----- Forwarded message from Zenaan Harkness <zen@freedbms.net> -----
Hi Zee, What is the reality of this dark web? If it doesn't show on Google, then how can you find it? ...
As to the dark web - it certainly exists. As we see on the news, every 2 or 4 years the authorities take down one or other of the largest dark web "market place" websites - so evidently these places attract a lot of people. And then there are the smaller sites they take down which usually don't hit the front page of the news. There are all sorts of dark web sites - market places, forums, simple websites, ssh gateways (apparently a lot of people access their normal web servers over ssh), and apparently a lot of ways to slip up for those doing something illegal - and Tor is designed so that the large state-level authorities can pretty much always uncover someone if that's what they want to do; Tor is not secure against GPAs (Global Passive Adversaries), and is absolutely not secure against an active adversary. One of the key features that the Tor company/group has never implemented is chaff-filled network - that is, you specify "I want to allocate 100 KB/s to my node, and I want that divided equally amongst my outward connections, and any peer node that "randomly drops" packets, becomes less trusted by me. I asked the devs directly (or someone else did, can't remember for sure), and the reason came back "our funding proposals for this feature have never been approved" - which makes sense, since the CIA, DIA, DOD and NSA fund the creation of the Tor network, they don't want to fund features which make it much harder for them to uncloak users they are targetting. A volunteer could also try to implement this feature, but it's a lot of work, and even the I2P folks have not yet even tried to implement it. So, even if you were researching data/info for a book you are writing, you really need to spend a lot of time reading about the security aspects, to find out what can give you even a small modicum of "reasonable plausible deniability" for your research activities. For example: - run an exit node (carries its own risks, but one of the better ways to achieve plausible deniabililty) at home - alternatively, or in addition, configure your node as a bridge/ Tor-network entry node, and invite a handful of friends to use it as their gateway to the Tor network (the alternative, if you don't run your own node, is that Tor browser picks a random node to use to enter the Tor network, and there's a damn good chance the CIA or FBI are running that node) - don't run Tor browser on Windows - don't run Windows of any version - learn Qubes OS or Tails OS and use that - experiement for a few months with something completely innocuous - running a website promoting information about Marijuana or something, and once you're comfortable, then move on to something more innocuous - if you choose to run a Tor node (can increase the security, can reduce it if you stuff up the config) there are plenty of folks on the Tor mailing lists who will answer questions, and plenty of links to read to Stay Safe (C)(R) - if you intend to run a dark web website that some authorities really would not like - say e.g. promoting homosexuality to the Saudi's - then you should really be running your own ISP with multiple internet links (e.g. Telstra and Optus), so that any virtual servers you link into the dark web are relatively robust; then, never allow your website to get too popular - keep it to a very manageable number of invitees - never make your invites over the clear net (normal internet) only invite truly trusted friends in person, face to face, with mobile phones turned off and out of reach of all recording devices (including of course, all phones); to invite random people, do so on a dark web forum only. - if you're going to run a dark web website, you really, really, really need to know how to configure firewalling, web server, https certificates, ssh for admin access etc etc, in such a way as to be truly, actually, secure, if there's any chance your website is going to be targetted by the local authorities from your own jurisdiction, you need to not make even 1 single mistake - that mistake will bring you undone! Good luck :) Zen ----- End forwarded message -----