The dark web is a collection of websites that exist on encrypted darknet, overlay networks that can't be found by search engines or visited with traditional web browsers.
Almost all websites on the dark web require special software (like the Tor browser), configurations or authorization to access.
One common misconception is the confusion between the dark web and the deep web.
The dark web makes up a small part of the deep which, the part of the Internet that is not indexed by search engines.
Before we dive into the details of Tor, how to access the dark web and whether it is safe, let's set the groundwork by understanding the differences between the surface web, deep web and dark web.
Table of contents
- What is the surface web?
- What is web indexing?
- What is the deep web?
- What are darknets?
- Dark web definition
- What is on the dark web?
- Is the dark web safe?
- Who uses the dark web?
- How to access the dark web
- What is Tor?
- What is onion routing?
- What are the limitations to onion routing and Tor?
- Use UpGuard to prevent data leaks and breaches from ending up on the dark web
The surface web, visible web, indexed web, indexable web or lightnet is the portion of the World Wide Web readily accessible and searchable by standard web search engines.
It is the opposite of the deep web, which is the part of the Internet not indexed.
Web indexing is best explained through search engines like Google, Bing or Yahoo and their high-performance system of indexing.
Search engines work by collecting, parsing and storing data about the pages they visit, enabling every day people fast and accurate information retrieval.
When you type "UpGuard" into Google and click on upguard.com, you are searching Google's index of the web, not the entire web.
Google's index is built on the back of a process called crawling. Google engineers write software called a crawler that clicks on every link on a page, follows the link, and then clicks on all the links on the new page ad infinitum.
While this process happens, they save or "index" each URL to their servers, so they can serve it up to you as part of their search engine results.
This is what allows you to ask Google questions or search UpGuard rather than typing in our URL.
Without indexing, the only way to access a site is to type in the URL or click a link.
To most of us, Google is synonymous with searching the Internet but in reality Google's index is a small part of the web, known as the surface web.
In contrast, the deep web is estimated to be anywhere from 400 to 5000 times larger than the surface web.
The deep web, invisible web or hidden web is the part of the World Wide Web not indexed by search engines.
Content is often hidden by HTTP forms, including email, online banking, private or otherwise restricted social media profiles, web forums that require registration or services that need authentication like Netflix.
Contents on the deep web can be located and accessed by direct URL or IP address but may still require a password or other form of authentication to access.
In general, contents on the deep web is there for one of two reasons:
- Obscurity: The inability to be indexed by a search engine. This can be achieved by adding a robots.txt file preventing search engines from indexing the site and displaying it in SERPs (Search Engine Results Pages).
- Authentication: A requirement of login credentials to access the system or information. Whether or not the page is indexed, a visitor needs to log in to go deeper into the site than the login page.
Obscurity and authentication have advantages and disadvantages.
Darknet is an umbrella term to describe parts of the Internet not open to the public or hidden networks superimposed on the Internet. Think of each darknet as a subsection of the overall dark web.
There are many active darknets including:
- anoNet: Decentralized friend-to-friend network built using virtual private networks (VPNs) and software BGP routers.
- Decentralized network 42: Decentralized peer-to-peer network built using VPNs and software/hardware BGP routers. It does not try to establish anonymity for participants and is used to explore routing technologies used on the Internet.
- Freenet: Peer-to-peer platform for censorship-resistance communication. It uses a decentralized distributed data store to keep and deliver information and has a suite of free software for publishing and communicating without fear of censorship.
- GNUnet: Software framework for decentralized, peer-to-peer networking that offers link encryption, peer discovery, resource allocation and communication over many transports (such as TCP, UDP, HTTP, HTTPS, WLAN and Bluetooth).
- I2P (Invisible Internet Project): Anonymous network layer designed for censorship-resistant, peer-to-peer communication. Anonymous connections are achieved by encrypting user traffic and sending it through a volunteer-run network of roughly 55,000 computers distributed around the world. Given the high number of possible paths the traffic can transit, third-party surveillance is unlikely.
- OneSwarm: Privacy-preserving peer-to-peer client design to protect user privacy when sharing data.
- RetroShare: Free open-source peer-to-peer communication and file sharing app built on GNU Privacy Guard (GPG).
- Riffle: Anonymity network develop at MIT as a response to issues with the Tor browser. It employs verifiable shuffle and is said to be ten times faster than onion-based networks like Tor.
- Sydnie: Open-source software design to syndicate data over a variety of anonymous and non-anonymous computer networks. It can also reach archives situated in I2P, Tor and Freenet.
- Tor (The Onion Router): Free open-source software for anonymous communication. Tor directs traffic through a worldwide volunteer overlay network that consists of more than seven thousand relays that conceal a user's location and usage from anyone conducting network surveillance or traffic analysis.
- Tribler: Open-source decentralized BitTorrent client that allows anonymous peer-to-peer by default.
