Deep Web, Dark Web & Tor Guide
Maybe you have heard of the dark web phenomenon? The secretive network surrounded by stories about drugs, murders for hire, child pornography and other illegal activities. While the anonymising nature of the dark portions of the web certainly enables illegal activities, there are absolutely legitimate reasons as to why anyone would want to access the dark web.
Lets begin with taking a look at this common definition of the world wide web (All existing websites).
The entire world wide web is divided into three parts.
The Surface Web
The Deep Web
The Dark Web
On the surface web you can easily access all the websites that are indexed by search engines like google, yahoo and bing using a standard browser such as internet explorer, safari, chrome and Firefox. These are the websites you may visit on a daily basis such as facebook or amazon and so on. It is estimated that the surface web only occupies somewhere around 10% of all websites, though these estimates are hard to prove.
The remaining 90% is what’s called the deep web. Because these websites are not indexed by major search engines they are much harder to access. When websites are not indexed by search engines it means that the data is stored in the websites internal database, so search engines typically can’t access it. If you have the specific URL to a deep web website you can of course access it.
Contrary to popular belief, pages like Netflix can actually be a part of the deep web. This is because a lot of Netflix content are accessed behind a paywall and therefor can’t be indexed by search engines – thus making it a part of the deep web.
Deep web simply refers to anything on the web that can’t be found using a search engine. This means anything behind a paywall, anything that is password protected, or anything that is dynamically generated on the fly and doesn’t have a permanent URL.
A small portion of the deep web is called the dark web. To access websites on the dark web you have to use special browsers designed specifically for anonymity.
The dark web is only accessible using the TOR browser, short for The Onion Router, which routes traffic through relays and layers of encryption. Instead of URL’s ending with .com or .net, Dark Web pages end with .onion.
The dark web can also be referred to as the TOR network, since all servers are part of the TOR network and websites can only be accessed via the TOR browser.
The Ice Berg
To better understand the concept of the three parts of the world wide web it is common to visualise it using an ice berg with a small tip representing the surface reaching above the sea surface. The darker parts of the web then reaches down under the surface all the way to the bottom. Just above the bottom of the sea where it’s really dark and inaccessible is where you find the dark web.
What Is TOR?
When we talk about TOR, we talk about two main things. The physical TOR network and a software called The TOR browser that enables you to access the TOR network. Tor is useful to anyone who wants to keep their internet activities out of the hands of advertisers, ISPs and websites. Anyone who needs to seriously anonymise traffic need to use Tor.
Is Tor something that ordinary user need? Probably not, and in fact, it is very slow. This means that for every day browsing you are probably going to choose something else.
What Is The TOR Network?
TOR is an open source and encrypted network operated by volunteers with servers placed all over the world. By routing your traffic randomly through these servers, also called relays, no one is able to link your traffic to a single source. This way your traffic is anonymised and protects you from many types of attacks and threats. The TOR network can be used by anyone to anonymise traffic and hide their location and then access surface websites for privacy reasons.
Another common usage is to access so called ”hidden services” which are websites that can be run by anyone hosting a TOR relay. Maybe you have heard of the Silk Road? An illegal marketplace run as a hidden service on the TOR network that truly reaped the darker side benefits of anonymity by selling illegal goods such as drugs and weapons anonymously. Other examples are Dream Market and Valhalla.
TOR network can be quite slow
The nature of how the TOR network and browser work makes traffic quite slow. Your traffic must ”hop” between several relays and be encrypted and decrypted several times which creates latency. Pages can take several seconds to load and streaming hd video is barely possible. As the network grows, bandwidth and speed are increasing continuously.
To access the TOR network you need the TOR browser.
The TOR Browser
The TOR browser is a hardened version of the Mozilla Firefox browser and is compatible with Windows, Mac OSX, Linux and Android.
The Tor browser will send your data packets through three rounds of encryption before it even leaves your devices. Then it will be sent through a total of three randomly chosen relay servers around the world. No one of the relays will have access to the same information and to intercept your data you would need to have three encryption keys and access to three relays for monitoring of data.
What TOR Does
Tor prevents your ISP from knowing what sites you visit.
Tor prevents a site you visited from knowing who and where you are.
Tor prevents corporate tracking.
