Bio: We started just over 2 years ago designing websites for clients and hosting it on Freedom Hosting. After FH went down (for good reasons) many parts of the darknet were left void, but there were plenty of people that still had their RSA keys. So, we contacted who we could about their sites and sure enough a few of them were interested.

We slowly built up our services offered and team to what we have today. We run a .onion server to host our clients sites, offer design and mockup services for vendor and markets, and we even have our part in designing some upcoming darknet markets and resources.

We just started offering our services to the public without a referral 2 weeks ago, and since then have established a clearnet site for customers that don't want to get on TOR (even though they want a TOR site - yes, this happens quite often).

We've done everything except build an entire public market from scratch - we have built some private markets, dozens of vendor sites, existing marketplace additions or features as well as optimization, and many of the darknet resources you'll find on /r/onions.

Over the last 2 years we have saw drama and mystery and suspicious like no media outlet could offer.
Stories of corruption, stories of murder (attempted), stories of over $100,000,000 USd being stolen and never found, stories of people simply disappearing.

The last 2 years of the darknets fight with (mostly) the US government, NSA spying, TOR breaches and zero-day exploits, and even some illegal and dirty work by our own FBI to shut down the largest online blackmarket under very suspicious conditions, at points blatantly lying to the public.

We're not here to rant about politics or markets or any thing specific, we'd just like to share what we have learned over the last 2+ years of wandering the darknet.

And by we, it's a three person team, all of which have been together long before our interest in the darknet.

EDIT We didn't think about it, but for team member specific questions here's an anonymous reference:
Adam - Admin/Client Relations
Brian - Web Design & Mockups
Chris - Backend Coding & Hosting

Proof:
https://darknetsolutions.com/reddit.php
http://darknet47je5xwm6.onion/reddit.php

UPDATE: Logging off for a few hours, I'll be back on later today.
UPDATE: We're Back!

Comments: 253 • Responses: 59  • Date: 

123choji88 karma

Is TOR still safe? Interesting stories? What are your favorite books? Thanks for doing this!

darknetsolutions103 karma

Yes and no. Many users assume they can download TOR, install it, and they are 100% safe. This is not the case.

Generally (and why is beyond us) TOR defaults to allowing all scripts. Disable this. This prevents any scripts from being executed on the clients side such as JavaScript, Flash, ect.

Another thing you can do is run TOR over a VPN (virtual private networks).


Silk Road 1 going down was quite interesting. We lost just under a thousand in escrow, although we only sold petty objects such as silk road memorabilia, 3d printed items, glassware and grinders with the SR camel logo.

At the time we had a few large orders of bongs going out through the USA and that costs us some funds, but nothing critical.

Then the Sheep Market scam was interesting to watch over on /r/darknetmarkets. I think over One hundred million USD in BTc were stolen.


Books! Good way to pass the time.

Adam: I don't read much actual literature, if I had to go with something I'd say Adventures of Huck Finn.
Brian: Zombie Survival Guide. Not the best author, but it's been my favorite book even after that horrible movie we dare not speak of.
Chris: Hunt For Red October.


You're very welcome!

craftkiller14 karma

To clarify: the TOR browser bundle leaves scripts enabled, not TOR itself. TOR is just the router, the browser bundle is TOR built in to Firefox to make it easier for people to use it.

darknetsolutions8 karma

My bad.

Yes, the TOR browser (which has had hundreds of updates) still has the default to script on.

Click the S! icon just to the left of the URL bar and select "Forbit Scripts Globally".

ThatCoolKidcalledPat73 karma

Has there ever been a site you refused to host? If yes, why did you refuse to host it?

darknetsolutions134 karma

Yes, any sites that deal with exploiting children. That's the only type we do not allow, although we are not eager to host any type of porn sites.

ThatCoolKidcalledPat39 karma

Thanks for answering!

darknetsolutions104 karma

No problem.

We also refuse mercenary/hitmen sites, but that's actually never came up.

secunda37 karma

[deleted]

darknetsolutions11 karma

Well, problem with stings on the darknet is you cannot filter where visitors originate.
While they could prosecute people in their own country, we're not sure of the ramifications of setting up a sting against citizens of other countries.

Most are scams, you rarely get a prank onion site (unless it just calls itself a prank in lieu of scam).

