Flare: A Beta Tor Search Engine

flare_search_engine

Those of you who love “links, links, links!” will be happy to know that there’s a very new search engine on Tor called Flare, which is based on the source code of Candle, another search engine. It’s at this URL: http://dlggj2krbqzm5dru.onion. Honestly, this was the first thing I pictured when I heard the name:

flare surf

Anyhow, Candle, as I mentioned on a previous post, is one of several search engines that indexes Tor hidden services. It’s not quite as popular as not Evil or Grams, but it gets the job done.

Candle_Tor

Flare, in turn, is very similar (in fact it may even be a fork), but because it’s in beta form, it still needs help with its algorithms and speed. One interesting (and somewhat disturbing) feature that it has, at present, is that it lists some previous searches done by other users to the right of the search results.

Being aware that a lot of people on the dark web are looking for CP, you can guess what kinds of search terms may show up there. Well, it’s Tor – what did I expect? I just wouldn’t want to meet any of these people in person.

Anyhow, the more that you use a particular search term, the faster it will come up in the future. I tried out the following searches:

“red room”

“hacking”

“dark”

“market”

“carding”

I believe I tried a few others too, but I don’t recall. Compared to a search engine like not Evil, it doesn’t get as many results, but like Candle, Flare seems more focused on getting relevant results, rather than the largest number.

Interestingly, out of the search terms above, “market” returned the most results, by far. Should I really be surprised by that? The first result was a site called “Counterfeit USD,” at this link: http://qkj4drtgvpm7eecl.onion

counterfeit_money

Seems legit.

I haven’t tried out their services, but my first instinct was that it’s a scam, because other sites like it have turned out to be scams. Speaking of which, Flare also has a “Scam: true or false” label beneath the search results. However, simply because a page is labeled “false” does not necessarily mean that it’s the real thing. I’ve been on the dark web long enough that I’ve started assuming that everything is a scam (or almost everything).

That aside, I like the search engine so far, and I recommend trying it out. Perhaps, if more people start using it, it will improve.

Hey, maybe you could even get your site indexed on it! (Hopefully not the scam version.)

 

Advertisements

Don’t Use the Hidden Wiki – Use These!

thehiddenwikicrop

I’ve noticed that quite a few people recommend The Hidden Wiki as a “starting point” for using Tor.

While it does have some good general information about Tor (and darknets in general), most of the links that it features are scams – at least the financial ones, or anything that you would have to pay money to use. Though I don’t suggest using it, I’ll link to it anyway, just so you can see what I mean: http://zqktlwi4fecvo6ri.onion

This probably goes without saying for people who have been using Tor for a reasonable amount of time, but for those new to the dark web, it seems like a lure to ensnare people unfamiliar with it.

Granted, some of the links are innocuous – you’ll see things like the search engines, and some of the “library sites” like the Imperial Library of Trantor. On the other hand, there are quite a few sites that promise things like “bitcoin doubling,” “free drugs,” etc. – these are all scams.

So…if you don’t use the Hidden Wiki, what should you use?

Well, as I’d mentioned in several earlier posts, there are a few Tor search engines that are good:

notevil-chat

Besides these search engines, there are other link lists you can find, one of which I also mentioned in my earlier post, Fresh Onions: Best Tor Link List?:

welcometodarkweblinks

Of course, these sites, too, may have scam links on them, but they’re at least mixed in with other things. And for whatever reason, I also find them to be more interesting than the Hidden Wiki – whether that’s because they have better links, or just look creepier,  I can’t say. Nevertheless, I have found a lot of the interesting sites I discuss on these alternate link sites and search engines.

Besides these, if you’re just looking for a group of people on the clearnet who hunt down onion links like you do, I’d suggest the subreddit /r/onions: Things That Make You Cry. They’re a pretty cool group of folks.

As for me, I’ll make an effort to include more onion sites in some of my future posts. Have fun checking out some of the ones I’ve shared here, in the meantime!

 

 

Dark Web Links: New Tor Search Engine!

In some of my past posts, I’ve mentioned that there are a few search engines on Tor that you can use to find .onion links. These vary greatly in quality, but the main search engine that people seem to use is called “not Evil”: http://hss3uro2hsxfogfq.onion – in previous posts, I’ve referred to it as the “Google of Tor.”

NotEvilSearchScreenshot

Beyond not Evil, there’s also Candle, Ahmia, TORCH, and (of course) Grams. In a much earlier post, I interviewed the creator of Candle: A Chat With Jobi – Creator of Candle Search Engine.

One of the differences with Candle is that it gets far fewer results – however, Jobi stated in the interview that he focused on getting more accurate results, rather than the largest number. TORCH gets a reasonable number of results, but in my experience, they aren’t always accurate.

torch_search

Ahmia, on the other hand, gets results on its search engine results page (SERP) that are usually quite accurate, but like Candle, it doesn’t return a large number. One of the things I like about Ahmia is that if the results include something like CP, you can report it and they’ll exclude it from future searches. The same goes for not Evil.

ahmia

Where is the Darkest Search?

So what other search engines exist? Well, one of the link sites I like, called Welcome to Dark Web Links and More, added a search engine to their features. While it doesn’t get as many results as not Evil does, it’s interesting to compare the two and see if they come up with anything different.

welcometodarkweblinks

The actual search engine is located at http://bznjtqphs2lp4xdd.onion, and seems to index onion sites differently than the other search engines, although I couldn’t tell you exactly how the algorithms work. If anyone has a link to a repository for this search engine, I would be curious to find out some more!

