Tor vs. I2P vs. Freenet: Difference?

GMpeM

When people think of the “dark web,” usually what comes to mind, if anything, is Tor. After all, it’s the one that’s been in the news most often, and the terms are inextricably linked.

If you’re new here, I should mention that in a couple of my previous posts, such as How to Access the Dark Web with I2P! and Exploring the Dark Web on Freenet (Part 3!), I elaborated on I2P and Freenet a little bit. These two are other popular anonymity networks that, like Tor, attempt to preserve users’ privacy. For the curious, I will sum up the three of them.

Tor

tor_linux

Tor, as I’ve mentioned on some earlier posts, is both a network and a browser. The browser is available at Tor Project. (Speaking of which, they just released a new version of the browser, which you should download if you want to use it!)

The network attempts to keep you anonymous while browsing online by directing your web traffic through a worldwide system of relays and nodes (a.k.a. the Tor network).

The browser, on the other hand, is a fork of Firefox, which is optimized for privacy. It includes plugins such as HTTPS Everywhere, which encrypts communications on a number of major sites. It also includes NoScript, which helps prevent exploits via plugins like JavaScript, Java, and Flash, and protects against attacks like cross-site scripting (XSS)and clickjacking.

Here’s one of the confusing parts: the sites that people often refer to as the “deep web” or “dark web” are technically called “Tor hidden services” (.onion sites). One of the other features of Tor is that you can host websites on it anonymously – thus why it’s so popular. I’ve listed quite a few onion sites on previous posts, but if it’s your first time here, these are a few examples:

Fresh Onions

Ahmia Search Engine

Daniel’s Hosting

Contrary to popular belief, not all onion sites have illegal or disturbing material on them. In fact, some are very bare bones and, dare I say, boring. That’s probably because the point wasn’t for them to be scary.  A good majority of onion sites are more technically oriented, although there are a plethora of scams too.

I2P

I2P_router_console_0.7.7

I2P, like Tor, is an anonymous overlay network. However, there are a number of differences between the two:

  • I2P is message-based. Communications are end-to-end encrypted, and each client application is referred to as a “router,” so to speak. The client has their router build several inbound and outbound tunnels, i.e. a pathway to another machine on the network. Each user on the network chooses the “length” of these tunnels, and finds a happy medium between anonymity and speed, depending on what he values. This is referred to as “garlic routing” (as opposed to onion routing).
  • I2P has its own interactive services, like web browsing (using any traditional browser like Firefox or Chrome), plus email, chat, file-sharing, messaging, blogging, and a distributed datastore (like that of Freenet). See more about this at I2P Services.
  • Unlike Tor, I2P can be used for torrenting, using applications like I2P Snark or the Bittorrent network: Bittorrent over I2P. While you technically can torrent over Tor, there’s a great chance that it will break your anonymity.

This is only a very basic summary – if you want to know more, click the links there and you can read some of the technical documentation.

Freenet

freenet_scifi

Freenet is a peer-to-peer (P2P) network which allows you to anonymously share files, send messages, and publish websites that are, in theory, resistant to censorship. It also uses what’s called a “distributed datastore” for the purpose of filesharing. In other words, users “donate” a portion of their hard drive so that other users can share files (the datastore is encrypted, however).

When you first join the network, you are given a cryptographic identifier (key), which, in essence, becomes your “name.” (Think of it like James Bond’s 007 name.) The key looks something like this: http://localhost:8888/freenet:USK@ZVtoHFm~Lm5FctbjloVYwQ0b5KaAae6TeQGk8fswJs4,kRR5rHBQuNpaiFqZE-v3Rtv0e~LWFFbxbh9tAt44UEM,AQACAAE/ffffff/12/  And you thought onion links were hard to remember!

One major difference between Tor and Freenet is that all of the Freenet sites are listed in directories that you can find inside the network (which isn’t always the case with Tor). For example, there is one directory called “Nerdageddon,” which lists many (but not all) of the Freenet sites. However, it excludes pornographic sites and other such material:

freenet_nerdageddon

When you click on a site, your computer “downloads” the page from Freenet, and you must wait for it to load before being able to browse it:

freenet_downloading_censored

Although it’s for different reasons, Freenet, like Tor, tends to be slow. Again, it’s a trade-off between anonymity and speed, so it depends on which you value most. As opposed to Tor, if you want to join social networks or forums on Freenet, you need to download various plugins, such as Sone (a Facebook-like social network) or WebofTrust.

