Survival kit in the “deep web”

Yesterday we published in Engadget “A week on the web deep” , a story about what you can find a user ‘s foot when he gets into Tor and begins to jump from link to link through the “dark net ” that Google not can index.

To close the special, we thought it would be interesting a complementary article with the technical part of the trip. How to access the deep web, how their markets work , I can make it go faster ?, What the hell does Multisig Escrow ? Here’s a guide to this and some tips to avoid getting lost.

Deep Web, darknet and a common clarification

Half of the articles on the web deep starting with the simile of the iceberg and alarmist statement: the ~ 90% of Internet content is not accessible through standard search engines. This part of the network is known as “deep web”, “invisible Internet” or “Internet hidden”.

It is worth mentioning that 90% does not refer to anonymous networks, or the sale of drugs, or child pornography: most of that content are perfectly normal websites thatcan not be indexed by search engine spiders . They could be pages behind a paywallor sites with a “Disallow” in the robots.txt. Much of that web is in deep temporal reality: dynamic pages generated by querying a database, as our bank balance or the weather at Madrid.

Agora Marketplace Logo

To differentiate this from the “dark” side of the network, services and hidden pages that can only be accessed with a proxy, it is often used the name of darknet . It can be said that the darknet is contained in the deep web. Despite the distinction, it is very common to say “deep web” as synonymous with darknet (or complementary “Deepnet” and “dark web”) and in our publications use the terms interchangeably.

How do I access the deep web?

The three most popular networks are anonymous Tor, I2P and Freenet . They allow us to browse websites and hiding behind a pseudo-domain services. Tor ( The Onion Router) is the most widely used and has the largest number of services; despite working through a very complex routing, it is very easy to access it.

Tor

The Tor Project, Tor developers offer a Firefox – based browser that connects to Tor without having to configure anything: TorBrowser . If you want to use Tor from another browser, you can connect through the proxy Tor2web . Another option is to install Tails , a Linux distribution that routes all connections through Tor. To test, with TorBrowser is enough.

To learn more about I2P ( Invisible Internet Project ) and Freenet, you can visit the website of its developers: thecommunity I2P and The Freenet Project .

¿Tor is always this slow? Is it normal not load many pages?

Once inside Tor, the first thing we noticed is the slowness. Even if we open genbeta.com, which is on a public server, it takes longer to load than normal our connection. To understand this one must know how the Tor network works , the onion routing type that leads from one node to the next randomly to get where we want.

How it works Tor

It is unbearably slow thanks to the connections we have today, but there is a way to go faster : configuring the proxy to connect to the nodes with higher bandwidth . No javascript, cookies and complex style sheets, some of the services remind the Internet 90: As for the darknet, the problem of slow making it very simple pages are skipped.

Another problem that will soon run into is that many pages do not load darknet, although we have a list of links updated a few months ago. It can be for several reasons: the illegal services of Tor change URL habitulamente , close, close them and sometimes managers shut down servers for a season. There are also servers Clearnet(public network), which block connections from Tor to prevent users who are abusing the anonymity.

So Tor I am 100% anonymous?

No. Tor makes your connection is anonymous and nobody knows where you come from, but your anonymity depends on your usage patterns . If you access your social networks through Tor or use your personal mail, you can relate your connection with your name.

Anonmail

The darknet offers alternative services to communicate through Tor. There are several mail servers: some free as “Mail2Tor” other payment as “Anonmail” and otherfreemium as “SIGAINT”. Chat services are operating on IRC, XMPP and other protocols. And there is also hosting and storage services.

But there are less obvious forms of neglect your privacy.The websites that show active content using applications that might access personal information from your computer: Flash, ActiveX, QuickTime and even JavaScript. So TorBrowser comes with these add- ons disabled, you can disable JavaScript except manually bytyping “about: config” in the address bar.

Where do I find .onion links?

The Hidden Wiki Logo

One of the gateways to the darknet is the hidden wiki , a wiki that serves as a directory to find other Tor hidden services. Like many other “invisible pages”, the Hidden Wiki changes occasionally pseudo-domain, but its current URL can be easily found on Google and in communities like Reddit.