One difference I’ve noticed between the WTDWLAM search engine and others is that it has an option called “View This Link with Proxy Redirection For Added Security.” Given that I don’t always trust proxies, because you don’t know who’s spying on your traffic, I hesitate to use this one. Plus, it’s Tor, for God’s sake – why would you need extra security?

2A5mxOZ

Read this WIRED article for more info: Proxy Services Are Not Safe. Try These Alternatives.

Anyhow, I did a few searches with the WTDWLAM search engine, and got quite a few results, although they weren’t always accurate, but that’s to be expected. If you search for the string “red room,” you get 567 results! Are there really 567 red rooms? (Well…no.)

This might be a fun experiment to play around with, and see what mysterious sites you can find. Hint: they probably won’t be much different than the ones you’ve found before.

On the other hand, if you do find anything cool, let me know in the comments!

(Just don’t spam me, OK? Or spam me. I don’t really care.)

Username666_07

What the Deep Web/Dark Web Isn’t!

by Ciphas

torbay

I suppose I should be expecting this by now, but there’s an enormous amount of misinformation about the deep web/dark web floating around. That’s the internet for you, right?

I bring this up because someone recently messaged me and said, “I clicked on a deep web site – am I in trouble??” (Surely I’m not the first to experience this.) So I talked to the guy for awhile, and as it turned out, the site he was referring to wasn’t a Tor site at all – it was just a site on Internet Archive: Wayback Machine, which keeps archives of old websites from the ’90s and early ’00s. One of them is this one:

064

Let me just get it all out there: visiting sites on there is perfectly fine; you won’t get in any trouble. Some of the sites may be creepy, but they are in no way related to the dark web. For those who don’t know anything about either the terms “deep web” or “dark web,” let me try to help out.

According to Wikipedia:

The deep web, invisible web, or hidden web are parts of the World Wide Web whose contents are not indexed by standard search engines for any reason. The opposite term to the deep web is the surface web. The deep web includes many very common uses such as web mail, online banking, but also paid for services with a paywall such as video on demand, and many more.

And as for the term “dark web”:

The dark web is the World Wide Web content that exists on darknets, overlay networks which use the public internet but which require specific software, configurations or authorization to access. The dark web forms a small part of the deep web, the part of the Web not indexed by search engines, although sometimes the term “deep web” is mistakenly used to refer specifically to the dark web.

welcometodarkweblinks

Confused still? This is why I consistently say “dark web” when I’m referring to sites on Tor, I2P, Freenet, etc. The word “dark” doesn’t refer to the fact that it’s disturbing content, but the fact that it’s hidden or encrypted. The opposite term to the dark web is “clearnet” (the sites which don’t require any special configurations to access).

Granted, sites like The Hidden Wiki show only a small sample of Tor links (most of which are scams, by the way!). They are a part of the dark web, though (regardless of their content).

If you’re looking for a site that offers a lot more links (once you’re connected to Tor), then go to Harry71’s Onion Spider. I’m sure there are scams on here, but the site is at least updated daily, and has a lot of different links.

What people may be looking for is more secretive or disturbing content, which may or may not exist. Trust me – you aren’t going to find the secret to immortality on the dark web. If that sort of thing can’t be found on the clearnet, it won’t be found on the dark web either!

And as for the “deep web horror stories” on YouTube, most (if not all) of them are bullshit. How do I know this? Because the technical details are wrong. Many of them talk about live-streaming video over Tor, which is near-impossible. Nonetheless, I still find them entertaining.

I’ll tell you what, though –  I have noticed that there are sites not listed in any of the link repositories or wikis, which sometimes have darker content, or are very exclusive sites (e.g. a members-only hacking forum that requires a referral from existing members). I’m not saying this to make your imagination run wild, but it’s something I have come across.

Beyond that, I’d say that the only sure way to learn how to discern fake sites from real ones, and myths from facts, is to visit the dark web yourself, and learn the ropes. There’s only so much information you can get from blogs and articles. The downside is that you may get screwed over in the process. A good rule of thumb is: if it looks sketchy, it probably is!

If you are looking for a good, factual FAQ, then check this out on Reddit: READ ME, NOOBS! – The “Short” FAQ

Anyhow, have fun exploring the dark web…and don’t get scammed.

A Darknet Dictionary (Work in Progress, with Links!)

darr5

by Ciphas

So, given that there seems to be a lot of confusion about certain terms connected with the darknet and/or dark web, I thought it might be useful to have a “darknet dictionary” here. I must give some credit for this idea to Deepdotweb.com, who featured a similar article at DeepDotWeb’s DarkNet Dictionary Project! This isn’t a carbon copy of theirs, but they inspired me.

Their darknet dictionary is an ongoing project, so I think I’ll do the same with mine. If anyone wants to suggest new entries (or corrections) in the comments, feel free! I just may add them.

NOTE: Some links below may be down.

2FA – Abbreviation for “two-factor authentication.” 2FA is a type of multi-factor authentication (MFA), i.e. a user is only granted access to a site after presenting multiple pieces of authentication. Although used on the clearnet as well, 2FA is used on many darknet markets (and other sites) to verify users’ identities.

