Darkfox: Access the Dark Web with Ease!

darkfox

NOTE: Darkfox will not help you access .clos, .rdos, .lll, or .loky domains. Those don’t exist!! It will help you access .onion, .I2P, and 127.0.0.1:8888 URIs.

by Ciphas

This may sound like an infomercial, but I swear it’s not.

Those of you who use darknets, in particular Tor, I2P, and Freenet, might have noticed that it can sometimes be inconvenient to have to run each one in a separate browser, or at least have to launch the programs separately.

Well, I found a program that makes it simpler to connect to any of these three networks with a simple command: it’s called Darkfox Launcher.

Its advantage is that it lets you access Tor, I2P, or Freenet without having to change your configurations every time. Plus, it’s very simple to use.

The GitHub page goes into a little more detail, but one of the most important questions it answers is: “How does Darkfox Launcher work?”

Here’s the answer: “Darkfox Launcher works by first changing the default profile of the Firefox Portable software and with that, changing the default network configuration. Once this phase is done, Darkfox will proceed by launching the Darknet proxy software to make the connection to the Darknet chosen by the user. When completed, Firefox Portable will boot to the default startpage of that specific Darknet.”

Darkfox is also a convenient way of quickly accessing one of these networks if, say, you need to contact someone through the network and don’t want to go through the process of installing, for example, I2P.

Included in its software package are these things: Firefox Portable Edition, and the proxy software from the Tor Project, the Invisible Internet Project (I2P), and the Freenet Project. If you’re unfamiliar with each of these, it might help to check them out individually first!

So what’s my opinion? I’ve been using it for a little while now, and while it does have a few bugs, I love it. (Besides, what software doesn’t have bugs, especially in the early stages?)

And you may have noticed that, since it’s on GitHub, Darkfox Launcher is also open source. To that end, if you want to fork it and contribute to the code, feel free.

Now, its downside is that it isn’t as secure as the actual Tor browser. So, if you’re doing some kind of hardcore whistleblowing, or engaging in illicit activities, I don’t recommend Darkfox for you. It’s still a work-in-progress, though, so future versions will probably have improved security features.

On a side note, this may just be nostalgia, but its UI reminds me of both the DOS command prompt and the Bash Unix shell. *Nerding out*

While it may not be about bells and whistles, I think Darkfox Launcher accomplishes its purpose well. For more information about it, check out the Darkfox Read Me: https://github.com/blacklight447/Darkfox-Launcher/blob/master/README.md.

If that’s not enough, take a look at its source code here: https://github.com/blacklight447/Darkfox-Launcher/blob/master/darkfox%20code

darkfox_sourcecode

Who knows? Perhaps in the future, it will have the ability to launch Tor and do your taxes.

Dark Web Links of the Day Pt. 1

blackmarketammo.png

by Ciphas

I’ve been receiving comments on my profile asking if I could post some links, so I’m more than happy to oblige. One thing I should remind my readers about, though – Tor and its darknet brethren are rife with scams. So if anything sounds too good to be true (triple your bitcoin in 2 seconds!!), then it probably is.

TorBay (forum) https://2or24opd2hkebadv.onion

Digital Gangster https://2fwqhlzx5dxiyggr.onion

IDC – Italian Darknet Community https://2qrdpvonwwqnic7j.onion/

Walmart Stuff https://42bu3fd5gaxu3xbn.onion

TorRoulette https://4mxhmvyfba2ji7lb.onion

W38M411 https://23tjl3xpt5btiqms.onion

GRAVES DESIGN https://362jdnvs4w5itsql.onion

Interview: Eileen Ormsby, Author of Silk Road & All Things VICE

AAEAAQAAAAAAAAPwAAAAJGEzYjZmMzI4LWY5NTUtNDM1OS05NjY3LTNmZTI1MTYxY2RmMQ

Photo credit: Philip Gao Photography

I must say, it’s always interesting (and enlightening) to meet people who actually know their stuff when it comes to the dark web. Not long ago, on Twitter, I had that opportunity.

Eileen Ormsby, the Melbourne-based author of Silk Road and All Things VICE, was the perfect person to talk to regarding the ins and outs of the dark web in all its shady glory. According to her, her interest in the dark web emerged as a result of doing research for the Silk Road book, and eventually led to the creation of the blog.

9781742614090

Given that I, too, am aiming to find the truth about the dark web amongst all the disinformation, it seems that Ormsby and I have something in common.  We even touched on my “favorite” dark web myth, red rooms!

