Tor vs. I2P vs. Freenet: Difference?

GMpeM

When people think of the “dark web,” usually what comes to mind, if anything, is Tor. After all, it’s the one that’s been in the news most often, and the terms are inextricably linked.

If you’re new here, I should mention that in a couple of my previous posts, such as How to Access the Dark Web with I2P! and Exploring the Dark Web on Freenet (Part 3!), I elaborated on I2P and Freenet a little bit. These two are other popular anonymity networks that, like Tor, attempt to preserve users’ privacy. For the curious, I will sum up the three of them.

Tor

tor_linux

Tor, as I’ve mentioned on some earlier posts, is both a network and a browser. The browser is available at Tor Project. (Speaking of which, they just released a new version of the browser, which you should download if you want to use it!)

The network attempts to keep you anonymous while browsing online by directing your web traffic through a worldwide system of relays and nodes (a.k.a. the Tor network).

The browser, on the other hand, is a fork of Firefox, which is optimized for privacy. It includes plugins such as HTTPS Everywhere, which encrypts communications on a number of major sites. It also includes NoScript, which helps prevent exploits via plugins like JavaScript, Java, and Flash, and protects against attacks like cross-site scripting (XSS)and clickjacking.

Here’s one of the confusing parts: the sites that people often refer to as the “deep web” or “dark web” are technically called “Tor hidden services” (.onion sites). One of the other features of Tor is that you can host websites on it anonymously – thus why it’s so popular. I’ve listed quite a few onion sites on previous posts, but if it’s your first time here, these are a few examples:

Fresh Onions

Ahmia Search Engine

Daniel’s Hosting

Contrary to popular belief, not all onion sites have illegal or disturbing material on them. In fact, some are very bare bones and, dare I say, boring. That’s probably because the point wasn’t for them to be scary.  A good majority of onion sites are more technically oriented, although there are a plethora of scams too.

I2P

I2P_router_console_0.7.7

I2P, like Tor, is an anonymous overlay network. However, there are a number of differences between the two:

  • I2P is message-based. Communications are end-to-end encrypted, and each client application is referred to as a “router,” so to speak. The client has their router build several inbound and outbound tunnels, i.e. a pathway to another machine on the network. Each user on the network chooses the “length” of these tunnels, and finds a happy medium between anonymity and speed, depending on what he values. This is referred to as “garlic routing” (as opposed to onion routing).
  • I2P has its own interactive services, like web browsing (using any traditional browser like Firefox or Chrome), plus email, chat, file-sharing, messaging, blogging, and a distributed datastore (like that of Freenet). See more about this at I2P Services.
  • Unlike Tor, I2P can be used for torrenting, using applications like I2P Snark or the Bittorrent network: Bittorrent over I2P. While you technically can torrent over Tor, there’s a great chance that it will break your anonymity.

This is only a very basic summary – if you want to know more, click the links there and you can read some of the technical documentation.

Freenet

freenet_scifi

Freenet is a peer-to-peer (P2P) network which allows you to anonymously share files, send messages, and publish websites that are, in theory, resistant to censorship. It also uses what’s called a “distributed datastore” for the purpose of filesharing. In other words, users “donate” a portion of their hard drive so that other users can share files (the datastore is encrypted, however).

When you first join the network, you are given a cryptographic identifier (key), which, in essence, becomes your “name.” (Think of it like James Bond’s 007 name.) The key looks something like this: http://localhost:8888/freenet:USK@ZVtoHFm~Lm5FctbjloVYwQ0b5KaAae6TeQGk8fswJs4,kRR5rHBQuNpaiFqZE-v3Rtv0e~LWFFbxbh9tAt44UEM,AQACAAE/ffffff/12/  And you thought onion links were hard to remember!

