Saturday, April 9, 2016

Tourist's Guide to the Dark Web

I've gotten the same question from multiple people lately, which means it's time for a blog post. The question: What exactly is the 'Dark Web'?

First, let's clear up the language. There's "deep web," "dark net," and "dark web." These are not synonyms.

The "deep web" is any website that's not indexed/searchable on what we know and love as the Internet. Your online bank account or Yahoo/Gmail/Live/etc. email are examples of this. Basically, if you need to authenticate to reach content (log in with a username and password or passcode), you're accessing the deep web.

A "dark net," the term most often mistakenly used as a euphemism for "dark web," is unused IP space within an allocated range. It can also mean undiscoverable/masked IP space, such as virtual private networks (VPNs). Prior to the existence of the dark web, VPN nesting (using multiple virtual services to connect) was a popular method for those wishing to make their online trail difficult to follow.

The "dark web" is the mysterious sub-Internet underground society filled with shadowy figures who are anti-censorship or conducting nefarious activity.

Understanding the Internet's underbelly requires a brief overview of the Internet itself. Typically, a web browser is the means by which most of us connect to websites (I know, I know, there's curl, wget, and such; that's a different discussion). Web browsers dictate the user experience governing your connection. You can customize them to block ads, enforce SSL encryption (on websites that support it), add or remove domain and IP block lists, and on and on, or you can simply launch the browser, as is, and you're off and running. Meanwhile, your service provider, such as your home ISP, or your network admins at your office have ultimate control over how Firefox, Safari, Internet Explorer, Edge, Chrome, etc. access and interact with web and mobile sites. While some of the places we visit are members-only (see deep web), everyone can freely access the multitude of public web pages.

Well, not everyone. Which leads us to the "dark web."

The dark web was originally intended as a literal and figurative tunnel bored through the open web to enable unfettered Internet access for political dissidents, journalists, and others concerned about online privacy and censorship. Access is gained by one of several special web browsers that circumvent website tracking and traffic-control technologies while hiding their originating IP address to avoid being identified. Tor and i2P are examples of these browsers while the Great Firewall of China is an example of a reason they exist. The dark web very quickly attracted other types of people wishing to remain anonymous and/or hide their activity, namely criminals. Forums and markets appeared offering everything from street drugs, tutorials on cashing out ill-gotten gains, buying & selling weapons, hackers-for-hire....you get the idea.

The dark web is like any other community in real life or on the Internet. It has its nice side, where privacy-minded folks just want to do what they do without their activity being impeded or tracked. And it has its creepy neighborhoods, places you might think twice about visiting. I know the pull of curiosity is strong and anonymity can be empowering. Just remember that what you see can't be unseen. Disturbing content can stay with you, whether you like it or not. Consider yourself warned.

So how does the dark web work? It's sort of like a peer-to-peer network where the data sent from the browser gets broken up and distributed across multiple server relays ("nodes") operated by volunteers and through which traffic gets randomized. For optimization, a single session lasting a few minutes will follow the same route. Longer sessions or subsequent sessions will get re-routed to make tracking more difficult.

If you visit, enjoy your stay and try to avoid getting hurt or hurting others. The takedown and arrest of the operator of one of the dark web's largest drug markets, Silk Road, should serve as a reminder that, at the end of the day, we're all human. Humans make mistakes and that's how they get caught.