Is It Possible to Be Anonymous Online?

In light of the recent news about Facebook’s numerous privacy issues, I got to thinking, “Is it even possible to be anonymous online anymore?”

I think it is, but that would require dialing back a lot of your social media use, and so you would have to take that into consideration. What brought this to mind, in part, was the article It’s Time To Think: How Many Whistleblowers Do We Really Need? on Fossbytes, by Aditya Tiwari.

One of the points that Tiwari made is that we often install apps without giving much thought as to what data the app may be collecting in the background. Granted, we do allow apps “permission” to access certain things on our devices when we install them, but how many people really pay attention to that?

app-permissions-w782

I have an internet friend who says he doesn’t use social media in general, and he is, for the most part, anonymous online. He’s one of the people who introduced me to things like Maltego, which I mentioned on Beware, Maltego Will Find You!

If you didn’t read that post, to sum up, one of the things that Maltego does is collect publicly available information about you on the internet, and put it together into a nice graph. It also shows the various links and connections between these bits of information.

maltego_graph2

My friend had said that, when he did a report on himself, only information that he wanted to be available was found. The same was not true of me, although since then, I have taken down quite a few profiles, email accounts, and other bits of info that I didn’t want online.

Still, unlike my friend, I do use social media, partly because, as a writer (even one who writes about the dark web), that’s important. In fact, I know of other authors who write about this subject and also use the same tools.

The Fossbytes article made this important point about large companies like Google, however:

Google possibly has the largest collection of user data than any other company. Because why not? It has more presence in our lives. Google has some contribution in almost everything we do on the internet. In fact, many people open Google to check if their internet is working or not.

google_awsnap

I think that, if you want to be “anonymous,” or at least have less information about yourself out there, you would have to become acutely aware of what services you’re using, and how you’re using them (I include myself in this).

For instance, start using DuckDuckGo or StartPage rather than Google for your searches, or use open source alternatives to your favorite apps. One place you can find some of these open source apps is on F-Droid (if you have an Android phone, that is). The downside to this, of course, is that the alternatives may or may not work as well as their closed-source counterparts.

Still, this could mean that you (or anyone else who’s interested) has the chance to help improve these decentralized apps. Think of it as a grassroots movement.

To really take it all the way, you would probably have to create some fake identities for yourself (and this is one of things I’ve found difficult so far), as well as separate IP addresses for those identities – Tor might help with that. I did come across a site called Fake Person Generator that can assist with the identity creation process as well. It lists such things as names, birthdays, addresses, phone numbers, email addresses, height, weight, and even passport numbers. You would have to actively use them to make them appear real, of course.

fake_person_generator

 

So yes, to answer the question, it is possible to be anonymous online, but challenging, especially if you’re accustomed to using products like those of Google or Apple on a daily basis.

Hmm…I would really miss saying “OK Google.”

 

Advertisements

Site Feature: Dark Clouds/saysamaim

So, a reader contacted me recently and asked if I would check out their site(s), which I did. They have both a clearnet site and a couple of Tor hidden services.

The clearnet site is called saysamaim, and seems to be a sort of tribute to all things “darknet”:

saysamaiam

On the landing page is a sort of “definition” of the darknet:

“Most people like us confused about the term like Dark net or Deep Web[sic]! It is a big part of the internet that can’t be found or indexed by search engines such as Google, Bing, Yahoo, and DuckDuckGo. For example, your bank account page is also part of the dark net sites. On the other side anything you can see in the search results, that s [sic] called Surface Web. Darknet sites contain weird URLs and also [sic] known as .onion sites (Hidden services sites) [.] Dark marketplaces sale [sic] all kinds of legal and illicit goods anonymously for other currencies such as Bitcoins. When companies are hacked and their data is stolen, that stolen data [is] often used for sale on the so-called Darknet.”

I’m not certain, but this sounds like something I wrote at one point online; if so, thanks for paraphrasing me! I must make a few corrections, however – your bank account page is in the “deep web,” not the darknet, per se. If a page is indexed by search engines, it’s on the surface web, as the site says. And as I’ve mentioned on this blog before, .onion sites are one example of “dark web” URLs (on Tor, at least).