One major difference between Tor and Freenet is that all of the Freenet sites are listed in directories that you can find inside the network (which isn’t always the case with Tor). For example, there is one directory called “Nerdageddon,” which lists many (but not all) of the Freenet sites. However, it excludes pornographic sites and other such material:

freenet_nerdageddon

When you click on a site, your computer “downloads” the page from Freenet, and you must wait for it to load before being able to browse it:

freenet_downloading_censored

Although it’s for different reasons, Freenet, like Tor, tends to be slow. Again, it’s a trade-off between anonymity and speed, so it depends on which you value most. As opposed to Tor, if you want to join social networks or forums on Freenet, you need to download various plugins, such as Sone (a Facebook-like social network) or WebofTrust.

The upside of this is that you aren’t downloading programs from some random onion site  that you happened across, which may or may not have malicious intent. Plus, Freenet has the option of operating in either “opennet” or “darknet” modes. In opennet mode, you connect to anyone on the network, whereas in darknet mode, you connect only to friends.

Summing it Up

In any case, I find all of these networks to be interesting, and if you’re curious, I say explore them. Just know what you’re getting into, and if you don’t understand something, read the documentation or ask.

That’s not a crime, is it?

 

Advertisements

There Is No Marianas Web, But . . .

isolation-threat-dark-web-100697135-large

by Ciphas

I’ve noticed that a popular question regarding the deep/dark web lately is about “Marianas Web,” which is supposedly the “deepest” level of the deep web. Well, I hate to tell you this, folks, but there is no such thing. There never was.

I believe I’ve referenced RationalWiki’s Deep web entry before, but it really is a great reference if you want to know the honest truth about it. I love the idea of there being “levels” to the web, but it’s the stuff of sci-fi.

Nonetheless, as I’ve mentioned on some previous entries, there are many anonymity networks other than Tor in existence – this might be the kind of thing that people are searching for…what else is out there?

So far, I believe I’ve discussed I2P, Freenet, and ZeroNet to a degree. If you have yet to explore these, take a look. There’s some interesting stuff to be found.

Oh? What’s that you say? You’ve already used these and found nothing? Well, as they said on All Onion Services:

The truth of the matter is there isn’t very many online onion services. Of those that are online, most aren’t worth visiting. They’re scams, phishing attempts, or low-traffic forums that are going to stop existing after a week. You should very quickly realize this after using a “real” index or search engine. No, your inability to find awesome secrets or spooky media is not because you haven’t found the right index/search engine. It’s because that stuff isn’t there. At least not on the “deep web.”

allonions_2

Yeah, that might be disappointing, but even I was surprised to find, upon my first day visiting Tor, that it was far from what the horror stories had made it out to be. Most of what I clicked on turned out to be dead links, in fact.

Still, I was interested in what other networks might be out there, which was how I ended up coming across the variety of wireless mesh networks and P2P networks that were (or are) actively being developed.

One that interested me a lot was Netsukuku (maybe just because of its name), because it was not only a mesh network, but also, as the developers stated, meant to be “autonomous.” (How’s that for your giant A.I. separate from the internet?)

Mother_Brain_Metroid_Zero_Mission

Unfortunately, it appears that Netsukuku is no longer being developed, though I think you can download some releases of it from repositories:

Netsukuku Dyne.org

Index of /netsukuku

It may be that you can compile and install it, but there aren’t a whole lot of peers to connect to. I’ve experienced this on some other P2P networks, like Osiris Serverless Portal System, which I mentioned on a much earlier post.

osiris_sps2

Osiris is a network that allows the anonymous creation of web portals without a central server – like Tor, its concept was to protect data and resist censorship. Unfortunately, it doesn’t seem to have been updated in a long time either. You can try it out if you like at the link above.

Anyhow, my concept of a “Marianas Web” would be this: a censorship-resistant, private network that is not connected to the internet, and could only be accessed by a select group of people.

It, like Tor, would disguise your IP address and encrypt messages, but might also allow things like P2P file sharing. It would be interesting if it had types of services that you couldn’t find on Tor, to differentiate the two.

