The dark net is that part of the internet that is hidden from the usual browsers that we use. To get to it, one can use what is called the TOR browser that protects your anonymity by rerouting your information through multiple encrypted sites so that you cannot be traced. TOR stands for The Onion Router and has nothing to do with the satirical website. If you are like me, you have heard about this router and the dark web but have never tried to access either.
Jamie Bartlett is an investigative reporter who has explored the dark web and in 2015 published a book The Dark Net: Inside the Digital Underworld.
In a highly informative and entertaining TED talk, Bartlett describes what he found. He says that in many ways, the dark net is surprisingly familiar and banal, except that you can access and buy things that are illegal. The dark net is also increasingly hosting sites that offer goods and services that are perfectly legal but where the people want to remain anonymous, like whistleblowers. Bartlett says that the dark net is going mainstream and predicts that, because of the violations of privacy on the standard internet, soon most of us will be using it to avoid being snooped on by governments and others. This is ironic since TOR started as a US naval intelligence project.
Imagine if there was a shopping mall where you could buy anything. Once you’re in the shopping mall, it may be hard for police or parents or friends to find out what you’re doing. It seems like an attractive place. Some people wear masks as they go in and out of the mall, so they won’t be recognized by the cameras.
Then imagine that there were surveillance cameras covering every entrance and exit, and all of the access paths leading to it, and those cameras never blinked and never forgot -- the police could go back at any time, for years, and apply matching algorithms to everyone who was seen to enter or exit. As the matching algorithms get better, the disguises that people wear going in or out, are slowly stripped away.
Anyone who uses the dark web for anything is painting a great big neon target on their head.
Marcus, I like your analogy.
—
Also, note that anyone who relies on an internet service provider for access has no anonymity to their service provider, TOR or not — every packet goes through that provider.
(“Peer-to-peer’ is a misnomer — it’s always mediated)
John Morales@#2:
Also, note that anyone who relies on an internet service provider for access has no anonymity to their service provider, TOR or not — every packet goes through that provider.
Yes; also the privacy design of the TOR network breaks down if you have an attacker that owns more than a certain number of entry/exit points. At a certain level, they can begin to build identities based on traffic analysis as traffic flows through owned interior and entry/exit nodes. And that’s just the basic traffic analysis; markers put in traffic by ISPs (as you say) may appear to be just tagging for marketing, but the tags sure are useful for NSA as well. Then there’s the “untraceable digital cash” which seems like it’s anything but: if an attacker has a lot of cash, they can map the transaction space simply by engaging in transactions and then doing traffic analysis on the back end. For example, if I go to such-and-such a site and buy $105.03 worth of drugs, I can infer a lot by watching for subsequent transactions that include that amount; if I do enough transactions with any particular merchant, I can develop a very high probability that I could prove who they were, simply based on my transaction history and timing with them. And I assume anyone who’s thinking about the “dark web” remembers that there was a very large number of bitcoin stolen years ago … My bet is that they have served as “bread crumbs” (rat poison, more like) since shortly after that theft occurred.
The dark web users are generally technophile but not technically sophisticated, security conscious but security clueless. They’re lunchmeat.
Oh, and -- the NSA is known to have packet-searching taps at peering points at AT&T (at least) thanks to Klein’s disclosures. It’s a safe bet that the other major ISPs do, too. Combine point-of-origin packet capture with owning a bunch of interior nodes and ingress, and mapping someone’s TOR traffic is a probability game where their chance of escaping goes down pretty quickly with every time they log in.
Yeah, the TOR documentation explicitly states that it can’t protect your anonymity from a “global adversary” (hint, hint), or anyone who owns enough TOR nodes to do statistical traffic analysis. Given that, as Mano points out, the whole thing started out as a US Navy intelligence project, who do we think owns most of the nodes?
I assume that TOR is more-or-less transparent to the US intelligence community -- they’re just perfectly happy to tolerate all the drug dealing and the child pornography because the whole principle relies on having enough traffic on the network. They need lots of people using TOR to provide the camouflage for the intelligence communications it was actually designed to carry.
Thanks! I learn something new everyday from your posts
I’m reminded of an argument during some war or another. Why should all the towns and cities be darkened at night? The enemy has sophisticated equipment in their bomber aircraft. They’ll find us anyway.
Which is true.
But it’s not about hiding, it’s about forcing the enemy to spend money and resources on sophisticated equipment.
Pffft, the dark net is nothing. Just another mall in the marketplace, and as for it going ‘mainstream’, then it won’t be the “dark net” anymore, will it?
I use Tor as a backup for the normal Scihub domain names. If the normal url of the day is not working (I just checked and it doesn’t seem to be) I go to the onion URL.