why we need a "dark web"

Why we need a Dark WebJeroen Baert - @jbaert

De Privacyproef – Ghent, 2017 / 06 / 01

Why we need a Dark Web - @jbaert

About me

● Jeroen Baert (@jbaert)– Engineer – Computer Scientist

– PhD Student (Computer Graphics @ KU Leuven)

– Improv / Stand-up comedian ● Belgian Improv League

– jeroen-baert.be – forceflow.be

– PGP: 30F2 857D 9129 3519

http://www.jeroen-baert.be/

http://www.forceflow.be/


GRAPHICS! ALL THE GRAPHICS!

● Out-of-core construction and visualisation of Sparse Voxel Octree structures on modern GPU hardware

NOT TODAY


BAD NEWS EVERYONE


The internet is broken because ...

● TRACKING– Websites, apps, …

– Ads = Trackers (+ malware vector)

– Without knowledge or consent ● Everybody hates reading ToS / Cookie warnings

– Profiling / identifying you

● Content is not free– Business model: You pay with private data


Tracking: Websites

● Belgian news sites– Not only connect to site itself

– Background: 30+ third-party connectionshttp://www.forceflow.be/2015/11/11/tracking-users-across-websites-wheres-my-data-going/

http://www.forceflow.be/2015/11/11/tracking-users-across-websites-wheres-my-data-going/


Tracking: Websites (2)

● Third parties following you across ALL sites


Tracking: People Farmers

● Facebook = “People Farmer”– Build advertising profile

– Everywhere you see

– All over the web

– Logging out won’t help

– Behavioural Advertising Tech

https://www.theguardian.com/technology/2017/may/01/facebook-advertising-data-insecure-teens


Tracking: Big Data = Big Business

● Cambridge Analytica– Buy/collect massive amounts of data

● From Social Media, web trackers, ...

– Data mining & analysis

– Political microtargeting● Influenced Brexit, Trump Victory

● Would be impossible without current state of the internet to gather tracking data

Adam Curtis – Hypernormalization (2016)


The internet is broken because of...

● CENSORSHIP– Internet services not

decentralized = easy to censor

– Easy to filter at ISP level● Packet inspection, DNS block ...

– For a lot of people: Internet = Social Media Platforms

– Private companies decide● What you see● When you see it● What you can and cannot share


Censorship

● Turkey– Protests: National

shutdown of all social media

– Sharing Erdogan cartoons = block

● China– “Great Firewall of China”

– No Wikipedia (no “Tiananmen Square”)


Centralization: DNS

● October 2016– Infected IoT devices (Mirai worm)

– DdoS attack on Dyn.org (DNS provider)● DNS : 9.21.102.183 → Paypal.com

– Twitter, Paypal, Spotify, … hit



● Not designed with ANONIMITY in mind● Not designed with PRIVACY in mind● Problem for

– Journalists (protect identity sources)

– Activists / Whistleblowers (face prosecution)● Snowden / Manning

– Companies (protect communication)

– Everyone



● Using the internet = leaking very personal info– Sites you visit tell your (intimate) story (Tim Berners-Lee)

– American ISP’s : Selling your browsing history

● Technical identifiers:– IP address

● In the clear (by design), (pretty) unique Identifier

– HTTP protocol and Browsers● Provide unique footprint● Time, Browser, Version, plugins, screen size, GPU, IP, Network,

Settings, …● Check it yourself! amiunique.org


Am I Unique? - amiunique.org


We need an alternative web

● The internet is a wonderful place– But by design, it makes it easy to

track, censor and identify users

● Need alternative, different network with better privacy properties


Enter ...

THE “DARK WEB”


The “Dark Web”

● A lot of misconceptions– Blame:

● Media & Politics● Technical nature● Confusing terminology

● “Dark Web” is actually really interesting from privacy POV


“Dark Web” versus “Normal Web”

● Often explained:– Surface web

– Deep web

– Dark web

● But Dark Web is:– Alternative, parallel

– Can be used to accesssurface web

DARK

WEB


Dark Web(s)

● There is no such thing as one Dark Web● Alternative networks focused on privacy:

– Tor (The onion router)● Most popular, we’ll focus on this

– I2P Project

– Freenet

– … (TRY THEM ALL!)