Sugar_buddy51 karma

So what is your personal definition of the term "darknet?" I've heard of it but I honestly have no idea what it is.

darknetsolutions82 karma

The part of the internet that is not accessible by standard web browsers, and require some form of authentication and encryption to access providing the users with anonymity.

This covers I2P and TOR, as well as Freenet.

tearsforfears201443 karma

Will tor get faster or slow to a complete stop?

darknetsolutions43 karma

Over time: We have no idea. The network seems to be capable enough as long as people don't host multimedia sites.

In the short term: Yes, Yes, and Yes. You can get a TOR identity that loads at around 10kbps (a quarter of the speed of 56k), and some identities that load pages very quick.
It depends on which TOR nodes you are connected though, sometimes a few ID switches can find a bad connection.

Same goes for onion sites too - if the site is being hosted on nodes that are slow, it doesn't matter how fast your connection is: the site will still be slow until it hops to another connection that is faster.

secunda18 karma

[deleted]

______DEADP00L______17 karma

Eddie Snow-in

...Are you high

darknetsolutions12 karma

He's snowed in in Russia. Get it?

ManWithTwoSpoons42 karma

What's the hardest part about being a part of tor?

darknetsolutions81 karma

The disinformation spread mainly by US authorities, and malicious activity.

WHOWANTSBEEF10 karma

Misinformation on malicious activities?

darknetsolutions13 karma

That too.

Many markets holding vendor and vbuyer funds have been "hacked" in an impossible way, meaning the owners ran with the funds and blamed malicious activity.

It's still thought this is what happened on SR1 before they had second thoughts.

stormist36 karma

What coding languages do you use in your business?

darknetsolutions55 karma

php, html5/css3, mysql and limited JavaScript (usually only to tell users they have JS enabled).

DStoo16 karma

How do you feel about CSS3's extended abilities in a Scriptless browser?

It sounds like you're designing websites for the 1995-2003 era. I hate how every web dev assumes I have room to download a 400 kB uncompressed JS file of which they use 1 function out of to click a form. But Javascript was sometimes a necessity to make things look good. Now it looks like a lot of things can be done in CSS3.

If you're behind some websites I use you've made great use of modern HTML5/CSS without bringing along the bloat/insecurities of Javascript. However have you run across into any HTML5/CSS3 security holes?

darknetsolutions12 karma

We like it, but don't use it unless the clients need us to. Honestly TOR sites are not the place you'd be exception (or wanting) animation like CSS3 offers, like you said most are looking for a fast 1995 era site.

But we still use CSS3 plenty in lieu of JS seeing as most TOR users (we hope) disable JS for styling reasons.

Hopefully we've designed a few of the sites you use, but we are also cautious of any security exploits for them. While the additional features are nice generally the sites we've designed (that are small for single clients) are usually basic 1995 - 2000 era code, no fancy css3 or styling.

DStoo7 karma

I wasn't talking from a "OO wow animated" standpoint but just from an attractive, clean and good looking website. I've seen some absolutely gorgeous CSS3 sites that worked across multiple platforms. (Thank God we don't have IE6 for the most part, and anyone intelligent enough to use Tor can figure out Chrome)

darknetsolutions8 karma

Unless the customer asks for the site to be visually improved usually we leave this alone.

yrrah121234 karma

What are some of the strangest things you have hosted?

darknetsolutions39 karma

We can't say specifically since we do keep client anonymity.

But the most interesting was what turned out to be an ARG. Apparently someone thought it be interesting to draw users into a online game with .onion sites, so they bought a few and without telling us had some very....odd....photos posted. Nothing illegal, just very disturbing.

Grotesque shapes and creatures, although no gore.

Naturally on first thought we halted the site and contacted them when we found it in our monthly audit, and got everything cleared up quite quickly (within a few hours).

Mikav4 karma

While I respect your policy for keeping client data private...

Anyone wanna PM me the address? I love stuff like this.

darknetsolutions12 karma

That was a year ago, the sites been long gone now. They only paid for 6 months of hosting while it played out.

Not sure what the actual game was, just that when we asked about the gore they showed us their plan and sites.

two_off32 karma

Do you ever get contacted by authorities for information about your clients?

How informed do you find that potential clients are when they want to start up on the darknet?

darknetsolutions46 karma

Not yet, no. We went with a hosting company for the clearnet site, so there is a chance that might be taken down but we doubt it.

