Don’t Use the Hidden Wiki – Use These!

thehiddenwikicrop

I’ve noticed that quite a few people recommend The Hidden Wiki as a “starting point” for using Tor.

While it does have some good general information about Tor (and darknets in general), most of the links that it features are scams – at least the financial ones, or anything that you would have to pay money to use. Though I don’t suggest using it, I’ll link to it anyway, just so you can see what I mean: http://zqktlwi4fecvo6ri.onion

This probably goes without saying for people who have been using Tor for a reasonable amount of time, but for those new to the dark web, it seems like a lure to ensnare people unfamiliar with it.

Granted, some of the links are innocuous – you’ll see things like the search engines, and some of the “library sites” like the Imperial Library of Trantor. On the other hand, there are quite a few sites that promise things like “bitcoin doubling,” “free drugs,” etc. – these are all scams.

So…if you don’t use the Hidden Wiki, what should you use?

Well, as I’d mentioned in several earlier posts, there are a few Tor search engines that are good:

notevil-chat

Besides these search engines, there are other link lists you can find, one of which I also mentioned in my earlier post, Fresh Onions: Best Tor Link List?:

welcometodarkweblinks

Of course, these sites, too, may have scam links on them, but they’re at least mixed in with other things. And for whatever reason, I also find them to be more interesting than the Hidden Wiki – whether that’s because they have better links, or just look creepier,  I can’t say. Nevertheless, I have found a lot of the interesting sites I discuss on these alternate link sites and search engines.

Besides these, if you’re just looking for a group of people on the clearnet who hunt down onion links like you do, I’d suggest the subreddit /r/onions: Things That Make You Cry. They’re a pretty cool group of folks.

As for me, I’ll make an effort to include more onion sites in some of my future posts. Have fun checking out some of the ones I’ve shared here, in the meantime!

 

 

Advertisements

Should You Use a VPN with Tor? (Well, No.)

vpn-graphic-100022486-orig

This seems to be a very frequently asked question, and on many sites, people will tell you that you should use a VPN with Tor, for “extra protection.”

Based on my research, however, I disagree – and this seems to be an unpopular opinion. One reference I’d like to cite is a blog post by Matt Traudt, a.k.a. system33-, who is someone I respect with regard to Tor. The post in question is VPN + Tor: Not Necessarily a Net Gain.

One of the points he brings up here is the following:

Tor is trustless, a VPN is trusted. Users don’t have to trust every Tor relay that they use in order to stay safe with Tor. As long as the right ones aren’t compromised, working together, or otherwise malicious, the user stays protected.

This is the main problem with insisting on combining Tor and a VPN. VPNs can keep logs of your activity online (though some claim not to), whereas Tor does not.

However, using a VPN can hide your Tor usage from your ISP, especially if said ISP is suspicious of Tor.

The Tin Hat, on their post Tor And VPN – Using Both for Added Security, also makes the point that “Where this setup fails is at hiding your traffic from a malicious Tor exit node. Because the traffic goes through the VPN, and then to the Tor network, exit nodes can still watch your traffic unencrypted.”

My preference, personally, is to use a Linux distribution with Tor, like Tails or Qubes, or for the more advanced, Arch Linux or Manjaro Linux. These, of course, take time to learn and won’t do everything for you, but they are designed for security. While this doesn’t mean they are vulnerability-free, they can improve your protection, particularly if you understand their ins and outs.

Don’t get me wrong – Unix-like OS’s are not invincible – see Sophos: Don’t believe these four myths about Linux security, but depending on the situation, it’s preferable to using an OS like Windows.

Oddly enough, I haven’t “contracted” any malware via the dark web – at least not to my knowledge. This has happened more often on the clearnet, ironically. Maybe it’s because I don’t download mysterious files or install programs that I find randomly on networks like Tor.

I’m paranoid that way.

What about you, readers? What OS’s do you prefer to use (specifically in combination with Tor, I2P, Freenet, etc.)?

In the meantime, enjoy your dark web adventures, my friends – and please research any VPN or other “privacy” software before trusting it blindly.

16199cffb76fff8c74ad6dd8eac6afab

 

What’s the State of AlphaBay Market?

alphabay (1)

Update: AlphaBay has definitely exit scammed and is gone for good. Please don’t get your hopes up about it coming back.

