, two more will grow in it's place"

^{HAIL HYDRA}

Neat! Y'all should check out the work that goes on over at /r/darknetplan (: Lot's of crazy ideas and fun times over there!

Looks interesting, although how anonymous is it?

Still reading over the getting started guide.

Quite anonymous, routes are all handled through an open source routing protocol.

The idea behind hyperboria is that you would eventually be able to access this without an actual internet connection.

You may have heard the term "meshnet" before, hyperboria is supposed to be part of a huge world wide meshnet.

The only way you can actually establish a connection to it is by knowing someone who can give you a key access to one of their meshnet servers. After that, you can't even see the hops that happen between you and the destination. All traffic is encrypted from end to end as well! Pretty damn neat. Haven't found a way to expose anything yet!

I'd recommend trying it out locally on say 2 servers, and see if you can establish a connection. This can be done over a public internet connection and just creating a tun interface. (Linux here of course).

We'll have to try it out.

How did the fall of Silk Road affect the way you ran your business?

Well, we never offered our services to the public until after the fall. however the small items (compared to some other vendors, our loss was around 0.5% of what large vendors lost) did make us think twice about using markets.

One of the first markets we assisted with was Budster, although we only deigned the theme. It's a shame the site turned out to be a scammer site.

We no longer sell items on the markets, and the income from web services is enough for us to enjoy our free time with our families and pad our income.

It's also taught us to embrace multisignature escrow in case this happens to another market.

How do you like your eggs?

Adam: Scrambled Hard
Brian: Scrambled
Chris: In a Basket

For anyone wondering, 'eggs in a basket' is where you cut a circle out of the middle of a slice of bread, then crank open an egg and fry it in the middle. Ends up as fried egg and toast together.

Best part is dribble some butter and honey on the circle and fry that with it. Best part.

Oh goddamn that sounds delicious.

Edibles are. We've never ordered any, but we have tried some medical edibles and they are amazing. Very, very potent in our case.

EDIT: Replied to the wrong comment, sorry.
It is amazing.

What is your relationship with RSA?

We use the digital signature part much more than its counterpart in generation of custom onions and bitcoin addresses, but that's about it.

Are there any sites that sell cake?

There used to be a grilled cheese sandwich on Silk Road, although there are THC edible vendors that sell cakes, truffles, candies (seriously, south patch kids and reeses cups), and other cannabis infused food.

Not sure how it would hold up in the mail though....

Which is the better brand of peanut butter, Kraft or JIF? Also crunchy or smooth?

JIF smooth around the board!

Does running a TOR node constitute facilitating child porn or has the alleged facilitator been framed by the FBI?

'The High Court has refused to allow an Irishman described as "the largest facilitator of child porn in the world", to take a legal challenge against the DPP's decision not to prosecute him in Ireland.'

It does not constitute facilitating it in the US unless your exit node is traced to being a source of CP.

We've never ran a exit node non-anonymously so we don't really worry though.

Where can I find tor directories with sites that work? I tried opening many links, and all didn't work.

http://vault43z5vxy3vn3.onion/wiki is a great place, we actually designed parts of the site although mostly just hosting it.

If there was one thing about the "darknet" that seems to be understood by people who frequently use it, but isn't really made public, what would it be?

I don't think the number of people that utterly hate all aspects of child abuse/CP and use TOR is accurately portrayed to the public.

The majority of community members are actively against it, it's one of the only thing you can get dark net surfers to actually report, and nearly all .o0nion hosts ban this meaning that most CP is hosted on someones personal TOR server.

Also, there is no such thing as TOR hitmen. Scams. All of them.

Does that stuff actually work? I mean ordering drugs and hitmen? It seems so foreign and unreal. If so how does it work?

Drugs: Yes. Dear god when we first figured out it was real and legitimate (mostly) it was like a dream come true.

As long as you pick a good vendor, the success rates are around 95% with the 5% being small delays.

As far as hitmen, we don't think we've seen a single legitimate hitman site.

So how does it actually work I mean ordering illegal contraband not get the Feds involved? What happens when you complete order.

Buy bitcoins, find a market, find a trustworthy vendor, place the order.

Your funds are held in the markets escrow, and once the item is delivered you go back on the site and release the escrow to the vendor.

Never finalize early, or release escrow early. This is how many people are scammed.

What sorry for all the questions but what is escrow and how do you know if they are a trustworthy vendor?

Escrow is a third party that holds funds until the buyers items are received. Always assume people are looking to steal your money.

Markets have rating systems for vendors, but /r/darknetmarkets and /r/darknetmarketnoobs generally are much better since they have vendors from across the markets in one place.

Thanks for the AMA. some questions:

What's your most usual website requests? Are you using any popular cms or are you developing your own? In your website is see that the subdomain generation takes time and is based on the number of letters can you explain why that's different than a normal subdomain where you have to only update the dns?

finally "Hardened Gentoo with PaX,SELinux, & TPE Enabled" <-- That's some properly secured servers right there Do you have any custom modules for monitoring or security?

Most popular seem to be Vendor shops.

We prefer to use existing CMS or custom ones built on bootstrap.

The generation is for full domains like dpolezbmujmbcqze.onion and dpoletuchcwxcmvc.onion, which require that many different private keys be generated until the script (scallion) finds a matching one.

For the ones above this was nearly instant with a query of "dpole", but adding more custom letters makes it exponentially harder and thus longer.

But we do have subdomains working, meaning that you can have something like north.dpolezbmujmbcqze.onion

We don't have many custom modules other than a few that let customers know they are going over resource caps, alerts us, and send them a BTC invoice.

Thanks for doing this AMA it's really interesting to read.

Do people in your real life know about what you do? If so what do they think about it?

Nobody. Or everybody. Depends.