We have had customers asking about our clients, as well as customers asking about personal information of vendors which we obviously don't have, and if we did it would not be something we share.

We have had contact with authorities: anonymous emails any time we find a child pornography site. We also refuse any contact with those that are looking for CP sites, and it is sickening how many there are.


Generally we find clients that are already selling on the darknet, and know most of the absics for using it in a safe manner. But there's the occasional "I have $50 and want a vendor site and market accounts, help me" that we simply have to explain it costs much more than that.

The largest issue is some new vendors assume our vendor sites means they get market accounts, and are upset when we correct them. You'd be surprised how many people want to become darknet vendors but don't want to pay any money for vendor accounts.

JerryLupus6 karma

So what DOES it cost for an onion shop?

darknetsolutions11 karma

For a full vendor shop, we charge $40 USD monthly for hosting (discounts for 3,6,12 months) plus any additional services ordered.

The basic price doesn't include bitcoin integration or automatic ordering, but it does give you a operable CMS system for showcasing your products and making manual orders.

Prices are in USD, and it seems we forgot our payment data: Bitcoins & Darkcoins (and more to come).

MereGear2 karma

Host your clear net site with .bit

darknetsolutions3 karma

We're still waiting to expand into those types of domains. As we currently have no server for hosting them, we do not want a site on a network we cannot yet host on.

p-wing28 karma

Can you recommend a flashlight?

darknetsolutions45 karma

Surefire P2XD-A-BK

gankindustries26 karma

How much coding experience do you and your partners have?

Has your knowledge improved while in this field?

What did you do before you built and hosted TOR sites?

What was your favorite project that you've worked on (without giving away too much)?

darknetsolutions43 karma

We each have between 8-12 years and have professional careers in web development.

It has greatly improved, we just wish this was available a decade ago when we were still paying off student loans.

Same thing we do now: work as legal web developers.

One of our current ones - it's a website based off one of the Archer FX series characters.

nevernerdlet7 karma

Plus 1 billion upvotes for Archer

darknetsolutions9 karma

Owner says he's not getting into vending and just aiming it a static archer site, no relation to the darknet markets. Also says no problem posting it since it doesn't have to be private anymore.

http://kriegersfu4qy4xa.onion

Also a forum here but client says he doesn't want to pay for both sites, probably just keeping the ascii one at a discount since it's low resource.

http://krieger2g7smvd5n.onion/


We'd like to stress we did message the owner/client about this prior to posting it.
They gave us permission to post the URL on this thread of both their sites.

superwookee3 karma

Well you do build sites in the . . . Danger Zone

darknetsolutions4 karma

Seanachaidh26 karma

What've been the highest and lowest points you've been through since starting this service?

darknetsolutions40 karma

Highest would be when bitcoins hit $1,200 and we cashed out some of our funds.

Lowest would probably be when Freedom Hosting went down, many of our favorite sites went down as well.
However it was shut down for good reason (hosting the majority of CP on TOR).

Joeskyyy20 karma

Out of curiosity, do y'all do anything with other "darknets" such as hyperboria and the like?

I'm so extremely fascinated with how all these things are starting to explode, it's great (: Thanks for the AMA!

darknetsolutions46 karma

We tried I2P for a time but it just didn't get any customers, but we haven't ventured out any further than TOR and I2P.

It is great to see so many darknet sites come from the takedown of SR1.

"If you cut off one head, two more will grow in it's place"

HAIL HYDRA

Joeskyyy11 karma

Neat! Y'all should check out the work that goes on over at /r/darknetplan (: Lot's of crazy ideas and fun times over there!

darknetsolutions9 karma

Looks interesting, although how anonymous is it?

Still reading over the getting started guide.

Joeskyyy12 karma

Quite anonymous, routes are all handled through an open source routing protocol.

The idea behind hyperboria is that you would eventually be able to access this without an actual internet connection.

You may have heard the term "meshnet" before, hyperboria is supposed to be part of a huge world wide meshnet.

The only way you can actually establish a connection to it is by knowing someone who can give you a key access to one of their meshnet servers. After that, you can't even see the hops that happen between you and the destination. All traffic is encrypted from end to end as well! Pretty damn neat. Haven't found a way to expose anything yet!

