"14 days running a secret Dark Web pedophile honeypot (and why I now think Tor is the devil)"
Although this project was initially intended to secretly track the activities and behavior of three types of Tor users - those interested in or seeking counterfeiting services, illegal drug products, and pedophiles - the faux-pedophile Tor hidden service struck a particularly disheartening chord with me. First, the pedo site saw magnitudes more traffic than the counterfeiting or drugs websites - in the order of 100 times more traffic than the other two combined.
...Three Tor hidden service honeypots were created, each strongly hinting that illegal content lie behind a secure "locked door". The three websites (drugs, counterfeiting, and pedophilia) were then seeded in the Dark Web spider report described above and flagged so they would never be marked as "offline" or "inactive" in the nightly Dark Web crawl.
...The hidden service websites posed as new hidden service sites that were in the process of "coming online". There was no direct mention of illegal content but it was strongly hinted that what they sought lie behind the curtain. For instance, counterfeit documents were simply referred to as documents, drugs as "product", and pedophile content as "files". Using suggestive site names and promoting a sense of secrecy was all it took to convince users that the content that was locked away behind the authentication system was what they were seeking. Thus, users were encouraged to register in order to see what lie behind the authorization system.
...For instance, after the first five days, the counterfeiting site had 2 registrations while the faux-drug sales site saw six registrations. Both sites saw hundreds of visitors. The pedophile site however, saw several thousand visitors in just five days and brought in over 200 member registrations during its first five days of operation. In addition, the counterfeiting and drug websites saw no additional registrations after five days while the pedophile site continued serving content to over 1,000 visitors each day. By the end of the 14 day test, nearly 600 pedophiles had registered on the website...Potential "members" were told that they must register to access the product (files, chat forums, merchandise, etc.) and that membership was based on five levels. Higher level members were granted more access but to reach those levels, the potential member must complete more and more stringent "tests" to be granted access to the higher membership level and related website content.
...The sites required an email address be used as the username. The reason for this requirement was not disclosed to the visitor leaving them to wonder if an email verification link was going to be used to validate their registration. Out of hundreds of registrations, only a single user complained about having to use their email address to register...The various methods used to capture the user's identifying information were ratcheted up over time. As the days rolled on, more intrusive methods were introduced in an attempt to secure more information about the user while dangling the carrot of "exclusive membership" before them. This period of time allowed a sense of trust to be built between me and the site's visitors. While they may not have liked the more intrusive methods used to secure the site, they seemed to appreciate that someone was taking the time to build a solution that took great care to guarantee their anonymity on the Dark Web.
The scanner is a simple Windows program which grabs network information from the client machine along with the login username, running processes, software installed, and a sample of filenames from the user's My Pictures folder. Indeed, analysis of these items could be used to determine whether a user's machine configuration were secure and worthy of elevated access to the website (in one instance I saw signs of malware running on the user's computer). Not only is the information collected security related, but it reveals without question, the true identity of the user including their PC footprint, Windows username, real name, true IP address, internal network IP address (if on a home or business network), and much more...A small Windows program was written to pop as a small window which displayed "scan progress and results". A long intro was displayed when the program started up. This intro explained what the scanner would do and noted that the user had the option to cancel out of the scan at any time. What was not mentioned however, was that the scan ran while they were reading the intro. The option to cancel merely flagged the scan results as "cancelled" and would have purged them from the database had anyone actually attempted to cancel the scanner program. During its operation, only a single person cancelled out of the scanner (and they quickly returned to run it again to completion)...Around 4-7% of the registered users chose to run the scanner and thus, stepped outside of the Tor network and revealed their true identity...During each of the last five days, about 4-7 percent of the registered users ran the security scan leaking their real name and true external IP address.
...Despite visitors knowing nothing about my new website, I managed to invoke this sense of trust in many of the visitors. One user mentioned not hearing about the website in "the usual forums", my first clue that they operated within their own trusted online communities on the Dark Web...Many visitors offered photos from their "private collection" as a means to bribe me for entrance to the website. They took care to note that the material they were offering me was original. One pedophile even sent me a link to a picture of a "young New York girl" that he took (I refused to click through).
HN discussion: https://news.ycombinator.com/item?id=9849160
Don't be those guys.
EDIT: a throwaway claiming to be a Tor pedophile user says that the incompetence is more like desperation and a lack of any good CP sites these days: https://www.reddit.com/r/TOR/comments/3cpu43/a_pedophiles_statement_about_the_recent_cp/
tl;dr pedophiles jump on any new site, cause they're sick.
drug addicts know where to go, 20 fucking markets, we don't need no more.
don't dl programs from a shady new site.