Dark web, deep web, clear web – just words or more? Well, in seeing just how many of you are interested in hearing all about the dark wonders of the internet, I’ve decided to make this small dark web guide. So, if you want to learn all about Tor Onion, Silk Road, secret, hush-hush Governmental ops, and how to get on the dark web, of course, you came to the right place. Welcome to the shadows, my friends! I will be your guide.
WTH is the dark web anyway?
Now, before we dig into it, we’ll need to stage a little show-and-tell about the differences between the deep web, dark web, and clear net. I’ll start with the later because writer’s privilege. So, the clear web is the very first and very visible layer of the Internet. Basically, it’s what we see when we do a Google or Bing search for things like cat videos or popular YouTube songs.
From a technical standpoint, clear web defines the content that it’s indexed, crawled, and displayed by the various search engines. Unfortunately, the clear web accounts for approximately 4 percent of the Internet. So, if the clear web is only a very tiny portion of the Internet, what happened to the rest?
Thor Foresight makes sure that link is safe!
Your parents and friends will click any suspicious link, so make sure they're protected.
Thor Foresight provides:
Automatic and silent software updates
Smart protection against malware
Compatibility with any traditional antivirus.
Deep web vs. dark web
Welcome to the deep web, the part of the Internet that’s not indexed by search engines. There’s nothing spooky about the deep web; it contains stuff like scientific white papers, medical records, tax-related info, PayPal subscriptions, army communique, and much more. Although the deep web’s hiding behind HTTPS forms, its contents can be accessed if you know what you’re looking for.
Most of the websites hosted on the dark web can be access on a credential basis. For instance, if your health provider has a website capable of displaying bloodwork tests online, that particular section will be hosted on the deep web – it will not be indexed by Google or Bing and can only be accessed via password.
Oh, nearly forgot to mention that the deep web accounts for about 90 percent of all Internet.
That’s about it about the clear web and the deep web.
Remember: Clear, Deep, and Dark.
What’s the dark web then? Well, if the clear web is Google’s BFF and the deep web, its secret lover, then the dark web can only be the evil twin or the oddball.
Accounting for 6 percent of the Internet, the dark web is a most peculiar blend – on the one hand, it’s a cesspool, a rendezvous place for drug dealers, black hat hackers, hitmen, and human traffickers. On the other hand, due to its covert nature (I’ll get to that in a sec), this Internet fold acts like a liaison between political outcasts and people the free world. It’s also used by people who want to submit anonymous tips (whistleblowers).
The dark web is favored by both groups because of its ability to render anyone and anything invisible. Privacy and anonymity are what you might consider the core values of the darknet. There’s no such thing as a mother-server that hosts the entire dark web, but rather a swarm of servers and nodes that can only be accessed through onion-type links. So, what are those?
More on Tor Onions
Since everything’s decentralized on the dark web, there are no crawlers to bring together the information. Even the URLs, if we can call them that, are infinitely different from what we’re used to.
For instance, if you want to access a site like YouTube, all you need to do is to write the URL in the address bar (i.e. https://youtube.com) or search for the website using google.com. Now, on the dark web, you’ll have to know the URL right to the last decimal and character to access it. All dark web addresses contain seemingly random strings comprised of numbers and letters, followed by a .onion extension.
Again, we shouldn’t lose sight of the fact that the dark web’s the place where the bulk of criminal activities take place. Everything little sordid detail you heard over the news about the dark web is painfully true.
This is the place where hackers come to purchase data stolen from users or companies or offer their services in exchange for Bitcoins or other forms of cryptocurrency. More than that, if you dare to dig deep enough, you can uncover other hair-raising activities such as human trafficking, child pornography, torture, or murder on demand.
Charming little spot, isn’t it? Well, that’s where we’re heading. Now, before you can access the dark web, there a couple of things you must do, security-wise. Ready? Set? Go!
Preparing to set sail
#1. Install a VPN
VPNs are a must when you’re attempting to access the dark web. Why? Because of the long arm of the law, of course. Technically, you are free to surf on this Internet layer, provided that you don’t engage in any illegal activities. However, a recent ruling by the US Supreme Court deemed that even casually browsing the darknet can get you in a lot of hot water.