Example: a username and password, plus a separate PIN or a security question.

img21

Active at Dark Markets? – A Tor hidden service set up by Dutch law enforcement to warn darknet market users that they are being tracked.

activedark.png

Ahmia.fi – A search engine that finds Tor hidden services and I2P eepsites. Also available on Tor at http://msydqstlz2kzerdg.onion/.

ahmia

Alienet – A VPN-based hidden network that offers messaging, mail, IRC, and hidden services. Not as well known as some other darknets, but it is real. Their site is at http://darknetproject.info on the clearnet, or https://unionsoe3yw6fxaq.onion on Tor.

alienet

AlphaBay – Currently one of the top darknet markets on the Tor network. Uses both multisig transactions and a traditional escrow system (depending on the vendor). Access it at this link: http://pwoah7foa6au2pul.onion/register.php?aff=41211

AlphaBay-Home-e1440639625779

AYW – All You’re Wiki [sic]. The Hidden Wiki with all CP links removed.

allyourewiki

Besa Mafia – A fake hitman service that (surprise, surprise) turned out to be a scam. Though a number of people paid to use their “services,” no one was ever hurt or killed. The admin of the site did escape with a number of people’s bitcoins, however.

besa

Bitcoin– A digital currency created by the mysterious “Satoshi Nakamoto” in 2009. Bitcoin incorporates encryption techniques to regulate the creation of new units, and to verify the transfer of funds. The smallest units of bitcoin are called “satoshis.”

bitcoins182way

Bitcoin billionaire yet?

Bitcoin Mixer – A service used to disguise the trail of bitcoins back to their original owner. Often used when buying and selling illicit goods on darknet markets. A few examples of bitcoin mixers are: BitCloak, Grams Helix, and BitBlender.

bitcloak

Blackbook – A former social network on the Tor network, modeled after Facebook. Used to be located at https://blkbook3fxhcsn3u.onion.

Blackbook

Black Market Reloaded (BMR) – A former darknet market on Tor, and one of the oldest, which is currently offline. Plans have been announced for it to restart.

black-market-reloaded-screenshot

Blockchain – A public ledger of all bitcoin transactions that have ever been executed. This applies to other cryptocurrencies as well.

blockchaininfo

BotDW – Boss of the deep web.

botdw

Candydoll – A term referring to non-nude photos of children in suggestive poses or sexy clothing. Softcore child pornography, more or less. (Also may refer to makeup kits that are designed for this style of photography.)

NOTE: The screenshot below is from one of the sites selling the makeup kits.

candydoll_makeup.png

Carding – The trafficking of credit cards, bank accounts, website accounts, and other financial or personal information. May or may not take place within larger darknet markets. Some vendors on the dark web specialize in this type of crime.

darknet_forum

Cheese Pizza – Another slang term for child pornography.

Cipherspace – The “hidden internet,” built on top of anonymity networks like Tor, I2P, Freenet, and others.

Clearnet – The “normal internet” accessible without special software or configurations. (e.g. Google, Bing, Facebook, Wikipedia, Twitter, Reddit, etc.) Also sometimes referred to as the “surface web” (though this term is wildly inaccurate and confusing.)

surface-web-anz-tech-anztech-pc-fix-in-manukau-computer-repair-in-penrose

Enough with the icebergs, already!

Cold storage – Keeping a reserve of bitcoins offline (e.g. on a USB drive or encrypted media) to prevent tampering or theft.

coldstorage_bitcoin

CP – An acronym for “child porn” or “child pornography.”

Cryptography – The art of writing and solving codes. With regard to the dark web, it is a means of encrypting data (messages, etc.) that you send over the network.

Daisy’s Destruction – An infamous film made by child pornography producer Peter Scully (see entry), through his company No Limits Fun. The film shows the sexualized torture and abuse of several young girls, one of whom is referred to as “Daisy.” However, the film has reached mythological status on the web, with the details and facts about it being blown out of proportion.

daisy

Darknet – An overlay network that requires specific software, configurations, or permission to access. Examples include: Tor, I2P, Freenet, GNUnet. Some of these networks (like Freenet) have both “darknet” and “opennet” modes, where you can choose whether to connect only to peers that you trust, or connect to anyone.

ccnx_166975_full

Darknet Heroes League (DHL) – DHL is an escrow market comprised of old school vendors who were invited to sell there. Access it at http://darkheroesq46awl.onion.

dhlmarket

Darknet Market – A market hosted on an anonymity network (such as Tor) that often (but not always) deals in illicit goods. Popular purchases include drugs, drug paraphernalia (like pipes), firearms, hacked PayPal accounts, skimmed credit cards, counterfeit money, porn accounts, and fake official documents.

dream_market_drugs

Dark0de (a.k.a. Darkode) – A notorious hacking and cybercrime forum, originally hosted on the clearnet, which transitioned to the Tor network.

DarkodeKoS.png

Dark Mamba – A new “private military company” that claims to offer murder-for-hire services, run by the admin of the old Besa Mafia site. (i.e. another fake hitman site.) Located at https://darkmambawopntdk.onion.

dark-mamba

Dark Web – The part of the web that exists on darknets like Tor, I2P, Freenet, GNUnet, and other networks, and requires special software, configurations, or permission to access. The dark web is a small part of the deep web. The word “dark” does not refer to the content, but rather the fact that the networks are special access.

SIGAINT-attack

Dark Web News – A news site that reports on events that take place on the dark web. Also features bitcoin tutorials, links, and a comparison of darknet markets. Located at https://www.darkwebnews.com.

darkwebnews

DBAN – Darik’s Boot and Nuke – free erasure software that automatically deletes the contents of any hard drive it can detect, developed by Darik Horn.

dban11

Deep Web – The part of the web not indexed by traditional search engines, like Google. This term is often confused with “dark web,” but the two are not synonymous.

