Where is the dark web, and what's on it?
Discussion
pip t said:
There are many perfectly legitimate uses for the dark web, as have been detailed several times on the thread above. To briefly list a few:
- Human rights activists in oppressive regimes
- Illegal minorities in oppressive regimes (eg homosexuals in Iran)
- Journalists protecting sources
- Whistleblowers
- Security agencies protecting officers in the field
- People who are concerned about their online privacy
- People using it altruistically to improve the effectiveness of it for those who genuinely need it's protection
You really have to actively look for the seedy/illegal/abusive onion services. It's completely possible to never come across any. You almost certainly won't just stumble across them. I've used TOR on and off for years, and I've never seen anything illegal. I'm sure it's out there, we know it's out there from operations against it detailed in the press, but you are unlikely to accidentally access it.
Yes, this level of 'privacy' does make it difficult for the police & security services to track offenders using it for unpleasant purposes. However, I would say the benefits of it's existence outweigh the negatives. I'm not a 'tin foil hatter' - I accept the fact that we are under surveillance on the internet, both commercially and from government agencies, and I can see the benefits of it. But I don't like it much, and I like the fact that there are ways to counteract it should you wish to.
Any technology can be used for evil. It's up to society to find ways to root out the evil, while keeping the benefits the technology brings.
all good points- Human rights activists in oppressive regimes
- Illegal minorities in oppressive regimes (eg homosexuals in Iran)
- Journalists protecting sources
- Whistleblowers
- Security agencies protecting officers in the field
- People who are concerned about their online privacy
- People using it altruistically to improve the effectiveness of it for those who genuinely need it's protection
You really have to actively look for the seedy/illegal/abusive onion services. It's completely possible to never come across any. You almost certainly won't just stumble across them. I've used TOR on and off for years, and I've never seen anything illegal. I'm sure it's out there, we know it's out there from operations against it detailed in the press, but you are unlikely to accidentally access it.
Yes, this level of 'privacy' does make it difficult for the police & security services to track offenders using it for unpleasant purposes. However, I would say the benefits of it's existence outweigh the negatives. I'm not a 'tin foil hatter' - I accept the fact that we are under surveillance on the internet, both commercially and from government agencies, and I can see the benefits of it. But I don't like it much, and I like the fact that there are ways to counteract it should you wish to.
Any technology can be used for evil. It's up to society to find ways to root out the evil, while keeping the benefits the technology brings.
I personally think the bad outweighs the good with this kind of anonymity and encrypted chat too
Regiment said:
The dark web is basically the opposite to the light web. This is the light web, on the dark web is Piston Heads alter ego version which is essentially exactly the same apart from it's filled with lots of reviews of diesel cars and Labour voters.
Along with threats to hammer lawns into you sausages.eliot said:
fblm said:
Can anyone answer some TOR questions for me?
Who in the hell would host an exit node? Won't their IP look like a wretched hive of scum and villany? Secondly whilst I understand the middle relays don't know your IP won't the actual .onion site you're connecting to need to know your IP in order to route anything back to you? If so, can't the FBI/NCA just set up their own .onion site with some promising clickbait and get lots of 'target rich' IP's from that? Lastly I read there are only something like 5000 server relays. Isn't it entirely possible that half of them are FBI/NSA/DOJ/CIA? In which case wouldn't it be relatively simple to track many connections from guard to exit node? It seems very suspicious to me that the US military would set up a highly secret communication protocol seemingly ideal for criminals, terrorists and 'rogue' states and then sit back and go, ''oh no there's nothing we can do''....
I have the same questions.Who in the hell would host an exit node? Won't their IP look like a wretched hive of scum and villany? Secondly whilst I understand the middle relays don't know your IP won't the actual .onion site you're connecting to need to know your IP in order to route anything back to you? If so, can't the FBI/NCA just set up their own .onion site with some promising clickbait and get lots of 'target rich' IP's from that? Lastly I read there are only something like 5000 server relays. Isn't it entirely possible that half of them are FBI/NSA/DOJ/CIA? In which case wouldn't it be relatively simple to track many connections from guard to exit node? It seems very suspicious to me that the US military would set up a highly secret communication protocol seemingly ideal for criminals, terrorists and 'rogue' states and then sit back and go, ''oh no there's nothing we can do''....
Also wrt VPN sites and anonymous email sites listed on the other page - given they are anonymous, how do you know who’s running them. The feds probably run the majority of these servers as a massive receptical to profile low level / intermediate crime.
Basically, a tor hidden service site (.onion) cannot see your IP address, nor can you determine its location or the public IP of the machine it runs on.
Australian police recently shut down one of the biggest child porn sites on the dark web - after running it themselves for nearly a year. During that time they sought to identify as many users as possible, but were largely thwarted by the security built into the protocol.
4x4Tyke said:
Spoon Burner said:
I’m really interested in hacking, would it be a silly idea to go on there to the hacking forums & have a read?
It's not necessary, the best information is freely available from public sources such IT security researchers operating on reasonable disclosure basis.e.g.
https://access.redhat.com/security/vulnerabilities
I suspect Microsoft have something similar
And any code you need to learn, i.e Ruby if you use Social Engineering tool kit/ Metasploit is also available on the surface web or just search GitHub.