I'd recommend trying it out locally on say 2 servers, and see if you can establish a connection. This can be done over a public internet connection and just creating a tun interface. (Linux here of course).

darknetsolutions7 karma

We'll have to try it out.

pnewell19 karma

How do you like your eggs?

darknetsolutions30 karma

Adam: Scrambled Hard
Brian: Scrambled
Chris: In a Basket

_TheMightyKrang_16 karma

For anyone wondering, 'eggs in a basket' is where you cut a circle out of the middle of a slice of bread, then crank open an egg and fry it in the middle. Ends up as fried egg and toast together.

darknetsolutions9 karma

Best part is dribble some butter and honey on the circle and fry that with it. Best part.

_TheMightyKrang_5 karma

Oh goddamn that sounds delicious.

darknetsolutions5 karma

Edibles are. We've never ordered any, but we have tried some medical edibles and they are amazing. Very, very potent in our case.

EDIT: Replied to the wrong comment, sorry.
It is amazing.

tehspamninja19 karma

How did the fall of Silk Road affect the way you ran your business?

darknetsolutions17 karma

Well, we never offered our services to the public until after the fall. however the small items (compared to some other vendors, our loss was around 0.5% of what large vendors lost) did make us think twice about using markets.

One of the first markets we assisted with was Budster, although we only deigned the theme. It's a shame the site turned out to be a scammer site.

We no longer sell items on the markets, and the income from web services is enough for us to enjoy our free time with our families and pad our income.

It's also taught us to embrace multisignature escrow in case this happens to another market.

washyourhandsplease13 karma

What is your relationship with RSA?

darknetsolutions12 karma

We use the digital signature part much more than its counterpart in generation of custom onions and bitcoin addresses, but that's about it.

neutronpenguin12 karma

Are there any sites that sell cake?

darknetsolutions27 karma

There used to be a grilled cheese sandwich on Silk Road, although there are THC edible vendors that sell cakes, truffles, candies (seriously, south patch kids and reeses cups), and other cannabis infused food.

Not sure how it would hold up in the mail though....

Anon-sama9 karma

Which is the better brand of peanut butter, Kraft or JIF? Also crunchy or smooth?

darknetsolutions15 karma

JIF smooth around the board!

StinkyGeek8 karma

Does running a TOR node constitute facilitating child porn or has the alleged facilitator been framed by the FBI?

'The High Court has refused to allow an Irishman described as "the largest facilitator of child porn in the world", to take a legal challenge against the DPP's decision not to prosecute him in Ireland.'

darknetsolutions8 karma

It does not constitute facilitating it in the US unless your exit node is traced to being a source of CP.

We've never ran a exit node non-anonymously so we don't really worry though.

xNS57 karma

Where can I find tor directories with sites that work? I tried opening many links, and all didn't work.

darknetsolutions6 karma

http://vault43z5vxy3vn3.onion/wiki is a great place, we actually designed parts of the site although mostly just hosting it.

NorthDPole7 karma

Thanks for the AMA. some questions:

What's your most usual website requests? Are you using any popular cms or are you developing your own? In your website is see that the subdomain generation takes time and is based on the number of letters can you explain why that's different than a normal subdomain where you have to only update the dns?

finally "Hardened Gentoo with PaX,SELinux, & TPE Enabled" <-- That's some properly secured servers right there Do you have any custom modules for monitoring or security?

darknetsolutions3 karma

Most popular seem to be Vendor shops.

We prefer to use existing CMS or custom ones built on bootstrap.

The generation is for full domains like dpolezbmujmbcqze.onion and dpoletuchcwxcmvc.onion, which require that many different private keys be generated until the script (scallion) finds a matching one.

For the ones above this was nearly instant with a query of "dpole", but adding more custom letters makes it exponentially harder and thus longer.

But we do have subdomains working, meaning that you can have something like north.dpolezbmujmbcqze.onion

We don't have many custom modules other than a few that let customers know they are going over resource caps, alerts us, and send them a BTC invoice.

its2ez7 karma

If there was one thing about the "darknet" that seems to be understood by people who frequently use it, but isn't really made public, what would it be?

darknetsolutions13 karma

I don't think the number of people that utterly hate all aspects of child abuse/CP and use TOR is accurately portrayed to the public.