Want to create one? I’ll join you on there in a minute.

P.S. You want liiiiiiiiiinks, don’t you? Here:

Evilweb Forum

Exposing A Scam: V3RDAD

For the record: I don’t like scammers (who does?), but I have encountered many of them, especially on Tor and other darknets. I suppose that’s all par for the course.

My most recent scam encounter has been with a fellow who calls himself (or herself?) V3RDAD.

He has a profile on ask.fm, which is a question and answer site along the lines of Quora or Yahoo! Answers. On this profile, he links to a Tor hidden service at http://dafynex6ytjnpeo4.onion/ Fine – there’s nothing wrong with that, except that I find all of his answers to be sketchy in nature.

Here’s one example:

ask_fm_scam

In the screenshot above, someone asks “Why does taur node open a listening connection? My antivirus blocked it.”

His answer:

“Taur Node creates a listener to handle up-to-date information coming from the network itself. The only purpose of it is to display pop-up information about the network, like network status, node availability, login information, etc. Just disable your antivirus software before starting the node. If you are too paranoid about it, you can simply just kill it’s process after you are done / disconnected from the network and re-enable your antivirus again. Killing the process of the node will disable any incoming activity and kill the listener.. you will basically not be able to receive any information about the network anymore.”

OK – does that sound suspicious to anyone? He’s asking some random person to disable their antivirus program after the program blocked this so-called “taur” software. I realize that on occasion, antivirus programs will block software that isn’t malicious, but why should I trust you, V3RDAD?

The Tor hidden service that he links to is entitled “whoami,” and looks like this:

dafy_node_scam

The links with the purple text have various downloads, all of which (as I said before) look very sketchy. The operator of this site claims that you need the downloads to connect to a so-called “taur node” (in other words, nodes on his “private network”).

Again, this sounds like a scam to me. If you really want to try it (which I don’t recommend), use a virtual machine (e.g. Qubes or Tails) so that the file can’t potentially harm your computer.

If you look at some of his other answers, they also sound like bullshit:

Q. What is vbs0rkxc.dafy?

A. The answer to Level 7.

Um…OK, if you say so. If you’ve read any of my earlier posts (or RationalWiki, for that matter), you should know that there are no “deep web levels,” as intriguing as that might sound.

It’s possible that the same person may also have written this blog post, although I’m not sure: Darkfantasy Network. Why do I say this? It has a list of so-called “dafy links” (where have I heard that before?)

dafy_links

In addition, it has a list of “Nept Links,” “Life Links,” “Taur Links,” and “Elen Links,” accompanied by mysterious descriptions. Here are a few examples:

http://girogahary5arofeideidegivoly.nept/ – Dark Babylon City (hidden marketplace)

G94dkElc.dafy – Conspiration Forum

http://ekkhgiskagfrawahulatriaottyx.nept/ – How the Universe was Created

You get the idea. And to try to lend credence to his links, he throws in a few real ones, including ChaosVPN and Freenet. This isn’t the first time I’ve seen something like this. Remember The Shadow Web? (*cough cough*)

Anyhow, I don’t suggest downloading anything from these sites, as it may potentially harm your computer. And of course, don’t give this person any money. Want some real darknet links, though? Here:

http://rrbm3jiflz3euxhp.onion/wordpress/

http://zfq7tgxed245jpdz.onion/ – The Darknet Project 0ffSecurity

bdtq4shqkbb3yy7b.onion – DARKWEB LEGION (yes, that’s how they wrote it)