The upside of this is that you aren’t downloading programs from some random onion site  that you happened across, which may or may not have malicious intent. Plus, Freenet has the option of operating in either “opennet” or “darknet” modes. In opennet mode, you connect to anyone on the network, whereas in darknet mode, you connect only to friends.

Summing it Up

In any case, I find all of these networks to be interesting, and if you’re curious, I say explore them. Just know what you’re getting into, and if you don’t understand something, read the documentation or ask.

That’s not a crime, is it?

 

Advertisements

Give Me Links, Man! L-I-N-K-S!

darkdir_links

When I was on IRC (which I haven’t been for awhile), one of the things that would happen constantly is that people would pop in and ask for onion links all the time. I’m sure that got annoying.

So, because this is such a popular request, I’m going to give you some right now. How’s that? Just be careful – I’m serious.

http://sextzym44iqnjt6v.onion/ – WE are Technical Shadow

http://wikilink77h7lrbi.onion/ – Wiki Link Hidden – Tor .onion URL directory

http://wikilink77h7lrbi.onion/ – Bl@CKn3T

http://executrerbwdkddn.onion/ – Executioner

http://mbrsonlymdkaxfmx.onion/ – Members Only Marketplace

http://nfcnsecaoxyvtfae.onion/ – 96CNSEC

http://kp72b24qdzp5yruk.onion/ – The Switch

http://psmz2pmzjjuhmqmh.onion/ – Sh4do3

http://q6mjh37unod6kvaa.onion/network.onion – Gma1 – social network?

http://hackerc6bovxwqmi.onion/ – Hacker for Hire

http://creepymhpgibsewr.onion/ – Creepy

http://eoro24hiqmf6ig5u.onion/ – Secret Society

Alright – is that enough to get you started? Have fun, and perhaps I’ll post more links later on, if I come across them.

 

 

 

 

 

 

 

 

 

Beware, Maltego Will Find You!

by Ciphas

deep-web-1292333_960_720

A friend of mine recently introduced me to a program called Maltego, made by the South African security company Paterva – and if you use it, it may frighten you. It’s actually been around for a few years, but I only started using it this week.

If it sounds unfamiliar, Maltego is a data mining and pentesting tool that finds relationships between information found on different internet sources. Its “map” of data looks exactly like this:

maltego_graph_censored

So yeah, I’m sort of telling you about the “real me” here. Each dot on that graph represents places online that Maltego connected to you in one way or another. This may be via your email address, IP address or via an “alias” that you used in more than one place. As an example, if you use the username “aisettagess” on more than one website or service, it will find that!

Interestingly, some of the data that it found out about me was via Have I been pwned?, which I mentioned in an earlier post. Likely what happened was that the pwned site scanned for data on numerous sites, and then kept some of that information, so it was available to Maltego. If you consider using that site, keep in mind that it will probably log some data about you, unless you request otherwise.

Just so that I don’t dox a real person, let’s create a fictitious online user with Fake Name Generator.

David A. Bass
879 Burning Memory Lane
Tullytown, PA 19007

Mother’s maiden name: Scott
SSN: 192-42-XXXX

Email address: ftjaqxpl@sharklasers.com (thanks, GuerrillaMail!)

You get the idea. So, using Mr. Bass’ info there, let’s have Maltego gather data on him. It figures out what web servers he’s using, what top level domains he uses, what email servers he sends messages from, etc.

After gathering all this data, it combines it all into a graph like the one above, to get a complete picture. It also has a command line tool, but for the purpose of this post, I’m using the GUI version.

If you click on the green dots on your graph, it will show you the information tied to your various online aliases. Let’s say Mr. Bass there uses the following usernames: PennMan988, AllAboutThatBass859, and DBass1. And let’s say he has these email addresses: ftjaqxpl@sharklasers.com (the one above), and dbass345@guerrillamail.com.

Maltego will find any social media profiles or sites on which David used those email addresses – made even easier if he filled out his real name on the site. The graph illustrates using this key:

maltego_graph_key

Plus, based on information available online, it may figure out your relatives, employment history, average annual income, phone numbers, and even location. By the way, if you want more technical information about Maltego, Concise Courses did a great writeup on it – I suggest you check this out.

So why is this useful? Well, as I’d said in some other recent posts, if any of this information isn’t the kind of thing that you want to be available online, then you can now do something about it.

If you want to delete your profiles (or at least certain information) from any of these websites, take the opportunity and do it.

And for the future, consider what kind of information you’re putting out there before you do so.

