A Tor of the Dark Web

Tell me if you’ve been in this situation: you’re chatting about online anonymity with your wife and the other Knight-Mozilla Fellows over a pizza in Florence. A quiet-spoken stranger who had been sitting across the room walks up to your table and says “are you all here for the Tor hackathon?” You respond “why yes, yes we are!”

He goes on to explain that he is a journalist writing about Tor. He also tells us that he bets that the CIA and the Italian Secret Service are going to have moles there. What he obviously meant to say was “I work for the CIA and I’ve been watching you now for quite some time.”

It’s possible that he didn’t actually work for the CIA. His name and photo checked out under the website he claimed to write for. It was probably just a one-time job. Even if this isn’t true, even if a network of government spies didn’t track my position across Europe just to meet us in a restaurant, his comment set the tone for my weekend in Florence.

Tor is serious business.

What the hell is Tor?

Did I mention Tor yet?

Tor is a program that makes you anonymous. This means that, for better or for worse, the big brothers, neighborhood hackers, and ad agencies of the world can’t tell what you are doing on the Internet without going through a lot of effort and expense.

Is that too abstract? Here are some illustrative statements. *Taps the microphone*

  • A Tor user walks into a bar, the bartender says “who are you?”
  • How many Tor users does it take to screw in a light bulb? Only a few, but you’ll never know who did it.
  • I used Tor last night and now my wife says that she doesn’t even know who I am any more.

I’ll be here all night.

If you use Tor you become Spartacus. Tor takes everything you do, makes it look exactly like what everyone else is doing, and gets random computers on their network to do the talking for you. Ta-da! Now it is practically impossible to pin an action on you.

The Original Need

I bet you wouldn’t have guessed that this idea was invented by The U.S. Navy. You would have? Oh.

Put on your paper sailor hat and I’ll explain. Imagine you are the king of the Navy and you’re going to war with your fleet of a thousand brand new Navy cars (I don’t really know how the Navy works). Being king, you are in the most important car of all because you’re calling the shots. You don’t want the enemy to know which vehicle is yours. You also don’t want them to know who is receiving orders because that could give away your tactics.

“I know,” you say, “I’ll encrypt everything so that they can’t see the content. Then they won’t be able to tell that my broadcasts are more important than others.”

Unfortunately for you, the enemy has fancy technology. They can’t decrypt messages but they are able to track where everything comes from and where it is going. They can’t tell what you’re saying, but they have all they need.

After about 5 minutes you think you’re doing well. Half of the enemy cars are already on fire! Yours explodes. “How did they do that?” you say in the afterlife. “Easy,” responds god, “they were able to see that your car was sending out the most messages. They knew exactly where you were.” Then he slaps you with a piece of linguini and drifts away.

To prevent this from ever happening again the Navy decided to invent the concept of an “Onion Network” (not to be confused with The Onion Network). Now instead of having packets go directly from point A to point B, each one randomly hops around the fleet first. Because of encryption, the enemy can’t tell the difference between a new message and a “hop” message — they all look the same. It’s like running an invisible sprinkler in a thunderstorm.

Suddenly nobody but the sender and the recipient can figure out the end points of a message chain. Even the middle men (the ones doing the hops) don’t know the path. Each piece of the hop — each “layer” of the message — is encrypted with a different key, so the only thing a relay knows is who gave them the package and where it should go next.

Onions have layers too, that’s why this setup is called an Onion Network. Get it? It’s like Shrek!

Trolls use the Internet, Ogres use Tor

Trolls use the Internet, Ogres use Tor. (Illustration by Anne Buckwalter)

What’s it Good For?

Tor has applications in the real world. You can buy drugs and guns, share illegal pictures, and hire assassins. Oh wait, I’m just describing Tor’s reputation (more on that later). Seriously, there are a lot of important situations where people have moral and compelling reasons to want anonymity.

Here are a few:

  • Protecting witnesses and victims of domestic abuse. Anyone who wants to be able to access the internet without being discovered by a third party can use Tor to defend against their stalkers.
  • If you don’t like being tracked by your government, Internet Service Providers, or search engines.
  • Providing truly anonymous tips. There are times when people need or want to share information against the wishes of powerful and potentially dangerous forces (e.g. mafias, governments, or corporations).
  • Safely bypassing censorship. If you live in Syria, China, or The United States of RIAA/MPAA, you might use Tor to access content from the outside world more safely.

These kinds of reasons explain why organizations with very good reputations, like the Knight Foundation, are devoting resources to Tor.

The Dark Web

What I’ve just described is a spin on the way people access normal information online. If you point Tor Browser to Google you will see the same old Google, it’s just that now Google doesn’t know who you are. That’s powerful enough, but there’s more: Tor also lets you see hidden content on the Internet.

