Dread

Dread is a Reddit style forum set up on the 15th February 2018. The site is run by two main admins, /u/Hugbunter and /u/Paris and acts as a darknet alternative to Reddit. Conversation ranges in topics from the status of marketplaces to guides and tips for staying safe on the darknet, with many users coming to the site for daily updates.

Features and topics

Features

On the sites landing page, hot posts from all Subdreads are displayed in order, showing users information that might be found useful. If a specific category of discussion is desired, users can navigate to relevant Subdreads. For example, if the user wanted news relating to empire market, they would navigate to the Subdread /d/EmpireMarket, to only see posts relating to that topic.

Viewing the forum does not require an account, meaning that users do not need to login to access the information. If an account is made however, users can private message other users as well as partake in the community discussion. The main admin /u/Hugbunter, has stated that they do not want to implement paid membership at any point and that

"the service is designed to be entirely free and accessible by all"

Topics of discussion

Subdreads are created by users messaging a Dread administrator, requesting the Subdreads name and explaining the intended topic. If the admin deems that the subject is popular enough, then they will create the Subdread and appoint the user as moderator. As of April 2020 there are nearly 600 different Subdreads ranging from 1 to 143,000 subscribers each. Each mainstream marketplace has their own Subdread as well as many other topics.

Collectable data

User profiles contain the users score, post and comment history with the last two displayed down the main column of the page. The smaller column on the right contains information such as the users subscriptions, trophies, join date and contact information/ PGP key if given. Subdread pages contain a sidebar, which contains moderator input data such as links or information about the Subdread. Below this is a list of the moderators and the creation date of the Subdread.

Security

As previously mentioned, accounts do not need to be created in order to view the forum, however, if one is desired then users only need to input a username/password combo, then complete Dreads custom CAPTCHA to submit the form. A code generator in the user settings menu can be used to verify the user is in control of the account on other services, generating a new code every 60 seconds.

Issues

When an alleged exit scam or market closure happens, marketplaces have been suspected of attempting to censor conversation on forums such as Dread. This would be done to maximise the possible gains by exploiting unsuspecting users.

As a consequence of Dread becoming a hub for marketplace discussion, it is thought that the downtime experienced in dreads service during suspected exit scams, may be more than a coincidence.

If a market was trying to censor Dread, it appears to be through heavy DDoSing of its servers, allegedly due to the exit scam performed by Apollon. This caused the sites admins to implement protections such as rotating mirrors and a custom CAPTCHA.

Custom dread CAPTCHA that is also used by Recon

Even with these protections, the site has often been inaccessible for multiple consecutive days before coming back up, either due to DDoS attacks severely crippling the availability of the site or another unknown issue. Users were patient however, and still used the site to spread the word of what they assumed was an exit scam when it was accessible.

If it was due to a DDoS, the attacks used exploit a specific aspect of the Tor network, as each connection must go through multiple different nodes in order to reach the final server. Meaning that if many different connections are made, it causes a high CPU load on the server and if enough are concentrated into a short period of time, it can permanently take down the service by forcing too many requests, so that legitimate connections can not get through. Some fixes have been proposed by the Tor network however no successful fixes have been implemented so far other than the transition to v3 addresses.

To deal with these issues, in recent months dread has seen some updates. The first of which was changing the main onion from a V2 to a V3 address. This was done for several reasons from security concerns involving malicious HSDirs to more efficient CPU handling of user requests.

According to one of Dreads admins, a neural network was then trained to crack Dreads Captcha. This was used to create accounts and post spam on the forum. To counter this, a new Captcha was implemented. This uses a selection from 5000 different symbols to make the rows and columns, claiming that it would be much harder to crack, however, some users posted their doubt in the comments as the generator was released as open-source. Shortly after this, the so-called “endgame onion service DDoS prevention front system” was released. Which was also open-source, with the adoption on other darknet services actively encouraged by one of the creators and dread admin /u/Paris. The purpose of this “endgame system” was outlined in this post by /u/Paris

Main Features

Fully scripted and easily deploy-able (for mass scaling!) on blank Debian 10 systems. Full featured NGINX LUA script to filter packets and provide a captcha directly using the NGINX layer.

Rate limiting via Tor's V3 onion service circuit ID system with secondary rate limiting based on a testcookie like system.

Easy Configuration for both local and remote (over Tor) front systems.

Easily configurable and change-able to meet an onion service's needs.

Overall these systems main aims are to reduce spam and reduce the likelihood of a DDoS being able to successfully take down a site. This is done mainly through increased filtering of incoming requests and optimisation of the processes that run on the server.

Currently (May 2020) dread is consistently up and appears to not be struggling from DDoS attacks, however, as a large number of users are complaining about the difficulty of the cpatcha, meaning the system may see more change in the near future.

Growth

Dread was initially intended to be a small forum, consisting of no more than 1000 users, basing conversation mainly around security and pentesting. However, with the banning of many marketplace related subreddits such as /r/darknetmarkets many refugee users were looking for a new forum to host their discussion. Many of these users accepted Dread as their new home, setting up their Subdreads and attracting an ever-growing userbase.

Dread accounts over time. The graph above shows the rapid growth that Dread has seen when compared to other darknet hosted forums. What was intended to be a small forum, quickly changed due to the closure of many of its alternatives, forcing it into the limelight with all of the issues that come with it. At its current trajectory (Feb 2020), Dreads userbase should reach 150,000 user accounts by August 2020. However, the rate of growth also seems to be continuously increasing as Dread reached 145,000 users in April 2020 which suggests that it may reach 150,000 users sooner than previously expected. As of May 2020, dread has over 150,000 users, 3 months earlier than predicted.

Updates

As of (17/2/20) Dread just celebrated its second birthday with /u/HugBunter posting an update on the status of the forum. It appears as if the DDoS possibly performed by Apollon has ceased and Dread is back onto its original non mirror address after multiple months.

(20/4/2020) Dread suffered another period of downtime in mid April 2020 with /u/Hugbunter announcing that a neural network had managed to bypass the sites CAPTCHA. To solve these issues a modified CAPTCHA was implemented to try and buy the site some time whilst they added a more resistant solution.

(8/6/2020) Dreads captcha was again updated, this time changing from a grid based dot system to a text based system.

See Also

Intel

Article Metadata