rdarkHow tordark Verifies Addresses
How tordark verifies addresses comes down to a single principle: trust the signature, not the reputation. An address is only published here after it has been confirmed against the cryptographic key that its operator uses to sign announcements, because a key cannot be faked the way a familiar-looking page can. This page documents that process in full, so readers can run the same check themselves rather than take any result on faith.
The verification process
Verification proceeds in a fixed order. First, the operator's public key is obtained from more than one independent source, so that a single compromised source cannot substitute a false key. Second, the key is imported into standard tools such as GnuPG. Third, the operator's signed statement is retrieved and its signature validated against that key. Only if the signature is valid is the address it vouches for treated as genuine, and the date of the check is recorded alongside it.
The three source types
Background research behind each page draws on three categories of evidence, ranked by authority. Public law-enforcement and court records sit at the top, providing dated, citable facts — the U.S. Department of Justice's account of the AlphaBay takedown is the kind of primary record meant here. Academic and protocol documentation comes next, defining how the underlying tools are specified to behave, from the Tor protocol specifications to the OpenPGP standard (RFC 9580). Established security journalism follows, supplying context and corroboration from outlets with real editorial standards such as KrebsOnSecurity. A claim that cannot be tied to one of these is written with its date attached or not written at all.
Why signatures, not status
A service being reachable proves nothing about whether it is authentic or safe, and history is full of examples where a normal-looking service was anything but. A valid signature, by contrast, is mathematical evidence that a message came from the holder of a specific private key. That is why this project anchors trust in cryptographic proof rather than uptime, appearance, or third-hand reputation. Appearance can be cloned; a signature cannot.
What this project will not do
tordark does not publish unverified addresses, and where a confirmation is outstanding it says so plainly rather than presenting a guess. It does not claim continuous monitoring it cannot perform, and it does not assign live status indicators, because an honest result requires a date and a method behind it. When a verification cannot be completed, the absence of a confirmed result is itself the reported finding. Readers can review the project's wider editorial standards.