Using Tor is like entering a cheat code into real life and playing the lost levels. It is the digital equivalent of platform 9 and 3/4. This secret section of the Internet is possible because Tor users can serve content anonymously too.

If you don’t know much about how the Internet works, believe me when I say that if a web site’s location is hidden it becomes essentially impossible to access. It would be like trying to visit someone’s house without knowing anything about where they live — not even the country. Tor gives you a blindfold and leads you there. You still don’t know where the house is, but at least you can visit.

Anonymous sites are accessed through something called an “onion address,” which is made up of a series of random letters and numbers. For instance, this is a “clean” version of Tor’s wikipedia: 3suaolltfj2xjksb.onion. Feel free to try clicking the link, it won’t work (Unless, of course, you are using the Tor browser).

Note: even if that link worked you wouldn’t see any terrible images. However, you need to use your brain before you start actually clicking around if you don’t want to get really upset.

That random looking string is used to find the server within the Tor network. Because the addresses don’t point to a real address on the Internet, there is no way to fully access this content without Tor. There are services you can use to get there without using Tor, but you lose all benefits of anonymity and content is often censored.

Onion addresses are the most fascinating part of Tor, albeit the most potentially disturbing. Rest assured that they don’t all lead to child porn, guns, and drugs. For example there is a secret version of Twitter, a bunch of blogs, a search engine, and an email service. There is even a secret version of 4chan (called Torchan), which I won’t link to because that one does lead to child porn and drugs.

These types of content networks—ones that are served on top of the normal web so that you need special programs to reach them—are known as the Dark Web. Not necessarily because the content is darker (it is), but because it is hidden from view and can’t really be searched and scraped as reliably.

Implications of The Dark Web

Most uses for Tor become more potent with onion addresses. Anonymous servers are just as protected from higher powers as anonymous users. If Amazon suddenly started selling illegal drugs they would get in trouble. If a Tor marketplace started selling illegal drugs, the law would have to figure out a way to find them first.

This power applies to legitimate uses as well. If a government official wanted to contact The Boston Globe with a corruption leak, he or she could use Tor to create a gmail account anonymously. The government could then subpoena Google, and Google might be willing to give away the information they have. They won’t know much, but now things like account access patterns and full email logs would be fair game.

If the official had used Tormail then even Google wouldn’t know what happened. The government would have no course of action because there would be no service provider to ask. Every journalist in the world should be able to agree that there is no good reason for a watchdog to trust the organizations they are watching. Why should you trust in corporations and governments to keep sources safe?

Tor has a reputation because it has a lot of criminal content, but the social good that it supports is just so important (criminals will always be criminals). I’m working on a game called Torwolf to simulate a few situations where Tor would be effective (if you have played Werewolf or Mafia, you can start to imagine what the game will be like). In the mean time, read up on Tor if you’re curious. Better yet, go try it out.

IMPORTANT EDIT: while Tor is much better than nothing, it is neither foolproof nor perfect. If maintaining anonymity could be a matter of life / death / imprisonment, then you need to know more than what I could fit into the scope of this overview. This paper is a good starting point, but seriously, spend some time researching on your own.

About Dan

Dan's just this guy, you know?

, , , , , , , ,

  • Ozzyozzy69

    I use Tor and just recently started using a bootable usb version of Tails and both are very good,

  • anonymouse

    I like it but its too damn slow, even on PC. The “Onion” app for iOS is just unusable.

  • http://www.IAmDann.com/ Dann Berg

    Great article and overview of Tor. Really well written.

  • http://www.postlinearity.com gregorylent

    so cool … and how do i know what i am about to download on my computer is not NSA spyware?

    • http://www.slifty.com Daniel Schultz

      You can view the source code and compile it yourself :)

  • Jeff Bekcer

    The moment I saw the word “dark web” i realized what caliber of article this was. Not only are tor’s hidden services rather centralized but it’s a bit easy to stumble onto illegal content. I2P is the future even though it predates tor.

  • Coolcat

    Sweet article. I have one comment to make. I saw this video — http://www.youtube.com/watch?v=GwMr8Xl7JMQ — discussing censorship of Tor, which is a legit concern. Any way to incorporate that into Torwolf (and this article)? Maybe you already have this in Torwolf; I went through the game rules pretty quickly, so I may have missed it.

    • http://www.slifty.com Daniel Schultz

      As for this article — you just did!

      As for Torwolf that’s a great point, I’ll think about how that could fit in.  The concept of a Tor Bridge is already there, so it could be as simple as saying that Tor won’t work after three turns unless a bridge is used.

  • David Higgins

    Onionland is not that easy to find. Easy to install, but certainly not easy to find.