This means that if the authorities would intercept your darknet connection request, they would have had enough reason to search your house and confiscate the machine used for browsing. So, do yourself a favor and download a VPN before messing about on the dark web. Need a hand picking one? Check out this article written by one of my colleagues to narrow down your search.
#2. Install an adequate browser
The first rule of the dark web – never, ever use your default browser to search for stuff on the darknet. Popular browsers like Chrome, Opera, or Firefox have tracking technologies that make you very visible on the authorities’ radar. So, if you’re still willing to do this, I would recommend you download Tor, which is, by far, the safest and easy-to-use onion browser.
Of course, there are others who would argue that Tor being made by the military for covert communication makes it unreliable, privacy-wise since it’s believed to be watched. I wouldn’t take that one for granted, but, then again, there’s no smoke without fire. It’s all up to you.
Of Tor, VPNs and other demons
Anyway, going back to Tor – why use this particular browser over a regular one? Well, that’s a rather long story, but worth telling nonetheless. As you know, a regular browser mediates between the user’s search request and the site about to be accessed. Normally, your query will go through the ISP’s DNS, which in turn consults other resources to help you get the answer you were looking for.
Now, with Tor, the search request kind of bounces around multiple Tor relays before completing your search request. You’re probably wondering about what the heck are Tor relays. Well, what we call the clear web is, in fact, a conglomerate of servers, which are managed either by companies or on volunteer-basis.
The same principle applies more or less to what we call the dark web. Since it’s the dark side of the Internet we’re dealing with here, secrecy and untraceability become inherent. Thus, the info’s stored on Tor relays which are managed by volunteers.
So, what happens when you want to access a dark web onion? First of all, if you followed my advice and installed a VPN, the tunneling signal will be encrypted. This means that your ISP won’t have a clue about what you’re about to search for. Sure, it can still see that you want to access a Tor node, but other than it’s blinder than a mole.
From there, it will be redirected to another node and then another one. Why does it do that? For anonymity reasons, of course; no breadcrumbs means that there’s no way for someone to trace the signal back to you.
VPN Only? Unlikely.
Congrats! You just took the first steps of your dark web journey. Still, there are a couple of more precautions you must take before you can pop open Pandora’s box of dark Internet wonders. Getting back to Tor and VPN. There’s no broad consensus on dark web safety.
However, everyone tends to agree that using only Tor is not enough. The two of them (Tor and VPN) work in tandem and, as it happens, there are several ways of tunneling your way all the way through the dark web using this dynamic duo. Here’s what you need to know.
Method I – Tor over VPN
Sounds very techie, doesn’t it? Well, it’s really not that complicated – using the Tor over VPN method means connecting to a VPN service before using the Tor browser. Have to say that this is the most popular and safest method to access onion links, and, on my part, a marriage made in Heaven: Tor’s an excellent ‘anonymizer’, while VPN safeguards your privacy.
When using this method, Tor will encrypt your request, which will pass through your ISP unhindered. From there, it will go through a VPN server which conceals your IP and wipes geo-locations tags and other elements your Government or ISP might use to track the request.
Next step – your request will be transferred to Tor entry nod which in turn transfers to one or more Tor relays. From there, it gets slingshot to several Tor exit nodes. Afterwards, your request will be matched with the appropriate website. Tricky, but effective; that’s why it’s, by far, the best method to access dark web content.
Pros of using Tor over VPN:
- Session logs are not stored (metadata, IP address).
- Traffic’s completely encrypted.
- Doesn’t offer protection against malicious Tor exit nodes.
Method II – VPN over Tor
Not very safe, but it’s still useable. Recall how Tor oven VPN works? Well, VPN over Tor is basically its opposite – instead of going through the VPN first, the signal passes through the Tor network, before going through the VPN. Why is this method so unpopular? Because it’s not as safe as Tor over VPN.
