Dread has been down for around a week now, when the captcha is completed it redirects and displays an nginx “502 bad gateway” error. Downtime isn’t out of the ordinary for Dread, but what is unusual is the complete lack of communication from the developers. Typically when the site is facing issues they’ll create a post on their backup subreddit, /r/DreadAlert, however there have been no updates whatsoever regarding the current issue. Again, this is not normal.
One user reported being served a DMS file (I have serious doubts as to the veracity of this claim, DMS is a disk image format used by Amiga systems, but if true this is highly unusual and, while far-fetched, could represent a novel exploitation method):
It’s also worth noting that one of Dread’s competitor sites, Pitch, while not experiencing downtime does seem to have an SSL issue; the .onion icon in the top left shows that the site is insecure. This is not expected behavior for an onion service at all, and it’s also occurring on Dread.
I’m making this post because it seems to me like at this point, law enforcement can compromise hidden services and Tor users with relative ease. Archetyp’s staff were sophisticated and had good OpSec, at least in comparison to most DNM operators, yet they were still unmasked due to cooperation between Western intelligence agencies. If this holds true, then aren’t overlay networks basically useless at this point?
“Your anonymity ends where our global reach begins” - Todd Lyons, acting director of ICE.
I’m probably ignoring some nuance, I could be wrong about everything I’ve said (I hope so), but I just find everything that’s been happening incredibly disheartening. I no longer know what to think, the tools I’m using could already be obsolete and I’d be completely oblivious.