Secrets of the Dark: What were your initial experiences on the dark web? Did you use Tor or some other service?

Eileen Ormsby: Yes, started with Tor and, specifically, Silk Road. It was some time in 2011 when a friend who was using it showed it to me. Instant fascination!

silk-road-site (1)

The original Silk Road Marketplace

SoTD: You have interviewed a number of individuals who are involved in various aspects of the dark web. Which interviews did you find to be the most informative or interesting?

EO: Probably the most interesting for me was my interview with the administrators of Atlantis when they were trying to break Silk Road’s stranglehold on the darknet markets. They contacted me and asked for the interview – in fact, several times before I agreed to do it.  They’d been asking whether I would carry their paid advertising (no) and then were always sending me snippets of news to put on my blog. They sent me previews of their infamous Youtube commercial before it was put on. They were really marketing hard, desperate to get some sort of good publicity because Silk Road monopolised the market and their customers were a really strong, loyal fanbase. Nobody trusted Atlantis, even though they offered a smoother interface, lower commissions and better customer service.

Eventually I agreed I would interview them provided it would be real-time, candid and I would not make it positive if I didn’t feel it should be. I agreed to give them a hearing and be fair. It was all done over real-time encrypted chat (I think it was cryptocat, which is now defunct after being proven to be not that crypto after all!) [actually, it’s back up again! – ed.].

It lasted several hours and I did, indeed, feel it was candid. I think they were trying to make a better market, but it failed because of distrust among DNM users and loyalty to Silk Road.

Other than that, I interviewed or engaged with most of the staff of Silk Road from time to time, including [Dread Pirate Roberts] 1&2 and still remain in contact with several of them to this day – the difference being that I now know the real identities of many of them!  I was in constant email contact with Peter Nash, the Australian moderator, during his time in prison in the US and served as his communication to the outside. He gave me an awesome interview when he got out.

SoTD: What are some of the urban legends and dubious information that, in your experience, continue to pass around about the dark web? (e.g. hitmen services, red rooms, bizarre things for sale)

EO: The one that is most persistent is the myth of the “Red Room” – live streaming of torture/rape that ends in the murder of the victim and which people can pay to watch, or even bid to type in commands for the torturer to carry out (highest bid wins!).  People have this idea of Hostel with webcams exist[ing] all over the dark web, but you just need an invite to get into them.  It’s ridiculous.  They don’t exist.  They certainly wouldn’t exist on Tor.  But people are desperate to believe and they always come back with “You can’t prove they don’t exist, people are crazy, therefore they must exist.”  Picture my eyes rolling here.

I don’t think many people are taken in by the hitmen sites anymore, though the press loves playing up the fact that there are sites offering up hitman services. And of course, after the Ross Ulbricht trial, people kept pointing to his alleged attempts to have hits carried out as pointing to him trying to use ‘hitman sites,’ which wasn’t the case at all.

People are always asking where they can find markets for exotic animals. Obviously the illegal trade in exotic animals exists, and some communications and transactions may well take place over Tor, but there are no markets like the drug markets where you can go and look at a picture and then put a tiger or ocelot or something into your basket and buy it with bitcoin.

SoTD: Have you used networks other than Tor to explore the dark web? (e.g. I2P, Freenet, GNUnet, Netsukuku)  If so, how did the experience compare?

nerdageddon_updated

Nerdageddon on Freenet

EO: I used I2P and Freenet back in the beginning when I was researching the dark web in general, but they just weren’t as user-friendly as Tor and didn’t have the user base.

SoTD: What kind of research did you do when writing your book Silk Road (beyond just visiting the website itself)?  What did you discover in the process?

EO: In a lot of ways, I didn’t do any research at all.  I was in there from the early days, an active part of the community.  I spent part of pretty much every single day in there for two years.  I got involved in stuff.  I spoke to people, sometimes they came to me with their stories.  It was totally organic.

As well as the ground-level stuff, I got involved with a lot of the academics involved in researching cryptomarkets. Dr. Monica Barratt was one of the first – we’re still friends today – and she has probably done more rigorous academic analysis of the darknet markets than just about anyone in the world. Nicolas Cristin was another one who could be counted on for impartial analysis. There’s now a large circle of people involved in cryptomarket research and we have a very cool private forum where we share stuff.

SoTD: Have you found that you needed to increase your knowledge of internet security in order to research networks like Tor (i.e. to protect yourself and your identity)?

