A red onion sliced in half over white background

What is the dark web?

14:20 19 July in Cyber security, Privacy by robp
1

In this post I’m going to talk about the dark web. Even the name makes it sound scary – and a quick Google will confirm that impression. Lots of news stories about the horrors and bad things that lurk on the ‘dark web’. But what is it? Is it really that bad?

Onions

Part of the problem is that there is no real definition of the ‘dark web’ . It is sometimes written as darkweb, or called the deep web, and you will also see the acronym TOR bandied around in the same sentence. TOR stands for The Onion Router, and we’ll get onto that shortly (and that link is perfectly safe to follow if you want to jump ahead). All these phrases are used more or less interchangeably by the media and almost always in a negative context – it’s where cyber criminals lurk, and where you can find dark markets selling drugs or worse.

It’s perhaps easier to start by thinking about the public web. What is that? To most people it’s the websites we use every day – our banks, shops, and whatever other services. You might also include things like Netflix and iMessage. In other words, publicly available services that run over the internet. The defining thing about these is that they are easy to find. You just head to google (or the search engine of your choice) type in whatever it is you are after and, voila, a big list of websites. So when people talk about the dark web what they really mean is websites that are not publicly available, and that can’t just be found using a search engine. These are websites that might only be accessible if you have a user name and password, or which you have to know the URL to get to directly (www.bbc.co.uk is a url). These websites are there, but you have to know where to look – perhaps you have to be on the right criminal forum for instance.

So that’s one sort of dark web – quite simply just websites that are not easy to find, or are protected in some way. So lets talk about TOR. TOR is more than just not easy to find websites – TOR is a system that provides both for anonymous browsing and for ‘anonymous’ hosting of websites. TOR has its origins in US government research, before being spun out into the TOR Project, which is how it is currently maintained. TOR relies on people committing resource to the project – and resource in this context means computers on networks.

Usually, when you connect to a website your computer initiates a connection directly to the computer hosting the website you want to get to. Data is sent directly back and forth between the two devices. However TOR uses the computers that the contributors provide to set up a network of relays. Instead of connecting directly to Website X, you connect to a TOR entry node – it forwards the request onto a second TOR node. However, the second TOR node does not know who you are, it only knows it has had a request from the first node. Node 2 can forward the request on to Node 3, and again all Node 3 knows is the request originated at Node 2. Finally, one of the nodes (called an exit node) will connect to Website X on your behalf. Of course, all Website X can see is a connection from the exit node – it has no idea where you, the originator, are. Website X sends its response data back to the exit node, which passes it to Node 3, which passes it to Node 2 etc, and the first node sends the data back to you.

Because encryption is used cleverly to set up the TOR circuit (what the hops between the nodes are called) all the first node knows is that you want to access the internet – it has no idea which website you are trying to connect to. Your request gets passed through the TOR circuit to the exit node, which peels away the last layer of encryption, and reveals the website you want to visit, and then it makes the connection. This means that no nodes know both who you are and which website you are trying to visit. This makes TOR a powerful and effective tool for anonymous web browsing.

However TOR can also be used to host web sites. The actual means is quite complex, but operates broadly similarly to the above, with the ultimate effect of allowing someone to host a website, but for no one visiting that website to know where it actually is. It is this ‘hidden service’ functionality of TOR that allows for some unsavoury hosting.

So is this good or bad?

In my opinion TOR is neither. The anonymity it provides is extremely useful for people in many parts of the world where the internet is subject to monitoring or censorship, and indeed even in the west is used for plenty of legitimate reasons by those who desire, or need, strong privacy. The hosting component seems less desirable, but equally the FBI, and other law enforcers, seem quite good at compromising and rounding up the worst offenders, and really for broader criminality TOR is only one part of the jigsaw. Physical crimes still need to be committed somewhere, where victims might report the perpetrators, and drugs and guns and other prohibited goods still need to be physically delivered. So the ‘dark net’ forums are not the end of the rule of law that some might want you to believe.

As for what this means for you – well, download and set up the TOR browser and have a play. Visit some hidden services – there are plenty of legitimate ones. Some organisations block connections from TOR from visiting their websites by default. This feels pointless to me – if you have a well defended website, you shouldn’t worry where people come from, and there are plenty of people who use TOR entirely legitimately. If you are a company that does sensitive research, or perhaps are thinking of buying a rival, TOR is a good way of ensuring your interests are not detected.

As always, if you have questions please get in touch! Find us on twitter, or use the contact form.

Thanks for reading

Rob