Dark.Fail Introduces New Guidelines for Market Admins

In an effort to cut down on the use of phishing links and to simplify the verification of mirror addresses for darkweb marketplaces, Dark.fail issued new listing guidelines detailing the requirements for a verified status on Dark.fail. The new guidelines give markets one month to comply.

DarkDotFail, the administrator of dark.fail, contacted appropriate parties (and posted publicly on Dread and on dark.fail) with a list of changes required for a “verified” status on dark.fail. Dark.fail, one of the most popular darkweb resources since the seizure of DeepDotWeb, hosts the most popular list of onion service addresses as well as the service’s mirrors when applicable.

A Tweet by dark.fail Alerting Users of the Change

A Tweet by dark.fail Alerting Users of the Change

A standard such as the one proposed by DarkDotFail will ultimately increase overall security for the end user. Very few market admins will willingly let their market sit in the “unverified” section of the list. And the requirements, known as the Onion Mirror Guidelines, will force the use of a regularly updated and publicly accessible warrant canary alongside the mirror and PGP key verification.


The message posted on Dread is below. A signed and formatted version is available at this link. Another copy is available on dark.fail.


To reduce the impact of phishing and to ease automatic PGP verification of mirrors, dark.fail is now defining the Onion Mirror Guidelines. (“OMG”) Admins that implement this standard show a commitment to user safety by proving ownership of all URLs associated with their site, and by committing to regularly prove control of their PGP key.

Sites which do not implement these guidelines by Dec 1, 2019 will be marked as “unverified” on dark.fail and listed below all other sites.


The Guidelines

Onion Mirror Guidelines (“OMG”)

Version alpha

You must host these text files at all of your .onion URLs:


/pgp.txt - Required - HTTP 200 text/plain

  • A list of all PGP public keys allowed to announce your official mirrors.
  • May contain multiple PGP keys.
  • All keys must be ASCII armored.
  • Do not list a key here unless it is trusted to sign official .onion URLs.
  • Example: http://darkfailllnkf4vf.onion/pgp.txt


/mirrors.txt - Required - HTTP 200 text/plain

  • PGP SIGNED list of all official mirrors of your site.
  • Mirrors must be signed by a PGP key which is in /pgp.txt hosted at all of your URLs.
  • Any line in this file which begins with “http://“ or “https://“ is an official mirror of your site.
  • Mirrors must all host the same content. No related forums, no link lists. Place forums, other sites in /related.txt instead.
  • All valid mirrors must only contain a scheme and domain name, no ports or paths.
  • /pgp.txt and /mirrors.txt must have the same content on all of your URLs.
  • Text which is not intended to be parsed as an official mirror must be commented out with a “#” as the first character on the line.
  • Example: http://darkfailllnkf4vf.onion/mirrors.txt


/canary.txt - Required - HTTP 200 text/plain

  • PGP SIGNED message MUST be updated every 14 days.
  • Can be signed by any key specified in /pgp.txt
  • The message must contain the latest Bitcoin block hash and the current date in YYYY-MM-DD format, with string “I am in control of my PGP key.” and must also include the string “I will update this canary within 14 days.”
  • If you cannot do this you should not be running a darknet market.
  • Example: http://darkfailllnkf4vf.onion/canary.txt

/related.txt - Optional - HTTP 200 text/plain

  • PGP SIGNED list of all .onion sites related to your site.
  • This is where you list forums, link lists, related services.
  • Follow the same rules as /mirrors.txt

The Dread Post - “Admins: Implement the Onion Mirror Guidelines to remain listed on dark.fail.”

Do you really want to comment here? not rules
5a73c2a0 Wed, Oct 30, 2019

bravo dark fail, bravo

135c8fe0 Wed, Oct 30, 2019

Avaris has added the text files to meet the new dark fail criteria.

d170abe0 Wed, Oct 30, 2019

avaris is run by feds

47573000 Thu, Oct 31, 2019

This is a great idea

7231cc90 Thu, Oct 31, 2019

Seems the principal benefactor of all this is going to be perpetrator of the DDoS attacks. Correct me if I am wrong, but this doesn’t appear to be too well thought out. JMO :/

c3ea6730 Thu, Oct 31, 2019

Avaris is known to be compromised by European LE

7420fbf0 Thu, Oct 31, 2019

DarkDotFail is putting his foot down, HARD, and a hearty Cheers! to the man and the next round is on me, who knows, maybe one day we could do it in person but that defeats the purpose of course so I will just say thank you Sir!

7617f480 Thu, Oct 31, 2019

Also if not known yet Agartha is filled to the brim with scammers all working together to fake reviews, ratings, etc, a rats nest if I have ever seen one. Regards to all the honest ones out there - Poppytree (I am around if you look for me)

5446bf30 Fri, Nov 1, 2019

Removed for obvious FUD spreading

98a540a0 Wed, Dec 4, 2019

I’ve been vending on Agartha for a while now and everything seems fine and works very well.

6b56bf40 Tue, Dec 17, 2019

I am so happy to see such dedication. Never forget those guys, they are but a Dream.

New comments are disabled after ten days in an attempt to limit spam.