The cypherpunk movement laid the ideological roots of Bitcoin and the online drug market Silk Road; balancing previous emphasis on cryptography, I emphasize the non-cryptographic market aspects of Silk Road which is rooted in cypherpunk economic reasoning, and give a fully detailed account of how a buyer might use market information to rationally buy, and finish by discussing strengths and weaknesses of Silk Road, and what future developments are predicted by cypherpunk ideas.

The website Silk Road 1 (SR1), a drug marketplace operating in public, needs little introduction at this point, after Gawker’s 2011 article went viral, drawing fire from the likes of US federal Senators Schumer & Manchin. It was probably the single most famous commercial enterprise using Bitcoins; some speculated that demand from SR patrons single-handedly pushed the exchange rate up by $5 the weekend of the Gawker article. It then flourished until its bust in 2013-10-02.

Size Estimates of SR’s size have been done several ways: most purchases entail a review at the end, and reviews are displayed on the front page, so one can monitor the front page and extrapolate to estimate average number of transactions per day or week, and from there estimate turnover and what SR’s commissions total to: eg. ~100 transactions a day over 2 years and averaging ~$150 is 200⋅365⋅2⋅150=10,950,000. “Traveling the Silk Road: A measurement analysis of a large anonymous online marketplace” (Christin 2013) spidered Silk Road for 8 months (2011-2012) and did something similar by recording all public prices, feedback indicating how much had been sold, and calculating a monthly turnover of $1.2m for annual revenue of ~$15m; the difference in estimates seems explained by my estimate of daily transactions being considerably too low. The DHS in November 2013 estimated Mt. Gox alone “was moving approximately $60 million per month into a number of Internet-based hidden black markets operating on the Tor network, including Silk Road” around the time of Gox seizures in May 2013, although this turnover seems too high given other monthly estimates. Another way is to look in the blockchain for SR-related addresses or transactions; one possible address had a 2012-06-23 balance of ₿450,825 or $2,885,280. Since it is unlikely there are ~$3m of transactions active or sitting in wallets that day on SR when the largest previous Silk Road scammer (Tony76)—pulling out all the stops—got away with an order of magnitude less money, this is highly likely to represent Silk Road’s profits or profits plus balances & escrows; which at a commission of 5-10% implies a total Silk Road turnover of >$28m. Interestingly, Christin 2013’s analysis concluded that Silk Road was by July 2012 receiving $92k monthly or $1.7m yearly in commissions (and twice that yearly figure is larger than that address balance—as it should be, being an upper bound). On 2013-04-09, a single transaction of ₿69471 was made by the address 1BAD...GuYZ , and may have been related to the SR cointumbler. For further discussion, see “A Fistful of Bitcoins: Characterizing Payments Among Men with No Names”, Meiklejohn et al 2013.

