If advertising from Internet Security and VPN companies is anything to go by, then the Dark Web is a playground for cyber criminals to trade stolen credit cards and passwords in a wild west free for all.
There is some merit to this, but it is mostly scare tactic to sell you another program that you most likely do not need. While the Dark Web does have its dark side, it’s underlying technology can also be used for good. It can be used to help protect people in countries who do not have favourable human rights. It can help journalist to anonymously communicate with a source. And it can help the average Joe reclaim their privacy online.
There are several variants of the Dark Web, the most popular being Tor Project or The Onion Router Project. Onion routing allows for anonymous communications by using many layers of encryption. The many layers of Onion Routing are comparable to the layers of an onion, hence the namesake.
Onion Routing was developed in the mid 90s by the US Navel Research Laboratory to help protect US intelligence communications. The project was further developed by Defense Advanced Research Projects Agency (DARPA). The software was then release by DARPA under a free licence from which The Onion Routing Project (Tor Project) was developed. This was release in 2006.
How does Onion Routing work
In its most basic form, when you visit a website, your data is sent directly to the web server hosting the website. The website can see exactly where the data come from and is able to log the IP address of the visitor. Depending on the speed of your internet, this all happens pretty quickly. An example is shown below.
Your PC <-> www.Server.com
When you use Onion Routing this happens a little differently. Visiting websites via Onion Routing can also be very slow due to the way data is bounced around between many nodes which may be located in different countries.
First of all your computer encrypts the data you are sending to the server. This data has many different layers. Each layer is encrypted with a key that can only be decrypted by a specific node.
The network might look like this:
Your PC <-> Node 1 <-> Node 2 <-> Node 3 <-> Exit Node <-> www.Server.com
Your PC sends the request to Node 1. Node 1 decrypts its layer and sends the data to Node 2. Node 1 only knows about your PC and Node 2.
Node 2 receives the data and decrypts its layer. Node 2 does not know where the data came from originally or if there are 1 or 10 nodes before it. It only knows about the node it received data from and the node it is forwarding data to – in this case Node 3.
This continues until the data reaches the Exit Node. The Exit Node knows what website it is accessing and it knows about the node directly before it – in this case Node 3 – but it does not know the data originated from your PC. The Exit Node sends the data on to www.Server.com
www.Server.com sees that the data came from the Exit Node and this is the IP address that is logged as visiting the website.
This is all done again, but in reverse, starting with the full encrypted onion at www.Server.com and slowly peeling back the layers until the data is received on your PC. Even though the data has come back and you can view the website, www.Server.com does not see your IP address.
This issue with this scenario is the data leaves the security of Onion Routing at the last step to visit a Clear Web website. While this still gives you some anonymity, it is not as secure as staying in the Onion Routing network. The anonymous nature of the network also depends on your browsing practises.
To get the full features of Onion Browsing you need to browse the Dark Web.
The Dark Web
To get the full benefits of Onion Routing you need to stay within the confines of the Onion Routing network and not have requests leave via an Exit Node onto the Clear Web.
Tor network has the ability to host what are called Tor Hidden Services. These are websites that end in the top level domain .onion.
When browsing a .onion website you are viewing what is know as the Dark Web.
This is where the dark side comes to the Dark Web. Many Tor Hidden Services contain illegal content, including forums where cybercriminals trade personal data, passwords, and credit card details.
There are however, legitimate services accessible via Tor. Facebook have their own Tor Hidden Service which give users access to Facebook in countries in which it is blocked. DuckDuckGo also have a Tor Hidden Service to allow you to perform searches while in the confines of the Onion Network (although DuckDuckGo only indexes Clear Web websites so any links will send your request out via an Exit Node.) Another service, ProtonMail (a privacy focused email service) also offer a Tor Hidden Service to access their services.
Using Tor Browser will not automatically make you anonymous online. There are many other steps involved including sorting out your security hygiene practises. By creating stronger passwords, turning on 2FA, and cleaning up what is publicly visible about you on the internet, you’ll be taking bigger steps towards increasing your online security than using a VPN or Tor alone. Deleting old accounts and limiting what you share online is equally important. Once these tasks are done you may benefits from the anonymous natures of Tor.
Be sure to check out our other Tech Tips articles!