A few years ago the police did something similar by running a honeypot site called Hansa [0]; they gained control of the site, but rather than shutting it down immediately, they quietly ran the site for a few months, making changes to it in the background. Then, they siezed the big darknet market at the time, Alphabay [1], which drove everyone on the site, dealers and users alike, onto Hansa.
Before the influx of users, they had modified the site to record a lot of data that a normal darknet market wouldn't. For example, instead of discarding photo metadata, it would extract it for law-enforcement use. They changed built-in PGP encryption software on the site, so that when people used it, it would first record the information entered before creating the message and sending it to the other user, which allowed them to get information like mailing addresses. Instead of hashing and salting passwords, they recorded them in plaintext, which allowed them to capture accounts on other markets when users had recycled usernames and passwords.
The operation, called Operation Bayonet [2], was complex enough that several different law enforcement agencies from Europe and the US were involved. The Dutch police, Interpol, the FBI and DEA etc. It was quite an interesting case.
You can protect against these attacks and maintain your privacy by doing the following:
1. After you take a picture, open that image on your computer and take a screenshot of that image and crop as needed. This removes all camera metadata.
2. Use a program for PGP encryption. Type out your message on Notepad or whatever, encrypt it locally, then paste the encrypted message into the website's message box.
3. Use a randomly generated username and password. Generate a different username and password for each site.
Yeah, this vector was avoidable by individuals who had good operational security, but the operation still got addresses for 10K+ individuals: they recorded around 27K transactions, so that means over a third of users relied on the built-in PGP tool!
Before the influx of users, they had modified the site to record a lot of data that a normal darknet market wouldn't. For example, instead of discarding photo metadata, it would extract it for law-enforcement use. They changed built-in PGP encryption software on the site, so that when people used it, it would first record the information entered before creating the message and sending it to the other user, which allowed them to get information like mailing addresses. Instead of hashing and salting passwords, they recorded them in plaintext, which allowed them to capture accounts on other markets when users had recycled usernames and passwords.
The operation, called Operation Bayonet [2], was complex enough that several different law enforcement agencies from Europe and the US were involved. The Dutch police, Interpol, the FBI and DEA etc. It was quite an interesting case.
[0] https://en.wikipedia.org/wiki/Hansa_(market)
[1] https://en.wikipedia.org/wiki/AlphaBay
[2] https://en.wikipedia.org/wiki/Operation_Bayonet_(darknet)