EO: Well, I’ve always hidden in plain sight.  Once I came out on Silk Road, I used the name OzFreelancer everywhere on the dark web. Everyone knew who I was. I always thought being up front about who I was to be the best way. Of course I have second logins for everything under different names, but they are usually for lurking rather than contributing.

The one thing I’ve found invaluable and that everyone – not just journos or DNM users but everyone – should take the time to learn is PGP. It is the one thing we can still count on.

SoTD: On your blog All Things VICE, you seem to get a lot of comments from the owner(s) of the Besa Mafia website; do you have any inside information as to what the truth is about the site? Is it a scam, honeypot, or what?

EO: LOL, yes I have inside information which I can’t go into detail about at the moment, but it will all come out at some point. Yes, they are a scam, but a very successful one – they have stooged a lot of people out of money.

besa_mafia

Besa Mafia’s website

SoTD: In spite of the negative attention that darknet markets have received, do you think that they have any positive aspects?

EO: The drug markets certainly do. They offer a safer alternative for people who are going to do drugs anyway. There is no possibility of any violence. The vast majority of the time a buyer knows exactly what they are getting, because of the feedback and rating system – if someone is selling 25i as acid or pipes as ecstasy, they will very quickly be called out for it and their ratings will plummet. That’s not the case in a nightclub, or even friends-of-friends, where you just blindly accept that pill, powder or tab is what the seller says it is.

SoTD: Have you explored some of the darknet markets that are still in business, such as Alphabay, Dream Market, Valhalla, Python Market, or Hansa Market? If yes, what was the experience like?

applemarket2

Apple Market

EO: Yes, all of them. And they are boring. Which is exactly what a market should be to stay in business. One of Ross Ulbricht’s biggest mistakes was being too damn interesting and developing a cult following. It really got up the nose of the TLAs and they threw a ridiculously disproportionate number of resources into tracking him down and prosecuting him. There’s been several markets far larger than Silk Road ever was, but law enforcement just don’t care (or at least don’t care enough) because they are quietly running as a commercial enterprise and don’t have any political or disruptive motivations. They certainly don’t have enigmatic leaders posting rousing calls to arms with devout followers drinking the Koolaid. None of us journos are writing about them much, so they are out of sight, out of mind for politicians.

I don’t mean to say that LE doesn’t still work on arresting DNM dealers and, where possible, closing the markets. It’s just that the political pressure to close them down is off.

Ulbricht_Passport

Ross Ulbricht, a.k.a. Dread Pirate Roberts

SoTD: There are many, many so-called “horror stories” that pass around about the dark web; do you have any of your own to share from your research?

EO: Haha, none! I did get bombarded by the owner of Besa Mafia (hitman site) after my article about them, with emails telling me he knows where I live and was sending people around to “beat and rape” me, but I was never really worried that he would go through with it. My partner on the other hand gets nervous about what I do sometimes.

Of course, there’s been disturbing things. I attended the court hearings of people involved in hurtcore sites. I heard and saw things that I need to put in little compartments of my brain that I lock away and rarely visit. But never any of the creepypasta stuff people love to boast about on Reddit.

SoTD: Do you think that Tor is still a good tool for journalists to use, or as a privacy tool for people living under repressive regimes? (e.g. North Korea, ISIL)

EO: Absolutely. Every journo should have a working knowledge of Tor, VPNs and PGP. Especially PGP.

SoTD: Given that darknets and other privacy tools are still being developed, do you think that something else may eventually replace Tor?

EO: Yes. I’m not clever enough to know what though.

SoTD: Answer this question once and for all: is it called the “deep web” or the “dark web”? Or are they two entirely different things?

EO: They are two different things. You know when you hear that stuff about the deep web being 500x larger than the surface web? That’s true (well, I don’t know the exact figure – nobody does – but it is massively larger). But that is all boring stuff, being anything that’s not indexed by search engines. So anything behind a paywall, or password protected, backend stuff for companies, etc. The dark web is a very small part of the deep web. Teeny tiny. It is just a media-friendly way of saying Hidden Services.
I have to admit, I hate seeing people use “deep web” when they mean “dark web.”

 

Me too, Eileen!  Me too.  Well, I encourage you to check out All Things VICE.

And next time you hear some crazy rumors about the dark web…check there first.

 

 

So-Called Red Room Site: A Creepy Experience

red_prison_torture_room

Ah, the legend continues!  I’ve done several posts about the so-called “red rooms” that may or may not exist on the dark web, and it’s been an interesting process.  (I’m leaning toward not, by the way.)  For the newcomers, here are the previous entries:

Are Deep Web Red Rooms Real?