We actually work as web developers for careers, so people do know we design websites, they just don't know the extent and how deep on the darknet our services go. Actually nobody really knows we deal on the deepnet, we think most assume we either get really good pay or have a side company we work for in our spare time (the latter of which is closest to being correct).

Not too familiar w/ the dark net although I have some knowledge of it. What are the legalities on going on the dark net? I want to explore it but I'm a bit scared tbh. Where would you recommend somebody completely new to it to start and what programs to download and use?

Completely legal. Made by the US Navy to assist in journalism.

If you are scared, just use a Virtual Private Network (VPN), start it and connect, then open TOR. This means that not even your ISP can see you are using TOR.

You should take a look at /r/tor and /r/onions

TOR - https://www.torproject.org
Private Internet Access - https://www.privateinternetaccess.com

I am a bit confused. In another comment you said specifically not to connect to the vpn prior to connecting to tor.

I'll try and correct that comment, but the VPn should be started first, then start TOR. This is to hide the TOR traffic (encrypted but ISP can tell it's TOR) from your ISP through the VPN.

[deleted]

You'll want your VPN operating first.

Your ISP can tell what type of traffic it is when you use TOR, so using a VPN between TOR and the ISP means the ISP cannot know what type of traffic is going through since it's encrypted through the VPN.

Remember, this setup is for browsing TOR sites only with the TOR browser.

However you could set it up to use a VPN over TOR for clearnet sites, but TOR>VPN is still better for this as well.

I have tried using tails. Do you recommend against using tails and a vpn?

We've heard TAILS is not as secure as once thought, but as long as you are not a vendor or doing anything illegal, you should not have any issue using a normal OS (win,mac,lin) and the VPN.

If one wants to start exploring the darknet and such, how does one go about that?

Downloading TOR and browsing directories of onions.

/r/tor and /r/onionsa re good subreddits for this.

http://vault43z5vxy3vn3.onion/wiki is a great source for sites

https://www.torproject.org is where you can download TOR

What music do you guys listen to while coding?

Adam: No much of a coder, but usually jazz or soft rock. Brian: Classic Rock, Oldies Chris: Usually relaxation videos in headphones. Helps me concentrate.

I have always had suspensions regarding price hacks based on IP address from airlines and other goods. I have been temped to go to the darknet to price shop anonymously. Does the darknet even have flights and merchandise available for sale? If so is it at a fair cost?

Eh, I'd be cautious with airfare. I could see the USA turning that into some terrorist plan "Blackmarket Plane Tickets".

But there are travel services and discount merchandise which in and of itself is not illegal on several of the markets.

Are you hiring?

We are looking for additional graphics designers as well as journalists.

Your awesome! Do you ever want to/hope to expand? If more people will use TORs, would you?

Always. We'd like to get a few decent sized sites to hire us on as regulars, and possibly branch out our resourcing to other areas.

We're always looking for any way to get more people to use TOR, so idf theres a site you'd like to see on TOR let us know and we'll try our best to get it up.

Thanks for taking your time for an AMA! I am a Linux System Administrator who has a large background in security and I would really appreciate any questions you can answer.

What actions do you take to protect your users privacy(Web application firewalls, IDS/IPS, kernel hardening, etc.)?

What extra methods do you have to take to ensure the privacy of the IPv4 address?

Do you prefer a specific management panel software(cPanel, Ajenti, etc.) or just plain linux servers?

Can you tell us where you host your sites?

Do you offer email with your services and if so do you use encryption?

Also do you use popular CMSs or do you use plain code? What protections do you take if a customer requests CMSs?

Also do you encrypt your customers files on the web server? Would you feel there is any need to do so?

All server traffic is tunneled through a transparent TOR proxy, so the server couldn't give out it's IP even if it wanted to.
We have PaX, SELinux, and GRSecurity enabled for the kernel.

Other than the tor proxy we also make sure the servers information is not leaked through error pages or any malicious scripts.

We prefer linux servers although we've several inquiries about offering cPanel for clients. Right now it's SFTP and SSH access only.

We can't say where we host the sites.

We do offer email integration, although we do not run a SMTorP service. We can integrate safe-mail and lelantos into users services.

We use both existing CMS/scripts as well as custom code usually built on Bootstrap. We try to enable all possible security features and migrate any JS features to php or css3, as well as providing code optimization for TOR.

We have psuedo encryption, in that the server encrypts important files that customers do not need access to, but we have access to all user files and the encryption keys. Otherwise we'd have a very hard time making sure Child Pornography stays off our servers.

Do you drink coffee?

All of us do, yep. Adam prefers Cappuccino though.

What's the worst you Have seen?

Probably when people come onto public forums for talking about TOR, drugs, helping new membrs, ect. and post CP or gore.

What percentage of TOR usage would you estimate consists of CP? How about the drug trade?

We believe the numbers are around 40% for drugs and 20% for CP?

No real idea though, just guessing from a really really old report before FH shutdown.

Have you guys read the /r/nosleep stories on the Shadow Web

Has anything like that ever existed? Or tried to?

Let's jut go with "The majority of TOR users believe that such sites are fake, and for entertainment only".

There are some very scary parts of the deepnet.

[deleted]

It doesn't seem like it. Odd since reddit is open source.

Do you get attacket often?Like DDoS attacks? Does police visited you for hosting on the darknet?

Not really, we try not to host any sites that attract malicious activity like Markets.

We are fully anonymous, so even if the police did have a problem with us they wouldn't know whom is responsible.

Would you rather fight 100 duck sized horses or 1 horse sized duck?

Horse sized duck. Bring it Big Bird!

I would totally go for the 100 horses, birds are f_ing vicious creatures

We are a 3 person team so having 3 grown men kicking 100 duck sized horses is just a cruel site.