If the signal goes through the Tor network first, your ISP will be able to see that you are attempting to connect to a Tor node. Though no one should bat an eye just because you’re attempting to access the dark web, keep in mind that in some countries, like the United States, even a simple foray can get you in trouble.
Pro(s) of using VPN over Tor:
- Great if you trust your ISP, but not the VPN provider.
- Can bypass blocked Tor nodes.
- ISP can see you trying to access onion content.
- Susceptible to end-to-end timing attacks.
Now, if you want to see what lurks in the dark corners of the Internet but don’t really trust Tor, there are alternatives. Here is a couple of them:
- I2P – great privacy protection and can access hidden onion links.
- Matrix.org – an open-source project just like Tor. Great for IoT data transfers, chats, and WebRTC signaling.
- Orbot – basically a Tor for Android.
- Globus Secure Browser – paid Tor alternative. VPN-powered. Allows the users to select preferred geolocation. If you want to take it for a spin, Globus features a five-day trial period.
- Comodo Ice Dragon – Firefox offspin. Employs multiple malware safeguards. Open-source project.
- FreeNet – open-source project. Sports the Darknet and OpenNet anonymous browsing technologies.
#3. Install a VM or disposable OS
I strongly recommend surfing on the dark web using virtual machine software instead of your locally installed Windows. Why? Because it’s easier to contain malware in a virtual environment, which can be fully controlled.
It’s like in those movies where the doctors are experimenting on deadly viral strains from behind the safety of a glass enclosure. And, as it happens, there are plenty of VMs to choose from: Oracle VM Virtualbox, VMware Fusion and Workstations, QEMU, Red Hat Virtualization, Microsoft Hyper-V, Citrix XenServer, and Xen Project, just to name a few.
Now, if you really want to take the physical storage devices out of the equation, you can use what I like to call a disposable operating system – easy to deploy and to get rid of if you by chance you run into any trouble. All you’ll need is an 8GB thumb drive, an installation package, and a couple of minutes to get things up and running.
Let’s dig in.
How to install Tails OS
Step 1. Get yourself a thumb drive; 8GB will do, but you can buy one with more space if you plan on using it for anything else. Nothing will happen to the stick (probably).
Step 2. Hop on the web and download the installation package for Tails OS.
Note: Tails is a Linux-based live operating system which can be booted from a USB stick or DVD. I recommend using a stick since DVDs have a read-only function after you’re done burning well and accessing the dark web required a bit of writing.
Chill, because nobody will ever find a record of you ever fiddling around the darknet. Note that Tails’ installation package is the .img format, which means that you’ll need software capable of burning images on your thumb drive.
My recommendation is Universal USB Installer, which is very intuitive. You can also go along with Rufus. The choice is yours. For this tutorial, I’ve used Universal.
Step 3. Insert the stick and do a quick format. Be sure to use FAT32 to root out any compatibility issues. Shouldn’t take longer than a few seconds.
Step 4. Download and install Universal USB Installer or Rufus.
Step 5. Fire up Universal USB or Rufus.
Step 6. Under “Step 1: Select a Linux Distribution from the dropdown to put on your USB” select Tails.
Step 7. Under “Step 2: Select your ubuntu*desktop*.iso”, click on the browse button and select the downloaded Tails .img file.
Step 8. Under “Step 3: Select your USB Flash Drive Letter Only”, use the dropdown box to select your thumb drive’s letter. If it doesn’t show up, check the “now showing all drives” option.
Step 9. Review the info and hit Create when you’re done.
Note that the process can take anywhere from 5 to 30 minutes depending on your machine. Sit back, relax, and wait until the installation’s done. When you’re ready, hit the Close button and you’re all set.
Now what? Well, now it’s time to fire up Tails and do a little bit of tinkering.
How to boot from USB and configure Tails
Bogged about your first boot? No worries. It always hurts the first time. Just follow these steps.
- Keep the thumb drive in the USB.
- Restart your computer.
- After the splash screen appears, press the appropriate Boot Menu key. If you’re tired of randomly pressing keys each time you perform this action, check out this article on hotkeys for the boot menu.