Here’s one of the next-gen onion URLs, for instance: http://occgshn6gz4je57wyhpijni7waod6yxpxwihjdxjwrnpjtbayliei2id.onion/ It’s a site called Cyberia.

cyberia_edited

Anyhow, I don’t fault people for not being native English speakers, but I hate the spread of misinformation about the dark web. Some of this is unintentional, as I believe many of the technical aspects of darknet software can be hard to understand.

On other parts of the site are a “darknet guide,” if you will, a contact form, and a list of hacking tools. In addition, there’s an about page, and copies of 973-eht-namuh-973.com and Joy of Satan, two sites which are often referred to as being part of the “dark web,” but aren’t.

973-eht-namuh

joyofsatan

This same group also runs two Tor hidden services, called Dark Street and Dark CloudNet.

 

dark_street_edited2

 

Both of these are forums, more or less. They seem to revolve around the typical kinds of activity you would expect on Tor: carding, drugs, etc. Because I’m new to the forums, I have no idea if any of it is legit or not. Based on my experience with the dark web over the past two years, I tend to approach these kinds of things with a healthy degree of skepticism.

That’s not to say that the forums don’t look cool; I thought the format worked very well. Whoever programmed them used MyBB software, which is pretty tried-and-true for that purpose, as you may know.

One thing that’s intriguing about Dark Street is that certain sections are “locked,” i.e. you need a password to access them. See if you can figure out what that is!

In any case, the forums are rather similar to other carding/hacking forums I’ve seen, but they could use some more traffic. Want to check them out, readers? Click the links.

They’re real…I promise.

 

 

 

Red Room Follow-Up!

Red-Room-Deep-Web-2

by Ciphas

So, continuing on the subject of red rooms, I received a comment recently on my post Red Rooms Finally Debunked Forever? that said this:

“THANK YOU Bob Saget. Just because red rooms don’t fit under your perfect “criteria”, that doesn’t mean they don’t exist. I personally know somebody who has been a part of a red room, but he wasn’t the murderer. He was the victim.”

She was replying to an earlier comment by someone who went by the name of Bob Saget (yes, that was his name), who gave me a hard time for trying to disprove the existence of red rooms, and cited Peter Scully’s videos as an example – in other words, this guy:

peter_scully_2

So here are my thoughts: what I’ve said so far about red rooms has been based partially on my personal experience, and also what I’ve researched about them. While I have not seen such a thing (or at least not one that I believe to be genuine), here is how I would define a red room:

A website (presumably on the dark web or a private network) where you can pay to witness torture and murder.

While I realize that some very sick things exist on Tor and other darknets (most notoriously child pornography),  streaming video over Tor would be incredibly difficult, at least the way it works at present. If you don’t understand how onion routing works, this link explains it quite well: What Is Onion Routing, Exactly?

onion-routing-2

It is possible to watch video on Tor (and I have, in fact). As I mentioned on my recent post PsychoTube: The YouTube of Tor?, there are a few sites on which you can watch uploaded videos, but they certainly aren’t live. It’s very similar to LiveLeak, in that it features videos of murders, executions, and war. By the way, another dark web blog that I like, All Things Vice, has addressed this subject as well: You wanted darker web?

allthingsvice_darkerweb

That being said, how does this square with the above comment? Well, my heart goes out to anyone who’s a victim of torture or murder; nonetheless, as far as that having something to do with red rooms, the burden of proof is on the claimant. One site on the clearnet, Red Room Deep Web Complete Guide, goes into detail about what allegedly happens in a red room, and how to see one (in theory).

redroom_allabout

Without reviewing all the things this site says about it, I think a number of them are wrong – and it looks like they’re using a scam site as their example. But you could, of course, create your own red room.

Ψ(`◇´)Ψ

How would you create a red room, then? Stay tuned for Part 2.

