Deep web users need to establish trust between each other. The trust establishment on the deep web is extremely important, as some of the transactions are illegal. The remote user has to prove their identity and the other user has to be trusted that they are not a law enforcement officer. For the remote user, the documentary showed that the administrators used PGP ("Pretty Good Privacy") for communicating, primarily utilizing the feature of signing the data sent with a private key and verifying the data received with a public key [1]. This provided a strong way for them to verify identity in an anonymous and effective way.
The more interesting part comes from the second user, the other user. This user has to trust that the administrator is who they say they are. Sellers and customers of the Silk Road understand how much risk they take on by doing the business on the site, so the public and private keys help mitigate risk. However, the most vulnerable part is that humans are involved, and this risk cannot be mitigated regardless of how advanced the available technology is. Humans can unintentionally reveal personal information through exchanging messages about their interests, either real or fabricated for an online persona, or personal beliefs, to further validate their opinions.
With all power concentrated on one account's hand, any defect in this core point will cause the systematic destruction of the entire system [3]. Thus, multiple models of access control, with considering where the permission comes from and raised. Among them, the role control and rule control are among the most used ones. There are some more evolved ways of dynamically giving/revoking permissions that determines permission using history data at the time of operation, which later evolved into an integral system called risk control system that learns normal and riskful patterns to minimize risks. [4]
In the movie, the root admin account can freely access all user data. This made the root account the most interesting and valuable account to the FBI since they could extract evidence about the owner and their communications from this account. However, if history or risk control systems are imposed, the sudden high download volume would block those information from leaked from the account. There are other ways like snapshotting the server, but that is associated with encryption. This is important for company to keep their secrets not being taken away all at once.
Internet infrastructure is built upon the idea of "everyone can freely access anything" [2]. The growth of Internet usage is hard to imagine as it is very popular. Some of this growth is due to Internet crime. Young people who use the Internet are especially vulnerable to entering illegal sites as they do not have the ability to discern between good and bad.
In the movie, one of the drug sellers pointed out in an interview that they will not sell a lethal amount of drugs to a young person or someone they think will be irresponsible with the drugs. Although this drug seller is trying to show that they are being a responsible dealer, it is still inadequate as young people may not be mature enough to understand the ramifications of buying drugs and regret their actions.
References
[1] Mark Adler and Jean-Loup Gailly, An Introduction to Cryptography, July 2005.
[2] Wheeler, Tom. “What Is the Open Internet Rule?” Brookings, 15 Sept. 2017, https://www.brookings.edu/blog/unpacked/2017/09/15/what-is-the-open-internet-rule/.
[3] Access Control Models – UHWO Cyber Security. https://westoahu.hawaii.edu/cyber/best-practices/best-practices-weekly-summaries/access-control/. Retrieved 10/1/2021.
[4] Pereira, Henrique G. G.; Fong, Philip W. L. (2019). "SEPD: An Access Control Model for Resource Sharing in an IoT Environment". Computer Security – ESORICS 2019. Lecture Notes in Computer Science. Springer International Publishing. 11736: 195–216. doi:10.1007/978-3-030-29962-0_10. ISBN 978-3-030-29961-3.