There are other Wikis, which differ from the Hidden Wiki to be more or less restrictive than this regarding child pornography (a problem that divides the darknet, with much of the community pursuing such links). They are the Liberty Wiki, Wiki and You’re All The Uncensored Hidden Wiki. There are also many pages (in and out of deep web ) that are not wikis but maintain an updated list of links “.onion” list .

Torch Logo

Still, this link directories is a very archaic form of surfing the Internet. So the deep web has its own search engines . The two best known are “Torch”, which has indexed sites .onion of all kinds; and “Grams”, which willseek whatever you ask several stores black market (the darknet markets). Then there is the Harry71 bot, a spider web that tracks all the deep web and maintains a list of public bonds, uptime statistics pages.

Related |  Memex is the search engine that DARPA will try to index the Deep Web

I do not understand anything! Jargon deep web

Logo Cebollachan

Newcomer to the deep web, you see facing the same culture shock than any other online community: do not understand the lingo. If 4chan “sauce” means source code auditor and WoW “kek” means that you’re laughing, in the deep web when you receive a “Love Letter” you are in trouble with the law and when you see a link to “Hard Candy “it is that you should avoid opening it. Some definitions of slang usual:

General terms

  • Cipherspace: to refer to any of the anonymous network Tor, I2P, Freenet … and especially dark hiding services.
  • Onionland: the same as above, but specifically for the Tor network.
  • Clearnet: to refer to the normal network, public Internet services. “ClearWeb” is also used.
  • Mariana’s Web: an urban legend created in 4chan on the deepest of the deep web level (hence the reference to the Mariana Trench). According to myth, they are less accessible sites where banned files and worst video sharing.
  • Carding: the theft of credit card data and then sell. Also robberies in general: for example, “carded iPhones” are iPhones stolen.
  • Stats: statistics sellers and buyers to determine their reputation (number of transactions, etc.). Along with essential reviews to reduce the risk of fraud, but falsifiable by shilling .
  • Shilling: “make decoy” in English. Create fake profiles in various web forums deep, as well as Reddit, to speak positively of a salesman and convince potential customers. Also the contrary badmouth the competition.
  • Escrow: “deposit” in English. It means that during the process of the sale, the broker freeze the transaction until the vendor meets your part. If this does not happen, it would happen to a situation of dispute in which arbitrate this middleman (such as PayPal).
  • Stealth: the methods of sellers to camouflage products sent by post.
  • Honeypot: baits FBI and other bailiffs to catch the users involved in illegal activities.
  • Love Letter: official notification that the security forces sent to you by mail when your package confiscated. Many fake sellers send them to their buyers as part of a scam.

acronyms

  • DNM: of “dark net market”, the black market for deep web. That is, the stores where you can buy stolen or illegal products.
  • BTC: Bitcoin, the currency accepted at any DNM.
  • FE: to “finalize early” when it is possible to bypass the system Escrow to finish before a transaction.
  • LE: of “law enforcement” to refer to judicial bodies besieging illegal web sites of the deep (in the United States, the FBI).
  • CP and JB: see “Hard Candy” and “Jailbait” below.

sensitive terms

Some of these definitions can hurt your sensitivity:

  • Snuff: videos of torture, rape, murder and suicide. Many are urban legends or mounts, but others exist and are distributed in different forums. It is a common termout of the deep web , but this is where it is easier to find these files.
  • Hard Candy: a manual on the Hidden Wiki with this name for child pornography. By extension, it is the expression used to refer to child pornography on other sites, along with “CP” and “fart” (of child porn and pedophilia ).
  • Jailbait: pornography or erotic content lower at puberty or adolescence, sometimes abbreviated as “JB”. Also illegal, but less than the CP pursued by the moderators of communities. For example, in CebollaChan they allow jailbait but not child pornography.
  • Scat fetish: the “eschatological” for videos related to this fetishism.
  • Crush fetish: another fetishism, this illegal, which videos are also shared in the deep web. They are videos that mistreat and kill animals, the exact definition is in Wikipedia .

In DeepDotWeb keep updated a dictionary darknet with these terms and many other to help those starting out in the deep web markets.

How can you run a black market on the Internet?