- Use your keyboard to select the corresponding drive letter. When you’re done, hit Enter.
- Wait for Tails OS to boot. Since this is the first time, it may take a while. Just be patient.
- Configure Tails and deploy Tor + VPN. Yes, the latest version of The Onion Router has an in-built VPN.
- Get ready to discover the dark and sometimes creepy wonders of the dark web.
So how do you get on the dark web?
All done installing and configuring Tor? Great! Fire it up and let’s surf. At first glance, Tor doesn’t look that different from your regular browser – it has a search bar, lots of quick-launch icons, the peeled onion icon smack in the middle of the screen. So, now what? Well, let’s start small.
Although content on the dark web is not as ‘indexed’ compared to the one on the clear web, you can still use search engines to find stuff. The Hidden Wiki and Grams are the heavyweights here.
Yay, now I found everything my heart longs for. Not quite: since the dark web relies on privacy and anonymity, search engines like the Wiki and Grams frequently return false results. No matter – good or not, the Hidden Wiki is a great place to start exploring.
The Hidden Wiki & Co.
Think of the Hidden Wiki as Wikipedia’s evil twin – looks more or less the same, but contains links to various dark web categories: editor’s picks, volunteer, introduction points, financial services, commercial services, email\messaging, drugs (yes, it’s the real deal), blogs & essays, hosting providers, hacking services, darknet radio (nothing shady about that; just some weird electronic tunes and, occasionally, a bit of jazz), literature (mostly resources on hacking, both ethical and black hat).
You can also find quick links here to the stuff that makes the dark web pitch-black dark: contract killers, rape, torture, or murder on demand, child pornography.
Fortunately, in Hidden Wiki, every website is followed by a brief description so that the user knows what to expect (or not). My advice to you would be to stick with the editor’s pick. You can also take a look at the blogs & essays section if you want to find some nifty coding resources.
If you’re feeling chatty, you can always access a chat room. Services like Random Chat connects you with random people using the same service. What happens after that, it’s all to you.
You should stay away from everything labeled “porn”, “card skimming services”, “PayPal hacks”, “firearms”, “real fake IDs and passports”. Believe me – there plenty to go around and each and every one of them are being kept under surveillance, not to mention the fact that you’ll get exposed to some stuff that will definitely make you take several cold showers.
Hidden Wiki’s not the only search engine online. Here are a couple of alternatives in case you get bored with Wiki.
- DuckDuckGo – also available on the clear web. The best thing about DuckDuckGo is that it doesn’t track your searches. One can say that it’s the Google of the dark web.
- Torch – considered the first dark web search engine, Torch boasts a database of several million onions links. Works just like Yelp. It even comes with recommendations, although most of them append websites like the infamous Silk Road.
- WWW Virtual Library – if Torch and Hidden Wiki are old, the triple-W Virtual Library is Cthulhu-old; as in the elder god of search engines. What’s even better is the fact the WWW Virtual Library contains info dating back to the beginning of the Internet: logs, documents, pictures, and everything in between.
Fun fact: The Virtual Library was founded and, for a very long time, curated by none other than Tim Berners-Lee, the George Washington of the Internet. So, if you’re looking for obscure Internet facts, very old documents, Berners-Lee’s brainchild is the way to go.
- Uncensored Hidden Wiki – think regular Hidden Wiki is bad? Wait till you see the uncensored version. As the name suggests, it emphasizes very illegal activities like human trafficking, drugs, pornography went wrong, and other things that fester in the dark corners of the human mind.
- ParaZite – do you know the “want to get Lucky?” button in Google’s search engine? The one that takes you on a random clear web site? Well, ParaZite does the same thing. Sure, you can use it like any run-of-the-mill search engine, but if you’re feeling curious, you can also try the “feeling (un)lucky” feature. Proceed with caution and prepare to eject and torch the thumb drive.
