Notice: /u/alpha02 claims that the information on his Arvixe account is fake here and with that being said, this does not quality as dox on a user because this "personal information" is not a real person's personal information. Mods, if this is still unacceptable please let me know and I will censor out even more of the relevant info.
I recently saw that /u/alpha02 had posted here about the clearnet gateway to Alpha Bay, alphabay.me. He mentioned that he used Arvixe for hosting, which piqued my interest because I've lied my way into full access to Arvixe accounts before.
So I got onto Arvixe's site, started talking to their support staff, and with nothing more than the domain name to start with I was able to get quite a bit of info. For the sake of making sure this post doesn't get removed, the information is censored, but /u/alpha02 can come confirm himself that the informtion listed here is the information attached to his Arvixe account. Here's what I got:
The name on the account - Joseph C*****
The email on the account - joseph.c****.6@****.com
The account username - jobay772
Alphabay.me is a Personal Class service running Linux
I could have easily gone further with this, but in the interest of not going too far down the rabbit hole I didn't. I want to prove a point here but I don't necessarily want to get on the owner of any darknet market's bad side, you know?
Keeping a clearnet gateway (or ties to the clearnet of any kind) for you darknet market is a bad idea because it introduces a lot of different points of failure that are not normally present. For example...
Users
Records of DNS requests to alphabay.me could theoretically be used as evidence against a user of Alpha Bay, or for general dragnet surveillance
You aren't forced to hide your IP when visiting alphabay.me like you are when viewing hidden services which makes for easy dragnet surveillance targets
The clearnet domain could very likely be hijacked through simple social engineering and the URL to Alpha Bay could be replaced with a phishing link
Administrators
Like Sabu, an administrator could forget to use Tor and connect in an incriminating way to, say, the Arvixe control panel
The owners of the clearnet host may cooperate with some big scary three-letter alphabet soup organization and attempt to lay a trap for the next time the administrator connects to update the clearnet page
I'm sure there are plenty of other issues here that I haven't thought of, so feel free to add to the list. Anyway, stay safe out there guys!
Stupid question time - why the clearnet gateway at all?