Think of that next time you consider posting a nude selfie on Tumblr.

 

 

Flare: A Beta Tor Search Engine

flare_search_engine

Those of you who love “links, links, links!” will be happy to know that there’s a very new search engine on Tor called Flare, which is based on the source code of Candle, another search engine. It’s at this URL: http://dlggj2krbqzm5dru.onion. Honestly, this was the first thing I pictured when I heard the name:

flare surf

Anyhow, Candle, as I mentioned on a previous post, is one of several search engines that indexes Tor hidden services. It’s not quite as popular as not Evil or Grams, but it gets the job done.

Candle_Tor

Flare, in turn, is very similar (in fact it may even be a fork), but because it’s in beta form, it still needs help with its algorithms and speed. One interesting (and somewhat disturbing) feature that it has, at present, is that it lists some previous searches done by other users to the right of the search results.

Being aware that a lot of people on the dark web are looking for CP, you can guess what kinds of search terms may show up there. Well, it’s Tor – what did I expect? I just wouldn’t want to meet any of these people in person.

Anyhow, the more that you use a particular search term, the faster it will come up in the future. I tried out the following searches:

“red room”

“hacking”

“dark”

“market”

“carding”

I believe I tried a few others too, but I don’t recall. Compared to a search engine like not Evil, it doesn’t get as many results, but like Candle, Flare seems more focused on getting relevant results, rather than the largest number.

Interestingly, out of the search terms above, “market” returned the most results, by far. Should I really be surprised by that? The first result was a site called “Counterfeit USD,” at this link: http://qkj4drtgvpm7eecl.onion

counterfeit_money

Seems legit.

I haven’t tried out their services, but my first instinct was that it’s a scam, because other sites like it have turned out to be scams. Speaking of which, Flare also has a “Scam: true or false” label beneath the search results. However, simply because a page is labeled “false” does not necessarily mean that it’s the real thing. I’ve been on the dark web long enough that I’ve started assuming that everything is a scam (or almost everything).

That aside, I like the search engine so far, and I recommend trying it out. Perhaps, if more people start using it, it will improve.

Hey, maybe you could even get your site indexed on it! (Hopefully not the scam version.)

 

Red Room Follow Up, Part II

Previously, on Secrets of the Dark…

We examined the claim that there are, in fact, red rooms on the dark web. Several readers had said that they had either witnessed a red room, or knew someone who had been victimized by one. Well, this is the only red room I’ve seen:

giphy (66).gif

Twin Peaks fans, anyone? But I digress. So, in the last post, I suggested that you could create a red room, if you wanted to – but how?

Assuming that Tor is too slow to stream video, you may be able to use something like a private network for this purpose, or a VPN. A private network is defined under RFC 1918: Address Allocation for Private Internets, if you want the technical details. However, even some VPNs have difficulty streaming video. If you’re curious about this, for further reading: 5 Best VPNs for Streaming 4K Video Online. I would think that a commercial VPN wouldn’t be cool with you streaming live murders over their connection either, however.

ಠ_ಠ

Once you had your network complete, you would still have to advertise your site in some way, and also attract victims (this, in my opinion, would be the most difficult part). Maybe some people assume that it’s like the Taken movies? I don’t know.

OK, so you have your VPN, your potential victims, and then you would have to set up your site somewhere, which would result in hosting costs (and thus, a potential paper trail). Plus, on top of that, if customers are paying in bitcoin, that means that the transactions would appear on the blockchain, which is public:

bitcoin-blockchain-2

I suppose that, in theory, like on the darknet markets, you could use a bitcoin mixer, but then the operators of the mixer would have blood on their hands, so to speak. They might not want to get involved with such a thing. So, to add to the complications, you would have to create your own mixer, or find one that didn’t care about what you were using the bitcoin for (including murder).

Ready to run your red room now? Remember, it still has to get attention, but not the wrong kind of attention!

Contrary to popular belief, Tor (and some other darknets) are monitored by law enforcement, as are potential bitcoin transactions tied to illegal activity. Just look at the AlphaBay/Hansa Market shutdown, or any of several other LE operations that target the dark web.

There are some sites that advertise themselves as red rooms, but these look suspicious at best:

http://redrooaujxcjyohj.onion

http://redroofvxabs3a3o.onion

http://redroocid5rlxm43.onion

Do they look real to you? Well, why don’t you pay the cost and let me know what happens? Don’t die, OK?