Cypherpunks Neither Bitcoin nor the Silk Road should be understood outside their ideological and historical context: the now-obscure cypherpunk movement. The “cypherpunk” group was a loose affiliation of cryptographic researchers and enthusiasts centered on the eponymous email list in the 1980s and 1990s who developed many novel ideas and approaches to communication, economics, and politics. Achievements of theirs included developing anonymous email remailers (inspiring the Tor anonymizing network), helping defeat the Clinton-era Clipper chip and setting a key precedent, and helping defeat USA export restrictions on cryptography (key to safe Internet commerce outside the USA; the costs of export restrictions can be seen to this day in South Korea, which locked itself into a Microsoft/Internet Explorer computer monoculture). No event marked their dissolution, but through the ’90s, they gradually lost cohesion and interest as various ideas were successful and others remained barren. (Timothy C. May remarked in 1994 that an acceptable digital currency may take several years to develop, but that he had been that optimistic years before as well; we could date the fulfillment of the dream to Bitcoin—14 years later—in 2008.) Former cypherpunks include large corporations to technological innovation (BitTorrent, descending from MojoNation) to niche groups like transhumanism (digital currency inventor Wei Dai) to activism (EFF, Julian Assange’s WikiLeaks) etc. The cypherpunk paradigm can be summarized as: “replacing centralized systems of interactions enforced by coercion with decentralized systems of voluntary interaction whose rules are enforced by mathematics/economics”. Desiderata for systems include: communications private from all third-parties, anonymous, provably untampered with, and provably from particular parties; social mechanisms like reputation replaced by formalized systems like feedback; and legal mechanisms like anti-fraud statutes superseded by mechanisms such as escrow or bonds (which can be fortified by cryptographic techniques as multiple-party signatures). The ideal cypherpunk system is self-enforcing, self-regulating, and cannot be attacked directly by outsiders because they do not know where it is or how to affect it. Julian Assange et al 2012 write: The new world of the internet, abstracted from the old world of brute atoms, longed for independence. But states and their friends moved to control our new world – by controlling its physical underpinnings. The state, like an army around an oil well, or a customs agent extracting bribes at the border, would soon learn to leverage its control of physical space to gain control over our platonic realm. It would prevent the independence we had dreamed of, and then, squatting on fiber optic lines and around satellite ground stations, it would go on to mass intercept the information flow of our new world – its very essence even as every human, economic, and political relationship embraced it. The state would leech into the veins and arteries of our new societies, gobbling up every relationship expressed or communicated, every web page read, every message sent and every thought googled, and then store this knowledge, billions of interceptions a day, undreamed of power, in vast top secret warehouses, forever. It would go on to mine and mine again this treasure, the collective private intellectual output of humanity, with ever more sophisticated search and pattern finding algorithms, enriching the treasure and maximizing the power imbalance between interceptors and the world of interceptees. And then the state would reflect what it had learned back into the physical world, to start wars, to target drones, to manipulate UN committees and trade deals, and to do favors for its vast connected network of industries, insiders and cronies. But we discovered something. Our one hope against total domination. A hope that with courage, insight and solidarity we could use to resist. A strange property of the physical universe that we live in. The universe believes in encryption. It is easier to encrypt information than it is to decrypt it. We saw we could use this strange property to create the laws of a new world. To abstract away our new platonic realm from its base underpinnings of satellites, undersea cables and their controllers. To fortify our space behind a cryptographic veil. To create new lands barred to those who control physical reality, because to follow us into them would require infinite resources. And in this manner to declare independence. The decentralization is key. Centralization is unacceptable for many applications: centralization means any commercial or political interest can interfere for any purpose, be it rent-seeking or taxation, prosecuting economic warfare against another party, intended to hamper organized crime or terrorism, etc. This fear of centralization is not idle. The ring of power offered by centralization has been grasped on many occasions: ranging from Paypal hampering its competitors to US-led crackdowns on ancient hawala financial systems & Islamic charities in the name of counter-terrorism to the US suing the Intrade prediction market (with the assistance of the Central Bank of Ireland) to credit card companies’ near-fatal boycott of WikiLeaks to Iran’s severe inflation after economic embargoes. Previous centralized digital currencies like E-gold or Liberty Reserve suffered the expected fates, and more pointedly, an earlier online drug market (the “Farmer’s Market”) was shut down and principals indicted using scores of transaction details stored by banks & Paypal & Western Union.

Bitcoin The fundamental challenge confronting any electronic currency is coping with the “double-spend problem”: when transactions conflict (eg. spending twice the same unit of currency), which transaction takes priority? Double-spends are difficult to perform with non-electronic money since you cannot give a dollar bill to one person while simultaneously giving it to another, but trivial with electronic messages. One solution is to centralize transactions: if you overdraw your bank account with 2 checks, the bank will choose one to bounce and one to honor. Similarly for credit card transactions. An electronic currency like Paypal processes each transaction in realtime, so you cannot log into your Paypal account in 2 browsers and send your entire balance to 2 different people. With centralization, there is someone or something which ‘decides’ which of the 2 conflicting transactions will become the real transaction. Centralization appears in many guises in currency systems: cryptographic pioneer David Chaum’s own electronic currency could guarantee complete anonymity to anyone “spending” a coin, solving the double-spend problem by devising things so that a double-spend leaks enough information that the anonymity evaporates, but the math only works with a central “bank” which could be attacked. Chaum’s system never took off, for several reasons, but this centralized point of failure is one. If we avoid the problems of centralization and resolve on a decentralized system, we face a different but equally severe set of problems: without centralization, in a distributed system in which no party has veto power (and any party can be anonymous or a mask for another party), how and who decides which of 2 conflicting transactions is the “real” transaction? Must a distributed system simply allow double-spends, and thus be useless as money? No. The underappreciated genius of Bitcoin is that it says that the valid transaction is simply “the one which had the most computing power invested in producing it”. Why does this work? In the Bitcoin distributed system, there are many ‘good’ parties at work producing new transactions, and they will independently latch onto one of the two competing transactions produced by an attacker and incorporate it into future transactions; the amount of computing power necessary to out-invest those other parties quickly becomes too enormous for any one entity to invest. Within hours, one transaction will be universal, and the other forgotten. Hence, Bitcoin is an acceptable cypherpunk currency: it is decentralized, parties participate out of self-interest, and it is economically infeasible to attack Bitcoin directly.

