Demystifying the Dark Web and it’s subtle nuances
By Devam Desai
Introduction
Most people today, believe that their access to the internet is unrestricted. But, what they fail to understand is that conventional search engines such as Google or Bing only “index” a very small part(~4%) of the larger internet. This part of the internet is also known as the “Clear Web” or “Surface Web”. Although the internet accessible to the every day user might seem like a vast amount of information, it doesn’t even compare to the amount of information hidden in the “Deep Web”, a section of the internet which is blocked or hidden from web crawlers for indexing.
The “Dark Web” comprises of a small section of this “hidden” section of the internet which can usually be accessed through services such as Tor, I2P, Free net etc. Note that each of these services access different sections of the internet(each accesses their own hidden network). Today we will mainly explore Tor or The Onion Router, which is by far the most popular dark web network in use today. It comprises of more than 65000 sites.
The Philosophy and History behind Tor
The Tor network , just like the internet, started as a US military research project. It was developed as a means for secure communications over the internet which was then adopted for public use by The Tor Project. Tor stands for The Onion Router which is a metaphor to the network’s onion like multi-layered nature - infinite number of peels without any end. This ensures a perfect forward secrecy between layers and provides anonymity to users. The Tor network required a decentralised architecture which was then made possible by releasing it under a free and open source license.
“Relying on the government to protect your privacy is like asking a peeping tom to install your window blinds.”
-John Perry Barlow
The dark web is mainly a means for anonymous communication, which is a direct consequence of its decentralised architecture and routing mechanism. Any person communicating with any other person on the dark web would have absolutely no idea about the real identity of the other person. The dark web contains facilities for identity forging, temporary email account generation and anonymous messaging which all contribute to it’s reputation as a powerful tool for anonymity online. All of this contributes to the fact that a significant portion of the dark web is a breeding ground for illegal activities such as trade of illegal drugs, weapons, stolen identities, passwords, illegal pornography and other illicit and harmful materials. It is also used to facilitate numerous other criminal activities such as human trafficking and organ trade. The dark web’s anonymity has also led to cybersecurity threats and other data breaches in recent times. Inspite of it’s potential as a hotbed of criminal activities, the dark web also serves a very integral in society as it allows people to freely express their views, without intervention from government. People can circumvent government censorship and hide their online activity from the government. It allows free exchange of information without the fear of threat or invasion from someone else. Also, most monetary transactions on the dark web occur via cryptocurrencies such as Bitcoin and Ethereum, which further boosts the security and anonymity of these transactions.
How Tor Works
To perform the above mentioned purpose and maintain utmost anonymity, Tor routes traffic through multiple randomly chosen relay servers before accessing the destination website. The traffic is directed via a free, worldwide, volunteer overlay network which consists of more than 7000 nodes. The request is encrypted multiple times over, in such a way that a particular relay server only knows the previous and the next relay, but not the request content or the entire circuit of relays(This is where the name “Onion” stems from). The request then exits the tor network via an exit node and reaches the destination server. From the servers point of view, it is receiving a request only from the exit node and not the main user. It is worth noting that Tor only encrypts the requests inside it’s network and not to and from the entry and exit node respectively. This can be achieved by other methods such as VPNs.
Tor websites are usually suffixed by the “.onion” extension and are inaccessible from surface web browsers such as Google or Bing. These websites usually have domain names generated from cryptographic keys and may look like gibberish to a normal user on the internet. The reason for this is again to boost the anonymity of the website and prevent discovery by means of brute forcing domain names.
Accessing Tor safely
First of all, to install Tor Browser, follow the steps given in the link below.
This is how your Tor broswer should look:
Once you have installed The Tor browser, a multitude of security measures need to be taken to prevent malicious websites and hackers from compromising your computer. But before this, we need to ensure that our ISP(Internet Service Provider) doesn’t block our internet traffic to and from tor. ISPs usually block because of its reputation for providing an open space for illegal activities.
Below is a brief summary of methods of identification of tor traffic and corresponding solutions to evade detection :
- The ISPs can match the entry node IP address to your requested IP address. This works because IP addresses of Tor entry nodes are publicly available.
To evade this , we can use bridges to tor. These are non-Tor nodes which act as access points to the Tor network. Bridges keep our connection to tor private by disguising our connection as one to a non-tor node which then relays our traffic to Tor.
- The ISPs perform Deep Packet Filtering (DPI) which works by scanning not just the packet headers but by analysing the entire packet for possible reroutes and connections to Tor. It is implemented in the ISPs firewall and works at the application layer of the OSI model.
To bypass DPI(Deep Packet Inspection), we need to implement pluggable transports in our Tor browser. These pluggable transports mask our traffic(packets) to look like those accessing the normal web. All this extra processing leads to a very slow connection to tor but it is an essential step to ensure connection to Tor.
A good resource for applying pluggable transports and bridges is given below:
Also, here is a good list of Dark Web Browsers so that you can use the Dark Web effectively:
Now, that we can access Tor inspite of our ISP’s restrictions, our attention turns to safeguarding ourselves from attacks. Some good security measures are:
- Use a VPN: A VPN(Virtual Private Network) works by creating a secure tunnel between you and a remote server anywhere in the world and forwarding traffic to that server. The server then accesses the internet and returns responses. The best thing about a VPN is that it encrypts the data from you to the remote server. This prevents the ISP, government or anyone else from accessing your data. It disguises your network traffic and thereby protects it from other types of networks attacks such as Man in the middle and session hijacking. One has to be careful when deciding a VPN, the following are some guidelines:
- Avoid free VPNs as they generate revenue by collecting and selling your web browsing data.
- Use a VPN that keeps no logs.
- Make sure that the VPN uses HTTPS everywhere.
2. Use Qubes OS: Qubes OS is a free and open-source, security-oriented operating system for single-user desktop computing. Qubes OS leverages Xen-based virtualization to allow for the creation and management of isolated compartments called qubes. These qubes work as different Virtual Machines on the same OS, each having its own purpose, nature and level of trust. This restricts a hacker from compromising the entire system when he/she manages to break into one VM.
3. Disable Javascript in Tor: Disabling JavaScript prevents the attacker/hacker from establishing a backdoor which would then try to track the user by using their provided session details. Most websites use Javascript and clicking a malicious site with Javascript enabled on the browser can be catastrophic.
This can be done by selecting the Safest option in the Security options menu.
4. Use TAILS: TAILS or The Amnesic Incognito Live System is live portable operating system (a bootable OS which can be stored on a pendrive) which is aimed at preserving privacy and anonymity. It connects to the internet only through the Tor network and leaves no traces on the host machine where is it run.
5. Burner Phones: Burner Phones are inexpensive and temporary mobile phones used for secure and anonymous communications. Burners are purchased with prepaid minutes and without a formal contract with a communications provider.
Conclusion
As we have seen, Tor serves as a very powerful tool to hide your activity online. It helps in concealing your identity online by allowing you to communicate, transact, browse, download and consume stuff without anyone else’s intervention or monitoring. It is a modern day savior for people living in regions of extreme government censorship and monitoring as it allows them to interact with the outside world without the prospect of castigation. At the same time, one has to be careful to not fall prey to hackers, scammers and illicit substance sellers. As Friedrich Nietzsche once said:
“If you stare into the abyss long enough, the abyss stares back at you.”