Is the Shadow Web a Reality? (Updated)

Dark Web Sites That *Claim* To Be Red Rooms

Red Rooms Finally Debunked Forever?

A Chat with the Directors of The Darkest Alley! (interview)

In the process, I’ve become more and more convinced that it would be extremely difficult, if not impossible, to host something like a red room on the dark web (Tor in particular).  Not only is livestreaming very difficult due to latency problems, but you would also have the problem of something like a live murder leaving behind evidence for law enforcement.

Nonetheless, in my research process, I’ve continued looking for sites that are labeled as red rooms, or sell themselves on the premise of being a red room.  I have come across several of those while hunting, and most seem to be scams.

Red Room #12589903

red room scam

The alleged “red room” site.

 

Most recently, I found yet another site with a similar premise, located at http://5xcds7yhgisfm6mu.onion/.  As you can see from the screenshot, it’s rather basic looking and gives very few details.  You had to contact them to get any other information.

Once again, out of curiosity, I contacted the site owner (or whomever) via the email address that was listed, and sent a PGP-encrypted message asking how to sign up.  He sent me back a PGP-encrypted message with details on what I had to do, and how much I had to pay, etc.

Now, here is the creepy part: the person who responded actually knew my real name.  That was enough to freak me out, at least a little bit.  I didn’t ask, but I was also concerned if he had any of my other personal information.

(Later, when he found out I was blogging about him, he spewed out a list of other personal info, like my wife’s name, the city I lived in, and several places that I frequent.  But you could honestly find those just by Googling me.)

It reminded me, at least slightly, of some of the “deep web” stories like the previously mentioned Horrifying Deep Web Stories: Why I Quit Hacking or 3 Disturbing Deep Web Stories by Mr. Nightmare.  And yes, I know that those are just stories,  but it was the possibility of someone finding out my real identity that was reminiscent of some of the stories.

His response to my first question, like most of the others, was that I had to pay 2.0 bitcoin (a.k.a. $1344.80) to gain access, and then to actually be the “master” of the show, I had to win an auction (similar to most of the other supposed red room sites).

Once you paid, supposedly, you would be given a username and password to simply access the site.  (You could only access the landing page without it.)

Invasion of Privacy??

panic-lots-you-just-got-hacked

So my question was – where did the guy get my name from?  Well, without asking directly, I had several theories.

When I had used my PGP key on the message I sent initially, it’s possible that my name was encoded into it somehow.  I actually find that less disturbing than some of the alternatives.

Beyond that, I combed through my system with various anti-malware tools, and came up with a few troubling findings.  One of them was a type of trojan (whose name I forget at the moment) that is specifically designed to steal login credentials and personal information.

I was able to remove it, but the question still remained – was that what gave away my name?  I still don’t know for certain, and I would feel more comfortable if I did.

Moral of the Story…

53865-bigthumbnail

So what have I learned from this?  I need to be more careful about whom I correspond with on the dark web, and when I do so, it’s imperative that I have all privacy and security protocols in place, and don’t do anything idiotic.  (Insert “I told you so” here.)

In the meantime, I’m still finding the process enjoyable, and believe it or not, I have learned a few things from my mistakes.

I hope you can, too.

 

 

How to Access the Dark Web with I2P!

use-i2p-host-and-share-your-secret-goods-dark-web-anonymously.w654

What?  You mean there’s another way to access the dark web?  YES!

I’ve said this before, but it bears repeating – Tor is not the only way to access the so-called “dark web,” but it seems to be the most popular at the moment.  In fact, there are many ways to do so.  Oddly enough, many of the trending articles that discuss the dark web act as if Tor is the only way to reach it.

“Dark web” is essentially a metaphor for all the sites built on top of encrypted networks that require special software, configurations or permissions to access.  I must clarify this, however – Tor, I2P, and Freenet are completely separate networks.

On previous posts I’ve mentioned Freenet, but there are other options too, and I2P is one of them.  The reason that it probably doesn’t have the same reputation as Tor, or even Freenet for that matter, is that it’s a bit more complex to learn and use.  (At least that’s my guess).