The majority of community members are actively against it, it's one of the only thing you can get dark net surfers to actually report, and nearly all .o0nion hosts ban this meaning that most CP is hosted on someones personal TOR server.

Also, there is no such thing as TOR hitmen. Scams. All of them.

xcrimsonstormx7 karma

Does that stuff actually work? I mean ordering drugs and hitmen? It seems so foreign and unreal. If so how does it work?

darknetsolutions14 karma

Drugs: Yes. Dear god when we first figured out it was real and legitimate (mostly) it was like a dream come true.

As long as you pick a good vendor, the success rates are around 95% with the 5% being small delays.

As far as hitmen, we don't think we've seen a single legitimate hitman site.

xcrimsonstormx6 karma

So how does it actually work I mean ordering illegal contraband not get the Feds involved? What happens when you complete order.

darknetsolutions9 karma

Buy bitcoins, find a market, find a trustworthy vendor, place the order.

Your funds are held in the markets escrow, and once the item is delivered you go back on the site and release the escrow to the vendor.

Never finalize early, or release escrow early. This is how many people are scammed.

xcrimsonstormx1 karma

What sorry for all the questions but what is escrow and how do you know if they are a trustworthy vendor?

darknetsolutions4 karma

Escrow is a third party that holds funds until the buyers items are received. Always assume people are looking to steal your money.

Markets have rating systems for vendors, but /r/darknetmarkets and /r/darknetmarketnoobs generally are much better since they have vendors from across the markets in one place.

Djmahoganyy6 karma

If one wants to start exploring the darknet and such, how does one go about that?

darknetsolutions8 karma

Downloading TOR and browsing directories of onions.

/r/tor and /r/onionsa re good subreddits for this.

http://vault43z5vxy3vn3.onion/wiki is a great source for sites

https://www.torproject.org is where you can download TOR

ImRoreee6 karma

Thanks for doing this AMA it's really interesting to read.

Do people in your real life know about what you do? If so what do they think about it?

darknetsolutions6 karma

Nobody. Or everybody. Depends.

We actually work as web developers for careers, so people do know we design websites, they just don't know the extent and how deep on the darknet our services go. Actually nobody really knows we deal on the deepnet, we think most assume we either get really good pay or have a side company we work for in our spare time (the latter of which is closest to being correct).

DDPMM6 karma

Not too familiar w/ the dark net although I have some knowledge of it. What are the legalities on going on the dark net? I want to explore it but I'm a bit scared tbh. Where would you recommend somebody completely new to it to start and what programs to download and use?

darknetsolutions14 karma

Completely legal. Made by the US Navy to assist in journalism.

If you are scared, just use a Virtual Private Network (VPN), start it and connect, then open TOR. This means that not even your ISP can see you are using TOR.

You should take a look at /r/tor and /r/onions

TOR - https://www.torproject.org
Private Internet Access - https://www.privateinternetaccess.com

tinkletwit5 karma

I am a bit confused. In another comment you said specifically not to connect to the vpn prior to connecting to tor.

darknetsolutions6 karma

I'll try and correct that comment, but the VPn should be started first, then start TOR. This is to hide the TOR traffic (encrypted but ISP can tell it's TOR) from your ISP through the VPN.

TooPoetic3 karma

[deleted]

darknetsolutions6 karma

You'll want your VPN operating first.

Your ISP can tell what type of traffic it is when you use TOR, so using a VPN between TOR and the ISP means the ISP cannot know what type of traffic is going through since it's encrypted through the VPN.

Remember, this setup is for browsing TOR sites only with the TOR browser.

However you could set it up to use a VPN over TOR for clearnet sites, but TOR>VPN is still better for this as well.

swagbucksta2 karma

I have tried using tails. Do you recommend against using tails and a vpn?

darknetsolutions3 karma

We've heard TAILS is not as secure as once thought, but as long as you are not a vendor or doing anything illegal, you should not have any issue using a normal OS (win,mac,lin) and the VPN.

Surgeont5 karma

What music do you guys listen to while coding?

darknetsolutions5 karma

Adam: No much of a coder, but usually jazz or soft rock. Brian: Classic Rock, Oldies Chris: Usually relaxation videos in headphones. Helps me concentrate.

johnnywalker945 karma

Thanks for taking your time for an AMA! I am a Linux System Administrator who has a large background in security and I would really appreciate any questions you can answer.

