Check out the on-demand sessions from the Low-Code/No-Code Summit to learn how to successfully innovate and achieve efficiency by upskilling and scaling citizen developers. Watch now.

It’s no secret: Instagram has a drug problem.

Through my own reporting and that of others, it has become clear that a large and active drug trade has emerged on Instagram, the service Facebook paid a billion dollars for two years ago. With a quick hashtag search you can find anything you want, be it stolen, extracted, grown, prescribed, synthesized, or harvested.

After that story broke last year, Instagram blocked a handful of specific hashtags from appearing in searches. But thanks to the infinity of drug street names (and Instagram’s weak response), the trade is as public and robust as ever. A recent roundup by the Coalition Against Drug Abuse, though unscientific, is interesting because it indicates that this drug market is well known even to low-tech nonprofits.

Still, who would be dumb enough to try selling drugs this way?

Smartphone data is packed with specific information that touches cell towers and can be triangulated. Indeed, plenty of less-careful sellers have geotagged themselves into handcuffs. Virtual private networks (VPNs) for iOS and Android devices offer relative anonymity, but Google Location Services, for example, transmits the SSIDs of in-range wireless networks. If you’re using cell-based Internet, even with a VPN, the device can transmit cell tower identifiers. Using a phone is risky, so the pros don’t.

Instead, pros use a variety of tools to evade detection while conducting their business in public.

A source with direct knowledge of Instagram’s drug trade sent me a document that lays out the process to circumvent the app’s mobile-only posting restrictions. It’s deceptively simple. It’s also perfectly legal (except for the actual “selling drugs” part).

  1. Start with a new laptop. Cheap is fine.
  2. Install and run Ubuntu.
  3. Install VirtualBox, which lets you use a “guest” OS in a window inside your computer’s main OS without making it vulnerable. This sandbox environment is generally used for safely testing apps and software or running old software that isn’t supported by a current OS.
  4. Download and run an Android OS emulator in VirtualBox. We won’t link directly to that part, but essentially you’ll end up with an Android OS running in a window inside your Linux system.
  5. Download a VPN. At approximately $50, an annual subscription is a steal, especially if you’d like to safely sell drugs directly to Instagram’s massive audience.
  6. Inside the Android emulator, connect to the Internet via the VPN.
  7. Use the emulator to download the Instagram app.

That’s it.

The end result is a burner Instagram account on a burner “phone” connected to the Internet somewhere far away, all sandboxed inside a burner computer. A cheap laptop, some moderate Googling, and an afternoon will give you a cover that’s very unlikely to be blown.

This system, used alongside Bitcoin, untraceable prepaid debit cards, Kik, and Google Voice, allows illicit products to move with a surprising amount of security and ease. Why wrestle with Tor and Silk Road clones when you can open up a popular app? Sellers are already using it, and Instagram so far has been powerless against it.

So, without a clear defense, how does Instagram put an end to its virtual drug market? With more than 200 million monthly users, you might think the company shouldn’t simply rely on user-submitted flagging. But, apparently, that’s exactly what it does.

When reached for comment, Facebook would not disclose how many staff members, if any, handle this issue on a full-time basis. Instead, a spokesperson directed us to section 3 of Instagram’s community guidelines titled “What Not To Do.” It is not very proactive [emphasis ours]:

If you are reported for sharing prohibited or illegal content, including photographs or videos of extreme violence or gore, your account may be disabled and we will take appropriate action, which may include reporting you to the authorities. Additionally, it is neither possible nor permitted to complete transactions involving regulated goods on our platform. If your photos or videos are promoting the sale of regulated goods or services, including firearms, alcohol, tobacco, prescription drugs, or adult products, we expect you to make sure you’re following the law and to encourage others to do the same.

In their own words, Instagram expects you to not sell drugs on Instagram. And if you share “illegal content” your account could be disabled if somebody reports it. That’s a lot of ifs separating Instagram from any real accountability, to say nothing of the thousands of accounts currently making transactions in plain sight.

VentureBeat's mission is to be a digital town square for technical decision-makers to gain knowledge about transformative enterprise technology and transact. Discover our Briefings.