In recent years, the internet has seen an influx of websites and apps aimed at helping you evade authoritarian consequences for engaging in unlawful activity. Despite this boom, most of these websites remain relatively inaccessible for a variety of reasons, either due to their ambiguous content or due to the activities themselves being flagged.

The concept of operating in a "sandbox" was first introduced by Bruce Schneier in a 2006 paper titled, "Applied Cryptography: Protocols, Algorithms, and Source Code in C." In his paper, Schneier laid out his thoughts on how a program should operate if it were to be used to carry out illicit activities online.

The idea was that if a program or website follows certain rules, it will not be flagged by antivirus programs and most sandboxes. These rules included limiting the amount of network traffic generated, generating new outgoing email addresses, and mandating a minimum number of unique passwords. The last rule is meant to prevent the password from being identified using brute force or dictionary attacks.

While these theories were developed by cyber-security experts in the field, it wasn't until 2009 that they saw an opportunity to put their theories into practice. After the arrest of Ross Ulbricht (founder of Silk Road), numerous "Bitcoins for Dummies" forums began to emerge online. In these forums, users would advise each other on how to obtain Bitcoins and also share anonymous markets like Silk Road.

In an effort to shut down these websites, law enforcement agencies began utilizing new tactics such as social engineering, search warrants and pen registers. As a result, the administrators of underground markets began to crack down on user anonymity by requiring more information from their users (e.g., name and address) and by implementing Tor bridges to confirm a user's location (e.g., by requiring them to post an image of their street). However, the problem was compounded when rogue antivirus programs began flagging important files like Bitcoin clients.

During this period, security researchers began to develop a new breed of anonymous marketplaces based on the ideas laid out by Bruce Schneier in his paper. These markets were designed to keep users anonymous using both legal and illegal tactics. The most important rule that these sites followed was that they never stored any user information, whether it be a name or address. These rules were not just implemented on their software, but also on their communication channels such as IRC rooms and other forums where users could ask questions.

The moderators of these forums would enforce the same rules being followed by the marketplaces themselves. Even though users would not store any personal information, they had to post a real name in order to use the forums. This is due to IRC having been designed by the US government.

As these markets grew, they began employing both legal and illegal tactics to make sure that they could never be shut down due to their irrevocable anonymity. In order to make it harder for law enforcement agencies to track usage statistics (and thereby block markets), new techniques were brought forward such as throwing out user statistics by creating new accounts every few minutes.

‍

Source: Navigating the Vast Ocean of Sandbox Evasions - AlienVault - Open Threat Exchange