91d6d0cc4ed117a62f37c70d97e1a077_original

Deepdotweb – A site that releases news, articles, and occasionally tutorials about the dark web (primarily Tor). They also keep an accurate, updated list of darknet markets that’s very reliable. Can be found at Deepdotweb.com or https://deepdot35wvmeyd5.onion.

deepdotweb3.png

DisconnectA clearnet search engine that prevents other search engines from tracking your searches. It used to be the standard search engine on the Tor browser. Located at https://search.disconnect.me/.

disconnect_search

DNStats.netA site that monitors the status of various darknet markets and a few other sites on the Tor network. Located at https://dnstats.net/ on the clearnet, and https://dnstatstzgfcalax.onion/ on Tor.

dnstats

Doxing – The act of researching and posting someone’s personal information (e.g. phone number, address, full name) on the internet. Takes place on both the dark web and clearnet.

doxbin

Doxxters, The – A group who offers a doxing service for pay. Located at https://doxxtereufvckkiz.onion.

doxxters

Dream Market – Another top darknet market hosted on the Tor network, which uses a traditional escrow system. Access it at http://lchudifyeqm4ldjj.onion/?ai=1675.

dreammarket-drugs3

DuckDuckGo – Currently the standard search engine used on the Tor browser. Is popular with privacy-minded users. Located at https://duckduckgo.com/ on the clearnet, and https://3g2upl4pq6kufc4m.onion on Tor.

duckduckgo

Dump – The sharing of stolen data, such as usernames, passwords, credit card numbers, and bank account data. Also takes place on the clearnet, but is more infamous on networks like Tor.

dumpsad

Eepsite – The name for hidden services hosted on the I2P network. They end in the domain name .i2p.

eepsite

Freedom Hosting – A former Tor specialist web hosting service which, at its height in 2013, was the largest hosting service of its kind. Was the target of an attack by Anonymous, as well as a large law enforcement operation headed by the FBI. Has since been succeeded by another service dubbed “Freedom Hosting II.”

freedom_hosting

Freenet – A peer-to-peer network for censorship-resistant communication, touted as an alternative to other networks like Tor and I2P. It features anonymous messaging, email, social networking, and site hosting. A typical Freenet URI looks like this:

USK@MYLAnId-ZEyXhDGGbYOa1gOtkZZrFNTXjFl1dibLj9E,Xpu27DoAKKc8b0718E-ZteFrGqCYROe7
XBBJI57pB4M,AQACAAE/pyFreenetHg/31/

Download it at https://freenetproject.org/.

freenet_mainpage

Freesite – The name used for Freenet’s hidden services.

freenet_fms_setup

FullzIn carding terms, “fullz” refer to full database records of personally identifiable information. Such things might include names, addresses, phone numbers, bank account information, social security numbers, passwords, etc.

SPAM_smtp-rdp-cc-fullz-plus-bitcoin-carding-methods_6115250321125192472-a347a8c0d08d4002b40415e8063cdb64.jpg

Galaxy2 – A popular social network on Tor. It is a follow-up to the original Galaxy social network, created by “Lameth.” Located at https://w363zoq3ylux5rf5.onion.

0b034e7890a8d0073b501f05601a4071

GNUnet – A free software framework for decentralized peer-to-peer networking. It includes P2P applications, such as chat, file sharing, and VPN.

gnunet_screenshot

Grams – A Tor-based search engine for darknet markets, which helps compare goods, prices, and vendors. Tor link: http://grams7enufi7jmdl.onion/

grams-black-market-search-engine

HANSA Market – A darknet market with a multisig escrow system. Tor link: http://hansamkt2rr6nfg3.onion/affiliate/110

hansa_market

Hard Candy – Slang term for an underage girl – roughly age 12-16, on both the dark web and clearnet. Also can refer to child pornography featuring girls of this age.

Harry71’s Onion Spider – A popular link repository on Tor. Is respectable because it’s updated daily, and the links are generally accurate and active. Tor link: skunksworkedp2cg.onion

harry71_onion

Helix Light – A bitcoin cleaner available from the developers of Grams. Tor link: http://grams7enufi7jmdl.onion/helix/light

helix_light

Hell – Infamous hacking forum formerly hosted on the Tor network, where users share hacking tips as well as stolen data. There is another site currently going by the same name, but it is actually a clone site made with a stolen private key from the original site.

Hidden Wiki – Name for a popular wiki on Tor that links to and describes some basic Tor hidden services (for noobs). The main one is located at http://zqktlwi4fecvo6ri.onion/wiki/index.php/Main_Page. There are several other sites that use the name Hidden Wiki as well, but this one is usually the site in question.

hiddenwiki2

Hitmen/Assassins – A service that’s supposedly easy to find on the dark web. All of the sites offering these services have turned out to be elaborate scams, but the myth continues to be perpetuated by creepypastas and rumors.

hitman_network

Hurtcore – Most extreme form of child pornography, involving such things as physical injury and rape, which can be found on the dark web. Avoid at all costs.

screen-shot-2015-09-10-at-8-54-44-pm

Credit: allthingsvice.com

I2P – An overlay network and darknet that allows applications to send messages to each other anonymously and securely. Download it at https://geti2p.net/en/.

I2P_router_console_0.7.7

L33TER – A vendor shop started by L33Ter, vendor from most of the early darknet markets. Specializes in digital and physical products. Located at http://l33ter2w7q4bytfh.onion.

l33ter

LE – An abbreviation for “law enforcement.”

Litecoin – A peer-to-peer cryptocurrency that is based on bitcoin. Find out more at Litecoin – Open source P2P digital currency.

litecoin

Lux – Username of Matthew David Graham, convicted (and imprisoned) owner of child pornography sites PedoEmpire, Hurt 2 The Core, and Love 2 The Core (among others).

matthewdgraham

Mesh routing network – Networks made up of radio nodes arranged in a mesh topology. Examples include Netsukuku, GNUnet, Hyperboria, and CCNx. Many of these are still in beta mode and have not been officially released, but they have been advertised as alternatives to the traditional internet structure being used right now.

netsukuku

Multisig – An abbreviation for “multsignature.” The requirement for more than one key to authorize a bitcoin transaction.

multisig

Credit: deepdotweb.com

not Evil – The premier search engine on Tor. Was originally designed to look like a parody of Google. Located at https://hss3uro2hsxfogfq.onion.

notevil-chat

Onionland – A nickname for the Tor network.