So, downloading I2P is the easy part; just go to Download – I2P and install it!  The site offers packages for the following OS’s:

  • Windows
  • Mac OS X
  • GNU/Linux/BSD/Solaris
  • Debian/Ubuntu
  • Android

The tricky part, as you may have guessed, is the post-install work!  Courtesy of their homepage, I’ll offer the steps:

I2P_post-install-work

After running the installer on Windows, simply click on the “Start I2P” button which will bring up the router console, which has further instructions.

On Unix-like systems, I2P can be started as a service using the “i2prouter” script, located in the directory you selected for I2P. Changing to that directory in a console and issuing “sh i2prouter status” should tell you the router’s status. The arguments “start”, “stop” and “restart” control the service. The router console can be accessed at its usual location. For users on OpenSolaris and other systems for which the wrapper (i2psvc) is not supported, start the router with “sh runplain.sh” instead.

When installing for the first time, please remember to adjust your NAT/firewall if you can, bearing in mind the Internet-facing ports I2P uses, described here among other ports. If you have successfully opened your port to inbound TCP, also enable inbound TCP on the configuration page.

Also, please review and adjust the bandwidth settings on the configuration page, as the default settings of 96 KBps down / 40 KBps up are fairly slow.

If you want to reach eepsites via your browser, have a look on the browser proxy setup page for an easy howto.

Did that read like a foreign language to you?  Congratulations!  It did to me too, at first.  It may make more sense once you actually get into the process of setting it up…or not.

At first, I’ll admit I was somewhat intimidated by I2P, given that you couldn’t just install it and run it without a lot of configuration and forehand knowledge, but now that I’m more educated in that area, it’s kind of fun (believe it or not).  Or maybe it’s because I’m a nerd, I don’t know…

d4f20041254a0727ddce7cb81be9e68c

If you find the homepage’s instructions a bit too technical, there are a number of other sites that “translate” the setup tutorial into a simple guide. Deepdotweb featured one of these guides in this post: Full guide: How to access I2P Sites & Use TheMarketplace.i2p

The Tin Hat also offers a great tutorial here: How To Use I2P | I2P Tutorial & Setup Guide.  Plus, they explain how the network works in layman’s terms!

the_tin_hat_I2P

Screenshot credit: thetinhat.com

Once you have the network up and running and you open it in a browser (e.g. Firefox), you should see a page like this:

I2P_router_console_0.7.7

Credit: 2009 Wikimedia Commons

As it says, that’s the I2P Router Console, and from that page you can configure just about everything about your connection, how much bandwidth you’re using, and what IP address your “identity” appears to be (not unlike Tor, actually)!

Let the Right One In

hand-984170_960_720

I had to include at least one creepy image.

Now, I have to confess that the part where I got held up was when I tried to access actual I2P sites (known as “eepsites”).  I knew I was connected to the network, so that wasn’t the problem.

According to the official I2P FAQ, under the question explaining what eepsites are:

An eepsite is a website that is hosted anonymously – you can access it by setting your web browser’s HTTP proxy to use the web proxy (typically it listens on localhost port 4444), and browsing to the site.

I did this, but I was still unable to access a number of the eepsites (or at least the featured ones on the router console).  Therefore, my thought was that the sites themselves were down.

Either that, or my firewall settings were preventing me from accessing the sites – I plan on modifying those and giving this another try.  Of note: eepsites also tend to go down often (not unlike .onion sites), so that could also be the problem.

But Wait…There’s More!

I2PBote-inbox-0.4

Like its darknet cousin Freenet, I2P offers several main features:

Email/Messaging: I2P has a few different messaging services.  The main ones are a built-in email application and I2P-Bote, a secure messaging platform somewhat akin to Freenet’s FMS (Freenet Messaging System) application.

I2P-Bote is a P2P email service; there is no central server that stores your personal data. Email messages are stored in encrypted form on the computers of other I2P-Bote users, which is how it differs in its structure from standard email services.  No one with the ability to read your emails actually stores them on their servers.

If you check out the link above, it breaks down many of the security features of I2P-Bote, including its encryption method(s), and anonymity components.

I2P-Bote, as opposed to standard email services like Gmail or Outlook, uses cryptographic keys as destinations (i.e. randomly generated numbers and letters.)

sy10500b

This end-to-end encryption is the default with I2P-Bote.  Beyond that, I2P-Bote also sanitizes email headers, taking out any unimportant information, and encrypts what’s left (e.g. the subject line).

I don’t know about you folks, but I find that very reassuring!