- Zeronet: A decentralized web-like network of peer-to-peer users. Instead of having an IP address, sites are identified by a public key (specially a Bitcoin address). The private key allows the owner of the site to sign and publish changes which propagate through the network. ZeroNet also uses trackers from the BitTorrent network to negotiate connections between peers. It is not anonymous by default but supports routing traffic through Tor.
The dark web is the part of the World Wide Web accessible through darknets.
Darknets can be small peer-to-peer or friend-to-friend networks, as well as large networks like Tor and I2P operated by organizations and individuals.
The Tor network focuses on providing anonymous access to the Internet and I2P specializes in anonymous hosting of websites.
The identities and locations of users are anonymized through a layered encryption system, a traffic anonymization technique known as onion routing.
Dark web networks route user data through a large number of intermediate servers to protect the user's identity and provide anonymity. The transmitted information can only be decrypted by the subsequent node in the scheme which leads to the exit node.
This system makes it near impossible to reproduce a node path because you must decrypt layer by layer, leading to users of the dark web referring to the surface web as the Clearnet due to its unencrypted nature.
Due to the dark web's encryption, websites cannot track geolocation or IP address of users. Nor can users get this information about website hosts.
This allows users to talk, blog, transact and share files confidentially.
This has led to the dark web becoming a hotbed for nefarious criminal activity, as well as harmless content like complex cryptography puzzles or cat videos you'd find on the surface web.
Researchers at King's College in London finding that 57% of 2,723 live dark web sites hosted illegal content.
This illegal content could include:
- Stolen Information: Sensitive data like credit card numbers or online banking details, data breaches, data leaks, personally identifiable information (PII) like Social Security Numbers, or hacked Netflix, Spotify or PayPal accounts.
- Drugs and stolen goods: Illegal and prescription drugs, counterfeit goods, counterfeit money, fake passports, fake degrees and stolen goods are sold for cryptocurrency on the dark web on sites like the Silk Road, the dark web's Amazon, which was founded by Ross Ulbricht.
- Disturbing content: Child pornography, hitmen for hire, gore, human traffic, body parts, poison, guns and other black market activity.
- Bitcoin lottery tickets: Dark web gambling sites often sell tickets in bitcoin lotteries that may or may not be real.
- Terrorism: There are real and fake sites used by ISIL, ISIS and other terrorist groups.
- Hacking services: Many hackers sell their services either individually or as part of groups.
In short, like the surface web, you can buy almost anything you can imagine on the dark web. You can probably buy things you would never want to too.
But it's not all illegal content. The dark web can also be used for good. Freedom fighters avoiding mass surveillance of an oppressive political regime may opt to use Tor to protect their identities.
Like most things, it depends. Here are some cybersecurity issues you should consider:
- Remote administration tools: Websites on the dark web may try to install a remote administration tool (RAT) on your device that could lead webcam hijacking or controlling your computer.
- Malware: Like the surface web, websites on the dark web may try to install malware or ransomware such as WannaCry on your computer. Just like on the surface web, never download anything from websites you don't trust.
- Hackers: The dark web attracts hackers due to its in-built anonymity, some of them are for hire while others may look to gain access to your device.
- Phishing scams: Phishing via cloned websites and other scam sites are numerous with darknet marketplace clones (such as Silk Road clones) often advertised with fraudulent URLs to steal Bitcoin or other cryptocurrency.
- Suspicious links: If you click on any link, you could be taken somewhere you don't want to see, download a file or access something illegal.
- Breaking the law: While the dark web attempts to be anonymous, there are still ways to be caught for illegal activity and you can be prosecuted. Any time you are in the company of illegal drugs or content you risk landing in legal trouble. An accidental click or simple curiosity might not be sufficient defense.
- Criminal element: Just because something is for sale, doesn't mean it will actually get sent to you. There are many dark web sites design to steal cryptocurrency from you rather than send you what you purchase.
The in-built anonymity of the dark web has led to many different groups of people using for illegal activity, cybercrime and other hidden services such as the trade of firearms, forums for pedophiles and terrorists, as well as law enforcement agencies like the FBI or NSA.
That said, it also provides protection for whistleblowers, journalists, political protesters, anti-censorship advocacy groups, residents of oppressive political regimes and news organizations who need to communicate anonymously due to fear of negative repercussions.
Accessing the dark web is easier than you might think. All you need to do is download a dark web browser like Tor browser. Once installed, it functions like a regular browser: you stype in a URL and you are taken to a website.
That said, finding web pages on the dark net isn't as easy as finding them on the surface web. There is no Google for the dark web, by definition it isn't indexable.
There are places that aggregate links to dark web websites like The Hidden Wiki, but they are not as sophisticated as traditional search engines and often link to the underbelly of the Internet like sites that hijack your webcam, install malware, attempt phishing scams or other cybersecurity concerns.
Tor is free, open-source software designed for anonymous communication. The name Tor is derived from the original project's name "The Onion Routing Project".