2000px-Tor-logo-2011-flat.svg.png

OpenBazaar – A decentralized peer-to-peer marketplace that sells a variety of goods for bitcoin and currently runs on the Tor network. Not a “darknet market,” per se, but uses a similar concept.

openbazaar

Operation Onymous – An international law enforcement operation targeting darknet markets and other Tor hidden services in 2014. Supposedly shut down over 400 sites (although many were clone sites).

xzfzwwhgrbpgguhzhkiu

Outlaw Market – Another of the top darknet markets on Tor. Sells drugs, digital goods, weapons, and other merchandise. Access it at http://outfor6jwcztwbpd.onion/indxx1.php.

outlaw.png

Pedo – A slang term on the dark web for “pedophile.” Refers not only to the people themselves, but related sites and materials. (e.g. PedoEmpire)

PedoFunding – A now-defunct website on Tor run by convicted freelance photographer Richard Huckle. Huckle has since been imprisoned, and received 22 consecutive life sentences.

PGP An encryption standard created by Phil Zimmermann in 1991. The initials stand for “Pretty Good Privacy.” PGP is frequently used to encrypt and decrypt messages on the dark web.

public-key

PlayPen – A large child pornography site that, in 2015, was seized by the FBI and used to catch pedophiles who were accessing the site. This has been one of the more controversial cases, as some have questioned the legality of the FBI’s actions.

Qubes – A security-focused operating system that aims to provide security by isolation. One of many distros that can help provide security and anonymity. Official site: https://www.qubes-os.org/

r3rc1-nalu-desktop-1

/r/darknetmarkets – A subreddit dedicated to information and discussions about darknet markets.

/r/deepweb – A subreddit dedicated to factual information about the deep web and dark web (as opposed to urban legends).

Red Room – A series of mythological sites on the dark web that supposedly feature live torture and murder (see “Shadow Web”). Entrance to these sites (in theory) requires bitcoin, as well as special credentials, such as a password given by an administrator. They are, more or less, an extension of the urban legend of “snuff films.”

All of the ones that have become public knowledge have turned out to be scams, yet many creepypastas and YouTube videos have continued to perpetuate the myth.

darkredroom

Scam/Scammer – In the context of the dark web, someone who purports to be selling certain goods or services, and doesn’t follow through, or misrepresents their intentions (e.g. a drug vendor who never delivers their goods, or a “financial service” designed for identity theft).

sheep-scam1

Credit: Deepdotweb.com 2013

Scream, Bitch! – A hurtcore forum on the Tor network. For those of you thinking of joining, registration is closed.

sb_darkweb

Scully, Peter – An infamous Australian pedophile and producer of child pornography, most notably the film Daisy’s Destruction, which has achieved internet notoriety. Scully had formed his own production company to make these films, called No Limits Fun.

peter_scully

Shadow Web – A fictitious part of the dark web perpetuated by creepypastas and YouTube videos. Supposedly features live torture and murder shows for those who pay the right price. A number of sites on Tor claim to offer access to the Shadow Web, but they are all scams. Here’s one example: Shadow Web Gateway 2.0

shadowweb_3

Silk Road – An online black market, considered to be the first modern darknet market. Launched by founder Ross Ulbricht in 2011, the site was shut down by feds in October 2013.

2013116192258674734_20

Silk Road 3 – An escrow market that used to go by another name, but adopted the Silk Road brand. There has been much speculation as to whether or not the market will exit scam or will be taken down, but it is still currently running. Located at reloadedudjtjvxr.onion.

silkroad30_login

SSH – Stands for “secure shell.” SSH is a cryptographic network protocol for operating network services securely over an unsecured network. As with PGP, SSH uses public and private keys to authenticate users.

puttytunnel_06

Suicide Apartment – Members-only social network on Tor (which used to exist on the clearnet). It’s meant to be a site for people who are suicidal and want to find someone else to “leave the world with.” The only way to become a member is to receive a voucher from an existing member.

suicideapartment

Tails – A popular Debian-based live operating system that many dark web users install for extra protection. “Tails” is an acronym for “The amnesic incognito live system.”

tails_screenshot

TLA – An abbreviation for “three-letter agency.” Includes federal agencies such as the CIA, FBI, NRO, NSA, DEA, DHS, and others, who are looked upon with suspicion in the dark web.

hidden_site_seized.png

Tor – An anonymity network on which many “dark web” sites are hosted. The name “Tor” stands for “the onion router.” Frequently, people who say they’re on the “deep web” are referring to Tor. Download it at https://torproject.org.

tbb-screenshot3

TorBay – A Tor-based social network and forum which more or less replaced Blackbook.

torbay

Torch – A simple Tor search engine. Located at https://xmh5752oemp2sztk.onion

torch_search

Traderoute – A traditional and multisig escrow marketplace on Tor.

traderoute

Valhalla (Silkkitie) – Originally a Finnish-only darknet market, now available in English. Valhalla is invite-only, and offers both traditional escrow and multisig transactions, 2FA, and PGP. Requires a referral link to register as either a buyer or a vendor.

silkki

Vendor Shop – Smaller shops started by some of the major darknet market vendors, usually specializing in certain types of items. Examples: Mollyworld and MegaPack.