Silk Road as Cyphernomicon’s black markets The Silk Road (SR) is a website accessible through the Tor anonymizing network. Tor is descended from cypherpunk designs for anonymous email: messages are swapped by servers in the “mix” network with changing cryptographic wrappers, so observers cannot tell what server a message ultimately ends up at nor who sent a message. Buyers create accounts, send bitcoins to SR-controlled addresses, browse seller pages, and order quantities similar to any e-commerce site. (Contrary to descriptions of SR as “the eBay of drugs”, SR is more akin to shopping on Amazon Marketplaces than eBay: there are no auction features.) SR has been covered in the media for years and is still operating successfully, indeed, Christin 2013 calculated a monthly turnover of ~$1.2m for annual revenue of ~$15m from 2011-2012, with daily sales volume: “Figure 12: Estimate of the total amount of daily sales (in ₿) occurring on SR. Each point corresponds to an average over the prior thirty days.” –Christin 2013 The design of SR could be taken straight out of early ’90s cypherpunk—most of the design can be justified in Timothy C. May’s 1994 Cyphernomicon, itself mostly a summary of much earlier discussions. (In an amusing historical coincidence, May happens to mention an old digital currency proposal called… “The Digital Silk Road”.) The SR is an unregulated black marketplace which is: reached via a anonymizing mix network

made up of pseudonymous entities, who

communicate privately and securely via public-key cryptography to arrange purchases

using escrow schemes for payment of sellers only on receipt of goods

said sellers post the equivalent of bonds as surety before being allowed to sell

and buyers publicly rate their sellers (so the marketplace avoids becoming a lemon market) From an economic point of view, several measures serve to make incentives align: SR is paid as a percentage of transactions; hence, it is motivated to encourage as high a turnover as possible, and maintain the satisfaction of both buyers and sellers. This makes SR a relatively trustworthy agent because too much abuse will cause buyers or sellers to leave and cease paying the percentage, especially if there are any competing marketplaces. (This is the same dynamic that kept users on Liberty Reserve before it was shut down.)

Sellers are encouraged to not scam buyers because they will not gain access to bitcoins in escrow and enough violations will forfeit their deposit held by SR

Buyers have limited incentive to scam sellers because their bitcoins are paid in advance and not under their control; SR arbitrates disputes and more than a few bad transactions can lead to their balances forfeited and being blacklisted, limiting their ability to scam large amounts And as far as people outside the marketplace are concerned, there is a network effect at play: the better incentives align, the more buyer and sellers there will be, and they will lead to better selections and lower prices. All familiar economic results about normal thick commodity markets, but perhaps unexpected to see in such an exotic marketplace. Escrow One aspect of the incentives deserves coverage as most presciently discussed by the cypherpunks and underappreciated by users: the use of escrow. Timothy C. May’s chapter 12 (“Legal Issues: Loose Ends: Escrow Agents”) lays out the necessity of escrow when a marketplace uses both pseudonymity and untraceable digital cash: On-line clearing has the possible danger implicit in all trades that Alice will hand over the money, Bob will verify that it has cleared into his account (in older terms, Bob would await word that his Swiss bank account has just been credited), and then Bob will fail to complete his end of the bargain. If the transaction is truly anonymous, over computer lines, then of course Bob just hangs up his modem and the connection is broken. This situation is as old as time, and has always involved protocols in which trust, repeat business, etc., are factors. Or escrow agents. …In steps “Esther’s Escrow Service.” She is also untraceable, but has established a digitally-signed presence and a good reputation for fairness. Her business is in being an escrow agent, like a bonding agency, not in “burning” either party. (The math of this is interesting: as long as the profits to be gained from any small set of transactions is less than her “reputation capital,” it is in her interest to forego the profits from burning and be honest. It is also possible to arrange that Esther cannot profit from burning either Alice or Bob or both of them, e.g., by suitably encrypting the escrowed stuff.) Alice can put her part of the transaction into escrow with Esther, Bob can do the same, and then Esther can release the items to the parties when conditions are met, when both parties agree, when adjudication of some sort occurs, etc. (There a dozen issues here, of course, about how disputes are settled, about how parties satisfy themselves that Esther has the items she says she has, etc.) “Esther” is SR, “on-line clearing” is bitcoins, Alice is a buyer and Bob the seller, but otherwise the logic is clear and unmistakable: lack of escrow leads to a perverse incentive for Bob to scam Alice. We can see the proof in practice. For various reasons, SR provides buyers the option of releasing their funds from escrow to the seller, called “early finalization”; early finalization is one of the leading mechanisms for seller scams on SR. The cardinal example is the April 2012 scam where a trusted seller took the occasion of a SR-wide sales event (where SR waived its fees) to announce unusually low prices, took in hundreds of large orders totaling thousands of bitcoins (the equivalent of >$50,000) but requiring early finalization, withdrew all funds, and never delivered. A simple enough scam, yet highly effective: as May and other cypherpunks pointed out decades before, one should never entrust a pseudonymous agent with more liquid anonymous cash than its “reputation capital” is worth! One can entrust the agent with less liquid anonymous cash (not enough to burn one’s reputation in exchange for), or one could entrust the agent with more escrowed anonymous cash (so they cannot “rip-and-run”), but not both more and un-escrowed (which is paying them to scam you). (This could be helped slightly by providing more information about sellers, like listing the outstanding balance for sellers so buyers can be wary of any seller with an unusually large outstanding balance; but buyers will still be attracted by sales as excuses for finalizing early, and sellers could simply split their activity over multiple accounts. Escrow remains the best solution.)