All in all, that’s my take on it – did I forget anything? Again, I know the dark web has some terrible stuff on it, but taking all these factors into consideration – would it really be worth it to run something like this as a business?

I leave it to you to answer that question.

red-room_behind-the-scenes_image-3

 

Red Room Follow-Up!

Red-Room-Deep-Web-2

by Ciphas

So, continuing on the subject of red rooms, I received a comment recently on my post Red Rooms Finally Debunked Forever? that said this:

“THANK YOU Bob Saget. Just because red rooms don’t fit under your perfect “criteria”, that doesn’t mean they don’t exist. I personally know somebody who has been a part of a red room, but he wasn’t the murderer. He was the victim.”

She was replying to an earlier comment by someone who went by the name of Bob Saget (yes, that was his name), who gave me a hard time for trying to disprove the existence of red rooms, and cited Peter Scully’s videos as an example – in other words, this guy:

peter_scully_2

So here are my thoughts: what I’ve said so far about red rooms has been based partially on my personal experience, and also what I’ve researched about them. While I have not seen such a thing (or at least not one that I believe to be genuine), here is how I would define a red room:

A website (presumably on the dark web or a private network) where you can pay to witness torture and murder.

While I realize that some very sick things exist on Tor and other darknets (most notoriously child pornography),  streaming video over Tor would be incredibly difficult, at least the way it works at present. If you don’t understand how onion routing works, this link explains it quite well: What Is Onion Routing, Exactly?

onion-routing-2

It is possible to watch video on Tor (and I have, in fact). As I mentioned on my recent post PsychoTube: The YouTube of Tor?, there are a few sites on which you can watch uploaded videos, but they certainly aren’t live. It’s very similar to LiveLeak, in that it features videos of murders, executions, and war. By the way, another dark web blog that I like, All Things Vice, has addressed this subject as well: You wanted darker web?

allthingsvice_darkerweb

That being said, how does this square with the above comment? Well, my heart goes out to anyone who’s a victim of torture or murder; nonetheless, as far as that having something to do with red rooms, the burden of proof is on the claimant. One site on the clearnet, Red Room Deep Web Complete Guide, goes into detail about what allegedly happens in a red room, and how to see one (in theory).

redroom_allabout

Without reviewing all the things this site says about it, I think a number of them are wrong – and it looks like they’re using a scam site as their example. But you could, of course, create your own red room.

Ψ(`◇´)Ψ

How would you create a red room, then? Stay tuned for Part 2.

Is Your Revenge Porn Pic on the Dark Web?

 

pinkmeth

Alright, before you say anything – I know this was in the news awhile back, but it appears that there is another mirror of the infamous Pink Meth revenge porn site on Tor again. And I’m not talking about the one that appeared in 2014. I found it on an onion crawler that’s updated frequently, so it appeared to be new.

Mind you, this is not a CP site – it’s a site with suggestive and/or nude pictures of women posted (presumably) by their ex-boyfriends or ex-girlfriends, in order to get back at them. If you aren’t familiar with it, Wikipedia has links to a few news articles about it: List of Tor hidden services: Pink Meth

However, I don’t know if the site I found is “genuine,” or just a clone site. Likely what happened was that the first site was taken down, and then someone tried to “revive” it. Either way, I thought it may be something of a concern. Even if it is just a clone site, there is still the possibility that your photo (or one of someone you know) could be on there.

There were several domains I came across that used the Pink Meth name, and I hesitate to share them here, because wouldn’t that be promoting them in some way?

Lest you think that this is something I’m in favor of, I’m not. I just wanted to make people aware of it. I know that my “favorite” YouTuber, Takedownman (*cough cough*), did an episode about this, but it bears repeating.

There is another similar site called SlutRadar, which is on the clearnet, but also has a Tor hidden service. I assume that, like Pink Meth, they hosted it on Tor in case the clearnet site was taken down.

It basically has the same purpose – “expose” girls who post nudes or suggestive pictures of themselves. And there are probably others as well. Wikipedia’s article on revenge porn likens it to sexual abuse, and I’m inclined to agree, though I’m sure at least some men would take issue with this – obviously, the ones who posted the pictures would be among them.

Interestingly, there was also a site I came across that was not active yet, but was asking people to send their RP pictures. Presumably, this was in preparation for starting their own site of that nature – so, we may see another one in the near future.

This is a difficult thing to stop, obviously – one site could be taken down, and then another will start right up again in its place. What are your opinions on it, readers? Is this something that should be investigated more?

Or is it impossible to stop?