VPN (Virtual Private Network) – A private network which extends across a public network (internet). Many experts recommend using a VPN in addition to using Tor! (hint hint)

vpn10

Welcome to Dark Web Links and More! – Link list for Tor hidden services. Notable because they do not accept submissions of CP links, and also feature links to Usenet groups. Access it at https://jdpskjmgy6kk4urv.onion/links.html.

welcometodarkweblinks

Zion Market – A newer multisig darknet market without user wallets. Buyers have the option of selecting 2-of-2 (the server and vendor have the keys), or 2-of-3 (the buyer also has a key). Uses 2FA, automated PGP, and Bitmessage alerts. Access it at http://zionshopusn6nopy.onion/_reg23.

zionmarket

Zocalo – A former darknet market specializing in marijuana, hash, and various paraphernalia associated with it. Recently closed due to lack of business.

zocalo_market_weed

Zork – A 1980’s text-based RPG that is now playable on the Tor network (via the not Evil search engine).

zork

P.S. As I said above, this list is far from finished. So I’ll either add more entries in later, or do a part 2 to the post. Anyhow, hope you had fun, and feel free to add your suggestion

Dark Web Sites That *Claim* To Be Red Rooms

 

scam_alert

UPDATE: Apparently, this post was listed as a reference on RationalWiki – Red Room, but then someone put one of those little “look of disapproval faces” ಠ_ಠ next to it.  Just to clarify – the email exchange did take place (you can see it in the screenshots below), but I never claimed that any of the red room sites were real.  People have specifically said that they’ve lost money to some of these sites; so please don’t give your bitcoins to any of them!!

Unlimited Access to the Shadow Web

When I first started discussing the dark web, I did a post about red rooms entitled Are Deep Web Red Rooms Real?; of course, I was referencing that persistent urban legend that comes up on YouTube and elsewhere frequently.

I still have yet to find a genuine red room, but this time around, I thought I’d discuss the sites that call themselves red rooms, but are highly suspicious in nature.  I’m not including the so-called “ISIS Red Room” in this, because that one is clearly fake (and has been well-publicized as such).

The other well-publicized fake red room was the A.L.I.C.I.A. red room, which, although fake, was rather creepy: ALICIA Deep Web que oculta esta pagina.  You know, this one, with the recorded sounds?

ALICIA.jpg

As far as I know, the A.L.I.C.I.A. onion site is no longer running.  So, onto the ones that are still up:

Fake Red Room #1

I’ve come across one site that is labeled “Shadow Web Red Rooms,” combining two different myths into one.  The myths in question are the so-called “Shadow Web,” which is probably based on A warning to those thinking of accessing the shadow web; and the general myth of red rooms, which are (supposedly) sites in which someone is tortured and murdered on a live stream.

The site I’m thinking of looks like this (This one’s also been referenced on YouTube): shadowweb_redrooms

For the average person, this probably sounds disgusting, right?  On the other hand, if you’re one who’s actually seeking out red rooms, it sounds too good to be true.  (“All the vivid details!”  “…red room shows are free for one year!”)

Supposedly, with this site, you have to download some kind of customized browser in order to watch the live streams (because, let’s face it – it’s near-impossible to live stream over the Tor network).  Most of the sites that claim to be red rooms ask you to download some special software…this is getting more dubious by the minute.

While, in theory, this is possible, I’m highly suspicious of any site that asks me to download “customized browsers” or “customized software” that I’m unfamiliar with, particularly if that software is designed to watch something like live murder.  My feeling about this one is that it’s an FBI honeypot site, or simply a scam (and we all know Tor is rampant with scams – those are the most common).

I have come across several other sites like this, where you basically had to do the same thing – send them an email, they would reply with a bitcoin address, and then they would give you the info on how to access it.  (Hmm…that doesn’t sound fishy at all!)

If anyone knows for sure whether or not this site has any validity to it, let me know. Perhaps my friends over at Stop Tor Scam | List of Possible Tor Scams With Proofs or Illegally downloaded blog can investigate this one.  (Not that I’m suggesting anyone watch snuff films, but…)

Shadow Web, Revisited!

In one of my earliest posts, Is the Shadow Web a Reality? (Updated), I discussed another well-publicized site that called itself “The Shadow Web,” that basically looked like this:

shadowweb_ss

One of the strange things about this site is the link at the bottom, which leads to a YouTube video of the aforementioned creepypasta. Now, this is highly suspicious, because why would someone running a genuine red room featuring torture and murder care about a stupid creepypasta (particularly if it were inaccurate)?

The same person (or people) maintain a site that looks like this:

shadowweb_2

The bitcoin address is different, but the email address is the same, leading me to the conclusion that it’s the same scammer.

So here’s the update: there’s yet another site that calls itself The Shadow Web, which looks very similar, except that there’s a large yellow logo at the top:

shadowweb_3

This site, like its previous incarnation, has an oddity in the description (not shown in the above picture): they claim that “You can access free 100s of other websites with special extension like .LLL / .rdos” if you pay the bitcoin fee and join.  Personally, I’ve only just heard of these top-level domains, but I highly doubt that they exist, because I’ve looked at lists of all the existing TLDs, and never seen these names before.

If they’re not completely made up (and this “shadow web” thing works at all), then they may have been created exclusively for this network.  Still, it strange that I want to try this out just to see if it actually works?

It is, oddly enough, run by the same person (or people) as the previous site, because the contact email address at the bottom is the same (which also raises some red flags).  So this time around, I decided to correspond with the supposed person in charge:

sigaint_shadowweb

 

Me: Hi there – I’m interested in accessing the shadow web, but I’d like to know, can you show a sample of the content first?  Thanks.

