I found the screenshot of a hitmen-for-hire service. https://imgur.com/a/6vfcx I wish users could share the coordinates of any item in the map. But it's a really fascinating work. Kudos to the creators!
If there's one thing I've learned from travelling the world: There are contract killers and they can be had for very little money. Where I currently live you could get away with murder for 1 to 10k - depending on who you know.
If there's one thing I've learned through many years of human contact: if you need a thing done, you methodically plan it out, do it by yourself, and don't tell anyone.
There's lots of fake/just-for-fun stuff like that on the dark web. Often people posting emails to troll people who are taking it seriously. Or even more likely an FBI sting.
It's hard to take seriously when it looks like an early 2000s Geocities page. I half expect that "Making Murder for hire easy" to be a scrolling marquee.
But then again I don't know what I'd expect it to look like. Maybe it'd feel even stranger if it looked very refined and corporate with lots of stock photos.
If they're dumb and uneducated enough to be running a hit-for-hire service, they probably hacked the site together themselves; Geocities looked like geocities because nobody had web skills.
I would guess their technical interviews place greater weight on qualities like loyalty and confidentiality than which languages and frameworks their web developer has recent experience using.
I also found one where you can apparently pay for a slave for a certain amount of time and they will bring you the slave ("To do whatever you want with"). Jesus.
Is it me or is that an easy way to make money? Create a "murder-for-hire" website, or whatever illegal service you want, then disappear with the bitcoins.
Why not? They wont go to the authorities and without assistance it's unlikely they'd be able to find an anonymous actor who took the right precautions.
Generally these sites have a system for establishing trust. So when choosing a hitman, you choose one that has already completed lots of hits. They could still take your money and run, of course, but it's less likely.
(So then how do you gain trust in the first place? Payment on delivery, combined with a trusted buyer.)
I've come across multiple; as I imagined, Tor is mostly just guns, drugs and pedophiles - I'm glad they think they've created a critical service to protect freedom of speech ::rolls eyes::
The map is a cool idea though, and maybe it'll help get more horrible people on the law enforcement radar
I agree. My attitude is such because there are no apparent 'legitimate' services - IMHO the few people who really do need such anonymity, is far overshadowed by allowing pedophiles a free arena to exploit kids, or cartels to commercialize drugs and murder.
Since inherently there is no way to restrict the type of services available, its unlikely that any 'legitimate' would change my attitude; there are other ways to share private, or anonymous information.
I don't mean "popular clearweb sites that happen to have an onion address" so much as "legitimate/legal hidden services" beyond just a bunch of secure drops for new orgs.
every one of your obervations was correct (btw I got to know the tabula recta as vigenere square [1])
kcovjgfktgevgf was the key for noqinylndnqysmwfacvjrrfj\n (and \n is indeed endoftheline)
I used an online vigenere chiffre "applet" (ok it is javascript so not really an applet but who cares) and I got an off by one (just define the alphabet as bcdefghijklmnopqrstuvwxyza or use jbnuifejsfdufe as the key)
PS. Without tor you can use [3] and thx for making me waste that 5 minutes :D it was fun
Don't know it isn't my puzzle. Maybe I'm wrong and this isn't the solution and there is still some way to go.
Edit: damn wanted to try the /999 but the site is down (yeah I'm using tor and not the onion.link link) I hope this is just the HN effect and it will soon work again
Edit2: I hoped to find something hidden in the image itself but it wasn't
Edit3: If anyone else wants to give it a shot https://blacklotus.github.io/ uploaded the index.html and vigenere.png (oviously no other files)
In the bottom left of the dark web map there is another puzzle that says to "visit when the :imer (sic) runs out" with a countdown that is at like -2600 days or so. Could be related as a previous or future step of the same puzzle.
It looks less ominous and more of a web-based puzzle to me. I've done something similar for 4chan's /g/ board back in the day setting up a simple puzzle with the "prize" being a bruteforced tripcode that was to Serial Experiments Lain. It was fun for the day and promptly ruined by the 4th or so solver who leaked the tripcode to ruin the little circlejerk that had formed over having solved the puzzle.
It also made me respect people who make complex puzzles. I had to recreate the puzzle several times because I had to create the puzzle in reverse and test that the solutions would work. It took me several attempts to get everything right and in the end the most difficult part of the puzzle was that the font I had used did not differentiate between a capital I ("eye)" and lowercase l ("el") well enough.
E: Here is the timer I was talking about and another page.
Wait until after work to take a look at this one. Even before you agree to the disclaimer a lot of enterprise filters will alert based on the description of the content it hasn't loaded.
If an image containing illegal content is sent to the browser of an unsuspecting user, does that constitute a breach of the law? If a CDN goes rogue and suddenly starts pushing out child porn then is every person whos browser cached that image now guilty? What if they didn't even know it got cached? A very grey area with these sorts of things.
