Chapter 6 A Walk on the Dark Side

The Dark Web, the Deep Web, what are they and where are they?
Many people believe the Dark Web and the Deep web are the same
thing but most people use the Deep Web every day without realising it.
Let’s start with the surface web, this is what most people simply refer to
as the internet, you may browse to a news website, look at the weather
forecast on another site, no login or password needed. That is the
surface web available to all, but if you decide to check your emails or re-
order a prescription online, you will be directed to a login page. Without
your username and password or other credentials you cannot proceed
to read your emails or order your medicine.
This is the Deep Web, which can only be accessed by a person having
login details to the service they need to access.
Let’s dwell no more on the Surface or the Deep but see how we can
access the Dark Web and what we can find there.
Start by typing in the following link:
http://hdwikihod77v6fas.onion/
into the address bar of your browser, I used Google as shown.

Despite that being a perfectly valid address, you will get an error
message saying that ‘unable to connect to the server’ ‘site unavailable’
or whatever error message your browser produces.
That is the web address (URL) of a site on the Dark Web and the search
engines/browsers you use on the surface web cannot find pages on the
Dark Web, so let’s see how we can get to that page.
The first thing you need to do is install a browser/search engine for the
Dark Web, which will give you access to that site.
Before we do that note the file extension for that Dark Web site the is
.onion, rather different from the usual .com/.net/.co.uk etc extensions
that we are used to seeing. Time to get the Dark Web Browser it is called
Tor, so head over to https://www.torproject.org/
or search for the Tor Project and download Tor for Windows if that’s the
OS you are using.

TOR is short for the Onion Router hence the extension .onion, for pages
that are accessed using Tor. It was initially a worldwide network of
servers developed with the U.S. Navy to allow people to communicate
over the internet with little chance of those communications being
intercepted. An ideal system for agents (spies) to pass information back
to their handlers. It eventually became a non-profit organization whose
purpose is to research and develop online privacy tools. The Tor network
disguises your identity by encrypting and moving your traffic across
different Tor servers, so it cannot be traced back to you. Anyone trying
to trace specific traffic will see it coming from random nodes on the Tor
network, instead of coming from your computer.
Let’s have a look at what happens by going to a known site on the
surface web via Tor. DO NOT resize the window that Tor opens for you,
your anonymity can be compromised if you do that, stick to the window
that Tor opened for you. After launching Tor you will see the Search
Page which uses the DuckDuckGo Search engine. Let’s search for BBC
news, as shown.
I followed the BBC news link and opened the website. Now, whichever
site you go to, click the i (information symbol) as shown.
You are told that you have a Secure Connection and the ‘route’ from the
browser firstly goes to the Netherlands which is called the Guard, with
IP address 77.162.229.73, then via Germany with a different IP and only
connects me to the BBC website after adding another connection via
Switzerland again with another change of IP address. If you click on New
Circuit for this Site you will see the Guard IP will remain the same but
either one or both of the other IP addresses will change and possibly the
Countries also.

So the BBC website, or anyone monitoring traffic reaching that website,

i.e. trying to track or collect data about the person who has connected
to bbc.com, will believe the person is in Switzerland. Whilst the Guard
IP rarely changes the other IPs and hence the route will be changed at
intervals by Tor so preserving the anonymity of the person connected to
the website.

Be in no doubt that Governments and Security Agencies all over the

world do not like their citizens having privacy, security and anonymity.
If a Govt was able to control the Tor network, it would be a simple
matter to follow each link in the Tor circuit and track down the person
from where they exited Tor right back to their computer by following
the IP addresses. The Guard IP is critical because they have the IP
address of the person who is joining the network, which would make it
possible to track down the actual person from their IP. Suffice to say
that people running the Guard/Entry node are very much trusted not to
be a member of security/government agencies.

Enough of using Tor to browse sites that are available on the Surface
Web, time to see how we access the Dark Web and what we can find
on there.

Remember you tried to go to http://hdwikihod77v6fas.onion/ using

your normal browser but were unable to do so, reason being that is a

.onion site URL so you need the Onion Router Tor to access that page.
Start the Tor browser and type http://hdwikihod77v6fas.onion/ into
the address bar as shown. Hit enter and instead of getting the message
site unavailable or something similar, as you did previously, you should
be presented with a page called The Hidden Wiki.

The Hidden Wiki is the best entry method into the Dark Web and if you
open your Tor browser and search for hidden wiki, rather than put the
hidden wiki url in the address bar, you will find other hidden wiki links
as there is no single official hidden wiki. Here’s another link to a Hidden
Wiki list: http://zqktlwi4fecvo6ri.onion/wiki/index.php/Main_Page

Before proceeding further, I need to make it very clear that the Dark
Web contains links to sites selling drugs, guns and many other illegal
products and services. I have shown you how to access the Deep Web,
what you chose to do there is absolutely, totally and completely your
responsibility.
What I want to do is to give you some information that may be helpful
to find your way around the Dark Web as you are now out of the reach
of Google so won’t get any help there. You have seen the DarkWeb
version of the DuckDuckGo browser is available on the Tor home page,
that is a good starting point to find something specific that you may be
looking for.

As some countries ban Facebook there is a DarkWeb version at:

https://3g2upl4pq6kufc4m.onion/
If you sign in there don’t expect to see any of your contacts, that
Facebook link only exists on the Dark Web and has nothing to do with
the surface web version, but by using Tor people are able to connect via
Facebook in Countries where Facebook is banned.

You may want to be sure that you are connected via Tor, and there is a
simple way to check, open your browser and type check.torproject.org

If you are connected via Tor you will see the page Congratulations This
browser is configured to use Tor.
You may wonder why anyone would check that Tor has been correctly
configured. Tor is not liked by Govts and security agencies and is blocked
in some Countries, e.g. China.

