[OPSEC/Computer] Why are people so unconcerned with the thought of sites being honeypots?

This has been bugging me a little so I wanted to see what people who know more about this stuff have to say about it.

Now there has been plenty of discussion on this subreddit about tor de-anonimization. The general idea is that if someone had enough control over parts of the tor network that they could figure out the IP addresses of tor users. I'm not gonna bother finding sources but you can search the subreddit for some examples.

This has been written off by many here as hidden site traffic never leaves the tor network and even if someone could find your IP, all they could see is that you visited a hidden site, but what about in the case where the same person de-anonimizing you also controls the hidden site? Would this not allow them to not only associate an IP address with visiting the site, but also see all of the site activity by that IP address?

I get that using proper opsec (PGP) means that even if a site is a honeypot whoever is running it can't see the address associated with orders or any communication by that user, but if they could associate an IP address with an account and see that account making orders from that IP address that's as good as having your name and address is it not? A quick subpoena to your ISP and they will have that + more. Even if you are not ordering to the same location as the internet connection you are using, they would still be able to see that someone is making orders from that location, which I would think would be enough for investigation if they decide you are a worthwhile target.

I don't know too much about the technical details of all of this so I'm hoping someone who does can explain whether or not this would be possible.

Stay Safe


Comments


[3 Points] None:

[deleted]


[6 Points] None:

[deleted]


[3 Points] Theeconomist1:

I get that using proper opsec (PGP) means that even if a site is a honeypot whoever is running it can't see the address associated with orders or any communication by that user,

I commented this to aHighNiggaPie, but I'll say again - if LE controls the market, they can certainly swap the vendor's public key with a key LE controls during the buy step. Most people don't compare the keys and if its a new vendor, you won't more than likely know if that's the right key anyway. For vendors I've used in the past, I double check the key presented with the key i've used in the past. Won't work if you've never used the vendor before, but this is a way LE could get around PGP.


[3 Points] throwawaya87:

What is a honeypot I looked it up on urbandictionary and its saying its a vagina.


[3 Points] dilirio25:

[deleted]

What is this?


[2 Points] None:

Tinfoil hat


[2 Points] throwawaya87:

People want their drugs dude.


[2 Points] None:

Every DNM user should treat all markets as if they're compromised as a matter of course. If you follow proper OPSEC it should not matter if you order.


[2 Points] RobotTits:

Do the people who keep saying "honeypot" ever stop to think about the sheer amount of drugs the government would have had to flood the streets with in order to create this "honeypot"? Just think about the sheer amount of heroin, meth, cocaine, crack and prescription pills they've allowed large scale dealers to sell for over a year. Sounds like the best/worst operation ever. Pretty sure they don't need to allow thousands of deals to go through in order for it to be diffident evidence for a conviction.


[1 Points] None:

I just don't see LE running a black market, it does much to good for us then good for them IMO. We know how to not trust markets with our sensitive info anyway, they wouldn't gain much.


[1 Points] PsychedelicTangerine:

Evo = honeypot