Tor Social Network Update: Galaxy3

For those of you who were sad that Galaxy2 had disappeared, there is a new social network by the name of Galaxy3 at http://22dvf4xgaqa672b4.onion. There is also what appears to be a scam clone site at http://uwv7wslui5f4ukff.onion/, so I would avoid using that one if I were you.

galaxy3_groups

I’m sure many of the members of the previous social network are happy about this, although I was a little hesitant to join at first, given that there are so many clone sites (like the one above) out there.

So, I just joined about a week ago, and by all accounts, this site seems to be legit. No, really, it is!

bitcoin_doubler_scam

I recognize quite a few of the same folks who were on Galaxy2, which is a good indicator that it is the real thing.

Anyhow, Galaxy3 is quite similar: like its predecessors, it has a feature called “The Wire,” which is basically a news feed (like on Facebook or Twitter). And yes, anything you post to The Wire is public, so for newcomers – don’t post it if you don’t want others to see it!

What surprises me about it is that many of the Wire posts are the same types of things that people would say on Facebook, Tumblr, or other clearnet social media sites. I think I’ve addressed this on my earlier “dark web social network” posts.

It could be something as simple as, “Hey, what’s going on everybody?” Or I have noticed some people who appear to be trying to promote businesses and such. But as I said, the dark web has increased my level of paranoia tenfold; I tend to view anyone who is selling something with a degree of skepticism.

One other thing that I notice frequently is that people don’t shy away from posting about controversial topics here (and that goes for the dark web as a whole, not just Tor). Many of the social networks I’ve been a part of on Tor (and elsewhere) have included such things as gore, self-harm, drug use, and…um…unusual fetishes. Not that you can’t find that on the clearnet:

kink_forum_censored

If only they knew that my fetish was to collect Precious Moments dolls and dress them in leather outfits…

In all seriousness, vaguely remember someone asking who was into scat play, for example – which I’m sure you could find on the clearnet as well, if that’s what you’re into, but again, the keyword is “anonymity.”

Like your popular social media sites on the clearnet (Twitter, Tumblr, etc.), Galaxy3 also has a blog feature, which works quite similarly. All you do is click on the “Blogs” tab, and you’ll see a feed with the latest blog posts. From there, you can also add your own (well, yah, I could’ve told you that).

galaxy3_blog_censored

But again, what’s the difference between these blogs and the ones that you would find on the clearnet? Well, I noticed a lot of paranoid conspiracy theory stuff on there, plus there was some guy asking about the aforementioned kinky sex acts. See? The dark web’s not all “bad” – it has kinky sex!!

dark_web_dominatrix

Come to the dark web – we are kinky.

All in all, if you’re already interested in the dark web and have not checked out any of these social networks yet, Galaxy3 is one that I recommend. The people are pretty cool, and there aren’t any convoluted instructions for becoming a member.

Questions? Feel free to ask.

 

 

 

 

 

Can You Access .Onion Sites Without Tor Browser?

by Ciphas

(Note: Thanks to Ben Tasker’s Security Blog and traudt.xyz for being references.)

Can you access .onion sites without the Tor Browser? Short answer? Yes, you can – but I don’t recommend it…I cannot stress this enough.

I’ve mentioned Tor2web proxies in a few previous posts, but didn’t elaborate on it much. onionto

In their own words, “Tor2web is a project to let Internet users access Tor Onion Services without using Tor Browser.” Tor2web and Web2Tor are reverse proxies which allow clearnet users (such as someone using Chrome, Firefox, etc.) to access Tor hidden services.

reverse_proxy

The proxy listens on port 80 (or sometimes 443) on a clearnet server, and then proxies requests to the Tor hidden service.

If you’re unfamiliar with proxy servers, Indiana University gives a great definition of one: What is a proxy server?  (Psst…I talked about this a little in my earlier post ‘Anonymous’ Proxy List?)

The example they use to illustrate on Tor2web.org is that when you see an onion URL, for example, http://pbfcec3cneb4c422.onion/, if you add “.to,” “.link,” “.cab,” etc. to the end of the URL (e.g. http://pbfcec3cneb4c422.onion.to), and that proxy will connect you to the onion service. Great, right?