    Most of the people I know who frequent Onionland are the following types of people:

    – You have to be open to new ideas, and open to free speech. Got treated badly in school for engraving Pentagrams into the tables? Maybe Onionland is for you! Were you one of the kids who bullied those types of kids? Maybe you should stay away from Onionland.

    – You have to be technically curious. Still playing Solitaire on your Windows 2000 machine? Maybe the Darknet is not for you.

    – You have to be a longstanding Netizen. Tor is not something you want to investigate unless you’ve been on the web since the late nineties

    – You have to know that TorBundle exists. (Duh) But most importantly, you have to research it before you install it. If you accidentally install such a thing, you should seriously consider wiping it from your system, permanently

    You have to remember, the web is, by its very nature, a linked resource. If no such links exist, then they are not discoverable. Not by you, and certainly not by a machine.

    The only thing I have to say about the “layers” / Mariana’s Trench meme is this:

    It’s purely in the imagination. If you want to believe such things exist, that’s fine. But if you do you uncover such a “realm”, don’t be surprised to find it’s very much like the normal internet, only more exclusive, and not up-to the standards you would expect such a realm to be.

    After all, you port scanned a thousand boxes with NMAP and ran 72-hour long brute force sessions on each box using bespoke software under a rented DS3 line, didn’t you? The least you deserve is something cool / juicy / neat to exist there, right?

    I call BS on all of that. All the cool stuff is already available online as it stands. (Hello WBB!). We certainly don’t need a bunch of pen-testers releasing leaked CAMs of all the latest Hollywood blockbusters, when 1000s before them have done it already on open systems already, right?

    Which reminds me of a very good tweet by @kaepora on Twitter:

    Quote:

    Dear FBI, please try to wiretap everything on the Internet so that we can troll you with accessible, open solutions that avoid your grasp

    • d p d p d p

      why is torbundle bad?

      • NAME

        Tor port numbers say “I’m here doing something I shouldn’t!” to the feds. Even though they can’t see the data they know it’s Tor and will then look even more closely.

  • David Higgins

    It is my belief the ‘surface web’, ie, the web that can be crawled and indexed by search engines is much bigger than Tor’s darknet. It is precisely because the information in the surface web is not criminal / supressed that it has been allowed to get so big.

    The articles you see floating around forums about the Darknet being exponentially bigger, and more diverse than the surface web are little more than advertisements, made by advocates of such networks.

    I see them as enticements, and “come in here, and see what we have inside” type posts that are supposed to launch the would-be darknet user into a “new world” or Alice in Wonderland, ‘down the rabbit hole’ experience.

    I call BS on all of that. The darknet is mirrored on plain old HTTP servers. It is harvested every six months or so, and you can effectively “download the darknet” in a ZIP file that weights in a little more than 4GB (A DVD).

    Most of the time, though, they are textual scrapes, ie, you won’t find images in these. That’s how a lot of the information you see currently on the ‘normal web’ gets there – it crosses the divide between TOR, and vanilla HTTP, and ends up on all the conspiracy / UFO / Anarchy / Underworld sites, which a re readily available for browsing if you know what keywords to search for.

    It seems because information exists on the Darknet it is somehow forbidden, and elusive. And in some sense that’s true, as some of the content there can’t be ‘unseen’, but the vast majority of information presented is pretty much run-of-the-mill stuff.

    Hacking tutorials, Bitcoin trading, Paysite passwords, Exploits; all of which can be found on the Commoner garden Internet we all know and love.
    It is not a dark and mysterious place anymore, since it has now been exposed on various mega-blogs, and ousted recently on many mainstream media outlets.

    The true question is – where is the network we can’t access? The network so controversial that not even your precious Tor has any knowledge of it. This my friends is called Marianna Web, and if you knew how to access it, you would probably not be reading this…

  • onion

    You could use a www to onion proxy like http://www.onion.to if you just want to check out any hidden onion websites without installing Tor. Put .to after any .onion-address. Like this: http://eqt5g4fuenphqinx.onion -> http://eqt5g4fuenphqinx.onion.to

    • ich bin kein berliner

      Same you could do with onion.cab which is way faster than onion.to

  • Chris

    I love Tor but the only thing that prevents me from implementing it in my home is some of the more bad elements in onionland. Is there a way to manually block certain known onion sites in my home network as I want to enable my kids in learning about privacy without the use of a bad stumble. The closest thing I could think of was my routing tables but it would be better if I could do it in something like a privoxy file.

    • dieinafire

      Only give them the hidden services you want them to see.

      There is no way to block content on tor. It’s impossible. I used it when I was in the hospital to go to sites that were banned by the hospital’s network. It gets around all those sorts of things.

  • Yeah Sure

    Tor Hidden Services does not comprise the “Deep Web.” The Deep Web is a vast world of unindexed content. Tor Hidden Services are comprised of less than 500 websites.

