Examining the Uncharted Dark Web: Trust Signalling on Single Vendor Shops

ABSTRACT

Despite their growing popularity, cryptomarkets generate risks for participants. This has promoted the reemergence of a more personal transaction model on the dark web: single vendor shops. To date, little is known about how single vendors display trust to attract potential customers without relying on the structural trust provided by cryptomarkets’ review and escrow systems. A total of 108 single vendor shops were identified. A coding grid was used to determine whether vendors displayed any of the four categories of trust signals typically found on cryptomarkets (i.e., signals related to identity, marketing, security, and signals that directly express trust). While the majority of single vendor shops were involved in illicit drug dealing, other products such as electronics, weapons, and fake documents were also offered. On average, shops displayed few trust signals. However, variations between different kinds of vendors were found: while vendors involved in illicit drug dealing displayed more identity- and marketing-related trust signals, vendors involved in fraud displayed more security-related signals and signals that directly expressed trust. Differences between vendors might be due to the nature of the products they offer and to the level of competition in their respective markets.

Acknowledgments

The authors have no acknowledgements to make.

Disclosure statement

No potential conflict of interest was reported by the author(s).

Notes

¹ When used as a proof of their identity, a vendor’s PGP key would likely be one of the hardest-to-fake trust signals. We are not aware of research documenting the use of this signal on SVS, however.

² The SVS which used TorShops often included similar information and presented it in similar ways. The trust signals they displayed thus also tended to be similar, even though vendors could modify their SVS as they saw fit.

³ Forums that deal with stolen credit and banking information.

⁴ These stores could be aggregated into one quintuplet (SVS 66, 67, 70, 71, and 91) and four duos (SVS 81 and 86; SVS 79 and 87; SVS 95 and 96; SVS 94 and 97).

⁵ Carders are individuals who are “involved in the trafficking and exploitation of stolen financial data” (Décary-Hétu and Leppänen 2016: 443).

⁶ Some evidence suggests that hitmen services on the dark web are either fake, affiliated with law enforcement, or elaborate scams intended to rob potential customers of their bitcoins (see Volpicelli 2018). It is beyond the scope and the intent of this study to assess the validity of these services. Findings related to hitmen SVS should thus be interpreted in light of this caveat.

⁷ The vendor selling clothes on the dark web also had a storefront on the clear web. Only the dark web version was included in this study.

⁸ Note that three SVS sold two different types of products: SVS 30 sold drugs and was involved in carding, SVS 72 sold banking information and counterfeit money, and SVS 101 sold banking information and electronics. These shops were included in both product categories in Figure 1. The total number of shops thus exceeds the total sample size of 108 in that Figure.

⁹ As noted above some electronic SVS vendors were self-proclaimed carders. While this could have warranted their inclusion in the fraud category, we opted to include them in the other category for three main reasons: 1) we could not confirm whether those who claimed to be carders were truly carders; 2) not all electronic vendors were carders; and 3) the main product of these vendors was electronics.

¹⁰ In order to respect the assumption of observation independence, SVS 30, 72, and 101 were integrated into the category of their main product for mean comparisons (i.e., drugs for SVS 30, and carding for SVS 72 and 101).

¹¹ Finalize Early. This payment method requires purchasers to pay for their goods or services before receiving them. This prevents purchasers from getting their money back if a problems occurs but protects vendors against false claims by purchasers.

¹² Note that the number of trust signals per SVS reported in this section differs slightly from the number of signals examined in Tables 1 to 4. This is due to a different categorization strategy. For instance, while the reasons for starting an SVS were considered as a single signal in Table 2, they were counted as two distinct signals (i.e., avoiding risk and offering better prices) here. Product description was also separated into two signals; text- and image-based descriptions. Finally, instead of counting “cryptocurrency,” “direct transfer” and “WU/MG” separately, which would have artificially inflated the number of trust signals displayed, a more general category entitled “payment method described” was used. If any of these three signals were displayed, the shop was considered as having used this trust signal.

Additional information

Funding

This work was supported by the PMI Impact fund (no grant number) with Prof. Aili Malm as Principal Investigator; Philip Morris International;

Notes on contributors

Dominique Laferrière

Dominique Laferrière has completed her PhD in criminology at the University of Montréal during which she has focused on the link between attitudes and offending, and on the relationships between individuals who offend and their relatives. In collaboration with colleagues from the University of Montréal, she has also been interested in the use of the Internet in offending conduct. Dominique now works as a Defence Scientist at Defence Research and Development Canada.

David Décary-Hétu

David Décary-Hétu has a Ph.D. in criminology from the Université de Montréal (2013). He first started as a Senior Scientist at the School of Criminal Sciences of the Université de Lausanne before moving to his current position as an Associate Professor at the School of Criminology of the Université de Montréal. The main research interests of Prof. Décary-Hétu focus on the impacts of technology on crime. Through his innovative approach based on big and small data, as well as social network analysis, Prof. Décary-Hétu studies how offenders adopt and use technologies, and how that shapes the regulation of offenses, as well as how researchers can study offenders and offenses. Prof. Décary-Hétu is the Chair of the Darknet and Anonymity Research Centre (DARC) that was funded by the John R. Evans Leaders Funds from the Canada Foundation for Innovation. His team collects and studies data from all types of offenders who use anonymity technologies such as the darkweb, cryptocurrencies and encryption. Prof. Décary-Hétu has received funding from both public and private grantors operating at the local, provincial, federal and international level. He has published in leading academic journals and is invited regularly in the news media to comment on recent events. Prof. Décary-Hétu is involved in many partnerships and initiatives including Open Criminology, the revue Criminologie, the Division of Cybercrime of the American Society of Criminology and the Human-Centric Cybersecurity Partnership.