If you’re interested in darknet markets and have seen the news lately, you probably know that AlphaBay, which up until now has been one of the most successful markets, is down (and has been since July 4th).

(NOTE: If you’re curious to see some sites you can use in place of it, check DNStats, or its Tor hidden service, http://dnstatstzgfcalax.onion.)

DNStats_alphabay

Numerous media outlets have already covered this story, including the New York Times, The Verge, and Gizmodo. If you haven’t heard about this, here are a few links to catch you up:

AlphaBay, Biggest Online Drug Bazaar, Goes Dark – The New York Times

A Dark Web marketplace is down and users suspect foul play – The Verge

World’s largest online illegal drug marketplace goes dark – Axios

While many of these stories are written by mainstream media outlets and are geared toward the layperson, it’s interesting to think about it from the point-of-view of someone who spends a lot of time on the dark web (or someone who’s bought and/or sold goods on the market, for that matter).

The subreddit /r/DarkNetMarkets, which is your guide to all things darknet market-related, has a bit more inside info, although even those involved with the market aren’t necessarily sure what happened.

rdarknetmarkets_censored

Though he did not give proof, one of the vendors on this subreddit speculated that the market’s downtime might be due to a hardware seizure in Quebec of dark web site owners: Vente dans le «Dark Web»: la police procède à deux perquisitions (As you can see, the article is in French, but you can loosely translate.)

In English, the article says that “…the RCMP’s integrated technology crime group conducted two searches in connection with a global network of illicit drug sales in the Dark Web [sic].” At least that’s the Google translation – no, I don’t speak French.

This points to a couple of possibilities: either the FBI seized one of AlphaBay’s servers (and all the data that would be included, such as hashed passwords, vendor information, private messages, etc.); or that the admins of the site closed it down in anticipation of a raid. Even if it’s the former, I doubt they were able to confiscate everything.

Again, however, just like those in the conversation over on Reddit, I’m just hypothesizing, so don’t take what I’m saying here as gospel. I’m not a member of LE (I swear!), nor do I want to be. Even if the feds did seize evidence from AlphaBay, I hope that it will be up and running again.

If that’s not the case, then I suppose you’ll have to take your business elsewhere.

In the meantime, I’ll be keeping an eye on the developments.

Stay trippy, my friends!

tumblr_opp8kzYMgL1vhy2fao1_540

 

Discontinued Darknets??

Given that privacy and anonymity are such a hot topic these days, there are many projects that various people and organizations are developing for just that reason. Several of these I’ve already mentioned multiple times, including Tor, I2P, Freenet, and ZeroNet.

Nonetheless, I find the defunct ones to be just as interesting, partly because some of them used different methods for disguising one’s identity. A few that I’ve had a chance to check out are:

  1. Osiris Serverless Portal System
  2. anoNet: Cooperative Chaos
  3. Umbra (by the Shadow Project)
  4. StealthNet

Some of these, in spite of no longer being developed, are still available for download, so you can check them if you’re just curious.

I thought I would give a brief explanation of each of these, and then let you explore on your own, if you wanted to find out more.

Osiris SPS

osiris

Osiris is a program used to create web portals that are distributed via P2P networking, and are not reliant on central servers (hence the name “serverless portal system”). Data on Osiris portals are shared between all participants. According to the Wikipedia article on Osiris, these are some of its key features:

  • The system is anonymous. It is not possible to make an association between a user and their IP address, hence one cannot trace the person who created a content.
  • Even with physical access to an Osiris installation it is impossible to trace the actual user without knowing his password.
  • 2048-bit digital keys guarantee the authenticity of content (digitally signed in order to prevent counterfeiting) and the confidentiality of private messages (encrypted between the sender and recipient).
  • To prevent the ISP from intercepting traffic, connections and data transfer to a portal (called alignment), Osiris uses random ports which are cloaked during handshake and encrypted point-to-point via 256-bit AES.
  • The P2P distribution allows content to be present in multiple copies as a guarantee of survival in case of hardware failure or nodes off-line.
  • As the portals are saved locally, one can read the contents even if one works off-line.

In some ways, Osiris is also like Freenet, in that it uses P2P distribution of content, has a reputations system, and uses cryptographic keys as identifiers.