ZeroNet Links:

http://127.0.0.1:43110/kaffiene.bit/

127.0.0.1:43110/138R53t3ZW7KDfSfxVpWUsMXgwUnsDNXLP/

http://127.0.0.1:43110/zerochatrooms.bit/

Freenet Links:

http://localhost:8888/freenet:USK@tiYrPDh~fDeH5V7NZjpp~QuubaHwgks88iwlRXXLLWA,yboLMwX1dChz8fWKjmbdtl38HR5uiCOdIUT86ohUyRg,AQACAAE/nerdageddon/247/ – Nerdageddon

http://localhost:8888/USK@XJZAi25dd5y7lrxE3cHMmM-xZ-c-hlPpKLYeLC0YG5I,8XTbR1bd9RBXlX6j-OZNednsJ8Cl6EAeBBebC3jtMFU,AQACAAE/index/711/ – Enzo’s Index

http://localhost:8888/freenet:USK@2u8eFaTHrvLzeHeq9vXFV8wzivgTG1ExY6v1cM8Zblo,eDLofzubExKX5A8TK0SqdQb3jrI0fDlgw-iaxXUEHVQ,AQACAAE/ttipdocs/5/ – Greenpeace TTIP Leaks

http://localhost:8888/USK@1ORdIvjL2H1bZblJcP8hu2LjjKtVB-rVzp8mLty~5N4,8hL85otZBbq0geDsSKkBK4sKESL2SrNVecFZz9NxGVQ,AQACAAE/bluishcoder/21/ – Bluish Coder

I also recently found a site that maps the Hyperboria Network, which uses the cjdns protocol: fc00 – these I really haven’t checked out yet, so maybe you can fill me in!

I guarantee that these are all real links (although I can’t guarantee that the information on them is accurate). Check those out, and let me know if you find anything of interest. If you don’t, keep searching!

 

 

 

 

 

 

Creating a Hidden Network?

Journey_to_the_Dark_Web

One of my readers, with whom I’ve been corresponding on and off, wrote to me with an idea about creating a hidden network from scratch. It may have been inspired by one of my earlier posts, The “Shadow Web” Cited Me? Awesome!

In this post, I speculated about how you could create your own “shadow web,” i.e. a network that offered anonymity, and that you and only a select few people could access. In response, this reader had a few suggestions for such a network (I’m paraphrasing his (or her?) words here):

  1. One in which you could communicate via Telnet or Netcat over the Tor network.
  2. No DNS, no sites, just chats.
  3. Each user has his own list of peers.
  4. No nicknames, just onion domains.
  5. Everything is done manually, to avoid potential security flaws.
  6. Users select someone to chat with from the peer list and connect via TCP socket over Tor.

 

telnet_screenshot_2

This is, more or less, what I had in mind when I described the idea of creating a hidden network, although I had hoped that you could build websites on top of it too. What I’m unsure of, in his description, is what he means by “no nicknames,” as I would think you would need some kind of identifier to use a chat feature.

Even if the names weren’t user-generated, you could have this encrypted chat generate them for you. To use the example of the “nonsense word generators” again, perhaps the program could generate two names like this:

Hokr

Ngwood

It could also generate cryptographic keys for each identity, like:

6U-^QoM&m{z?H]g~c”AX3VgQqzVVo+

VtjHjR00ZCYVvU7Gs2iuWXQd2lX6oPDi

It’s similar to Freenet’s WebOfTrust plugin, which also generates identities for users of the network. In the case of Freenet, you have to solve some puzzles (which are more or less CAPTCHAs) in order to introduce your identity to other users. This is done to prevent bots from “joining” the network.

setup004

Personally, I love this idea, although I’m still in the process of studying some of this, and I might need a little help getting started. Anyone else have ideas to contribute? Feel free!

Hey, sooner or later I may actually have my own darknet! (And of course, I’d have to make it dark and scary.)

curtain

Closed Shell Systems? Nope!

I’m writing this in response to a comment I received on my previous post. It reads:

I have DN42 connected. When I ‘dig @172.23.0.53 chaos’ this returns SERVFAIL or REFUSED. Same with ChaosVPN and Anonet DNS.
What is .chaos TLD? Closed Shell System?