Shadow: Hi, sorry for the delay. We got many many mails with many questions. Unfortunately your mail goes in our spam folder. We just discover it. To your question. outside the shadow web. If I do, I will loose access to several important pages. You can trust us. It works 100%. Its [sic] a software package with a special browser and a manual how to install and use it. Its very easy to install. Works on every OS. It comes with several key-files, you need this for getting access to these sites. If you have further questions let me know.

“You can trust us.  It works 100%.”  Where have I heard that before?  Only in every spy movie and crime show I’ve ever watched.  So I wrote back again, asking for some clarification on the matter.

 

sigaint_shadowweb2

Me: Hi – thanks for your reply.  I do have some other questions.  How do I know that the software you require doesn’t have malware embedded in it?

It’s not that I don’t trust you, but I have been infected with malware via Tor sites before, and I want to be careful.  Thank you for getting back to me, though.

And remind me, how many bitcoin do you charge again?

sigaint_shadowweb3

Shadow: Hi, it would make no sense to have a malware [sic] in the browser. The browser works for SW only.  Its not possible to open other websites like CW or Tor. [ok…hmm…]

You can run it in a VM.  You can scan it with all apps.

Its not useful to spy anything.  If you have access to the SW there is not more you need…

Just 0.5 BTC is ok.  It covers my expenses for my servers and websites.

Thanks for PGP.

I will use it if I sent you the links if you buy.

For the safe and totally anonymous way I do the payment with the satochibox [sic].  You can click on the link.  It will open a box where you get the wallet.  Its [sic] an anonymous wallet from satochibox.  The bitcoin will then sent from them to my wallet.  After payment you get the download links for the software, SW Browser and keyfiles for access the network.

If you don’t want to use the satochibox you can sent the BTC to my wallet

After receiving I sent [sic] you the files from this mail.

Up to you how you like.

Don’t worry everything is clear and safe.  I’m not a scammer. 

“I’m not a scammer.”  Ah, now I feel so reassured!  By the way, there are many reports of people getting scammed through Satoshi box as well: SatoshiBox.com Reviews and Ratings.  As they say, “A fool and his bitcoins are soon parted.”

Well, this is where we left it off, but I’m highly reluctant to trust anyone who wants me to send them bitcoin with no reassurance that they’ll give back what’s promised.  You know what would be hilarious?

If “Shadow” saw this blog post and tried to defend his (her?) position!

What I would like to know is if anyone else who has more experience with Tor than I do has corresponded any further with people offering similar “services.”

As a matter of fact, YouTuber Seek the Truth featured a video called Deep Web Red Rooms 2, examining the legend and investigating some of the sites that claimed to be red rooms.  In it, he has a very similar conversation to the one I had with the “shadow web” guy.  It just strikes me as odd – it can’t be a coincidence, can it?  For all I know, it’s the exact same person using a different email address.  Check the video out; it’s quite interesting!

So, my fellow dark web users – do you know if all of these instances are definitely scams?  Have they tried to pull other such ripoffs?

Besides, if this is anything like the “red room” in Fifty Shades of Grey, I’ll pass, thanks.  (*shudder*)

tumblr_n9ud2rmid51rv1xqno4_500

 

 

A Chat With Jobi – Creator of Candle Search Engine

by Secrets of the Dark

Candle search

Those of you who’ve used the Tor network probably know that it can be very hard to navigate at times, even when using the different pages that share links.  In fact, I too, can relate to this – the first time I used it, I just relied on some of the link lists, which turned out to be semi-disastrous.

It does, of course, have its search engines, including not Evil, Ahmia, Grams, Sinbad, and the search engine in question – Candle, which can be accessed at Candle Search Engine.(Once again, don’t forget to access it through Tor.)

Candle’s memorable motto is “no parentheses, no boolean operators, no quotes, just words.”   I recently interviewed its creator, who goes by the name “Jobi.” If you’re unfamiliar with how search engines work in general, read on, and you’ll gain some insight!

In his words, he chose the name “Candle” because it:

  • “has the right amount of letters
  • Ends with ‘le’
  • Refers to a thing that brings light in darkness…
  • …but not a lot.” Reddit: Candle (a search engine)

46919-Candles-And-Bokeh

This is how I picture Candle – I’m visual that way.

When we spoke initially on Reddit, I had asked Jobi why he wrote Candle.  He said, “I wrote Candle because it was a challenge.  To see if I could do it and how it would turn out.  It was not designed to be a ‘dark net search engine’, just a search engine.  It could index anything.  I chose to index the Tor web for a couple of reasons.  Mostly because it is nice and small.

“Candle runs on a Macbook.  I don’t have fiber connected server farms.  For me, indexing the real web would be like sucking down an ocean through a garden hose; indexing the Tor web is like sucking down a bathtub through a straw.  Neither are ideal but the latter is not impossible.  Also, the Tor web isn’t that well indexed, so it would be more useful.”

If you happen to be on the Tor network and feel lost, I’d recommend trying out Candle; anyhow, on to the meat of the interview!

Secrets of the Dark: What is your background with regard to coding and web development? (i.e. Do you have formal schooling in programming?)

Jobi: Yes. I studied computer science, and have been coding professionally for almost 20 years.

I have very little experience in web development. I can write HTML 1.0 and…some [Javascript], but that’s it. Candle only produces very few different pages; they are pretty much identical and very simple. All self contained, no external resources.

SOTD: What have been your experiences with running a Tor node?  Have you experienced any harassment or difficulties in the process?