Now, for those of you looking for creepy and disturbing stuff, I’ve never found any of that on Osiris. That wasn’t really my intention when I started using it. I was exploring other anonymity networks and software that I had yet to use.

The problem with Osiris is that it seems as though it’s no longer being developed, as I mentioned. Still, for the curious who just want to check it out, click the link above.

anoNet

anonet_6

anoNet was a Wide Area Network (WAN) created in 2005. Its creators were a few people who were tired of the surveillance and constant data collection that still takes place on the clearnet today.

As on Freenet or ZeroNet, they wanted it to have functions like social networking, messaging, email, and website publishing, but the ability to do all of these anonymously. The network used OpenVPN, tinc, Quagga, BIRD, and QuickTun. OpenVPN and QuickTun were used to quickly connect nodes to one another, while BIRD and Quagga were used to exchange routing information with others on the network, allowing all peers to connect to each other easily.

What I’m not entirely sure of is if you can still connect to the network at all, since various sources have listed it as defunct. It may be similar to Osiris, in that it isn’t actively being developed, but the software is still available.

Umbra

overview_wallet

Umbra, like Osiris, isn’t really defunct, but it isn’t being actively developed. It was a division of The Shadow Project, the creators of the ShadowCash cryptocurrency.

It could be used for anonymous chat, messaging, email, and hosting websites (much like Freenet or ZeroNet). I haven’t had the chance to use it yet myself, but I would enjoy just playing around with it, if for no other reason than learning…and fun!

StealthNet

stealthnet

StealthNet was an anonymous P2P filesharing network, based on an earlier model, called RShare. Like many other P2P networks, traffic was routed through other nodes in the network, helping to keep users anonymous.

For better or worse, this project, too, has been discontinued. If you’re just curious about it, however, it looks as though you can download the software. It’s unlikely that there will be many (if any) peers to connect to, which kind of defeats the purpose of a P2P network!

Anyhow…

Despite the fact that these networks have been discontinued, I expect that others like them are being developed right now, or will be in the future.

As I always say, if you’re a budding developer, why don’t you create one? It could eventually be something big!

 

Creating a Hidden Network?

Journey_to_the_Dark_Web

One of my readers, with whom I’ve been corresponding on and off, wrote to me with an idea about creating a hidden network from scratch. It may have been inspired by one of my earlier posts, The “Shadow Web” Cited Me? Awesome!

In this post, I speculated about how you could create your own “shadow web,” i.e. a network that offered anonymity, and that you and only a select few people could access. In response, this reader had a few suggestions for such a network (I’m paraphrasing his (or her?) words here):

  1. One in which you could communicate via Telnet or Netcat over the Tor network.
  2. No DNS, no sites, just chats.
  3. Each user has his own list of peers.
  4. No nicknames, just onion domains.
  5. Everything is done manually, to avoid potential security flaws.
  6. Users select someone to chat with from the peer list and connect via TCP socket over Tor.

 

telnet_screenshot_2

This is, more or less, what I had in mind when I described the idea of creating a hidden network, although I had hoped that you could build websites on top of it too. What I’m unsure of, in his description, is what he means by “no nicknames,” as I would think you would need some kind of identifier to use a chat feature.

Even if the names weren’t user-generated, you could have this encrypted chat generate them for you. To use the example of the “nonsense word generators” again, perhaps the program could generate two names like this:

Hokr

Ngwood

It could also generate cryptographic keys for each identity, like:

6U-^QoM&m{z?H]g~c”AX3VgQqzVVo+

VtjHjR00ZCYVvU7Gs2iuWXQd2lX6oPDi

It’s similar to Freenet’s WebOfTrust plugin, which also generates identities for users of the network. In the case of Freenet, you have to solve some puzzles (which are more or less CAPTCHAs) in order to introduce your identity to other users. This is done to prevent bots from “joining” the network.

setup004

Personally, I love this idea, although I’m still in the process of studying some of this, and I might need a little help getting started. Anyone else have ideas to contribute? Feel free!

Hey, sooner or later I may actually have my own darknet! (And of course, I’d have to make it dark and scary.)

curtain

Does Experian Really Monitor the Dark Web?

