Dark.Fail Introduces New Guidelines for Market Admins

~3 min read | Published on 2019-10-30, tagged DarkdotFailGuidelines using 568 words.

In an effort to cut down on the use of phishing links and to simplify the verification of mirror addresses for darkweb marketplaces, Dark.fail issued new listing guidelines detailing the requirements for a verified status on Dark.fail. The new guidelines give markets one month to comply.
DarkDotFail, the administrator of dark.fail, contacted appropriate parties (and posted publicly on Dread and on dark.fail) with a list of changes required for a “verified” status on dark.fail. Dark.fail, one of the most popular darkweb resources since the seizure of DeepDotWeb, hosts the most popular list of onion service addresses as well as the service’s mirrors when applicable.

A standard such as the one proposed by DarkDotFail will ultimately increase overall security for the end user. Very few market admins will willingly let their market sit in the “unverified” section of the list. And the requirements, known as the Onion Mirror Guidelines, will force the use of a regularly updated and publicly accessible warrant canary alongside the mirror and PGP key verification.
Introduction

The message posted on Dread is below. A signed and formatted version is available at this link. Another copy is available on dark.fail.
Admins,

To reduce the impact of phishing and to ease automatic PGP verification of mirrors, dark.fail is now defining the Onion Mirror Guidelines. (“OMG”) Admins that implement this standard show a commitment to user safety by proving ownership of all URLs associated with their site, and by committing to regularly prove control of their PGP key.

Sites which do not implement these guidelines by Dec 1, 2019 will be marked as “unverified” on dark.fail and listed below all other sites.

DarkDotFail

The Guidelines

Onion Mirror Guidelines (“OMG”)
Version alpha
You must host these text files at all of your .onion URLs:PGP Key
/pgp.txt - Required - HTTP 200 text/plain

  • A list of all PGP public keys allowed to announce your official mirrors.
  • May contain multiple PGP keys.
  • All keys must be ASCII armored.
  • Do not list a key here unless it is trusted to sign official .onion URLs.
  • Example: http://darkfailllnkf4vf.onion/pgp.txt
  • Mirrors
    /mirrors.txt - Required - HTTP 200 text/plain

  • PGP SIGNED list of all official mirrors of your site.
  • Mirrors must be signed by a PGP key which is in /pgp.txt hosted at all of your URLs.
  • Any line in this file which begins with “http://“ or “https://“ is an official mirror of your site.
  • Mirrors must all host the same content. No related forums, no link lists. Place forums, other sites in /related.txt instead.
  • All valid mirrors must only contain a scheme and domain name, no ports or paths.
  • /pgp.txt and /mirrors.txt must have the same content on all of your URLs.
  • Text which is not intended to be parsed as an official mirror must be commented out with a “#” as the first character on the line.
  • Example: http://darkfailllnkf4vf.onion/mirrors.txt
  • Canary
    /canary.txt - Required - HTTP 200 text/plain

  • PGP SIGNED message MUST be updated every 14 days.
  • Can be signed by any key specified in /pgp.txt
  • The message must contain the latest Bitcoin block hash and the current date in YYYY-MM-DD format, with string “I am in control of my PGP key.” and must also include the string “I will update this canary within 14 days.”
  • If you cannot do this you should not be running a darknet market.
  • Example: http://darkfailllnkf4vf.onion/canary.txt
  • Related
    /related.txt - Optional - HTTP 200 text/plain

  • PGP SIGNED list of all .onion sites related to your site.
  • This is where you list forums, link lists, related services.
  • Follow the same rules as /mirrors.txt

  • The Dread Post - “Admins: Implement the Onion Mirror Guidelines to remain listed on dark.fail.”

    Comments (11)


    the anon2019-10-31
    5a73c2a0

    bravo dark fail, bravo

    Avaris2019-10-31
    135c8fe0

    Avaris has added the text files to meet the new dark fail criteria.

    avarisfeds2019-10-31
    d170abe0

    avaris is run by feds

    clownworld2019-10-31
    47573000

    This is a great idea

    3uronymou52019-10-31
    7231cc90

    Seems the principal benefactor of all this is going to be perpetrator of the DDoS attacks. Correct me if I am wrong, but this doesn't appear to be too well thought out. JMO :/

    AVARIS is LE2019-10-31
    c3ea6730

    Avaris is known to be compromised by European LE

    Poppytree2019-10-31
    7420fbf0

    DarkDotFail is putting his foot down, HARD, and a hearty Cheers! to the man and the next round is on me, who knows, maybe one day we could do it in person but that defeats the purpose of course so I will just say thank you Sir!

    Poppytree2019-10-31
    7617f480

    Also if not known yet Agartha is filled to the brim with scammers all working together to fake reviews, ratings, etc, a rats nest if I have ever seen one. Regards to all the honest ones out there - Poppytree (I am around if you look for me)

    Darknetstats2019-11-01
    5446bf30

    *Removed for obvious FUD spreading*

    RevenantChild2019-12-04
    98a540a0

    I've been vending on Agartha for a while now and everything seems fine and works very well.

    bro42019-12-17
    6b56bf40

    I am so happy to see such dedication. Never forget those guys, they are but a Dream.