To my knowledge, there is no such thing as the top-level domain “.chaos.” That being said, I’m not surprised if someone is spreading this kind of misinformation around, because the same thing has happened in the past, with software that supposedly allows you to access “.lll or .rdos sites,” or “.clos sites.”

There is no such thing as a “closed shell system.” Whoever created that original “iceberg” misinfographic (the one located here: https://imgur.com/pj0jbtP) helped perpetuate the myth, by claiming that a “closed shell system” was required to reach deeper levels of the deep web. I know I’ll never convince everyone of this fact, so there will always be some people out there believing it.

chaosvpn_wiki

On the other hand, if you create a hidden network of your own (like a VPN-based one), it’s possible that you can make up your own domain names for it, though they won’t be considered official ones by the Internet Assigned Names Authority (IANA). dn42, for example, has sites built on top of it with the domain name “.dn42.” ChaosVPN has sites built on it with the domain name “.hack,” and so on and so forth.

I mentioned this on an earlier post, but if you go to ICANN.org, they have a list of all the approved TLDs that exist right now: List of Top-Level Domains. There are also Pseudo-top-level domains, which are names for computer networks that don’t participate in the official DNS, and may or may not be part of the internet. This would include VPNs like dn42.

links

Connecting to dn42 is fairly simple, as you can reach it via tunnels from other networks, like OpenVPN, Tinc, or Edge. Full sets of instructions can be found here: dn42 how-to. That being said, if something doesn’t exist, you certainly can’t connect to it!

I think that the “closed shell system” concept might be a reference to Ghost in the Shell, or something along those lines, which, although interesting, is pure science fiction. Any network that exists has some way of accessing it, given the right hardware or software, and/or permissions.

Beyond that, just because it’s a hidden network doesn’t mean it has any special, secretive information on it. Hate to disappoint you!

Still, it could be interesting – just stay in the realm of reality, OK?

P.S. These are some of the existing networks/software that I know of, if you’re interesting in checking them out further:

Tor

I2P

Freenet

dn42

GNUnet

CICN

OneSwarm

Retroshare

ZeroNet

Tribler

Netsukuku

Freifunk

FunkFeuer

10866

The Real “Deep Web Levels”

Ever since those ridiculous “infographics” came out in 2013 claiming that there were “levels” to the deep web, people seem to constantly be asking how to access them. Specifically, this is the one I had in mind:

Deep_web_lies

I know I’ll never convince everyone of this, but as I mentioned in my previous post, there are no levels to the deep web, or dark web.

What really exists are different anonymity networks, which achieve this in different ways. Obviously, the most widely used one is Tor. I’ve probably explained how it works in earlier posts, but Tor disguises your identity and location by encapsulating your communications in layers of encryption, analogous to the layers of an onion.

The sites that people frequently refer to as “deep web sites” are technically called “Tor hidden services.” Tor makes it difficult to trace the locations of the servers from which these sites are running, thus why they tend to involve criminal activity, like fraud, narcoctics, and weapons sales.

Beyond Tor, there are other networks, like I2P, Freenet, ZeroNet, and Umbra. And, as I mentioned in my last post, there are also the mesh routing networks, made up of radio nodes. These networks accomplish anonymity in different ways than Tor does, but they mostly have the same purpose: send email, send messages, share files, and set up websites without revealing your identity.

I’ve discussed Tor, I2P, and Freenet in various posts, but haven’t talked about the last two yet.

ZeroNet is a newer network that uses bitcoin cryptography, as well as Tor, to achieve anonymity. The way that it uses Tor is that your communications are sent through the Tor network, much like if you were using the Tor browser itself.

zerohello

As with Tor, you can use ZeroNet to send email, build websites, send messages, and download files anonymously. ZeroNet, at the moment, doesn’t have its own unique browser. However, you can configure Firefox or other browsers to use ZeroNet. It’s actually not that difficult.

ZeroNet’s downside, at present, is that only a small community of users seem to be taking advantage of it. So, if you want to build the community, join and tell your friends about it!