Tor helps circumventing censorship
What TOR DOESN’T do
Tor doesn’t prevent your ISP, websites or anyone watching from knowing that you use TOR. If course, they cannot see what you do after you’ve entered the TOR network.
Tor can only anonymise traffic that is routed through its own proxy, which the browser is setup to do. This means that the TOR browser only protects traffic used by itself. Any other software or clients must be specifically setup for TOR network usage to work properly. For example, by installing and using TOR browser will not automatically provide anonymity when sending e-mails. TOR only protects data packets.
How To Access The Tor Network
This is my recommendation of how to use access the dark web safely, securely and anonymously.
Download and install Tails
Tails is a live-operating system that can be put on a USB drive and booted from there. It’s specifically designed to provide privacy and anonymity. Tails uses Tor as its default browser and forces all internet traffic to go through the Tor network. Tails is configured to not use the computers hard disk and only uses the RAM memory for storage which is automatically emptied every time the computer shuts down.
Always use Tails when connecting to the TOR network.
Connect to a VPN
Connecting to a VPN service will prevent your ISP from seeing that you are using the TOR network. It will also ad an extra layer of encryption and anonymization of your traffic.
When inside Tails, install and open TOR browser
When you are online, do an IP test and DNS leak test. If the IP not your real and no DNS leaks are detected, you are good to go. Make this procedure routine every time you enter the TOR network. Then, go to the security & privacy settings and set the security settings to ”high” inside of TOR browser.
Install HTTPS Everywhere plugin on TOR browser
When you visit surface websites using TOR browser your traffic is sent through the TOR network and then on to the internet. When you traffic leaves the TOR network, it will be un-encrypted. If you visit non-https websites you are very vulnerable. HTTPS everywhere will mitigate this.
Don’t P2P over TOR
Peer-2-peer (torrenting) traffic is known to bypass proxy settings, even if manually setup not to do so. This means that your traffic bypasses the TOR proxies and connects directly to the end point which exposes you greatly.
Never use Google
Googles core business idea is to gather information about you and track your every move online. Use DuckDuckGo or StartPage instead. Whenever you route your traffic through the TOR network on to the surface web, your traffic has to pass an “exit node” which is the last node before entering surface web. All traffic after the exit node is unencrypted and therefor not protected. By using DuckDuckGo you never have to pass any exit nodes.
Don’t use TOR directly on windows or OSX.
Standard operating systems don’t offer the security that is necessary to stay anonymous when using TOR. Instead, i recommend that you use virtual machine software such as Tails or Whonix. Tails comes with the built in, pre configured Tor browser ready to be used.
Third party services
Whenever you need to use third party services such as e-mail, file sharing and messaging. Make sure to use services designed for anonymity, privacy and security. TOR will not in it self protect you from problems related to these services.
Personal identifiable information
This may sound obvious but it is important to never use your real e-mail address, log on to your real facebook site, enter your real credit card numbers or any type of personal information when browsing using TOR. Every piece of information can be used to create a profile on you and later be linked to your real identity.
Cryptocurrencies offer a layer of anonymity and security because your real idendity is not directly tied to your transactions. Instead, it is tied to a randomly generated bitcoin address. Of course, if somehow, your bitcoin address would be tied to your identity anyway, all of your transactions are publicly available for anyone to analyse. Still, they offer do offer much greater anonymity that regular credit card purchases and should be used whenever anonymity is a priority.
Is The Dark Web Illegal?
The dark web isn’t illegal in itself and can be accessed by anyone who has downloaded the free TOR browser. There are a lot of illegal websites and marketplaces that sell illegal goods of many types and it is of legal to visit the websites out of curiosity but selling and buying anything illegal is of course illegal.
If complete anonymity is important to you and you are using TOR or considering to, i want you to think about this.
How can you be sure that the TOR nodes are not being monitored? Since TOR nodes can be run by anyone, in theory, your adversary could be hosting a node and be monitoring all traffic going through it. I’ve read reports about rogue TOR nodes. Of course, TOR traffic is randomly routed through nodes and also encrypted, which both makes for very strong protection.
To me though, this illustrates the importance of not relying on a single source of security, may it be, TOR, VPNs or anything else. Instead, they must be used together to create layers of security that together minimise weaknesses.
There’s no easy way of staying secure and anonymous.