Well, no – not great. In spite of its convenience, the problem with using these proxies is that whomever is operating the Tor2web proxy can spy on your web traffic. While this may not sound like a bad thing, if said proxy operator has malicious intent, then you (the user) are basically a sitting duck. Plus, if the point of Tor is being anonymous, and someone can detect your web traffic that defeats the whole purpose!

In fact, even onion.cab themselves – the proxy service, that is – warns users when they first try to access a site this way:

onion

If this doesn’t sound bad, then it should be noted that not only can the operator see your web traffic, but they can also modify it and inject code if they so desire.

Ben Tasker Security Blog has an excellent post about this called Don’t Use Web2Tor/Tor2web (especially Onion.cab) – the example he gives is that some Web2Tor services “have some pretty bad habits, including playing fast and loose with your privacy.”

If you visit  https://6zdgh5a5e6zpchdz.onion, but do so through onion.cab instead of through Tor, the proxy service injects piwik analytics code into the page, which looks something like this:

piwik_tracking

So why should you care? Well, the proxy service who injected the code now knows that your IP address accessed said onion service at a specific time. In addition, they’re also executing code on your browser that the operator of the original site is unaware of.

Within the code, some of the information that it can discover about you is:

  • The title of the page you’re viewing
  • An ID for the site
  • The time that you made the request
  • The exact URL you were looking at
  • The page that sent you to that URL
  • Details of which plugins you have installed
  • Whether cookies are enabled
  • Your screen resolution
  • A unique ID for you

Alternately, this third party operator can inject code into the site that may track you across hidden services – that is, if you’re using the onion.cab proxy.

You can even contract malware via some Tor2web proxies – read this article by Virus Bulletin – Vawtrak uses Tor2web to connect to Tor hidden C&C servers. Granted, this article is over two years old, but it can still give you an idea of what might happen if you rely on these proxies.

Thus, if your concern is privacy, it should be obvious why you don’t want to give this information away. The same goes for any proxy, really, but again, if you’re using Tor for anonymity, then accessing so-called “hidden services” via the clearnet is pointless.

I know that a lot of people who explore the “dark web” for fun just say, “Give me links!” But if you want to explore those links, do so in the right way – use the Tor Browser (from https://www.torproject.org/), and don’t try to do so via the clearnet.

There’s a reason it’s called the “dark web,” after all.

creepy_eyes

‘Anonymous’ Proxy List?

SPIDERMANLUCK.png

I forget exactly where I found this link – I think it was either Electronic Frontier Foundation or Privacy Tools  – but it’s a list of supposedly anonymous proxy servers, generated by a set of particular search engine terms:

+”:8080″ +”:3128″ +”:80″ filetype:txt

This returns results for lists of proxy servers that use ports 8080, 3128, and 80, which are apparently more anonymous than average proxies.

You’ll get different results if you use different search engines, too:

qwant.com: proxy list

Blackle.com: proxy list

For the curious, here are some of the actual results that you might get as well:

rebro.weebly.com: proxy list

Proxy Spider: short proxy list

kan339: proxy list

lategoodies.tripod.com: proxy list

h3furnitureoutlet: proxy list (yeah, a furniture outlet has a proxy list)

proxy IP list: anonymous

jobabroad.sweb.cz: proxy list

playinator.com: proxy list

Even so, as I mentioned in a few earlier posts, this all depends on whether you trust proxies at all. Which is why I haven’t used any of these, personally.

It’s similar to using a VPN in combination with Tor. Are you really anonymous when doing this? That depends on whether or not you trust your VPN provider! By the same token, it’s very risky to use certain proxies, unless you know what data the proxy server is collecting about you. Never mind the fact that .txt documents can contain malware (just as some PDFs on Tor do). Read Should You Trust Any Proxy? to find out a little more.

Regardless, it’s an interesting experiment to try Googling this, even if you don’t decide to use the proxy services themselves. Most of the sites look like this:

anonymous_proxy

While the idea of “anonymous proxy server” sounds great, in theory, they could be just like malicious Tor exit nodes – intending to steal data or worse.

