Home » Articles » How Slur.io Sees the Future of Whistleblowing?
Click Here To Hide Tor

How Slur.io Sees the Future of Whistleblowing?

This article represent the author’s personal views.

One of the attractive qualities of Tor hidden services is the relatively non-capitalistic nature of its domain name system and end-to-end encryption. If you want to set up a secure website on the surface web, you have to buy a domain name and an SSL certificate. Tor hidden service addresses, however, are themselves cryptographic keys which are generated on the user’s own machine. No need to consult any companies and certainly no need to hand over any money.

But that’s not to say Onionland is a pure space untainted by capitalism. Venture in and you’ll find all kinds of money-making enterprises, some more savory than others. I’m not just talking about the famous darknet markets like the first instance of Silk Road and before the exit scam – Evolution. Other examples are Facebook’s Tor-presence, and more recently advertising companies dedicated to serving ads on hidden services.

Introducing Slur

Most striking of all is Slur whose tagline is “you’re going to hate it.” At least it’s honest. Describing itself as an “anonymous marketplace for the selling of secret information,” Slur allows users to upload secret information of any kind and sell it to the highest bidder. The framework uses public key cryptography to ensure that only the auction’s winner is able to decrypt the information and, in case of a dispute, recruits arbitrators to verify that sellers actually deliver the information they advertise. This requires the arbitrators also to be given the decryption keys.

This consumer-security is achieved with libbitcoin, a set of C++ Bitcoin libraries notable for implementing multisig, which Bitcoin Magazine explains in detail here. In short, when a customer pays, the money is first escrowed to a trusted party but the seller can see that they have paid; when the customer receives the goods, they give confirmation by signing the transaction with their private key. The seller also signs the transaction to confirm that they have received the payment. Libbitcoin uses elliptic curve cryptography for this.

Slur justifies itself as follows: “It’s estimated that 5% of the general population are psychopaths. Introducing financial incentive in an anonymous framework will produce a greater yield of leaked information than from say the ideology that drove patriots like Edward Snowden.” Regardless of whether its motivations are lofty or sinister, it is questionable at best whether making sensitive information – public interest or not – available only to the highest bidder will increase government and corporate transparency.

A force for good?

With proclamations like “We see disruptive technology as a counterbalance in a class war” Slur.io makes a convincing case that the developers really see the Slur framework as a levelling force in a world of inequality. However there is a danger that this platform will divert important information like what Edward Snowden disclosed away from the world at large and into the sole hands of Bitcoin millionaires.

Although Slur is not operational at the moment, consider the following: the US government has seized the assets of a number of dark market admins who amassed fortunes in bitcoins. If a cache like Manning’s or Snowden’s appeared on the Slur marketplace, who will have the most buying power and incentive to leverage that power? Where Wikileaks democratizes information by making it available to everyone, Slur provides a way to capitalize on it, making it available only to the rich. While there is a chance a good-hearted person may buy public interest information and release it to the world, it seems more feasible that Slur would simply provide powerful factions with a way to suppress unfavorable leaks by winning the auction themselves.

A better choice for disgruntled employees of powerful organizations might be one of the many decentralized PasteBin clones similar to DoxBin which was taken down as part of Operation Onymous. This way, you can ensure the information actually gets out. Another option could be many of the SecureDrop sites run by news organizations. Admittedly, these may not appeal to the “psychopaths” who want to profit from their leaks at whom Slur is aiming itself.

The Current State of Slur

And despite the big talk, Slur has yet to be released. The developers behind Slur, the u99 group, have a page dedicated to updates about Slur. It is currently empty. u99’s Github for Slur contains only a license and a text file containing the word “Slur”.

For the time being, the “psychopaths” Slur hopes to appeal to may be better served by Darkleaks, an almost identical but much more mature project by the creators of  Darkwallet. Already operational, Darkleaks can be downloaded and compiled from Github, allowing users to access their Tor-based market for information through a dedicated client. The verification system is slightly different – Darkleaks divides the uploaded information into segments and makes publicly available one randomly selected piece in advance to prove the information is what it claims to be.

7 comments

  1. You failed to mention 1 other problem: people selling false whistle blowing info to make money.
    This whole concept is fatally flawed. Info revealed as per snowden and assange were for the purpose of creating awareness about the amorality of governments. People seeking monetary gain and selling to unknown interests with deep pockets is the complete opposite. It is only about financial gain – on both ends. That isn’t whistle blowing. That is just selling sensitive info.

  2. This has huge money making potential for customers and sellers. Think about it: What if you work for a company that has given you sensitive info? Any time information is kept secret, its because people can and will abuse it. This will also give people a money incentive to obtain sensitive info. This website has SO MUCH FUCKING POTENTIAL. Please dont fuck it up people.

  3. It could also create icentive for groups with that sensitive info to set up traps. They themselves could place a bid on info. If they receive it then they know there is a mole or rat or patriot or saboteur in their midst. They could then go about finding said moleratpatriotsaboteur and give him a trial about as fair as DPR’s or the 1 Snowden would have in the U.S.

  4. and how would we know anybody would put valuable whistleblowing info on there. Most likely people would sell illegally obtained incriminating dirt that media interests would scoop up. That could be doxx info, medical info etc. Somebody could sell Assange or Snowdens exact whereabouts to the CIA.
    Ninja is an idiot if he doesn’t see all of the possible problems

  5. First off, How do we know the same info isn’t being uploaded twice if neither party (seller, buyer, or escrow) can see the information before it is uploaded?

    Secondly, I highly doubt anyone working for a fortune 500 company will be willing to leak info about their work to anyone else and risk their job. Sure it may be anonymous, but if the author of Slur.io doesn’t know yet. When working for a fortune 50 company the information that is sensitive is highly quarantined to a few individuals. Making it easier to find out exactly who leaked the information. Yeah nice way to violate employment contract, become unemployed, and lose an otherwise very good recommendation from previous employer.

    I think this ‘market’ has absolutely no potential, because as an employee of a large tech company I don’t see anyone leaking information about the projects we are working on. No one will use this and it will drop off the map. Its all bad. And not naughty bad. Its a bad idea that I see no one using. Snowden leaked docs because he felt an injustice was being done. He wouldn’t have taken money for it EVER. He is far to big a patriot to give a crap about getting paid. Employment is a very secure thing. Don’t bite the hand that feeds, especially if its the same hand that will smack you across the face.

    The founder/developers of Slur.io should do something useful with the resources. Plus “Your going to hate it” should be more like “You’ll lose your job.”

    • Thom

      Yeah. I don’t see any potential in getting fired. only a handful of people have sensitive info within a company making it very easy to spot the mole.

      As an employee of a large tech firm, I can say. Our projects are sensitive because they are under development. That doesn’t mean they aren’t still protected by patents and other intellectual property rights. Those are secured even before we start to work on something. Imagine a company paying 100 billion dollars for some sensitive information only get a class action lawsuit for patent violations once it has been developed and deployed. Now that would suck, and more than likely the company buying the info will not only never return but probably be sued out of their stuffing.

  6. Of course there is a market here. Some have already put out similar systems.

    Having a binary bet system of release/destroy would probably be best. Trusting the destroy would be the hardest. Criminals return to shake you down if they can.
    If they knew how to generate money and earn, they would not be criminals.

Leave a Reply

Your email address will not be published. Required fields are marked *

*

Captcha: *