Silk Road With Tor running and the Torbutton enabled in the browser (along with any privacy mode), we can easily connect to SR; we simply visit silkroadvb5piz3r.onion . (Newbies to Tor might wonder why the gibberish address. The address is derived from the public key of the server, making it more difficult for an attacker to pretend to be the real SR or do a man in the middle attack.) Upon connecting, you will see a bare log-in form: 2011 SR log-in form on the homepage Alternately, you might see an error page like the following; SR is occasionally down for maintenance & new features or temporarily overloaded. Usually waiting a minute is enough, and longer downtimes are discussed on the SR forums. 2011 server error example Click on the join, and you will be taken to another page for registering your account, much like any other site. Invitations are not currently required, although to register a seller account is neither easy nor cheap, see later sections. (I suggest picking a strong password . Learn from the Mt.Gox fiasco.) With your new account, you can now log in and see what there is to see on the main page: The front page, displaying random images of merchandise on offer, categories of listings, and recent feedback posted by buyers At another time And another time Notice at the bottom, below the random selections, is a section listing all the most recent reviews from buyers; feedback from buyers, like on Amazon or eBay, is crucial to keeping the system honest: Seller feedback The stimulants category contains much what you’d expect: 2011 listing of stimulants: Adderall, 4-FA, methamphetamine, cocaine Moving on, we have the section for selling forgeries: Forgery selection

Legal wares Perhaps more surprising are the non-drug listings. They don’t get mentioned much in the usual coverage, but SR has aspirations of being a marketplace for more than just drugs. For example, the collectibles category with its military surplus or replica helmets, or German pretzels, or the ‘services’ category, which has, interestingly, become a way for sellers to offer ‘extras’ with their wares like faster shipping (or just oddball offers, like one offering to write a German prescription for any prescribable drug in Germany): Collectibles category: 1941 Canadian military helmet, reproduction German military helmet, Vietnam War American military helmet Services category: upgraded shipping, manuals, website invitations, homework grading There’s also the book section, with its predictably less than commendable but perhaps not actually illegal wares: Guides to committing illegal activities Although reportedly the book section can also be used to buy books censored for political reasons in China (“Bitcoin bursts: Hacker currency gets wild ride”, AP Digital): One British user told AP he first got interested in SR while he was working in China, where he used the site to order banned books. After moving to Japan, he turned to the site for an occasional high. This is a handy reminder that even if you happen to agree with some drug laws, there are many other laws domestic & foreign one might disagree with (bans of Kinder eggs, extremely costly regulation of venison, sex toys etc). One section that perplexed me when I browsed it was the art section, for blotters: Blotter selection An euphemism for the LSD section? Apparently no—they seem to be genuine little bits of Americana, without any LSD in them, when I looked at one item more closely. (The art doesn’t appeal to me, and it seems like a risky kind of art to collect, but it takes all sorts.) A vintage LSD blotter with artwork on it Besides the mentioned blotter artwork, books, Kinder eggs, and venison, I was curious how many legal goods were available on SR in general. (Also amusing: fig tree cuttings were sold on Atlantis.) On 2013-04-17, I visited SR, archived the first page of each category, and then did some guessing at the legal fraction of the 25 items on the first page for each category. (If there was only 1 page / <25 items, I simply eyeballed what was there.) Evaluating the legality of drugs is difficult because many are regulated differently in jurisdiction (an Englishman can legally import modafinil while an American is breaking the law), are unregulated (analogues), or may be regulated differently based on the exact chemical form (the former American legal distinction between forms of cocaine); hence, I ignored the drug & drug paraphernalia sections. Copyright infringement is counted as illegal (so an e-book counts, but a physical book doesn’t), but hacking tools are not since I am unclear on what hacking tools, if any, are either criminal or civilly prohibited. My results: Category Total items Questionable Notes on items Drugs 8845 100%? Drug paraphernalia 337 100%? Apparel 321 100% Counterfeit or knockoff goods Art 112 8% Blotter art, pornography (copyright infringement) Biotic materials 2 0% Opium tea (apparently legal), damiana (banned in Louisiana only) Books 878 12% Copyright infringement (e-books) Collectibles 13 8% Moonshine Computer equipment 67 0% Specialized but legal software, hardware Custom Orders 82 32% Most do not specify what they are for; 8 are drug-related Digital goods 655 16% Site accounts or invites Electronics 92 4% Counterfeit/knockoff Erotica 612 100% Copyright infringement, site accounts Fireworks 4 0% Food 10 4% Moonshine Forgeries 100 92% Driver’s licenses principally Hardware 33 0% Hard drives, safes, night vision goggles, lockpicks Herbs & Supplements 6 0% Not that I recommend maca root as an aphrodisiac… Home & Garden 9 0% Poppy plant seeds, Gillette razors, Mylar film, electric lights Jewelry 93 96% Counterfeit/knockoff (mainly Cartier/Hermes/Montblanc/Gucci) Lab Supplies 46 0% Glass vials, flasks, mushroom spores, tablet machine Lotteries & games 82 100% Presumably all such gambling is regulated Medical 36 36% Needles/syringes, tablet machine, prescription drugs Money 145 0% Cash, debit cards, bullion, guides Musical instruments 2 100% Beta blockers (when asked, seller said “They were put there over a year ago for musicians to find as they are a very practical musical tool.”) Packaging 49 0% Plastic bags, stamps, heat-sealing equipment Services 81 24% DDoS; username/password cracking; many takers for ‘Common Sense’? Tickets 1 0% ? Weight loss 53 84% Drugs; 2,4-Dinitrophenol, clenbuterol etc Writing 4 0% Drug sampling/review; ghost paper-writing; custom poems/stories Yubikeys 4 25% An Adderall listing (another miscategorization?); intended for two-factor authentication products Extrapolating to all the other public listings and multiplying out the percentages, my table suggests 10709 questionable/illegal products out of 12774 total public listings, or ~83% of SR public listings are illegal goods. (It assumes all drug/drug paraphernalia are illegal, that the first page listing is representative, does not try to assess private listings which will likely skew to illegal drugs, etc.) This is much lower than I expected, but this estimate tells us little about how much is actually bought & sold, how much turnover there is, and what fraction of each are illegal.

