179 darknet vendors and buyers were recently arrested. Europol's self-congratulation: "The golden age of the dark web marketplace is over.”

Meanwhile on the darknet: more markets are online than ever before. Each bust inspires a new generation of admins. forbes.com/sites/thomasbrewste

PGP encrypt all the things. Private messages on any site can be read by admins, and sometimes by their moderators. Don't trust a site to encrypt for you.

I rotated to a new PGP key, an OPSEC safety ritual I practice every September. /canary.txt and /mirrors.txt updated. Key ID: 65C82325B01972C5. Proofs: dark.fail/pgp-sigs.txt dark.fail/mirrors.txt keybase.io/darkdotfail

Today I am rotating my PGP key, an annual practice since PGP does not offer perfect forward secrecy. Don't panic, everything will be signed.

Dark.fail is under a DDoS attack that is largely being mitigated by onionbalance. Phishers profit greatly when we are offline, remember to PGP verify all links and Bitcoin addresses before interacting with them. dark.fail/pgp

dark.fail boosted

In May and June 2020 we found and removed a group of Tor exit relays that were messing with exit traffic. They left almost all exit traffic alone, and we don't know whether any users were successfully attacked.
blog.torproject.org/bad-exit-r

Signal endangers whistleblowers by requiring a phone number. Journalists: stop using it exclusively for tips.

Buying a burner with perfect OPSEC is impossible. Use E2E chat which does not require a phone or expert VOIP juggling: Keybase, Wickr, Jabber+OTR, many options.

Activists: Twitter is not your friend. Many apps will actively try to doxx you in the name of "preventing abuse." Any form you fill can and will be subpoenaed.

Self-host your speech if your voice is important.

USA rioters burned this darknet user's drugs. (by destroying a postal office)

Nightmare Market's exit scam continues three months after they locked all sellers out. Unlike most exits where admins suddenly run with the money, Nightmare has remained online.

Unaware buyers can sign up and deposit, but the admins keep the money and nothing is shipped.

How do we know if Dread is compromised? We cannot yet. Hug has disappeared for weeks in the past. I believe this "deadman's switch" was calibrated to be too sensitive, activating upon Hug being away for three days. Want to use Dread? Always encrypt private messages, obey laws.

Breaking: Dread's admin Hugbunter is alive. He confirmed his identity to me, proved control of his PGP key. Dread remains in maintenance mode. dark.fail/dread

This was satisfying. The ONLY valid link for DarkDotFail is our name: dark.fail Reset your passwords and enable 2FA immediately if you have ever used anything else.

dark.fail boosted

Dread has been online for over 72 hours thanks to Hugbunter's hard work. Two mirrors are live at dark.fail

Dread is somewhat back online at a temporary mirror address issued by HugBunter. Follow /r/DreadAlert for continuing updates. reddit.com/r/DreadAlert/commen

Empire market is back online after hours of downtime. technical glitch? Not an exit but certainly a scare. dark.fail/empire

Show older
Mastodon

Server run by the main developers of the project 🐘 It is not focused on any particular niche interest - everyone is welcome as long as you follow our code of conduct!