  • Yeah Sure

    @davidhiggins:disqus What is WBB? Also, people didn’t used to call Tor names like the “Dark Web” until a couple of years ago. It all started with numerous posts on forums on hidden services, and on comment boards that techie people read. It looked like suddenly somebody badly wanted those scary names to be part of the common vernacular, even though there was no precedent for it. I think it’s a plot to give it a bad name, just like they gave hackers a bad name by always referring to security breakers as hackers.

  • mynameisfuckyou

    There should not be such a thing as criminal content. Plain and simple. Censorship is censorship, and it’s wrong.

    I don’t give a fuck what moralistic reason you toss out there to justify censorship, you’re still doing something wrong. “Oh! We need to stop pedophilles! We need to stop drug dealers! We need to stop illegal firearms!” No, you don’t. What you need to do is mind your own god damn business. That’s why things like Tor come into being, because moralists and the corrupt can’t leave well enough alone. Why can’t people just let their neighbor buy what they want to buy, sell what they want to sell, own what they want to own, and expose themselves to whatever they want to expose themselves to? Don’t like it? Don’t go to it!

    I hope Tor grows. I hope it grows so big that the governments of the world can’t stop it. I hope that it becomes so large that all of the moralists out there that want to censor the world for their own ridiculous sensibilities can do nothing but whine and cry. Every Tor exit node operator is worthy of praise for standing up to you self righteous cretins out there.

    • jjjjjjjj

      Hmm. Maybe because those things lead to worse things? Child porn = abuse, rape, murder. Drug use = self-harm, other’s harm through exchange, death. Firearms = you get the picture.

      There’s a reason illegal things are branded illegal. But then again, a coke junkie who jerks off to naked 8 year olds such as yourself wouldn’t understand.

    • Not an idiot

      Nah, we can keep up all the torture porn videos. Starting with all of “myname”‘s family. You have any young’ens around? Something where I can stick a fire poker in their ass while mouth fucking them for a while? Once we can do all that to everyone you know, then will drop censorship, m’kay?
      Moron.

    • Harry Berry

      I agree Censorship is censorship. I wrote a book and the publisher gutted it and made it look like iit had been written by a fool

      • Grendal Sven

        Did it have stories of little girls being raped by their daddies? If not, your fucking point is invalid here.

    • whatever

      Your irony around moralists is pretty hilarious. Here, you’re getting onto a moral soapbox about how censorship from moralists is wrong? Surely you can see your argument is self-defeating.

    • RJ Kenny

      You’re absolutely, 100% correct Mynameisfuckyou! People should mind their own fucking business, instead of worrying about what the fuck I’m doing. Very well said!

      • Grendal Sven

        And I hope your next in the gorilla train, douche.

        • Gorilla

          I’m a gorilla, and your sweet pucker looks far nicer Grendel.

    • Grendal Sven

      I’m not so shocked by your idiot retard statement, but am that other mouth-breathing pedophile smack-junkie morons up-voted your comment.

      Hope you get butt-raped by a Gorilla while someone films it, than posts it on one of the “censorship free” pages you want to champion so badly.

      • nanananabooboo

        A sexually mature male gorilla has an erection of less than 1 inch in length. so really, gorilla butt rape isnt nearly as bad as just a plain old gorilla beat down. fisted by a gorilla, now theres a painful concewpt.

  • Andjey

    Have
    you ever dreamed that your 90′s cyberpunk movies goes real? Well, we almost
    there, meet the Deep Web. The Deep Web (also called Deepnet, the invisible Web,
    DarkNet, Undernet, or the hidden Web) refers to World Wide Web content that is
    not part of the Surface Web, which is indexed by standard search engines. Here you can find what you need: http://deepweb.to

  • name me

    The CIA and others demonize dare deep web.
    so they can keep you from hiding.
    as they Must watch Ever thing you do.
    very very old stuff on the web is still their!
    why do they keep ever thing?

    so they can back trace and see All you ever did.
    so if you try to get a government job,

    they can see if you ever said any thing against the Gov.
    or if you get accused of a crime.
    they can profile your life.

  • ~Oliver B Koslik Esq

    Yeah I went on it last night, and really surfed around… all the sites that worked were mostly CP and bestiality. The whole place is fought with ridiculousness of human exploitation and crime.

    If it is anywhere that the sickest of behaviors are carried out on the internet, it is on the darkweb. Child porn, drugs, murder for hire, stalking-harassment, youth slaves for sale, hacking/phreaking for hire… its just all the low life’s trying to make a few bucks from their natural “dark” fetishes.

    I say drop the war on drugs immediately, start policing the people that -profiteering- such debauchery.