Anonymity Well, you’ve browsed through the SR proper. You can also visit the official SR forums at dkn255hz262ypmii.onion . The discussions are indispensable tools for learning about sellers and getting the latest rumors like indicators of FE scams, but the forums are also where official rule changes to SR are announced by the SR administrator. We have window-shopped long enough. It’s time to take the plunge and buy something. Bitcoin developer Jeff Garzik is quoted in the Gawker article as saying that “Attempting major illicit transactions with bitcoin, given existing statistical analysis techniques deployed in the field by law enforcement, is pretty damned dumb.” Fortunately I do not plan ‘major’ transactions, and in any case, I tend to suspect that said statistical techniques are overblown; a few academics have published initial investigations into tracing transactions and examining the larger Bitcoin economy, and have linked transactions to individuals, but as of 2012 have only done so with addresses publicly linked to identities, and not broken the anonymity of people trying to be anonymous. The public nature of transactions means that many interesting connections & graphs can be generated and analyzed. But fortunately, it’s straightforward to anonymize Bitcoin transactions (mixing services ) by a method analogous to the Tor network we are relying upon already: route the money through several intermediaries in several quantities and reconstructing the path backwards becomes nontrivial. My own method was to route 4 bitcoins through Mt.Gox (this was before the hacking, a series of events which confirmed my own resolution to keep a balance at Mt.Gox for as short a time as possible; a retrospective analysis of Bitcoin exchanges suggests that for every month you keep a balance at an exchange, you run a ~1% chance of losing your money), then through MyBitcoin (which at the time was still considered trustworthy) . This was straightforward—sign up for a throwaway account: MyBitcoin (defunct) login page Then deposit to the one-use address: MyBitcoin deposit interface A day or three later, I am tired enough of the game to route my Bitcoins into the last set of anonymizing mixes, SR’s own cointumbler. How do we do a deposit? We click on the link in the profile and see: SR bitcoin deposit form interface No big surprise there—it’s another one-time address which expired at noon, so there’s no time to shilly-shally: SR deposit instructions: send bitcoins to this address etc Once deposits have been made or purchases entered into, one’s profile page begins to look like this: A record of deposits and withdrawals

Finis There is no proof of all of the above—anything here could have been faked with Photoshop or simply reused (perhaps I have a legitimate Adderall prescription). Take it for what it is and see whether it convinces you: argument screens off authority. But looking back, I have been lucky: from reading the forums, it’s clear that there are scammers on SR , and shipments do get lost in the mail or seized or otherwise not delivered. (I do not expect any legal problems; law enforcement always go after the sellers, to achieve maximum impact, and SR presents both technical and jurisdictional problems for law enforcement.) This is inherent to the idea of an anonymous marketplace, but the system worked for me. SR describes it well in one of his messages: Things are going really well here. There are many new buyers and sellers working well together, our servers are secure and humming along, and you may even start to feel comfortable. DO NOT get comfortable! This is not wal-mart, or even amazon.com. It is the wild west and there are as many crooks as there are honest businessmen and women. Keep your guard up and be safe, even paranoid. If you buy from someone without reputation, get to know them really well through pm, and even then be suspicious. Unfortunately it only takes one bad apple to spoil the bunch, and there are bad apples out there. On SR, there are lions and tigers and pigs oh my, but: alea iacta est! Like Bitcoin, SR may live another few months, or another few years, but will it? Like using SR, there’s no way to know but to go.

