Open in app

Sign in

Write

Sign in

How to enter the dark web safely: a step-by-step guide

DeepWatch
9 min readJun 7, 2017

--

We at DeepWatch monitor illegal activities in the deep web. Our clients may from time to time examine the identified evidence themselves. This article helps them in the process.

So, you’ve heard of the “dark web” or “darknet”, a hidden internet infamous for hosting illegal activities. You may wonder what it actually looks like. Or your organization recently got hit by data breach and you want to look into it yourself.

You’ve probably also heard the dark web is a dangerous place, one that only an intelligence officer can get in and out of without losing a finger or two.

Is it true?

As it turns out, interacting with the dark web can be a relatively safe process even if you are not a security expert. To enter the dark web safely, we recommend this “super onion” setup as a reasonable approach to prevent bad guys from 1) Knowing who you are, 2) Attacking your computer, and 3) Stealing your data:

Why we call it a Super Onion? Because it’s composed of multiple layers with Tor Browser at its core.

Be daunted by this epic onion not. In this article, we will explain how to build it layer by layer. It’s easier than you might think.

Prerequisites: You are computer savvy. You understand no security solution is 100% safe. You aren’t going to do any illegal stuff — our method is not designed for escaping law enforcement.

Make sure to follow each and every step. Do not skip them or change their order. Your system could become vulnerable otherwise.

Let’s go.

Step 1/3: Secure your operating system. Create a surfer account

  1. Update your operating system (OS) and applications. Windows users: Free tools that automatically manage software updates come in handy.
  2. Turn on firewalls. See instructions for Windows, Mac OS X, and Ubuntu.
  3. Turn on full-disk encryption. See instructions for Windows, Mac OS X, and Ubuntu. This is to prevent file system data from leaking into the virtual machine (VM) which will be introduced shortly.
  4. Use strong passwords for all OS accounts. Disable auto-login.
  5. Create a non-administrative account on your OS. Let’s call it a “surfer account”. It will be used exclusively for dark web surfing. Make sure to never visit your own websites, type out your name, or do anything that may reveal your identity on this account.
A new surfer account created on Windows

Step 2/3: Set up VPN

Virtual private networks (VPN) hide your real internet address in the event an attacker gains control of your VM. Items 1 to 5 below can be done using public wifi for better privacy protection.

Note: Skip items 2 and 4 and sign up with your real email and credit card if you prefer convenience and believe the VPN is unlikely to be hacked.

  1. Switch to another OS account if you are in the surfer account.
  2. Create an anonymous Gmail address like “unreal123456@gmail.com.” Other credible free email providers work, too. Do not enter real information during signup. If a phone number is required, pick one at this site or one of these alternatives and receive SMS verifications online.
  3. Sign up for ExpressVPN using your newly created mail address. ExpressVPN costs $12.95/mo and $8.32/mo for an annual subscription. We are not affiliated with ExpressVPN and recommend it for its speed and solid user experience. See the last section for other VPN options.
  4. To purchase anonymously, sign up at privacy.com for free using the new email address, generate a credit card number, and enter it along with an arbitrary cardholder name and address onto ExpressVPN’s checkout page. A downside is that privacy.com needs your bank account number. If you are truly paranoid, a more involved option is to pay by Bitcoin: You would visit a Bitcoin ATM and withdraw bitcoins with cash — usually for a fee of 6% in average.
  5. Log off your current account and log into the surfer account.
  6. Download and install the VPN client. Before connecting to the VPN, select an exit location outside of your own country:
Select an exit location in ExpressVPN

Step 3/3: Install Tor Browser in a VM

Tor Browser is the browser for the not-so-bright web. You will run it in a VM. It provides a necessary layer of protection in the event your Tor Browser is compromised.

  1. Log into your surfer account. Connect to the VPN.
  2. Download and install VirtualBox.
  3. Download and install Debian Linux as a VM. Refer to the instructions here. Remember to choose a strong root password. Check out the last section of this article if you prefer Ubuntu instead.
  4. Go to VirtualBox Menu > Machine > Settings. Next, disable hardware acceleration, serial ports, and shared folders if any of them is enabled. You may need to power off the VM before you can make the change.
  5. Adjust the date and time of the Debian VM to match the current local time of the VPN’s exit location. This can be done by clicking the time on the top of the screen. It is for the Tor Browser to work properly.
  6. Inside the Debian VM, open Firefox, download the Tor Browser from torproject.org. Unzip it, run the file Browser/start-tor-browser in the unzipped folder, and then click the “Connect” button.
  7. Select the onion icon in the top-left corner, then select “Security Settings…”, and set security level to “High.”
Tor Browser in a Debian VM

And voilà, it’s ready to go! Visit dark web sites by entering “.onion” URLs in the Tor Browser. See “Useful Resources” below to find URLs that strike your fancy.

Are you all set? Not yet.