Interface Agora Marketplace

Seen all there for sale on the deep web , one wonders how they can work shops sale.The black market darknet is supported on four pillars :

1) PGP

Is there any way to be more anonymous than being in a decentralized network and making it almost impossible to track your IP? Yes, encrypting all your communications with PGP , or rather “GPG” -his open source version. It is the preferred drug traffickers, who offer their public key to the user during the transaction method.

In addition, no email is used (most stores only ask you for a password and pin for registration).

2) The Bitcoin

The Bitcoin currency is “legal tender” in the deep web. It is inconfiscable and anonymous money, but even using bitcoins must take many precautions so they can not follow the trail.

The direction in which a user receives a transfer of bitcoins is completely anonymous.The “problem” is that transactions with bitcoins are public. Therefore, around the webs sales have been growing bitcoins laundering services and mixers bitcoins , to make itharder -following transactions blocs- chain can relate your bitcoins to your person.

Bitcoins mixer

How it works BitMixer : basic diagram of a mixer bitcoins

What is a mixer bitcoins? They are companies like BitMixer, BitBlender, Tor Wallet … What they do is just that: mix your bitcoins with others and forward equivalent to the addresses you specify blocks. The fees for these services are a fixed percentage of the total whiten (in the case of Bitmixer, 0.5%). In some stores the deep web, the mixers are integrated into the process.

3) Reputation systems

As with eBay, your reputation as a seller is what gives validity darknet markets.Valuations can be found in the stores themselves in the deep web forums and even on Reddit . Users warn others of scams and leave very full reviews of reliable vendors and their products.

New sellers can enter the market by sending samples ( “samples”) free or at cost price so that buyers can legitimize your feedback .

4) Escrow and Escrow Multisig

Escrow

Without the Escrow, there would be no way to protect against scams. All major markets offer this service: the money is deposited into the hands of the managers of the store during the purchase process, and does not pass to the seller until the product is shipped to thebuyer. The stores charge a small percentage (about 0.5%) to use Escrow, and a dispute system if there is a problem. Some vendors offer a discount if you skip this mechanism.

The Multi-Signature Escrow (or Multisig) is an alternative in which the buyer ‘s money is held in a Bitcoin address signed by him and by the seller. Thus they are involved which arbitrate over money.

So far my knowledge because I have not dared to buy anything (for obvious reasons), but I leave an interesting read of someone who came to the end of the process: Deep Web Marketplaces Joel Monegro.

And how did you get what you bought?

If the product you buy is physical and tangible, especially if it is illegal, there are several methods to receive them by mail. The easier for people with cold blood, it is ask directly for your home: a Guardian journalist used his own address with a false name and received a few grams of marijuana without problem. Another option is to use a mailbox anonymous mail to collect parcel in person or get it forwarded.

Private Box

And then there are the “methods of discretion” of sellers . There is much secrecy on this subject, but I read fascinating things. For example, the package sent to a post office on behalf of “the holder dollar bill with serial number X”; when you appear there with that ticket, I delivered without problem. Other techniques can be more boring discretion camouflage the package to look like it comes from a well – known store (a carton of Amazon, for example); or hide the illegal product into another object, a classic.

Finally you get the package does not mean that you’ve delivered : there are times when the police know what it contains, but allowed to continue the delivery process to investigate the route of illegal trafficking. This is called CD ( controlled delivery ).

How I can avoid scams?

Say you want to buy something legal: a book on computer security that you only found in the deep web, or something. How to know if the seller is a scammer ? For general suspicion of all that standard does not provide Escrow. If the Escrow is not an option, a search on Google you can get doubts . Reddit is a good place to find alerting users scams.

An interesting reading is Scam scam in Silkroad Jose Andres Noguera, who had a bad experience. Above all remember that there in the deep web much, much scam and you have to think twice.

Can you enter the deep web and see nothing illegal?

Yes, in fact it is easier than it may seem. If parts of a wiki censor child pornography, as All You’re Wiki , avoid those links. Although abundant in the deep web, this crime is very much haunted by Tor community , so you can avoid trouble (just do not click on something to put “hard candy” or “jailbait”). Other keywords to dodge are gore and snuff.

Drug markets often require that you register as a user (if not, may be scam ), so you do not end up in one of these stores if you do not want . And if you’re worried that the government is watching you, you might want to skip the websites of Whistleblowers ( “informants” in English), with confidential documents.