Future Developments So, we have seen that Bitcoin satisfies an old dilemma bedeviling the early cypherpunks; and we have covered how SR follows recommended design principles in achieving their dream of self-enforcing marketplaces, and then went through a lengthy example of how buyers can rationally order and thereby contribute to the necessary dynamics. The drug market has grown and thrived beyond all expectations, despite an extraordinary—perhaps unprecedented—level of media coverage and transparency of operation. By its mere existence, it lays bare the universality of illicit drug use; by its sales volume, it provides a benchmark for understanding what estimates of the global black market really mean: if the SR has turnover of $20m a year and the black market turn over closer to $100b a year, then the latter is equivalent to 5000 SRs. By its use of public technology (even immature & hard to use technologies) and ordinary postal services, it demonstrates the infeasibility of the long-standing War on Drugs; and by taming drug use, turning it from a violence-prone seamy affair to a smooth commercial transaction, it suggests that there is no necessity for the War on Drugs. What is next? No one foresaw Bitcoin in 2008; and the success of SR in 2011 took many by surprise (including the author) who had assumed that it would quickly be shut down by law enforcement, fall victim to hackers seeking a lucrative payday, or at best devolve into a lemon market with a few overpriced goods. All three of these possibilities still exist; lengthy SR downtime in November 2012 fueled speculation that law enforcement had finally found a viable attack or that SR was suffering a Denial of Service (DoS) attack. SR’s administrator stated the downtime was due to “record” numbers of users; but if large numbers of legitimate users can accidentally take down the site, clearly a full-fledged DoS attack is feasible. A real DoS attack by a single attacker in April 2013 degraded access for a week and essentially blocked all access for ~2 days, prompting SR to suspend its commissions for several days to encourage purchases. But supposing that SR continues to have an annual turnover of millions of dollars of drugs and other goods? Two striking possibilities come to mind. the next development may be “information markets”: darknet markets for leaked data, whistleblowers, corporate espionage, personal information such as credit card numbers, etc. Existing “carding forums” may be a market niche to usurp, as they have had problems with law enforcement infiltration and would benefit from increased security. Similarly, WikiLeaks has reportedly tried to auction off access to documents in its possession, and while the auctions apparently failed, this may be due to defections and severe internal turmoil and not flaws in the fundamental idea. The most extreme cypherpunk proposal was Jim Bell’s “assassination markets” concepts published the 1997 essay “Assassination Politics”: a prediction market in which participants lay bets on when the exact day a particular person will die; when the total bets become large enough, they function as a bounty on that person—inasmuch as a would-be hit man knows when the person will die and can profit handsomely. Assassination markets were to be a weapon against government oppression, but such markets could be used against any non-anonymous but powerful humans. This would seem to be much less plausible than either a drug market or an information market: both drug & information darknet markets are markets which exist offline and online already, with illegal drugs representing a global market best measured in hundreds of billions of dollars of turnover (against the SR’s millions) with scores of millions of drug users worldwide, so cypherpunk-style implementations are in a certain sense just ‘business as usual’ with a very large customer base eager to participate and moral respectability to salve the conscience. Demand for hit men, on the other hand, is rare outside organized crime and governments, difficult for any ordinary person to justify the use of, and usually confined to particular regions such as Mexico or Afghanistan. Further, a large drug delivery facilitated via SR will usually go unnoticed by the world as the recipient has no incentive to reveal it; a ‘large’ assassination, on the other hand, will be global news and may trigger a backlash large enough to take down the site, or in general degrade Tor & Bitcoin to the point where they cannot support large enough bounties on any individual to matter. In July 2013, claiming to be inspired by Silk Road, the pseudonymous programmer “Kuwabatake Sanjuro” (Yojimbo) set up what he claimed to be the first functioning assassination market at assmkedzgorodn7o.onion (2013-11-21 mirror) named simply “Assassination Market”; he publicized it in November 2013 with an interview with Forbes. The obvious interpretation is that it is a scam: while it provides public Bitcoin addresses allowing verification that ~₿150 are at those addresses, and its protocol should allow a participant to prove that they were not paid, none of the targets are likely to die for years, if not decades, at which point Sanjuro can simply steal all the bitcoins trusted to him—it doesn’t matter if participants can then prove they were not paid and Assassination Market was a scam, because he would have made off with more than enough to justify the total effort of writing & running Assassination Market. This raises an interesting observation: a drug DNM can bootstrap from nothing through users risking relatively low-cost transactions like buying $50 of a drug to test the market out, and Silk Road did just this (with Ulbricht reportedly growing mushrooms to sell at the start); but how does an assassination market bootstrap? Murders come in discrete units: someone is either dead or not. Even if AM is for real and there is a market out there for it and it would not be destroyed by any backlash, assassination markets may turn out to be impossible because there is no way to incrementally build up trust between its “buyers” and “sellers”. This bootstrap problem seems like a fatal issue, but there are other problems with attempting to build an assassination market on top of Augur or other distributed prediction market proposals. The ‘host’ prediction market has strong incentive to censor or boycott assassination market contracts because the first serious successful use could easily trigger government counter-attacks in the hundreds of millions or billions of dollars on it (imagine the reaction if a head of state of a G-8 country was assassinated, given the level of EU reactions to some used gun sales on the DNMs…). Such community norms could be easily implemented as a rule that contracts involving any contingency on death (eg contracts on whether a president will finish their term are, in general, a legitimate topic) simply cannot be more temporally precise than 1 year, reducing the leverage available to an assassin. Blockchains may be hard to censor, but they are far from invulnerable, especially given their small sizes in 2016. The assassination market can be effectively shut down by a majority of prediction market users simply voting the opposite of the truth in any contract that seems like it might be incentivizing assassinations, deterring would-be assassins. Even if the blockchain is not able to be censored or DoSed, the assassination market bootstrap is somehow solved, and it begins operation, a prediction market is inherently based on public information and can be spoofed by targets faking their own deaths upon observing spikes in markets on them or spoofed by governments who can simply say a target was killed on the wrong day, wait for all the funds to payout to the wrong predictors, and then announce that the person is in fact alive—indeed, should such markets become highly active, this becomes a lucratively self-funding witness protection program. (Such a strategy also works for actual assassinations: officially announce the death happened a day or two later; the prediction market has no reason to try to question the official death date, but the assassins must now spread bets across an increasing number of days to get any payment.) Overall, I am skeptical Sanjuro’s “Assassination Market” will last very long, and I certainly don’t expect any of the targets to be assassinated. Regardless, 2 key pieces of cypherpunk technology are now in place and already enabling remarkable new systems. Both researchers and digital entrepreneurs may benefit from taking a look back at some forgotten pioneers and re-evaluating their proposals in the light of recent successes.

