Bad Wolf Hosting looking to move to hosting vendor markets - a cross between hidden service hosting, vendor mall, and blackmarket exchange.

Official Feedback Thread - http://www.reddit.com/r/BadWolfHosting/comments/1owp7e/bad_wolf_hosting_moving_to_marketplace_hosting/


Due to the fall of SR and the security issues of BMR pushed us into shutting down for a month and reading up on TOR Security and making some alterations to our sites code (okay, a very large amount of alteration).

Originally, as you can find on /r/badwolfhosting, we were going to be a .onion web hosting service slated for operation in late 2013. However, now we are looking at becoming a hosting alternative to marketplaces such as the ones that have become quite popular.

More information can be found on our subreddit and the feedback thread, but here are just a few things we'll be offering to vendors:

Those interested can contact us here or at badwolfhosting@safe-mail.net

We also have a subreddit at /r/badwolfhosting


Copy & pasted from the official feedback thread (linked above):
1- Why should you be trusted over other markets and hosting providers?
We don't know of any other service that offers the same as we are, but we are also not competing with other markets. We are technically driven, and we saw the need for a secure platform for vendors. As far as comparison to BMR, SMP, or other single market malls, our configuration is geared more towards vendor independence.
Buyers are not taken lightly - there will be a centralized feedback system for all vendors, as well as vendor specific feedback, escrow, support, and we are even working on a live chat implementation for communication real time with vendors/buyers/support.
With the vendors, we are offering what is basically a small semi-shared hosting account with pre-installed content (modified eCommerce Script) that runs within it's own VM in a host holding up to 32 other VM's.
2- Will an Escrow service be available?
Absolutely. While we are waiting on Budster to release their P2P Brainwallet Escrow in open source, current we are using an implementation of BTCrow.com (also open source) and we will forbid any direct BTC transfers for a certain period of time.
3- Will there be a bitcoin tumbling service?
Partially - no funds will be kept constantly in a tumbler, and any BTC not used within 48 hours will be sent through a tumbler and sent back to the users BTC address.
As far as sales, the escrow service does not have tumbler implementation for inbound coins but all outbound transactions (from escrow to vendor for successful sale, or escrow to buyer upon resolution) are tumbled, so it will be up to the users to tumble any coins that they deposit into their site wallet.
4- How will vendor/user feedback work?
There will be both buyer and vendor feedback.
For buyers, we will have a private vendor forum that will discuss and submit troublesome buyers, and submit buyer feedback that is displayed publicly. If the submission has evidence of buyer malpractice, support will take action.
As for vendors, there will be both centralized and unique feedback systems for vendors. Since each vendor has their own store and essentially their own TOR website, a feedback system that is unique to each store and only contains feedback for that specific vendor will be implemented in each vendors site under a common directory, and cannot be altered or modified by the vendor.
The centralized system will be a basic feedback and review system, although we are looking to implement limited comments so feedback can consist of the action taken by the vendor, and buyers can get a better idea of that specific vendors practices.
A support and resolution system will also be available.
5- Why wouldn't a user just bring up their own hidden service, what convinces a potential client that your secops and technical abilities are greater than theirs?
Most vendors don't want to run their own hidden service that is tied to them, and from our experience most blackmarket vendors do not have the technical knowledge to securely run their own hidden service.
Even if they do know how, most do not want error logs or possible server misconfiguration to reveal their servers information.
As far as the technical and secops ability, we will have much more information on the final approach we take, but at this time we do not have anything to showcase in terms of security.
We can assure you we are not just throwing together code and publishing it, we are troubleshooting and debugging to make sure it's not only secure, but efficient. After looking over BMR index we can say with absolute certainty that our service will be more streamlined and, while there is nothing we can officially say to support this, from the code it seems we have more formal education in that field (IT, Web Dev, Net Security).
6- How will you enforce your no CP rule?
Users are free to report any CP or related content. While vendors may be able to host it elsewhere, we do not allow any type of image uploading service at this time, so any CP (or other files) would have to be hosted off site. If a vendor wishes to upload CP as their product photos, then we'll run into it and ban them as soon as it is reported.
7- Why are you imposing changing rates for different substances?
Because certain vendor levels restrict the amount of markets they can sell to. We tried to classify them based on the vendor demographic of SR, BMR, and SMP - Digital Goods, Cannabis, Drugs, Dangerous Items
eVendors don't need certain services, and the transactions are done much quicker (escrow is much faster since it's instant delivery, or at least should be) so their fee is lower. However, they only can sell digital goods, so they have the smallest market share.
Cannabis only is cheaper for those that only sell cannabis. No need to pay more for something you won't use, and ~70% of cannabis vendor only vend cannabis.
Recreational Substance Vendors have access to all drug markets, but again are restricted to more controversial markets since most drug vendors don't dabble in services or other controversial items.
Unrestricted can sell anything - as you mentioned comparing us to other markets, we did see a small market share for services, non-drug items, and under certain circumstances even weapons. The the form of the latter, we will ban any vendor that solicits weapons or services for the purpose of causing harm (we realize personal defense is actually quite popular for blackmarket sales).
8- Do your personal moral guidelines impact your users or are you banning CP for a similar reason to the now defunct SR?
We, as a group, the entirety of Bad Wolf Hosting, are morally objecting to anything that has to do with the exploitation or harm of another human being, especially a child.
We can assure you if you are looking to host or solicit CP, in any way, using our services, we will ban your vendor account refund all orders.
9- How do you guarantee security when the feds come knocking?
If US Federal Agents come "knocking", they will be in violation of the local laws as our country does not extradite, nor do they allow data access (from what can be controlled) or warrants from the US for our data. Furthermore, we are not an actual registered company, the servers are anonymous (hardware is in no way registered to us, network devices are not registered in any way to us, any revealing information has been stripped from all equipment, all VPN services are in house or paid with tumbled BTC, and any service or items that we require are paid by tumbled BTC), and we have done enough to make sure we maintain our freedom.
10- Are you based out of a country shielded from U.S. reach?
Yes. We do have some members that operate from other countries, including the USA.
This is simply a actual person. There is no equipment (other than a few VPN's we tumble through) that resides in the USA or any territory that the USA has extradition rights to. As far as data screening, we simply assume any clearnet data is going to be piped through PRISM/Other US Program, so encryption is paramount.
11- Will a dead man switch feature be available for the VMs? If so how will it be implemented?
Yes. Everything within each VM is encrypted via AES-256 and then locked, it must be mounted and unlocked for it to be used. This is the same for the host.
We can unmount all VM's remotely and wipe any non-encrypted data (such as logs, RAM, external drives), and this is also done on certain network or physical events that the server may incur.
We also have the ability to remotely wipe all data on all drives, and (time permitting) restore all bits to 0. This option does not have a dead mans trigger, instead the last option is resorted to upon physical breach.
Lastly, the server has security features that "discourage" physical interaction in the event the server location is compromised.


Comments


[3 Points] None:

[deleted]


[4 Points] badwolfhosting:

i2p Support has just been fully integrated.


[1 Points] None:

What is CP?
Edit: Nevermind I believe it has to do with a certain sort of pornographic material.