What? Absolutely not they are hosted via TOR so that you can't do what others here seemingly already did and pinoint your and the servers location. They are setup to point to 127.0.0.1 / localhost so that no traffic from the regular internet can touch them and all traffic must come from within the TOR network. It has nothing to do with bulletproofing the domain/DNS.
It absolutely means you are more secure, a smart person would host their site on an encrypted VPS/server with the site running within it and receiving no requests from regular internet traffic.
Similar to how people sandbox their TOR browsing/work in a Virtual Machine that is set to block/receive zero non TOR traffic, you then encrypt that folder so your entire environment is isolated. Or better yet just Full Disk Encrypt your entire drive. This is similar to how DNM's are run so the hosts can't poke around as its typically still on regular hosting before it is setup to only communicate with Onion traffic.
Just by that response alone I would put into question your overall security or maybe you're just the PR guy.
I'll be the first to admit I'm no expert on the exact way Darknet markets are ran, so I appreciate the insight you provided. Please keep in mind, we're
not a darknet market. We
don't sell narcotics, stolen credit cards, etc. There's a lot less heat here, so to speak.
Fortunately, you don't have to take my word for it.
There is a
long history of steroid websites on the clearnet (we're on one). There's plenty of clearnet PoS sites around, and they've been around for years. Not to mention the forums that have been around for decades.
Hell besides forums and PoS sites, the email services everyone uses have, for the most part, not cracked down on steroid-related criminal activity yet.
Sure, forums are just discussion-boards and arenas for free speech, but people are selling and soliciting scheduled substances here, it's
not just casual conversation.
To reiterate the security stuff:
- Shipping info is encrypted in transit and at rest
- Shipping info gets automatically deleted when vendors mark your order as shipped
Don't trust any of that? No problem, use PGP. We've made it easy.
I'm
not claiming it's on the level of a darknet market.
I
am claiming it's better than U.S. hosted forums, email services that comply with gov requests, and wordpress/prestashop websites.
I agree with you that in an ideal world we'd all be buying steroids on the darknet, or at least take advantage of Tor and PGP in a more widespread way. Hopefully we can push the use of PGP, at the very least.
Thanks again for the write-up. It was insightful.