What actions do you take to protect your users privacy(Web application firewalls, IDS/IPS, kernel hardening, etc.)?

What extra methods do you have to take to ensure the privacy of the IPv4 address?

Do you prefer a specific management panel software(cPanel, Ajenti, etc.) or just plain linux servers?

Can you tell us where you host your sites?

Do you offer email with your services and if so do you use encryption?

Also do you use popular CMSs or do you use plain code? What protections do you take if a customer requests CMSs?

Also do you encrypt your customers files on the web server? Would you feel there is any need to do so?

darknetsolutions6 karma

All server traffic is tunneled through a transparent TOR proxy, so the server couldn't give out it's IP even if it wanted to.
We have PaX, SELinux, and GRSecurity enabled for the kernel.

Other than the tor proxy we also make sure the servers information is not leaked through error pages or any malicious scripts.

We prefer linux servers although we've several inquiries about offering cPanel for clients. Right now it's SFTP and SSH access only.

We can't say where we host the sites.

We do offer email integration, although we do not run a SMTorP service. We can integrate safe-mail and lelantos into users services.

We use both existing CMS/scripts as well as custom code usually built on Bootstrap. We try to enable all possible security features and migrate any JS features to php or css3, as well as providing code optimization for TOR.

We have psuedo encryption, in that the server encrypts important files that customers do not need access to, but we have access to all user files and the encryption keys. Otherwise we'd have a very hard time making sure Child Pornography stays off our servers.

FatBruceWillis5 karma

Are you hiring?

darknetsolutions4 karma

We are looking for additional graphics designers as well as journalists.

treymeister20055 karma

I have always had suspensions regarding price hacks based on IP address from airlines and other goods. I have been temped to go to the darknet to price shop anonymously. Does the darknet even have flights and merchandise available for sale? If so is it at a fair cost?

darknetsolutions8 karma

Eh, I'd be cautious with airfare. I could see the USA turning that into some terrorist plan "Blackmarket Plane Tickets".

But there are travel services and discount merchandise which in and of itself is not illegal on several of the markets.

RoseEsque5 karma

Your awesome! Do you ever want to/hope to expand? If more people will use TORs, would you?

darknetsolutions6 karma

Always. We'd like to get a few decent sized sites to hire us on as regulars, and possibly branch out our resourcing to other areas.

We're always looking for any way to get more people to use TOR, so idf theres a site you'd like to see on TOR let us know and we'll try our best to get it up.

Zermer3 karma

[deleted]

darknetsolutions4 karma

It doesn't seem like it. Odd since reddit is open source.

Mew_3 karma

Have you guys read the /r/nosleep stories on the Shadow Web

Has anything like that ever existed? Or tried to?

darknetsolutions5 karma

Let's jut go with "The majority of TOR users believe that such sites are fake, and for entertainment only".

There are some very scary parts of the deepnet.

TheyShootBeesAtYou3 karma

What percentage of TOR usage would you estimate consists of CP? How about the drug trade?

darknetsolutions9 karma

We believe the numbers are around 40% for drugs and 20% for CP?

No real idea though, just guessing from a really really old report before FH shutdown.

j4jackj3 karma

Do you drink coffee?

darknetsolutions3 karma

All of us do, yep. Adam prefers Cappuccino though.

Ben_walk3 karma

What's the worst you Have seen?

darknetsolutions6 karma

Probably when people come onto public forums for talking about TOR, drugs, helping new membrs, ect. and post CP or gore.

PM_ME_YOUR_SHIT_pls2 karma

Do you get attacket often?Like DDoS attacks? Does police visited you for hosting on the darknet?

darknetsolutions3 karma

Not really, we try not to host any sites that attract malicious activity like Markets.

We are fully anonymous, so even if the police did have a problem with us they wouldn't know whom is responsible.

FUCKADICK21 karma

Would you rather fight 100 duck sized horses or 1 horse sized duck?

darknetsolutions21 karma

Horse sized duck. Bring it Big Bird!

Smekiz7 karma

I would totally go for the 100 horses, birds are f_ing vicious creatures

darknetsolutions8 karma

We are a 3 person team so having 3 grown men kicking 100 duck sized horses is just a cruel site.