If the subject of the dark web interests you, you may have seen Experian’s series of “auction” commercials, like this one: Experian’s Auction Commercial – Dark Web Surveillance

experian_darkweb

I think this would qualify as what they refer to as “FUD” on /r/deepweb – manipulation of the less tech-savvy public through fear, uncertainty, and doubt. While the article on their blog, entitled “What Should You Know About The Dark Web?”, is somewhat accurate, I still think it’s exaggerated to scare people into subscribing to their “monitoring” service.

The reason that I’m skeptical of their claims is that it’s very difficult to find one person’s specific information on the dark web, whether it be bank account information, social security numbers, or medical data. I know from personal experience that these types of data are sold and shared on the dark web (Tor in particular), but I could also see how it would be tricky to hunt down any one set of data.

As I’ve said in previous posts, the “dark web” isn’t just one network, it’s many: Tor, I2P, Freenet, GNUnet, and ZeroNet are just a few. There are also numerous carding forums on the clearnet, which may surprise you – here’s a small sampling:

Prvtzone – also on Tor at prvtzone7mq377pw.onion

prvtzone

Carding Forum

cardingforum

Altenen Carding Forum

altenen

Even if they’re designed as scams (on the buyer end), the point is that they aren’t just on the dark web, and whatever technology they’re using would have to scour multiple networks to be able to find someone’s specific data.

The funny part about all this is that as a result of Experian claiming to monitor the dark web, a vendor in 2016 claimed to have hacked Experian’s database and sold their data on the dark web! How’s that for irony? Vendor claims to sell millions of Experian and Whois accounts on Dark Web

Now, correct me if I’m wrong – if someone actually has been successful in using this service, then…that’s great! I just tend to raise an eyebrow at claims like this.

There’s another company by the name of OWL Cybersecurity claiming to do the same thing, through a database of what they call DARKINT.

owl_cybersecurity_darkint.png

Feel free to use either of these if you really want to, but what I would do is research their claims, and learn about the technology that they use to “scan” the dark web – does it really gather useful data?

Then you can determine if you really need this service or not.

Besides…that owl is creepy as hell.

Mesh Networks: Create Your Own Dark Web

netsukuku-black-2048-2020

It’s an unfortunate fact that not everyone in the world can afford internet service, particularly when we’re dependent on ISP’s to provide that internet service (and there are often only a few companies available).

This is one of the reasons that “wireless mesh networks” are starting to become more popular. Mesh networks consist of radio nodes arranged in a “mesh” topology – they can cover anything from a very small locality, to a whole city, to even a whole country (though I don’t know of any networks of that size yet).

I know that people often think that there are “levels” of the deep web. There aren’t, but actually, there are hundreds, if not thousands, of different networks. Mesh networks would be included among these. A few that I know of are: Netsukuku (the dragon logo there), CCNx, cjdns, Freifunk, Funkfeuer, Coova, and Serval. Metaphorically, you could think of these as the next “level” of the web, because you can’t access them without the right hardware and software.

How is that done, you ask? To connect to most of these networks, you need a router with a radio antenna (thus why they’re called radio nodes), as well as whatever software corresponds to each network. Thus far, I’ve been able to connect to a few of them with my cell phone (CCNx and Serval), and one or two on my laptop (cjdns and Netsukuku), but haven’t really been able to do anything practical yet.

ronja

Ronja, one of many mesh networks.

This may be because I haven’t joined any active communities in the “mesh” world yet. I know that there are a number of existing ones out there, and I’ve recently gotten re-interested in that kind of thing, so maybe what I need to do is research this technology and get back into it.

Also, this is a very basic explanation of mesh networks, and to really understand them, you’ll have to visit each site and read the technical documentation.

digitata

I’m not promising that you’ll find anything dark and secretive on these networks – I highly doubt that. However, if you’re interested in the technology and how they achieve anonymity, there is lots of documentation, and plenty of links, that might help you.

In fact, technically, if you learned how to create your own mesh network, you could, theoretically, create your own darknet. How cool would that be?

Although I’m certain it couldn’t be done overnight. If I gain more experience with these, I think they will definitely be good subjects for future posts – and perhaps something that you readers can explore too.

wing

If you’re interested in exploring these more, here are links to a few of the networks’ homepages and repositories:

Netsukuku

The Serval Project

GitHub – cjdns

Freifunk (German)

FunkFeuer (German)

Ninux (Italian)

Have fun! Let me know if you discover anything new!