IRC (Internet Relay Chat): Some of you are probably already familiar with IRC – it’s been around since the internet’s early days (1988, believe it or not)!  The difference with I2P is that it has an IRC service that allows users to chat anonymously.  Similar services exist on Tor, by the way.  I have yet to use the chat service, but I plan on doing so in the future (and perhaps writing a separate post about it).  According to The Tin Hat’s how-to guide:

“Often controversial topics are talked about in these channels, but nobody is afraid of offering what may be a very valid, but unpopular opinion, pushing you to explore new ideas from new perspectives.”

And I can’t help but be reminded of an episode of Numbers while reading that line where they said this:

numbers_irc

Uhh…no it isn’t.  But I digress.  If you do end up using I2P’s IRC, The Tin Hat recommends the chat rooms #salt and #i2p-chat, which you can connect to by setting your IRC client (such as X-Chat) to 127.0.0.1 on port 6668.  If you already have experience with this, feel free to give me some feedback on how it went!

Torrents: Oh my God, you can torrent over I2P?  Yes – in fact, some would say that gives it an advantage over Tor, which strongly advises against torrenting over their network.

I2P offers The Postman Tracker and I2PSnark.  The former is a lot like The Pirate Bay, and the latter is very similar to µTorrent.  Again, I have yet to try out this feature, but according to my research, the torrenting feature only provides more cover-traffic, which actually improves your anonymity (as opposed to Tor)!

I2P also gives the user an advantage in that they can use it as a proxy for clearnet torrents, like BitTorrent or µTorrent.  That way you’re less likely to get some ominous letter from the RIAA, or have others users spying on your torrents.  It’s not 100% foolproof, but I’d say it’s smarter.  

Beyond that, there is an I2P plugin for the Vuze torrent client called I2P Helper; if you intend to use I2P primarily for torrenting, then it works very well in this context.  I2P Helper allows you to download torrents from both the clearnet and the dark web simultaneously.  To boot, you can configure Vuze to use I2P by itself, or an already running external I2P router.

One of the positive things about using I2P for torrenting is that there is very little child pornography or other questionable material on the torrent trackers (despite claims to the contrary).  Rather, there are quite a few sci-fi books, programming books, leaked government documents, movies, and music.

Its downside, however, is speed, which on average is about 30KBps (compared to roughly 1-2 MB/s on most other torrenting sites).  The trade-off, of course, is the anonymity factor.  You’re much less likely to get discovered and sued by angry record labels and movie studios if you’re using I2P, as opposed to their “cousins” on the clearnet.  So the choice is yours.

Give Me Links!  Give Me Links!

09_Browse_to_Site

All right, you asked for it!  I haven’t vetted any of these links, so enter at your own risk. These links are courtesy of DCJTech.info: DarkWeb Link List.  I have to admit, they’re much easier to remember than most .onion addresses, aren’t they?

Directory (I2P)

File-Sharing and Torrents

Gaming

Messaging

Miscellaneous I2P Sites

OutProxies

Search Engines (I2P)

Shopping (I2P)

Social

Is that enough links to get you started?  Well, I hope you have fun checking them out.

As for me,  I do hope to explore I2P more in the near future; it seems perfectly suited to nerds like me!

With that…it’s off to the darknet again…

 

 

 

 

 

 

A Chat With the Directors of The Darkest Alley!

13277615_1007030976083644_903338483_n

Those who know me in person probably also know that I’m a big film buff. In fact, I happen to be a fan of dark and disturbing films like The Bunny GameIrreversible, and Salò, or the 120 Days of Sodom, so it doesn’t seem like that much of a surprise that I would be intrigued by the dark web.

I had been tweeting one of my blog posts related to red rooms (i.e. alleged dark web sites in which someone is tortured to death on a live stream), and a guy by the name of Rohit Kumar (@Raw_Heat420) tweeted back, “I see you are interested in red rooms hahaha.”

34550d

Do you like the red room?

This sparked a brief conversation between us, and in the process, I learned that Kumar and his cousin, Mayank Kaushal, are making a film about the dark web (including red rooms) called The Darkest Alley.

Apparently, the catalyst for making this film was a story (or some would say creepypasta) told by YouTuber Corpse Husband, entitled Horrifying Deep Web Stories: “Why I Quit Hacking”.  I, too, had heard this story, and regardless of whether it’s true or not, I found it to be one of the scariest and most convincing dark web stories on YouTube.  (Actually, in his words, it is true – who am I to say otherwise?) 

