Tor admins and cyber researchers rely heavily on this site to disseminate links in the wake of DeepDotWeb’s takedown. DDoS attackers seem to love it too as some sites change their .onion URLs ~hourly. Interesting how all sides of a battle can find a simple verified link so useful.
Addresses are changed when the DDoS takes one down. This mean's the attacker's (usually automated) resources are wasted on a domain no one will ever visit again, while users will just visit dark.fail and get a new link 15 seconds after the site goes down.
At the beginning of the DNM large-scale DDoS attacks (Empire in particular), there was panic, confusion, and a whole lot of phishing. As another commenter noted, Empire users have now been trained (or learned the hard way) to visit dark.fail, copy/paste a mirror .onion address they've never seen before, verify it as legitimate through the various captchas/pgp/safeguards on the Empire login page, and then enter their username/password.
Sure, it's frustrating and complex the first time - a heck of a departure from cookies and 'sign in with google' buttons. But after five or ten times, it's just the way you log in to the website, and it takes an extra 60 seconds tops.
Not saying this is the only/best solution to a dedicated onion DDoS - just sharing that it's been working for Empire.
Yeah, and nobody would know about the new URL, effectively having the same result as a successful DDoS. On the other hand, notifying your users of the URL change will also notify the attackers.
I've seen the response to DDoS mostly be a multiple public URLs, but it seems the results varied greatly, and since these operations are typically very secretive, they won't publish a lot of information (is the ddos still active but they are mitigating it? has the ddos stopped because they mitigated it? have they paid the attackers? etc).
Whomever runs this site is doing a great service to the public. There's got to be a non-trivial amount of effort involved in manually verifying links and preventing the list itself from being compromised/DDoS'd. Kudos to you, dark.fail admin!
Lost 100$ to phishing site back in the day when testing blockchain analysis on my AlphaBay deposits, I deposited into a phisher's wallet and ended up watching that on the blockchain instead with no withdraw ability. I should have PGP verified link. This DarkDotFail guy is honest for now but time will tell. Tor is wild west with PGP the only way to really know anyone is who they claim.
He verifies before adding & has good track record doing so honestly, but yeah it would be better if he posted all of them openly.
Most .onion sites host their public key at /pgp.txt, some host mirrors at /mirrors.txt . Empire Market for example has a /safe URL which signs the current URL to prove it is official. Most users don't do it though and trust this site to do it for them instead :/
Why would you violate your users' privacy just because of the network they are using? Many activists use sites listed here, including ProtonMail, Keybase, DuckDuckGo.
If you're so happy to help USA law enforcement without a subpoena it's a very good thing you didn't build Facebook or Twitter.
I'm not trying to be a dick and you're obviously free to do what you wish (in case you wonder, I have not downvoted you). But this attitude has absolutely ruined the web. Despite all the improvements in web technologies, browsers and even bandwidth, I have noticeably more difficulty consuming good information today. This is 100% because of lax attitudes to user privacy.
A few months ago, I had someone tell me on the programming subreddit that, while they were very concerned about privacy and Google Chrome, they tried Firefox but went back to Chrome because (and I am not making this up) the font kerning in Firefox was slightly suboptimal in certain situations.
That's what we're fighting against. This was someone on a technical forum who understood the privacy issues at play. But they valued their own privacy so little that they were willing to trade it for slightly improved font kerning. In short, I worry that we're well and truly fucked.
I think what you're really seeing is how much people value a good user experience, not how little they value privacy. Killing it on the UX end has always been a thing that OSS projects and software has struggled with and lack of growth there is, IMO, part of what has gotten us to where we are.
Even if they had your IP address, they would not be able to track which sites you are visiting on the onion network anyway. You could just be visiting the CIA's Official Onion Site.
I don't know how someone technical could think the FBI cares about some random IP addresses visiting dark.fail. Do you also think the FBI uses their VB.NET GUI to cyberhack-backtrace this IP address list to arrest people for the pre-crime of looking for DDG's/BBC's .onion site?
Having a list of people who visited the site (possible via DNS records) is definitely a way to drastically narrow your suspect pool. Now you don't need to be a global passive adversary - you just sit on the links used by the "bad" people.