Believe it or not, the dark web even has online shops. And no, they don’t all sell drugs or firearms. Some of them are, reportedly, legit and have great bargains. For instance, if you want to buy a laptop or a smartphone, you can try your luck in one of these shops. Of course, all transactions are anonymous and Bitcoin-driven. Sure, you can use other cryptocurrencies if Bitcoin’s not your cup of tea.
The major issue with these websites is that a whopping 50 percent are fake, and there’s no way of telling for sure if they’ll deliver or not. By the way, most have shipping services.
Of course, you can’t use your home address for dark web drop-offs, but apparently, they can ship all over the world, minus some Middle Eastern countries and North Korea. To tell you the truth, I was tempted into purchasing a Samsung Galaxy S10 Plus; it was only 250 bucks. My advice: look, but don’t touch (buy).
Here are a couple of commercial services you can check out while you’re browsing the dark web:
- CStore – any kind of electronics. You can make the purchases in cryptocurrency or gift cards. They even accept full escrow.
- Apple Palace – everything Apple: laptops, desktops, phones, and accessories. All at ludicrously low prices.
- EuroGuns – the name says it all: guns sold on the European market. The website even boasts that it’s the number one European arms dealer.
- Kamagra for Bitcoins – if your boomstick ain’t working no more, you can try Kamagra, which is the dark web and cheap version of Viagra.
- Gold & Diamonds – site offers ‘real’ diamonds and gold. (Un)fortunately, it only ships to Germany and the United States.
- PirateSec – legit hackers, at your service!
- Fake Passports – I think it’s self-explanatory.
- SOL’s United States Citizenship – sells American citizenships; go figure.
- Digital Gangster – the most gangsta way to hack someone’s computer. Apparently, these are Ronin hackers who can be hired for exploits, web hacking, password retrieval, and all-purpose espionage.
- Onion Identity Services – summer discounts for IDs and passports. Bitcoins only.
Always remember that the dark web is a people-centric community. So, it’s only natural to find ways to keep in touch with your darknet buddies and\or customers. There are several email and IM services which you can use, and it’s highly recommended to pick one if you want to step up your dark web game.
In terms of functionality, I don’t think there are too many differences between regular IMAP, POP3, and SMT services and the stuff you can use to communicate on the dark web. Let’s start with the email clients.
- secMail – full-fledged email service. Pretty simplistic in design: you can compose, send, and receive emails. All the great things about an email client, minus the tracking, eavesdropping, and other privacy issues.
- Lelantos- pay-to-use email service. Great security and privacy features, but it has one of the most unreliable and sidetrackable registration forms. Proceed at your own risk.
- Bitmail.la – another pay-to-use email client. Has many features like IMAP, SMTP, and POP3 support, and a 500MB mailbox. Apparently, a lifetime membership costs $0.60.
- Mail2Tor- a free email service which, reportedly, works on both dark and clear web.
- Guerilla Mail – creates a disposable email address.
- AnonInbox – pay-to-use email client. Supports IMAP, SMTP, and POP3; charges around 0.1 BTC per year.
- Protonmail – has both paid and free subscriptions. Boasts the browser-encrypted email technology.
Right. Let’s now talk about social media and instant messaging. Believe it or not, Zuckerberg’s Facebook has a darknet version. It’s mostly used for covert communication, anonymous tips submission, and stuff like that.
Sure, it’s not as secure as the clear web version, but it’s there and totally legal to use. Hidden Facebook is hardly the only social media client on the dark web. Check out the list below for the ‘hottest’ dark web clients.
- BlackBook – works pretty much the same way as Facebook: you can chat, send pictures and friend requests, post status updates, and join groups. Though competing head-to-head with Facebook Onion, BlackBook’s prone to hacking. Reportedly, the client was disabled at least a couple of times in 2018.
- Torbook – very similar to BlackBook. Some claim that both of them rose at around the same time, despite the creators not knowing each other.
- The Campfire – gather around the campfire, folks to hear the tale of tales. The name’s rather suggestive – a big chatroom; everybody can join, and the topics can be anything from the latest trends in the music industry to how you can hide a human body.
- Lucky Eddie’s Home – scripted chat room that sports one of the most efficient file-uploading system on the dark web. Just like any IM app, you can send or receive messages, join or create groups, and send files.