Umbra, on the other hand, I have yet to experience, but I’m planning to try it out as well. Its creators are the same innovators behind the Shadowcash cryptocurrency. I think Umbra should be the subject of a future post. The GUI of Umbra, oddly enough, looks similar to ZeroNet. I’m not sure if one influenced the other in any way.

umbra

Anyhow, as for “deep web levels,” the only thing more confidential than these networks would be the top secret networks used by the U.S. government, like SIPRNet, NIPRNet, JWICS, CAVNET, and GWAN, which are used to share sensitive or classified information. Other governments have similar networks, though at the moment, I don’t know their names.

Even if you were to access them, they probably wouldn’t be as interesting as the movies make them out to be. Too bad, huh?

I’m sure that no matter what, I’ll never convince everyone that there are no special “deep web levels” that you can somehow access, but one person can only do so much.

My suggestion is to check out the real networks that do exist, and educate yourself on what you find. You never know – it could be fascinating!

(Unlike the one below – if it’s so secretive, why is it using Windows 3.1?)

imwghhzrv8LmRSsDbP2hDvmyDG5dlYLMQ7brOdlXDVo

Darkfox: Access the Dark Web with Ease!

darkfox

NOTE: Darkfox will not help you access .clos, .rdos, .lll, or .loky domains. Those don’t exist!! It will help you access .onion, .I2P, and 127.0.0.1:8888 URIs.

by Ciphas

This may sound like an infomercial, but I swear it’s not.

Those of you who use darknets, in particular Tor, I2P, and Freenet, might have noticed that it can sometimes be inconvenient to have to run each one in a separate browser, or at least have to launch the programs separately.

Well, I found a program that makes it simpler to connect to any of these three networks with a simple command: it’s called Darkfox Launcher.

Its advantage is that it lets you access Tor, I2P, or Freenet without having to change your configurations every time. Plus, it’s very simple to use.

The GitHub page goes into a little more detail, but one of the most important questions it answers is: “How does Darkfox Launcher work?”

Here’s the answer: “Darkfox Launcher works by first changing the default profile of the Firefox Portable software and with that, changing the default network configuration. Once this phase is done, Darkfox will proceed by launching the Darknet proxy software to make the connection to the Darknet chosen by the user. When completed, Firefox Portable will boot to the default startpage of that specific Darknet.”

Darkfox is also a convenient way of quickly accessing one of these networks if, say, you need to contact someone through the network and don’t want to go through the process of installing, for example, I2P.

Included in its software package are these things: Firefox Portable Edition, and the proxy software from the Tor Project, the Invisible Internet Project (I2P), and the Freenet Project. If you’re unfamiliar with each of these, it might help to check them out individually first!

So what’s my opinion? I’ve been using it for a little while now, and while it does have a few bugs, I love it. (Besides, what software doesn’t have bugs, especially in the early stages?)

And you may have noticed that, since it’s on GitHub, Darkfox Launcher is also open source. To that end, if you want to fork it and contribute to the code, feel free.

Now, its downside is that it isn’t as secure as the actual Tor browser. So, if you’re doing some kind of hardcore whistleblowing, or engaging in illicit activities, I don’t recommend Darkfox for you. It’s still a work-in-progress, though, so future versions will probably have improved security features.

On a side note, this may just be nostalgia, but its UI reminds me of both the DOS command prompt and the Bash Unix shell. *Nerding out*

While it may not be about bells and whistles, I think Darkfox Launcher accomplishes its purpose well. For more information about it, check out the Darkfox Read Me: https://github.com/blacklight447/Darkfox-Launcher/blob/master/README.md.

If that’s not enough, take a look at its source code here: https://github.com/blacklight447/Darkfox-Launcher/blob/master/darkfox%20code

darkfox_sourcecode

Who knows? Perhaps in the future, it will have the ability to launch Tor and do your taxes.