A public marketplace for hackers—what could possibly go wrong?

Last November, Charles Tendell quietly launched a website called Hacker’s List. Its name was literal. In this online marketplace, white-hat security experts could sell their services in bite-size engagements to people with cyber-problems beyond their grasp.

“Hacker’s List is meant to connect consumers who have online issues to hackers or professionals out there who have the skills to service them,” Tendell told Ars. “Consumers get bullied online, they lose personal information, they have things stolen from them, they get locked out of things, and they have people post negative things or post personal information. They didn’t have a place to go to be able to get help and make sure they’re getting the right price or the best person for a particular job. That’s what Hacker’s List is for.”

The idea seemed clever enough. Soon after launch, The New York Times found the site and brought a stampede of traffic that initially caused it to go down under the strain. In the six months or so since, Hacker’s List has been running without technical hitches. (The site is also utilizing CloudFlare’s content delivery network nowadays.)

However, controversy has crept in to fill the void left by backend hiccups. It’s true that Hacker’s List’s purpose remains showing the general population that “not all hackers are evil,” as Tendell puts it. His intentions for the site also continue to be noble. But many of the project requests being posted to the site show the message isn’t getting through as the marketplace scales. If anything, it seems that those who now flock to Hacker’s List have largely been people looking for evil hackers to hire. And the site is constantly looking for ways to keep up.

Goldilocks filtering

Whether good or bad, all the attention Hacker’s List has drawn since launch hasn’t hurt Tendell. The founder and CEO of Denver-based Azorian Cyber Security is now also the co-host of a syndicated tech radio show and a frequent go-to cyber-expert for local and national news broadcasts. Tendell insists that Hacker’s List is a separate entity from his business, but he admits that “being on the front page of a lot of things has increased Azorian’s footprint and business.” In fact, the international press coverage may be Hacker’s List’s biggest upside—because it’s not clear how many actual business transactions happen through the site.

According to data on the site itself, only a handful of the enrolled hackers have made any money through Hacker’s List since its November 2014 launch. For most, their earnings listed have been just a few hundred dollars. While there are more than 3,000 “hacker” accounts registered—some representing security firms, others registered to individuals—there’s no way to know how many are active. Some early adopters of the site who spoke with Ars quickly abandoned it as a source of projects when they saw the sorts of requests that started to come in.

Logistically, Hacker’s List acts as a sort of reverse-eBay: customers post projects, then “hackers” bid on them. The customer selects someone for the job based on bids, and—if the project passes as legitimate with Tendell’s team—the site acts as an intermediary. It holds the customer’s payment until a project is done and they have approved the work. This escrow period also assures the person doing the work that the money is actually there. Afterwards, customers can rate the “hacker” based on their performance and write comments that appear on user profiles.

In theory, this checks and balances system is the same mechanism that keeps other user-generated economies, from AirBnB to Uber, honest. But a quick survey of the kinds of requests made on Hacker’s List recently looks a lot less like someone trying to buy a used cell phone and a lot more like someone trying to hire a hit-man:

Read More: A public marketplace for hackers—what could possibly go wrong? | Ars Technica.