News Feed
  • DrugHub has agreed to fully refund all users who lost money in the SuperMarket exit scam.  
  • Retro Market has gone offline. Circumstances of the closure unknown.  
  • SuperMarket has closed following an exit scam by one of the admins.  
  • The admin of Incognito Market, Pharoah, has been arrested by the FBI several months after exit scamming.  
  • Silk RoadTorhoo mini logo
  • darknet markets list
  • Popular P2P exchange LocalMonero has announced it is closing.  

Identification by coding style? : programming | Torhoo darknet markets

I'm thinking about maybe running my own pet hidden service just for fun and coding it all from scratch, strictly no dependencies, frameworks, etc, on the lowest possible level (well, not using an assembler xD). So far, I can't tell I'll get somewhere with that.

But if I do, it might be tempting to share the code, e.g. there's Darktea … but then I read about people being identified by the code they wrote.

Of course, you reuse stuff you wrote earlier, but you also reuse stuff written by others … What do you think, how realistic is such a scenario? Given you already opensourced other things in the clear, should you better keep anything you write for operating a hidden service to yourself?

This is not about malware, where a lot of analysts have a deep look at what they found – but still unsure.
/u/Paris A ⎝⎝✧GͥOͣDͫ✧⎠⎠
3 points
3 years ago
This is the same kind of idea behind forensic linguistics. It is 100% true that the way you communicate can be used to corroborate who you are. You can speak certain ways in code too just the same.

The issue with this kind of thinking is that it's really only surface level. It's not enough to prove that an alias is attached to a person just by the way they speak. Knowing the fact that people might be watching, it can be used as a tool to separate your alias from yourself. For example I have common random typos or grammatical errors I do on this alias I never do in RL. The same can be said about how you lay out your code. One of the reasons why you would want to use a public and popular framework and not create your own.

If you create it locally and don't publish it publicly you are going to be safe.
/u/sstanl 📢
1 points
3 years ago
One of the reasons why you would want to use a public and popular framework and not create your own.
Makes sense in that context. But I want to try to build only upon BSD sockets, partially for the fun doing it, partially for the operational stability you could gain depending on nothing but the OS you're running on… It's well possible I'll never finish that (so far got a poc answering any crap with a valid hard-coded HTTP/1.1 response, haha), but if I do, sharing would be nice. But then
If you create it locally and don't publish it publicly you are going to be safe.
I guess it will be that way anyways. Any kind of sharing obviously indeed bears the risk researchers could determine who's operating that service…
/u/sinister6
1 points
3 years ago
thats only possible if you like to make your code public with your name attached to it on the clearweb. Try changing it up by using a code beautifier.. that will change the whole structure of your code while it is able to work the same as you previously wrote it
/u/erkboz
2 points
3 years ago*
It is not that simple.
For that machine learning is used.
The algorithm not only looks for stuff like code formatting,but also for the idioms an paradigms you use. OOP vs functional...etc.
Researchers claim the style analysis even works on compiled code.

Can't provide links, bc all I found are blocked for tor or require javascript.
/u/sstanl 📢
1 points
3 years ago
Hmmm, that's only "cosmetic" but might still be an idea, at least it makes automatic comparison on the source level harder.

I assume there are a lot more "tell tales" though, like the naming conventions you follow, how you structure modules and shape your internal APIs, how you manage resources, etc etc.

OTOH, doing such research seems like a LOT of work, would any1 do that on code that's NOT malware? Maybe cosmetic changes (indentation etc) would suffice indeed?
/u/martinatchet
1 points
3 years ago
A beautifier? Why not a code obfuscator? That seems like it'd way more effective cause it removes any kind of consistent formatting you do (like say you use some weird idiosyncratic indentation/formatting style) as well as obfuscating variable name conventions etc.
/u/sinister6
1 points
3 years ago
why not both of them? no need to only use one
/u/martinatchet
1 points
3 years ago
Sure I guess, though using an obfuscator would more or less nullify whatever formatting a beautifier enforces. But I mean to make your source code readable (to yourself or whatever group of people you develop with) use one for sure.
/u/Grazelda
1 points
3 years ago
I've always felt that the detected patterning comes more from comments/comment style, and from naming conventions of the routines. Aside from that code is code is code...
/u/floatingpoint
1 points
3 years ago
If you follow standard best practice, then the chances of identification are lowered. However, unless you have a bunch of code already public on the web that is directly linked to you, there wont be many examples of your coding style to compare to.
  • Sponsors
VigorSwap Instant Crypto Exchange
FraudGPT

  • Explore Torhoo!

© Torhoo! 2025

All links are for educational and research purposes only. Torhoo! does not vouch for any site.

Advertise on Torhoo