If you get the message that your Tor connection is successful, the
following exercise isn’t really necessary, but interesting to do.
Open your Browser/Search engine e.g. Google, or whatever you prefer,
I am assuming you have Google open, and also have your Tor Browser
open so you can easily switch between your Google and Tor browsers.
Go to https://www.ipqualityscore.com/ using Google.

Select Proxy Detection>>Tot Detection Test, then insert IP from your

‘Congratulations this browser is configured to use Tor’ page in my case
193.70.13.11

Result for TOR IP Detection test confirms that a Tor Connection is

detected.
We will return to find out how to connect via Tor if you are blocked from
doing so, but let’s look around the Dark Web further before doing that.

A popular DarkWeb search engine is Ahmia, the Onion link for Ahmia is:
http://msydqstlz2kzerdg.onion/ image below and link on Hidden Wiki
page.
DuckDuckGo is a favourite Search engine for the surface web, also has a
DarkWeb search engine, which is: https://3g2upl4pq6kufc4m.onion/

As you can see this is a .onion page, putting this url in the address bar of
the Tor browser will give you the same search engine page that
Duckduckgo gives you on the Clearnet.

For communicating on the Darkweb and email address may be required,

let us distinguish between types of DarkWeb emails.

There are DarkWeb email services which exist only on the DarkWeb, i.e.
you have an email address on the DarkWeb and you have to go to the
Darkweb to sign-in and send and receive emails. It is possible to have an
email service on the DarkWeb that will also allow you to send and
receive emails from the DarkWeb and Clearweb.

Examples of Darkweb only email providers are:

torbox http://torbox3uiot6wchz.onion/
riseup http://nzh3fv6jc6jskki3.onion
secmail https://secmailw453j7piv.onion.sh/src/login.php

I would not like to recommend one service over another, but secmail is
well established and supported, it also provides an extensive list of
interesting links when you login to your email account.
There is an email service called elude http://eludemaillhqfkh5.onion/
which provides a service that can send and receive emails between the
Darkweb and the Clearweb, however probably not a good idea for your
anonymity to do such a thing.

You may remember when we installed the Windscribe VPN, I suggested

using a temporary email address for you to register without using your
usual personal email address. One such temporary address was
guerrillamail and there is a DarkWeb version which can be found at:
http://grrmailb3fxpjbwm.onion/

I mentioned earlier that Tor maybe blocked by a Country, an ISP or

Network Administrator and you may wonder how this would be
possible.
Using your Tor Browser, go to the following URL:
https://check.torproject.org/torbulkexitlist
This is just the first few of a very long list of IP addresses you will find at
that URL. When you connected to the Tor network you were able to see
the Tor circuit from your browser to the web page that you were
viewing. The first connection in the circuit was the Guard IP address
(node) followed by two further addresses (nodes) before the exit IP
address (node).

The guard node (first IP address) needs to be trusted as it can see the
real IP address of the person making that connection, so can de-
anonymise that person, i.e. trace their location based on their IP
address. The list you have just been looking at is the list of Guard Node
IP addresses used by Tor which as you see is readily available.

A Government agency, Security service or ISP, could block all those IP

addresses so preventing anyone from connecting to the Tor network.

The entry, Guard IP address is also known as the Entry or Guard Relay,
the middle IP addresses the Middle Relay and the Exit IP address the Exit
Relay.

If the ‘entrance’ IP address to the Tor Network is blocked, it is possible

to use a ‘Bridge’ to bypass the Blocking. What this means in practice is
using an Entry (Guard) IP address that isn’t public so cannot be blocked.
This method was, and often still is, successful in evading Tor blocking.
However, ISPs and Govts in their effort to prevent people using Tor
started using a method known as DPI, Deep Packet Inspection.
By looking in more detail at the requests made by a computer, it is
possible to identify that certain internet ‘traffic’ is likely to be used by
Tor so will be blocked.

If you get the message ‘Congratulations. This browser is configured to

use Tor’, there is no point getting involved in using further methods such
as bridges for your Tor connection, as these additional steps will also
lead to a slower internet connection.
If you are being blocked from Tor you can use a bridge, which is a
connection IP address that is not publicly listed, so is unlikely to be
blocked by your ISP, Govt or Network Administrator.

The method of using a bridge keeps changing, currently the way to easily
add a bridge is to:

open the tor browser, near the top left is a box saying 'new to tor
browser? Let’s get started'. Click on that box and it will take you to a
page with options on the left, Welcome, Privacy, Tor Network (new),
Circuit display, Security. Click on 'Tor Network' and you will see a box at
the bottom saying 'Adjust Your Tor Network Settings'. clicking that will
take you to the Tor Settings page in the browser, here you have the
options to 'use a bridge', 'select a built-in bridge' and 'request a bridge
from tor Project'.

Below I have requested a bridge from tor project, and that appears in
the box below starting obs4……….

Now I return to my Tor browser and see when I click on the (i)
information button to show my Tor circuit, the circuit starts with the
obs4 bridge and not a guard circuit that you previously saw for a Tor
circuit connection.

It is possible to go directly to the Tor network settings page by starting

the Tor Browser, clicking the 'hamburger' (3 horizontal lines in the top
right hand corner) select 'options', that will take you directly to the
General preferences page, clicking on Tor will take you to the same page
allowing you to 'use a bridge' etc..

To repeat what I said earlier, adding a bridge is likely to severely slow

down your internet connection so should only be added if you are
blocked from using Tor.

Tor is available for Android, the app is called Orbot and can be
downloaded from the Google PlayStore. We won’t discuss Orbot here
as easy to download and install.

In the next chapter we will see how to use the Internet anonymously
from any computer, by installing a portable operating system on a USB
stick which uses Tor to go online.