I used to use TOR and proxy chains for when I was network scanning looking for specific targets. If I needed to ask questions about certain exploits that would work on a target I would use the IRC channels but as with everything you get some people that will help and some that just want to exploit you.
Anyway, here is a non evil google like search engine that is available on the dark web.
hss3uro2hsxfogfq.onion
Really interesting thread!
I was wondering how VPN and TOR differ? Or is TOR the same thing with more layers of encryption as the data is passed between different servers.
My understanding is that using whilst using VPN an ISP cant see what you are looking at / files being sent and visited sites wont know your actual IP or any identifying information?
I was wondering how VPN and TOR differ? Or is TOR the same thing with more layers of encryption as the data is passed between different servers.
My understanding is that using whilst using VPN an ISP cant see what you are looking at / files being sent and visited sites wont know your actual IP or any identifying information?
clonmult said:
WCZ said:
andy_s said:
Encrypted chat like iMessenger and Whatsapp?
I was thinking more of telegram, chatsecure, signal etc(No idea on iMessage, chatsecure, etc.)
(Caveat - this isn't my field, I may be barking up the wrong lamppost...)
moustachebandit said:
Really interesting thread!
I was wondering how VPN and TOR differ? Or is TOR the same thing with more layers of encryption as the data is passed between different servers.
My understanding is that using whilst using VPN an ISP cant see what you are looking at / files being sent and visited sites wont know your actual IP or any identifying information?
VPN providers can see your IP and what you are getting at the exit point but your ISP can't. I was wondering how VPN and TOR differ? Or is TOR the same thing with more layers of encryption as the data is passed between different servers.
My understanding is that using whilst using VPN an ISP cant see what you are looking at / files being sent and visited sites wont know your actual IP or any identifying information?
But with TOR no one can see owt as the routers are only aware of what's in front and what's behind it so at the exit node, the last layer of encryption gets decrypted and the data is sent to the destination without exposing the sender's IP. However some sites are TOR aware and won't let you get to them, I.e google.
Not really a network guy but that's my basic understanding of it.
clonmult said:
I thought that Whatsapp was encrypted in a similar manner to telegram - they're similar overall services?
(No idea on iMessage, chatsecure, etc.)
I would be very surprised if WhatsApp, being owned by FB, did not have backdoors/weaknesses built in.(No idea on iMessage, chatsecure, etc.)
Comes down to trust, do you trust Facebook?
moustachebandit said:
Really interesting thread!
I was wondering how VPN and TOR differ? Or is TOR the same thing with more layers of encryption as the data is passed between different servers.
My understanding is that using whilst using VPN an ISP cant see what you are looking at / files being sent and visited sites wont know your actual IP or any identifying information?
Along with the answer below from Neveryoumind, a VPN will also be much faster than TOR.I was wondering how VPN and TOR differ? Or is TOR the same thing with more layers of encryption as the data is passed between different servers.
My understanding is that using whilst using VPN an ISP cant see what you are looking at / files being sent and visited sites wont know your actual IP or any identifying information?
andy_s said:
They're much of a muchness I think, P2P encryption so even the company can't decrypt, or at least that's how I understand it. There was a wrangle with Apple and Whatsapp recently where the govt. wanted them to be able to release data but both said they couldn't even if they wanted to. There's other ways I'm sure, but it wasn't as simple as just giving the authorities a key.
(Caveat - this isn't my field, I may be barking up the wrong lamppost...)
Signal, Whatsapp (which licensed Signal's protocol), Telegram and the like share a per conversation set of public/private keys for you between the two people having the conversation. In theory you could, with the participation of the vendor (Signal or whoever), take central copies of those keys without you knowing. Once you have the keys you can read anything you like. I have my suspicions that this is happening on some level.(Caveat - this isn't my field, I may be barking up the wrong lamppost...)
It used to be very easy to do this with HTTPS traffic if you have access to the private keys (which is trivial for Government agencies if the vendor for the SSL certificate is located in a friendly country). I regularly used to use Wireshark to debug HTTPS traffic. Now it is a little harder as your browser generates a unique session key so you can't replay the session if you have the private key. However both Chrome and Firefox support logging the session keys, so you can see where this is going.
Anybody thinking that keys wouldn't be shared when the Government comes asking should look at Hushmail.
TP; cheers - I use hushmail on a VPN as it happens - I work around N Africa - but never looked too deeply under the bonnet.Never you mind said:
4x4Tyke said:
Spoon Burner said:
I’m really interested in hacking, would it be a silly idea to go on there to the hacking forums & have a read?
It's not necessary, the best information is freely available from public sources such IT security researchers operating on reasonable disclosure basis.e.g.
https://access.redhat.com/security/vulnerabilities
I suspect Microsoft have something similar
And any code you need to learn, i.e Ruby if you use Social Engineering tool kit/ Metasploit is also available on the surface web or just search GitHub.
I used to use TOR and proxy chains for when I was network scanning looking for specific targets. If I needed to ask questions about certain exploits that would work on a target I would use the IRC channels but as with everything you get some people that will help and some that just want to exploit you.
Anyway, here is a non evil google like search engine that is available on the dark web.
hss3uro2hsxfogfq.onion
Gassing Station | News, Politics & Economics | Top of Page | What's New | My Stuff