- MadIRC Chat Server – if you’re over 30, you certainly remember the mIRC era. Surprisingly enough, IRC off-spins are still being used today, mostly for covert conversations or intranet communication. MadIRC Chat works just like a regular IRC – no or subscription required. Just pick a username and join in on the fun. I know sharing is caring, but in this case, I would advise you not to share any personal details because you may never know who’s on the other side of the line.
- Chat with strangers – think Omegle, but on the dark web. Just fire up the client, connect to a chat room, and that’s it. You can’t send or receive files. Still, if you’re lucky, perhaps you can partake in a scintillating conversation.
Journalism and advocacy groups
As I’ve mentioned, the dark web isn’t just a place of eternal torment, teeming with drug dealers, human traffickers, and a hitman. It’s also used by journalists, advocacy group members, and political refugees in hiding. Reuters, Fox, NBC, CNN – all of them keep open dark web channels to receive anonymous tips from whistleblowers.
Advocacy groups are also reaping the advantages of the darknet because, here, the term of censorship is as popular as HTTPS. And finally, we have political outcasts, refugees, and people who want to get in touch with the outside world, being from a totalitarian country that suppresses all means of communication and information.
Of course, there are your run-of-the-mill congregations, which will worship anything from Lucifer to the flying spaghetti monster.
If you’re interested in subversive journalist, here are a couple of sites you can try visiting:
- Soylent News – a trans spectrum darknet news aggregator. Features webmaster-moderated forums on which you can submit comments. You can also get involved by either submitting tips or writing news.
- ProPublica – historically, ProPublica’s the first major news outlet to feature well, a darknet outlet. With an activity spanning almost four years, ProPublica managed to expose power abuses and blow the lid on covert activities conducted by governmental institutions. Although quite young compared to other darknet news outlets, ProPublica’s work was rewarded with five Pulitzer Prizes for Feature Writing, the last one being awarded to Hannah Dreier, the investigative journalist who covered the gangs of Los Angeles.
More on how to stay safe on the dark web
Already went through VPNs, anonymizing web browsers, and disposable operating systems, so I won’t bother reminding you about those. Here some other things you can try to bolster your security.
1. Minimize or rescale your Tor browsing window
Sounds rather off, doesn’t it? Well, there’s a reason why it’s recommended to browse with a minimized or rescaled window – you can be tracked based on your active window’s dimensions (yeah, they really can do that). So, do yourself a favor and rescale that Tor window as much as you can before proceeding.
2. Tweak the security settings
3. Never use your credit and debit card for purchases
I’ll go farther than that and say stay away from darknet shops. Maybe some of them are legit, but are you really willing to take that chance? Still, if you’re really itching to purchase a new phone or God knows whatever, I would advise you to stick with Bitcoins or your favorite crypto coin. Using credit or debit cards for this sort of things is like painting a big bullseye on your bank account while yelling: “come here and take my money.”
4. Close Tails after finishing your session
When you’re done surfing or shopping on the dark web, don’t forget to shut down Tails. The major advantage of using a live OS such as Tails is that, on shut down, the OS wipes itself from the thumb drive you’ve installed it. That’s why it’s never a good idea to burn Tails on DVD.
5. Don’t stick your nose where it doesn’t belong
Great life advice, but it’s even more valuable where the darknet is concerned. Keep in mind that many criminal organizations are using the dark web to communicate or sell merchandise. Some of these channels are under watch. You may very well end up in the middle of a stakeout that could turn ugly. So, if the website looks fishy, close the tab, and forget about it.
This is where I get off – been a long journey and I hope I’ve managed to at least change your perspective on the dark web. So, to wrap it up nice and tight, remember to take all the necessary precautions, refrain from using your debit or credit card, stay away from dubious groups, and have fun while you’re at it. As always, for comments, rants, ad-libs, or beer donations, shoot me a comment. Cheers!
The post How to Get on the Dark Web: A Step-by-Step Guide appeared first on Heimdal Security Blog.