Which was developed by Roger Dingledine and Nick Mathewson and launched on September 20, 2002. Today, Tor is run by a non-profit organization The Tor Project, Inc. which was founded by Dingledine, Mathewson and five others.
Tor anonymizes traffic by pushing it through a free, worldwide volunteer overlay network that consists of thousands of relays that conceal location and usage from mass network surveillance or traffic analysis.
The Tor Project has a free browser that connects to Tor called the Tor browser. The Tor browser makes it difficult to trace your Internet activity including:
- Visits to websites
- Online posts
- Instant messages
- Other communication forms
The intention is to protection personal privacy of individuals and promote freedom of speech and the ability to conduct confidential communication without being monitored.
One thing to note is Tor cannot prevent online services from knowing they are being accessed through Tor. Tor's main concern is user privacy, not hiding the fact the user is using Tor.
This had led to some services restricting functionality to Tor users. For example, Wikipedia blocks edit attempts from Tor users unless special permission is requested.
Onion routing is the form of encryption used by Tor.
It encrypts the application layer of a communication protocol stack and got its name due to its nested nature akin to the layers of an onion.
While Tor may be a pain for law enforcement around the world today, it was initially funded and developed in the 90s by researchers Paul Syverson, Michael G. Reed and David Goldschlag at the United States Naval Research Laboratory.
Onion routing encrypts data, including the next node destination IP address multiple times by sending it through a virtual circuit of successive, randomly selected relays.
Each relay decrypts a layer of encryption to reveal the next relay in the circuit and passes the remaining encrypted data on.
The final relay decrypts the innermost layer and sends the original data to its destination without revealing or knowing the source IP address.
The routing of communication is partly concealed at every relay, eliminating any single point at which communicating peers could be determine with network surveillance that relies on knowing source and destination.
Like all low-latency anonymity networks, Tor is not perfect. It cannot and does not attempt to protect against monitoring traffic at the boundaries of the Tor network (traffic entering and exiting). Nor can it prevent traffic confirmation (end-to-end correlation).
Tor is susceptible to the following cyber attacks:
- Autonomous system (AS) eavesdropping: If an AS exists on both path segments from a client to entry relay and from exit relay to destination, it is possible to statistically correlate traffic and potentially infer the destination of the user.
- Exit node eavesdropping: Swedish security consultant Dan Egerstad intercepted usernames and passwords for emails by operating and monitoring Tor exit nodes. Tor cannot encrypt traffic between exit node and the target server, so any exit node is in a position to capture traffic passing through it if it does not use end-to-end encryption such as Secure Sockets Layer (SSL) or Transport Layer Security (TLS).
- Passive target-analysis attack: Attacker extracts features from the traffic of a specific flow on one side of the network then looks for those same features on the other side of the network.
- Active traffic-analysis attack: Attacker alters the timing of the packets of a flow according to a specific pattern and looks for that pattern on the other side of the network.
- Tor exit node block: Operators of websites can prevent Tor traffic from accessing their site or offer reduced functionality to Tor users.
- Bad apple attack: Exploits Tor's design to take advantage of insecure application use to associate the simultaneous use of a secure application with the IP address of a Tor user.
- Inspection of BitTorrent control messages: Tracker announces and handshakes may include a client IP address, revealing the Tor user.
- Hijacking BitTorrent tracker response: Lack of encryption or authentication between tracker and peer can result in a man-in-the-middle attack that allows attackers to determine IP address.
- Exploiting distributed hash tables (DHT): Distributed hash tables (DHT) through Tor are impossible so attacker is able to reveal a Tor user's IP address by looking it up in the DHT.
- Sniper attack: A DDoS attack designed to take down the majority of Tor exit nodes could result in an attacker degrading the network enough until it uses nodes controlled by the attacker.
- Heartbleed bug: The Heartbleed OpenSSL bug disrupted the Tor network in April 2014 until private keys were renewed.
- Relay early traffic confirmation attack: A group of relays can band together to try deanonymize Tor users and operators.
- Mouse fingerprinting: Detecting mouse movements to fingerprint a website with both the Tor browser and regular browser.
- Vulnerabilities: The NSA exploited a vulnerability in an outdated Firefox version at one time bundled with Tor to attempt to identify Tor users.
UpGuard helps companies like Intercontinental Exchange, Taylor Fry, The New York Stock Exchange, IAG, First State Super, Akamai, Morningstar and NASA improve their information security and prevent data breaches.
Our platform shows where you and your vendors are susceptible to data breaches, data leaks and typosquatting. Avoid regulatory fines and customer data being sold on the dark web through cyber security ratings and continuous exposure detection.
We can also help you continuously monitor, rate and send security questionnaires to your vendors to control third-party risk and fourth-party risk and improve your security posture, as well as automatically create an inventory, enforce policies, and detect unexpected changes to your IT infrastructure. Helping you scale your vendor risk management, third-party risk management and cyber security risk assessment processes.