It’s told from the point-of-view of a former hacker who ghost hacks into a heavily protected dark web site, and discovers some things that he ends up truly regretting.

whyiquithacking

Fast forward: I decided to interview Kumar and Kaushal about their film, as well as their experiences on the dark web. The interview took place over Twitter.  Oddly enough, it turned out we had had many common experiences in the process of exploring the dark web.

Secrets of the Dark: How long have you been into filmmaking? (either of you) In other words, is this a recent thing or have you been doing it for quite some time?

Mayank Kaushal: We’ve always been into making and editing movies for fun for years on YouTube. After a while we began perfecting our craft and slowly we got requests from clients for custom work. Just recently we came to the the conclusion that it was time to see our full potential, exactly what we could accomplish with our skills from over the years.

SotD: I saw on your fundraiser page that you were inspired to make this film by the short story that Corpse Husband told (“Why I Quit Being A Hacker”). Do you think that story is true? Some people say it’s just a creepypasta, is why I ask.

MK: We believe some parts of the story might have been true, but we do think stuff like this happens on the deep web when the user isn’t careful.  This story gave us the idea that there is something about the unknown that is very creepy.  Red rooms being one of those mysterious aspects.  Also, I thought this particular story was magnificently detailed, to the point that I was feeling the same thoughts that the [protagonist] was going through.  That alone got me excited to think what a movie on this would be like.

SotD: I agree!  It was one of the best stories about that subject matter.  In that same vein, are you willing to give a brief summary of what your film is about (without spoiling it, of course)?

paniq-room

Rohit Kumar: Keep in mind that this movie was inspired by one 20 minute scene which we have adapted into a feature film.  The film [is set] in Houston, Texas, where a college-typical student is struggling to pay his way through college.  He turns to drugs and eventually finds himself on the deep web selling his product.  Everything looks great until he ends up on the wrong site and suddenly his life gets turned upside down.

SotD: Oh, OK – so the film story really is directly influenced by the Corpse Husband story then!  I would still like to see it if I have the chance.

RK: That is correct; we feel like if we leave anything out we aren’t doing the story any justice.

SotD: Gotcha, that makes sense.  Have you already cast all of the actors yet for the film?

MK: We have casted [sic] all of the main actors; we just need to confirm our extras.

SotD: I see, so you’re getting there!  I’ve also been curious about the research you did for the film.  Did you actually visit the deep web/dark web a lot, and did you come across any real red rooms?

ALICIAredroom

Note: This is not a real red room!

RK: Yes, since this [is] our very first dab at this we are finding out that there is a whole lot of work involved behind the scenes [for] a film of this caliber.

SotD: What kinds of things have you seen on Tor that you’d be willing to talk about?  Or on other parts of the dark web, that is.  (If you’re not comfortable sharing it, then don’t, of course!)

MK: Hold on, this is a long one haha!

SoTD: OK, no problem!! Just trying to clarify.

RK: In order to prepare thoroughly for [the] film and each character we did extensive research in real world scenarios.  I spent around 6-8 months surfing the deep web using Tor until my personal security was compromised due to carelessness.  We studied many documentaries on the production and distribution of narcotics and witnessed real transactions in order to play each part as genuine as possible.

25

MK: As for Tor, we were using Skype to screen share some of our sessions, in retrospect a terrible idea, and came across a plethora of underage pornography, many bitcoin scam sites and 2 red room sites.  The red room sites turned out to be fake, but did a good job of showing how one would actually work.  In actuality a red room site [would] not be able to stream in HD the type of content that has been rumored on the clearnet.  It would also be very difficult to find such a website as it would more [than] likely be password protected. We even tried multiple chat rooms for many hours trying to find more information on the subject, but all we found were other curious minds and hackers/trolls.  All in all, the deep web is a great resource; [the] dark side of it is where it has its bad points.  The worst thing we saw were pictures of dismemberment, but we’ve already seen too much so it didn’t really faze us.

SoTD: Hahaha!  I get it – I’ve experienced almost all of the same things.  What experience do you have with special effects that would help you create some of the screen violence?

RK: I am trained with 3D modeling, and visual effects, and…Mayank is a graphics designer.  With these qualities teamed up with practical effects and great cinematography, we will bring this story to life on the big screen.

SoTD: Sounds very exciting!  And you’ve mentioned The Silk Road on Twitter and Instagram…did you visit any real darknet markets in the process?  (Like Alphabay, Silk Road 3, Agora [since closed])?