So yes, these proxies exist. Should you use them? That’s up to you.

Call me paranoid, but personally, I wouldn’t.

 

Discontinued Darknets??

Given that privacy and anonymity are such a hot topic these days, there are many projects that various people and organizations are developing for just that reason. Several of these I’ve already mentioned multiple times, including Tor, I2P, Freenet, and ZeroNet.

Nonetheless, I find the defunct ones to be just as interesting, partly because some of them used different methods for disguising one’s identity. A few that I’ve had a chance to check out are:

  1. Osiris Serverless Portal System
  2. anoNet: Cooperative Chaos
  3. Umbra (by the Shadow Project)
  4. StealthNet

Some of these, in spite of no longer being developed, are still available for download, so you can check them if you’re just curious.

I thought I would give a brief explanation of each of these, and then let you explore on your own, if you wanted to find out more.

Osiris SPS

osiris

Osiris is a program used to create web portals that are distributed via P2P networking, and are not reliant on central servers (hence the name “serverless portal system”). Data on Osiris portals are shared between all participants. According to the Wikipedia article on Osiris, these are some of its key features:

  • The system is anonymous. It is not possible to make an association between a user and their IP address, hence one cannot trace the person who created a content.
  • Even with physical access to an Osiris installation it is impossible to trace the actual user without knowing his password.
  • 2048-bit digital keys guarantee the authenticity of content (digitally signed in order to prevent counterfeiting) and the confidentiality of private messages (encrypted between the sender and recipient).
  • To prevent the ISP from intercepting traffic, connections and data transfer to a portal (called alignment), Osiris uses random ports which are cloaked during handshake and encrypted point-to-point via 256-bit AES.
  • The P2P distribution allows content to be present in multiple copies as a guarantee of survival in case of hardware failure or nodes off-line.
  • As the portals are saved locally, one can read the contents even if one works off-line.

In some ways, Osiris is also like Freenet, in that it uses P2P distribution of content, has a reputations system, and uses cryptographic keys as identifiers.

Now, for those of you looking for creepy and disturbing stuff, I’ve never found any of that on Osiris. That wasn’t really my intention when I started using it. I was exploring other anonymity networks and software that I had yet to use.

The problem with Osiris is that it seems as though it’s no longer being developed, as I mentioned. Still, for the curious who just want to check it out, click the link above.

anoNet

anonet_6

anoNet was a Wide Area Network (WAN) created in 2005. Its creators were a few people who were tired of the surveillance and constant data collection that still takes place on the clearnet today.

As on Freenet or ZeroNet, they wanted it to have functions like social networking, messaging, email, and website publishing, but the ability to do all of these anonymously. The network used OpenVPN, tinc, Quagga, BIRD, and QuickTun. OpenVPN and QuickTun were used to quickly connect nodes to one another, while BIRD and Quagga were used to exchange routing information with others on the network, allowing all peers to connect to each other easily.

What I’m not entirely sure of is if you can still connect to the network at all, since various sources have listed it as defunct. It may be similar to Osiris, in that it isn’t actively being developed, but the software is still available.

Umbra

overview_wallet

Umbra, like Osiris, isn’t really defunct, but it isn’t being actively developed. It was a division of The Shadow Project, the creators of the ShadowCash cryptocurrency.

It could be used for anonymous chat, messaging, email, and hosting websites (much like Freenet or ZeroNet). I haven’t had the chance to use it yet myself, but I would enjoy just playing around with it, if for no other reason than learning…and fun!

StealthNet

stealthnet

StealthNet was an anonymous P2P filesharing network, based on an earlier model, called RShare. Like many other P2P networks, traffic was routed through other nodes in the network, helping to keep users anonymous.

For better or worse, this project, too, has been discontinued. If you’re just curious about it, however, it looks as though you can download the software. It’s unlikely that there will be many (if any) peers to connect to, which kind of defeats the purpose of a P2P network!

Anyhow…

Despite the fact that these networks have been discontinued, I expect that others like them are being developed right now, or will be in the future.

As I always say, if you’re a budding developer, why don’t you create one? It could eventually be something big!