Post-mortem Recommendations “If you’re gonna play the game, boy, ya gotta learn to play it right: / You got to know when to hold ’em, know when to fold ’em, / Know when to walk away—know when to run.” Don Schlitz, “The Gambler” Watching the fall of Atlantis, SR, and BMR, I have derived some basic recommendations for future darknet market operators (which I do not expect to be popular among them because it’s additional work & some recommendations reduce their potential profits or ability to scam users): data retention policies should be as aggressive as feasible. Data should be deleted the moment it is not necessary. Avoid unnecessary precision; for example, there is no need to keep track of how many orders a seller has carried out beyond, say, 300. Private messages should be automatically deleted after weeks, not months. And so on. use of PGP encryption should be mandatory. One good way is to have the site verify that all address submissions and private messages are PGP messages and reject unencrypted messages. This will annoy buyers & sellers, but this is for their own good. (The libertarians may complain that they should be free to be lazy & endanger themselves, but this is bullshit which ignores the negative externalities of not using PGP: it damages herd immunity.) It may also be a good idea to require sellers to rotate their PGP key every so often, as a partial way to attain forward secrecy. (They would post the new public key signed by the old public key, and then hopefully delete the old secret key.) the DNM operators should specify in advance how long they will run the site, at what level of commissions they will cash out, and precommit to shutting down the site or handing it over to a new operator whenever either condition comes to pass. This enforces compartmentalization, impedes any ongoing investigations or later information leaks, and the operator avoids committing gambler’s ruin and becoming arrogant—where they never stop operating the site, and just keep running it until they are finally arrested. If Ross Ulbricht had passed SR on as he claimed in the Forbes interview, say after he made his first ₿111k, it is likely that SR would not have been busted as soon as it was, he may never have been arrested because he could not be irrefutably tied to operating the site, and he would have had a chance to enjoy his fortune. An old proverb comes to mind: If you must play, decide on three things at the start: the rules of the game, the stakes, and the quitting time. a number of post-SR1 buyer & seller busts seem to be tied to the sellers keeping copies of the buyers’ addresses & information in unencrypted PMs. There is nothing a site operator can do directly about this problem, as they cannot know what goes on in the seller’s computer, but they can at least institute a clear “death penalty” for any seller who reveals a buyer’s address, threatens to reveal it, or claims to reveal it. The site operators of SR and BMR declined to sanction their sellers who did this (eg. MMM/Moramoru on BMR), and thereby simultaneously put all buyers at risk and incentivized police raids on sellers (there is speculation that the SR seller Plutopete, who sold legal products, was targeted because they hoped to seize buyer addresses from him). This does not conflict with the mandatory use of PGP encryption, as if a buyer claims a seller threatened him in a PGP-encrypted message, the site operator can demand the secret key from the buyer—since they’re making the claim, the onus is on them, after all—and decrypt the stored copy of the seller’s message to the buyer. If the buyer’s claims are true, the seller is immediately banned and their Bitcoin balance confiscated; while if the buyer lied, they are banned instead. To incentivize revelation of the sellers’ misbehavior, the site operator can offer as a bounty to buyers whatever Bitcoin balance the seller had. Early Finalization should not be offered as a feature, or if it is, it should be automatically limited only to young buyer accounts or similar situations. A large part of site commissions should be earmarked for hiring penetration testers and security bounties, and de-anonymizing attacks on the site operator. Post on forums that you’re offering a Bitcoin bounty. (Heck, with