AlphaBay-Home-e1440639625779

AlphaBay Market

 

silkroad30_login

Login page for Silk Road 3.0

MK: We used Grams to search particular products and we got return results from the Silk Road, Agora and Pandora.  We also used various directories to lookup [sic] sites, and some of those sites were offering drugs, but those didn’t look as trustworthy as the marketplaces aforementioned.

grams_search_engine

The Grams darknet market search engine

SoTD: Trust me, I know what you mean.  Well, how soon do you think we’ll be able to actually see the movie?  You’ve got me anticipating it now!  I didn’t see an official release date…

RK: This…sounds absolutely crazy to me, trying to wrap my mind around [the] fact that this entire [thing] will be shot in under 12 days.  After the shoot, which is in late July, we are hoping to have it edited by February 2017 and will begin early screening in March.  The official release was being debated as a date in May or October 31st.  We ultimately came to the conclusion that the end of May 2017 will be better suited.

SoTD: That’s great to hear!  I really look forward to it.  Those were all the questions I had written for the moment…I’ll make a donation if I get a chance, too.

RK: Those were some great questions man, once again thanks for the opportunity!  Feel free to ask any questions here, as Mayank and I will be monitoring this account in order to build our following :).  Peace and love from the team at #TheDarkestAlley!

_________________________________________________________________

Well, my fellow dark web enthusiasts, I hope you enjoyed the interview.  If the film sounds like something you’d want to see, and you want to help Rohit and Mayank raise some of the remaining funds they need, go to Indiegogo: The Darkest Alley, and make a donation!

indiegogo_darkestalley

At the time of this writing, they’ve raised $311 of their $1450 goal.  (You get some swag in return for donating, by the way!)

As for me, I hope to see the film soon – best of luck in getting it out there, guys.

 

 

 

Can You Access Tor on iOS Devices?

As M. Bison would say:

утиные-истории-duck-tales-Magica-De-Spell-NSFW-2198641

Thus far on my articles, I’ve mainly talked about Android devices, so maybe I’m showing a little bias.

The answer, of course, is yes! What I don’t know for certain is how good the various iOS apps are, but I can at least share some of the available offerings.

The three most popular apps available from the iTunes Store (at the moment) are called Onion Browser (by Mike Tigas), Red Onion (by Omar Mody), and VPN Browser, (by Art Fusion).

That’s Just, Like…Your Opinion, Man

Lebowski_Landscpe_LR_RUSSIAN

So, all three of these Tor-powered apps have high ratings on the iTunes Store itself, but those can be misleading – after all, the developers could’ve written them, right?

Since I don’t have a lot of personal experience using these apps, I turned to the community to see what they thought.  The site iPhone.informer features reviews of all kinds of different apps.

Even on there, Red Onion seems to have overwhelmingly positive reviews.  Onion Browser, on the other hand, received mixed reviews.  (Many users complained that it crashes frequently, which is also a problem with the desktop version).

As for the VPN Browser, it also has mainly positive reviews, with the exception of one, who said, “Every time I try to watch a video the app crashes.”  I almost never watch videos on Tor anyway, so that doesn’t concern me!

Internet Is Leaking!

What I’ve heard through the grapevine, on articles like The problem behind mobile Tor browsers’ IP disclosure, is that all three of these apps do work well in terms of being user-friendly, but on the downside, I’ve also heard that they have a serious problem with IP leakage (which would defeat the purpose of using them!).

On the plus side, the developers have apparently fixed these errors in more recent versions of Onion Browser and Red Onion.

mobile browsers' IP disclosure

Screenshot: courtesy of xordern.net

Actually, an update to the above post says that the HTML5 multimedia leak and download-related leaks were fixed in later versions – hopefully that’s no longer a problem.

One of the ways in which IP addresses are leaked on mobile devices is via external HTML5 canvas image data, which is essentially what I was referring to in the May I Have Your Browser Fingerprint? post.

The current version of Tor (or the desktop version, at least) now warns you if a URL attempts to do this (Tor users are probably familiar with this message):

Screen Shot 2014-10-24 at 14.27.28.png

Even if the leak problem is “fixed,” I would still be cautious about using some of these mobile apps to access the Tor network.  There are other methods that can be used to deanonymize users, and the very act of using Tor raises suspicion…

Aww, but I was just looking at pictures of cute cats!! Anyhow, it seems that at the moment, no version of Tor is 100% anonymous, but if you’re careful enough, it may not matter.

Just don’t ask about buying any nuclear missiles, OK?  (I’m serious about that.)