How to not build an illegal online store
We had a look at "How to sell drugs online (fast)" and how well it understands the real digital world
A Netflix series from Germany recently set new standards for controversial titles: "How to sell drugs online (fast)". You might want to think twice before you google it at your workplace. But the title makes sense. It is a series about two teenagers who open an online-store for Ecstasy. The story is based on actual events; a student in Leipzig ran a similar store called "Shiny Flakes". Well, I research illegal activities on the web daily (although my focus is on vulnerabilities, hacking and malware), so it was a no-brainer checking the series out. Here are my thoughts.
The story in a few words
Moritz is a loser. His girlfriend leaves him after returning from a year in the US. As he wants to impress her, he ends up with lots of Ecstasy pills, but as his plans don't work, he has no use for them. So, he and his genius friend Lenny decide to sell it online.
It sets in motion dramatic, entertaining and simply weird events, involving shady drug dealers, the police, the womanizer from Moritz' school and much more.
How to Sell Drugs Online (Fast) | Teaser | Netflix www.youtube.com
So, are they getting it right?
The thing with the password
Being desperate at a point, Moritz uses his ex-girlfriend's Facebook password to log into her account. That illustrates an underrated security issue: sharing social media passwords with close friends and family. Especially in relationships, passwords are often shared and then remain unchanged after a breakup. This can lead to stalking or acts of revenge by former loved ones. So, this is a simple reminder to change your passwords– and please keep them to yourself.
Tor is NOT the Dark Web
Well, whenever someone mentions the Dark Web or Darknet, they mean Tor. But there are two misconceptions here. Dark Web and Darknet are not the same thing. The Dark Web is part of the Internet that isn't visible to search engines (the so-called Deep Web), and Darknet is an encrypted network built on top of the Dark Web. You need specific software or tools to access the Darknet. Tor is such an encrypted network, and you need the Tor-browser to access it.
However – and here is the second misconception - Tor is just one example. There also is I2P, Freenet, Zeronet, and many other P2P-based-systems.
Also, the conception is generally wrong when Tor is seen as totally anonymous. Depending on what you use it for and which kind of data you are sharing, it can be as open as the Clear Web.
The crucial element for staying anonymous, no matter if in the Dark or Clear Web is the security of the used infrastructure. If you build your store on a vulnerable system in the Dark Web, it can leak in the same way as in the Clear Web.
My shop, my goods
In the Dark Web, it is unusual that who runs the infrastructure for an online shop also sells the products on it. Usually, such shops systems (such as Silk Road or Dream Market) are run as a service to whoever sells through them – similar to common platforms such as, e.g. Amazon or eBay. The main reason: better anonymity.
Generally speaking, setting up, operating, permanently disguising and running securely such services requires extensive technical know-how, a lot of (criminal) energy and, last but not least, enough money to operate and maintain the corresponding server structures. It is more complex than the simple demonstrated scenario in which Moritz and Lenny ran such a system from their bedrooms.
On a side note, a secure shop doesn't mean necessarily anonymity or security. The addresses of the buyers are known – in the series they were reviewed by Moritz to find out the schoolgirl who bought drugs from him without realizing – plus delivery by post is the weakest point in the process. The latter has led to many arrests in this area.
Not only the series gets that wrong: payments by cryptocurrency are generally presented as anonymous. This is quite wrong. Cryptocurrencies CAN be anonymous; they are not by default. Another simple issue when it comes to anonymity here is that the payout is usually not anonymous unless you have a huge network to do money laundering and use pay-out schemes to hide payout scenarios.
A gun out of the 3D printer
To protect themselves from their homemade problems with drug baron Buba, the two boys create a pistol from a 3D printer. There may be such guides in the Dark Web, but a plastic print is by no means enough to create a proper gun. Not to mention that getting real ammunition is another challenge to solve. So no need to panic about teens printing guns at home.
In a hilarious scene, Moritz unlocks the local drug dealer's computer with a super easy password guess. The police asked him to help with getting to the data on that computer. But seriously: you don't need a user's login password to access data on a computer.
Insecure communication channels
For aspiring young online criminals, they are very naïve in their choice of communication channels. Discord, Whatsapp, Facebook Messenger, Gmail – are all no secure channels. It is very unlikely that someone who can build a secure drug market online would be using these messengers.
Well, that's a BIG topic in that series. Moritz logs into his girlfriend's Facebook account – without consent. Lenny logs into his Mom's email account – without consent. And Daniel posts a photo of him and Lisa, although she had made clear that the picture should not be published. That last one is also positioned as a rather little issue in the series, but it really isn't. Uploading pictures without consent brought us horrible trends like revenge porn. Not cool, not romantic, not funny, Daniel!
The series touches so many interesting social topics – and nevertheless doesn't discuss them. Let's start with the central issue: drugs. Am I the only one who gets the feeling that drugs are portrayed as rather harmless and fun? Where is the critical element? That put me quite a bit off.
It mentions, in a quite impressive monologue, an inevitable disillusionment of the future. A topic that could have been broadly addressed as part of this series – but it doesn't get more attention than Gerda's monologue during the party.
Other societal issues mentioned, but not developed: children and porn, social inequality, the inability of parents dealing with their kids' (digital) life realities.
And well: for a series that so heavily focuses on a relevant digital topic – illegal trade online – it just gets too many details wrong. The lack of technical accuracy makes the story so much less authentic and believable. The producers probably tried to appeal to a too broad audience instead of really exploiting the potential for a smart and exciting narrative which Shiny Flakes' story offers.
But there were things I liked. Printing the chat history in a book – what a lovely idea and also an excellent symbol for the issue that we don't know what happens with our digital heritage. Will it disappear, will it stay? But we know: if we print it on paper, it will survive!
In the end, the whole series leaves me slightly unfulfilled. Certain parts are overplayed; often the series is trying too hard to be different. Nevertheless, I can recommend it - as entertainment for a rainy Sunday.
Have you seen the show yet? Share your opinion in the comments!
Technical Accuracy: 2 out of 5
Story: 3 out of 5
Creativity: 3 out of 5
Entertainment Factor: 3 out of 5
Best actor: Anna Lena Klenke