Bitcoin, you can probably even script up a block which automatically pays—for example, you could announce that you’ve created a dummy user X, with an unknown password Y, which unlocks a bitcoin transaction of 100btc. Anyone who can break into the user database can extract the password Y, and claim the bounty.) Backup withdrawal addresses should be implemented. In particular, the withdrawal addresses should be mandatory for users, and beyond that, balances should be flushed at intervals. The fall of SR caused tremendous problems for many users because they had foolishly let balances build up in SR rather than get around to withdrawing them. SR had an “auto-withdrawal” feature (documented on the SR wiki), but the millions of dollars’ worth of Bitcoin seized on the SR server proves that very few sellers used it. Policies must be exercised or they are worthless. The server architecture must follow a nested virtual-machine in which all market-related software is isolated in a virtual machine and the VM itself is forced through Tor by the host OS, akin to Whonix. Almost no software, whether it be OS or web libraries or HTTP servers, is designed with any consideration towards preserving anonymity, those which are have been audited minimally, and many choose to actively destroy anonymity (Apache error messages and phpinfo() pages happily hand out IP address data, since it’s so useful for debugging, or a feature inherently destroys anonymity, like CMS software which sends out emails). Multiple DNMs have leaked their IP; Ross Ulbricht’s journal notes that SR1 leaked its server IP on multiple occasions, some of which were publicly noted (and FBI agent Tarbell asserts that another such IP leak, in the CAPTCHA code, was what lead them to the SR1 server and from there to Ulbricht himself). It’s difficult enough to assure simple security, one must assume that the server will be de-anonymized at some point, and the only way to ensure that there is no information leak from the OS or server software is to make sure that information is not available in the first place! A gatewayed VM architecture ensures that one does not at least lose anonymity to trivial configuration mistakes or libraries trying to be “helpful”. Source code for the site should be available. Security through obscurity does not work. We learned what SR & BMR were hiding behind their obscurity—a blatant breach of anonymity (DPR’s hardwired non-Tor IP login), and incompetent code with SQL injection vulnerabilities among other issues (BMR’s source code leak). If a site operator mentally quails at releasing the source code—good! That subconscious fear means they have just realized that they have linked their DNM with their real identity, or they left in some detail like DPR’s IP address, or there’s vulnerabilities that need to be fixed. Source code also means that users can verify that many of the security features are in fact implemented and workable (so the site operator would have to be outright malicious to keep more data than claimed, etc). PHP should be avoided. Role-separation & the principle of least privilege: accounts should be locked as buyers, sellers, and staff, and no mingling permitted. Sellers who buy from other sellers using a known seller pseudonym are painting a target on their back. A staffer ordering from a seller is a perfect target for a controlled delivery if the seller is an undercover agent or has been or will be flipped. (If a seller wants to buy, they can simply register a new buyer account like everyone else.) This has been a serious problem thus far: Silk Road 1 was busted due to lack of compartmentalization (a staffer took an order from an undercover agent; Ulbricht bought marijuana & fake IDs, additional evidence against him); at least one Silk Road 1 seller was successfully targeted apparently because they bought from a flipped seller using their seller account (while the flipped seller’s other, normal, customers seem to have been spared; see digitalink); Utopia Marketplace’s entire staff was arrested when an investigation of their BMR activities (based initially on offline sales but adding in their online sales) wound up. A marketplace is naturally compartmentalized and resistant to infiltration—if everyone sticks to their assigned roles.