J: No.  It just runs by itself.  I have never talked to my ISP about it and they have never contacted me.  Some web sites block me, but none that are important to me.  My relay is not an exit.  It is just a small relay on a low power machine, a single core 16Ghz Atom.

SOTD: Prior to creating Candle, what are some software projects you have worked on?

J: I created a clickable map of the universe of some space RPG.  It uses only HTML and javascript [sic].  I created a thing where you can upload a picture and it converts it into a format suitable to Flash on phones as a boot-up screen.  It uses PHP to invoke shell scripts.  This is probably [the] most serious web development project I’ve done.

SOTD: You said that you ‘wrote Candle because it was a challenge.’  Do you think that the result you came up with was a successful answer to that challenge?

J: I came across a bunch of issues that I didn’t know before I started.  Mostly things that are a bit fuzzy, that you can not just calculate.

It took a lot of tweaking and tuning in order to prevent lots of rubbish in the index, without filtering out good data. Wikis and forums have lots of links that are just not worth crawling. [My sentiments exactly! – Ed.]

I am very conservative about what I consider a ‘word’: Anything under 3 letters is not a word.  Anything with a non-letter in it is not a word.  Anything with more than 3x the same letter in a row is not a word.  Etc…

In the end I’m quite happy with the quality of the index.

SOTD: I’ve noticed that Candle only returns the top 20 search results (as opposed to all of them). Why did you design it this way?

J: It is part of keeping it lightweight. It also prevents Candle from becoming a tool for others to just suck down the entire index.

Having a ‘next page’ button would mean I’d either have to redo the query, or cache results in ‘sessions’.

SOTD: What kind of work do you do professionally? Is it related to software development, or is that a hobby?

J: I’m a software developer. My day to day work happens in C and C++.

SOTD: Even though a developer, like a magician, might ‘never reveal his secrets,’ would you be willing to give a basic explanation of how the Candle search engine is different from other popular search engines?

J: I don’t believe that Candle is ‘more special’ than others. It is different because I didn’t use any standard framework and came up with my own solutions for things like filtering and ranking.

Also, there is nothing secret about it. I just can not open source it because it uses proprietary libraries from work.

SOTD: Would you be willing to talk about yourself a little (like your educational background)?

J: As I said in question #1, I have studied computer science.

But before that I already coded. As a kid, I got an 8 bit micro. It came with a thick manual and I was curious enough to teach myself how to program it. First in BASIC, then in assembler. This was before the Internet was a thing. Later, I got (access to) a PC and started learning Pascal and C.

SOTD: Did you work with others on this project, or was Candle designed solely by you?

J: I did it solely by myself. At first I never even told anyone it was running. At some point [it] was discovered and the number of hits slowly started to ramp up.

SOTD: Have you ever used other anonymity networks besides Tor (like I2P, Freenet, or GNUnet)? If so, what has been your experience with them? (Has it been positive, negative, or something in between?)

J: I have not. I don’t use Tor that much either, but when I do, it works well enough and I don’t have problems.

SOTD: Is there any kind of content that you try to exclude from Candle search results (such as child pornography)?

J: No. That would be a very slippery slope. Once I start filtering out one thing, I implicitly start condoning everything else.

SOTD: What sorts of changes might you make to Candle’s search algorithms so that it could improve (if any)?

J: The crawling is as good as it gets.

The search result ranking is basically good, but I do still tweak it a little bit from time to time. I do not have a very satisfactory strategy to determine the order in which I visit pages. I have way more URLs than I can visit in a reasonable time, but some URLs deserve to be on a higher rotation than others.

I might add [an] ‘onion history’ feature, where it shows when an onion was up/down, when the home page title changed, things like that. I already keep track of some of that, and I would have to look into how clean and useful that data is.

SOTD: Have people in the Reddit community given you good feedback about Candle, or about Tor in general?

J: I have had a bit of good constructive feedback, but most of it was just ‘hey that looks nice’. Nobody was negative about it, i.e. ‘You suck for making this’.

SOTD: What advice might you give to someone who says, ‘I’d like to develop my own search engine – where should I start?’

J: You can always start with a crawler: read a page with links, parse it, extract the links, add those URLs to your list.

Have it crawl for a few hours, then look at your dataset and see what’s in there that shouldn’t [be].

Come up with filtering rules for those and then restart clean. Repeat this until you are happy with the dataset.

You should also determine your feature set early on. For example, in Candle you can only search for individual words, not phrases.

For certain features it might be necessary to keep copies of the content you index. I decided I didn’t want that.

SOTD: You had told me that ‘With Candle, I try to deliver diverse results. It won’t return multiple results from the same onion, or from the same ‘identical/very similar’ onion.” Would it be possible to explain a little about how this is done?

J: When you enter some words, I look up all the URLs that have those words in it. This might contain multiple URLs from the same onion domain. If so, I only keep the ‘best’ one. It also might contain URLs from onions that are mirrors/copies/clones of each other. This is harder to determine.

Since I don’t keep copies of content, I have to base ‘identicality’ on stats and metadata like title, size, number of words, links, etc. (Have you noticed the ‘onion:…’-link underneath each result?)

Which one is the best is based on how often the words occur, how strong those words are, how many words the page has, etc.

SOTD: What projects are you currently developing, or do you plan to develop, if given the time?

J: I got an Arduino for Christmas, so currently my evening hours are devoted to making LEDs flash.

Writing Candle was really just an exercise for myself. I am still surprised about the amount of use it gets every day.

9edcab8725bed60303c07546d5931839

 

(Well Jobi, I’m glad you created it – and I’m sure millions of other Tor users are too!)