(d)Affirmative Defense.—It shall be an affirmative defense to a charge of violating subsection (a)(5) that the defendant—
(1) possessed less than three images of child pornography; and
(2) promptly and in good faith, and without retaining or allowing any person, other than a law enforcement agency, to access any image or copy thereof—
(A) took reasonable steps to destroy each such image; or
(B) reported the matter to a law enforcement agency and afforded that agency access to each such image.
That may be the case in the US, but FWIW it is not necessarily true across jurisdictions. In the UK, for instance:
> A person who views an image on a device which is then automatically cached onto its memory would not be in possession of that image unless it can be proved that he / she knew of the cache [...but...] the person would also have "made" the image in question. Subject to there being evidence of the act which constituted the making and the necessary mental element, an offence contrary to section 1 of the PCA 1978 is preferable and in most cases would suffice. [...] The charge of 'making' [has been] widely interpreted to cover such activities as opening attachments to emails and downloading or simply viewing images on the internet.
Further note:
> So, for example, in a "pop-up" case, it would have be to be proved [for the act of making] that suspect knew that accessing a website would generate "pop-ups" and that those "pop-ups" would depict, or be likely to depict, indecent images of children
That is far shakier legal ground than I would like to be on, especially for readers of this thread who would presumably be aware of the cache and where it has been hinted that the images may contain at best questionable content.
There’s definitely no assured promise of correlation between transmission of content, possession of content, and true criminal act resulting in harm.
What’s actually transpiring is opportunistic enforcement, whenever there’s a broader perception of necessity to act against an apparently dispicable entity.
This motive alone guides organizations to hunt down and punish anything that would seem obvious to a lowest common denominator beureaucrat, when printed on paper.
The reason these sorts of policies are upheld is to provide the umbrage of an imprecise broadsword, when conducting more surgical operations relating to espionage and counter operations. That’s it.
Someone needs to quietly erase something, and they need to sweep it up with a broad mop, so that no one notices the little smear that needed to go away.
It’s not about morality. Only convenient morality. Deviants are pretty rare, and the population of apparent deviants needs to be magnified, so that certain criminals may be framed to keep their real crimes (betrayal, subterfuge) quiet.
Why on earth would they think posting uncensored screenshots from the dark web would be a good idea? When browsing the dark web you should always be going in with images turned off, before you run into child porn at work and end up in prison.
They say they removed a small number, I’d like to know how many, because scanning over quickly I didn’t see even remotely as much porn as I expected. This is a scan of front pages, but still.
The most interesting thing about this was how the "map" part of it was completely irrelevant. From a quick scan every single large interconnected subgraph contained only completely or virtually identical sites.
They made this map by spidering public onion sites, so you're only seeing sites that were publicly linked to on a site they crawled. You could brute force the .onion address space to get a more accurate estimate of the number of onion sites currently online, but that would take a long time at the speed Tor operates.
The irony being that they made a map of the dark web which contains almost no part of the dark web because they couldn't find it. I, too, can run wget pointed at an onion ring network, and it would be just as unimpressive a result as this ...
SO, that's annoying and pretty pointless. I can't search the HSDir names or the related content per page. I have to manually and visually look at a map. I was curious if my services were on there, as I run quite a few HSDirs. But no way I'm going to look at every image.
This would have been interesting if they either released the data or make the content searchable. Oh well.
Any bridge can see announced HSDirs communicating to it. So technically you can be a bridge and save all HSDirs that are being passed.
This will get your bridges banned by Tor IF they know you're doing that. So the ones who do, stay quiet about it. I'd give it 3 days before their bridge is distrusted and revoked.
What makes it so hard for undercover agents to browse this stuff and make purchases of <insert illegal substance or act here> to nab the seller? Or set up fake services and nab buyers?
It must be a mess. I can't see how people wouldn't be paranoid on here to the point of chilling it.
Undercover agents can buy whatever they like. But smart sellers aren't so easy to identify. There's always a risk in mailing stuff, of course. But Bitcoin can be anonymized well enough.
Buyers are more vulnerable. Many have stuff mailed to their actual addresses. Even if they pay with well anonymized Bitcoin. Some have stuff sent to places that are empty, where people are on vacation, or infirm, and so on.
I haven't heard of fake markets. But investigators have taken over markets, and identified both sellers and buyers.
There used to be a cool site by Harry71 that listed all onion sites. But I suspect that it was trawling hidden service directories, which Tor Project frowns on.
A small oversight in the censoring of the onion addresses: some of the screenshots show websites that list the full address somewhere on it (e.g. 'gunbizme…').
Looks like about 1/3 of everything are the equivalent of "It works!" pages (the huge white clusters and the large cluster of "You made a site on the dark side").
Doesn't mean that there is nothing to be accessed on those servers, though.