Please read on for some very important messages:

DOs and DONTs for your safety

Do launch the Super Onion from the outer layers and work your way inward. For example, connect to the VPN only in the surfer account; power on the VM only after the VPN is fully connected.

Do terminate your Super Onion in the reverse order: Power off the VM first, then cut off the VPN, then log out the surfer account:

Correct way to start and stop the Super Onion

Do NOT perform other activities using the surfer account aside from running the VPN and VM. Enter absolutely no personal information in the surfer account and particularly in the VM.

Do NOT share files between the VM and the host system. If you have to, use a USB drive, format it, transfer files, and reformat it right after. Unless you’re a security expert, never open files retrieved from the dark web.

Do NOT pause the VM or switch between the surfer and other accounts. Always power off the VM and log out all accounts completely.

For the obviously paranoid: Duct tape your webcam.

Finally, remember that you are never 100% safe.

This is the end of what you must know

Thank you for reading thus far! Leave notes anywhere in this post for questions or comments.

We at DeepWatch monitor cyber threats on the dark web. Get your business protected today at GoDeepWatch.com.

Useful resources

DeepDotWeb has tons of useful information including news, tutorials, and status reports of top markets and forums in the dark web.

Tor Hidden Wiki and The Hidden Wiki are the unofficial directories for the dark web. Be mindful that they may contain out-of-date and malicious links.

There are search engines in the dark web, too. Check out the above wikis for a list of them.

If you need an anonymous email address, check out Guerrilla Mail or one of these alternatives. Although these services do not provide privacy, meaning whoever has the email address can read your emails. For anonymity and privacy, create a free email account as mentioned in Step 2.

Important resources will continue to be added as we discover more. Please check back from time to time!

Alternative methods for advanced readers

This section is for those exploring other options for dark-web surfing.

A Super Onion with reduced layers?

We believe that no layer in our onion is dispensable. Some online articles suggest that the VM layer is optional. But this is potentially dangerous because the Tor Browser can be a target of exploits.

Yet other online solutions don’t include the VPN layer. We argue against it because malware in the Tor Browser or the VM could obtain your real IP address fairly easily.

Setting up the non-administrative surfer account is to prevent personal activities from using the VPN. It is also to defense against human mistakes as well as exploits in the various applications installed on your OS.

Alternative setups

While the Super Onion offers a good balance between usability and safety, solutions with better anonymity, privacy, and/or security do exist. Most require running a special OS on bare-metal computers. It’s worth noting that Whonix does not provide better safety than our onion for dark web browsing.

One such solution is Qubes OS. It runs Xen hypervisor on bare metal and segregates different security domains into VMs. You can easily run processes and open files in dedicated throw-away VMs. Named the most secure OS, Qubes does come with some tradeoffs: it demands beefy hardware, is very slow to install, and might be incompatible with your PC — even if you have an extra one to spare.

Qubes OS architecture

Tails is a live OS that runs on a USB stick for privacy and anonymity. It requires a non-Mac computer. A concern with Tails is that it runs on bare metal without a VM. Your IP address, MAC address, or other hardware serial numbers could be exposed if the OS is compromised. That being said, the probability of such incidents is low given the secure nature of this OS.

Alternative VPNs

There are many VPN providers. Check out their reviews online. You should choose a VPN that:

  • Promises no logging in case their server is compromised.
  • Avoids DNS leaks that may accidentally reveal your IP address. Use anonymity testing sites like Doileak to verify no leakage occurrences.
  • Has kill switch which stops all network traffic if the VPN connection fails.

It’s notable that as of June 2017, NordVPN is running a promotion of only $3.29/mo for a 2-year contract.

Alternative VMs

Instead of VirtualBox, you can use VMWare Player for Linux and Windows or VMWare Fusion for Mac OS X. The Mac version isn’t free though.

We chose Debian for its light weight and strong privacy. In contrast, Ubuntu is more user-friendly but more intrusive on user privacy by default. If you choose Ubuntu, do the following right after installation:

  • Disable remote time sync: Click the time on the top-right corner, select “Time and Date Settings…”, and then “Set the time manually”.
  • Remove services that track your activities and geolocations by launching a command-line console and running the following commands:
$ sudo apt-get remove zeitgeist zeitgeist-core zeitgeist-datahub python-zeitgeist rhythmbox-plugin-zeitgeist geoclue geoclue-ubuntu-geoip geoip-database whoopsie

Happy surfing the dark web! We hope you’ve enjoyed this article.

Be sure to follow us here at Medium or Twitter for dark-web related tips and insights.

We at DeepWatch protect your business from cyber threats with 24/7 monitoring on the dark web. Visit GoDeepWatch.com and get covered today.

Privacy
Darkweb
Cybersecurity
Tor
Deep Watch

--

--

DeepWatch

Written by DeepWatch

82 Followers

DeepWatch continuously monitors the dark web and protects your organization from cyber threats.

Help

Status

About

Careers

Press

Blog

Privacy

Terms

Text to speech

Teams