● All different specifications / properties


Tor: The Onion Router

● Most popular alternative network● Open-Source

– Original development: US Navy, DARPA

– Now: Non-profit org– Network nodes run by volunteers

– Endorsed: EFF, HRW, Amnesty, …– Unrelated to torrents

● Internal content:– Websites hosted on the Tor network : “Hidden services”

● Link with Surface Web


Tor: How it works


Tor: The onion

Acpe 2014 Internet Anonymity Using Tor


Tor: How it works


Tor: How does it protect you

● Anonimity / Privacy– Original IP stays hidden

– Strong encryption

– New circuit for every site● Cannot track users across websites

– No logs


TOR: How does it protect you (2)

● Anti-censorship– Internal Tor content cannot be censored

● Nobody knows where it’s hosted

– Circumvents surface web censorship● Exit nodes in different countries

– Tor traffic can be “disguised”● As regular traffic: Browsing, Skype Call, …● Very hard to filter at ISP level


Tor: Current status

● Network = growing


Tor: Detecting censorship events

● Censorship events = sudden peak in TOR usage


The “Dark Web” is not illegal

● Using an alternative network is not illegal● You are simply using a

– Different communication protocol

– Different way to exchange information

– Different way to output 0’s and 1’s

● Like you do for a lot of other things– E-mail protocol: POP3 / IMAP



● Media get it wrong all the time



● National council of medical professionals:


The “Dark Web” and criminality

● Alternative networks are not exclusively used for criminal activities

● Technology = inherently neutral● Protecting your identity &

privacy● Useful services

– Blogging platforms

– E-mail / File storage

– News

– Whistleblowing services

– ...


The “Dark Web” and criminality

● What about– Drugs / Guns / Fake ID’s?

– Terrorist forums? Murder plots?

● Same % of services on Surface Web● A lot of Hidden Web services are scams

– Anonimity + untraceable Bitcoin

● Hidden Web is actually tiny– 7k – 30k sites = 0.03% of surface web


The “Dark Web” and child pornography

● Child pornography is a problem on every network

● Research by Internet Watch Foundation (2015)– 31,266 URLs with CP content

– 51 (0.2%) on Dark Web

● Break association Dark Web ↔CP– Without ignoring /

minimalizing CP problem


Using the “Dark Web”

● Using the Dark Web does not require advanced technical knowledge

● For example, Tor:– Go to www.torproject.org

– Download the TOR Browser Bundle

– Install

– Go!

http://www.torproject.org/


Tor on your desktop: Browser Bundle

● Custom version of Firefox– Great browser

– Pre-configured for Tor

– Masked fingerprint

– Scripts blocked by default

– Auto-updater

● Safety out-of-the-box


Tor on your phone: Orbot

● Android: Orbot– In Play Store

– VPN for all traffic

– Free

● iOS– Onion Browser

– App Store

– Free


Maybe start using it ...

● Unsafe networks– Free wifi networks

● All the time?● More users = more diversity = more security


Tor: Helping the network

● Run a TOR node– I run a node!

● Dystopia: CCE6294300F6E075733E247DD05ADFE9875BCF08

– VPS / Self-hosted

– Limit bandwidth

● Donate at torservers.net



● Webmasters / IT:– Don’t block Tor usage

– Don’t block Tor exit nodes● Other ways to mitigate abuse (Captcha, …)● If you use Cloudflare: explicitly allow Tor

● See Tor Abuse FAQ:– https://www.torproject.org/docs/faq-abuse.html.en



● Media / Press– Offer your site as a Hidden Service

– Set up a SecureDrop



● Programmers / Writers / Educators/ Jurists / Enthousiasts / Designers– Development

– Documentation

– Discussion

– Education

– Assist with legal issues of running Tor nodes


And you ...

● Try it!● Spread the word

– Educate friends & family

– Talk to your IT department

– “Well actually” when you hear misconceptions


Questions?@jbaert

[email protected] me @reception

“The internet is a mirror which reflects the society we live in. If you don’t like what you see, don’t break the mirror.” - Vint Cerf

mailto:[email protected]