A one-minute download is all you need to access the internet’s subconscious: the dark web. It’s a faceless network where pedophiles, murderers and other ne’er-do-wells shake hands in shadow.
But in that shadow, good also thrives. The dark web hosts book clubs, treatises on freedom, the Bible — all life-threatening material in certain countries. Whistleblowers leak documents to journalists. FBI agents dismantle sex trafficking networks.
Still, even in a network thriving on a promise of anonymity, the breadcrumbs of identity can leave a trail.
How Much of the Web is Dark?
Surface Web: 5% Represents websites indexed and discoverable by search engines or by entering a “www” address into your browser.
Deep Web: 90% Sites that aren’t indexed by a search engine. These include your company’s intranet, digital medical records, email services, bank accounts and other sites that require a password and login ID to access.
Dark Web: 5% Accessible only with special software or browsers that make users anonymous. Data is encrypted, or scrambled, into a mess that only the right digital key can decipher.
Who Created the Dark Web?
Onion routing, a technique that conceals data in layers of encryption, was originally created by the U.S. Naval Research Laboratory in the mid-1990s to keep intelligence agents anonymous while collecting information online. But to truly anonymize their identities, the network needed to be bigger — the more computers, or nodes, relaying data, the more points the network has to generate random pathways for data to travel through. So, the Navy made the technology public through the Tor Project. (Tor is an acronym for The Onion Router.)
Peeling the Onion
On a normal network, every device — whether it’s a computer running software or a server storing webpages — attaches an identifying number called an Internet Protocol (IP) address to data it sends. You can trace this digital identifier to the real world by linking IP addresses to the location they entered the network — like a cellphone tower in Peoria, Illinois, or an internet provider’s data center in Portland, Oregon.
The Tor network obscures an IP address by encrypting data as it bounces around a network, swapping IP addresses along way. When the data reaches its destination, it will look like it came from a random computer. On the Tor network, every user could be any other user — everyone is no one.
Is It Really Anonymous?
Although the Tor network masks your location, there are still ways to reveal someone’s identity. Here are just a couple:
Traffic analysis: By observing data flows, it’s possible to match exchanges between linked computers and decipher their true location. For instance, you may notice that one computer (A) sent a message at a certain time, while another computer (B) received a message at a time that roughly corresponds to how long it would take for data to get from A to B. If there are multiple instances of that happening, you might be on to someone. It’s difficult — you typically need to know the entry and exit nodes — but it’s possible.
Bitcoin transactions: Researchers in Qatar identified 125 Tor users linked to illegal services on the network. The team systematically hunted for the addresses of the digital currency bitcoin. The addresses — unique codes, like credit card numbers — allow users to send bitcoin to each other. The program scoured both the dark web and public forums like Twitter. Eventually, the researchers linked publicly posted bitcoin addresses to the same addresses used in dark web transactions to reveal users’ identities.
Know Your Dark Web Lingo
Exit node: The final link in a Tor circuit. Whether it’s legal or illegal, every transaction sent through whatever pathway you’re using on the network will look like it came from an exit node. People who volunteer to operate exit nodes risk being contacted by federal law enforcement or banned by their internet service providers if illegal data does pass through their node. Proving you’re an exit node operator typically gets you off the hook, but if you don’t want the hassle, don’t operate one.
Sniffing: The process of capturing data packets as they race through a network. A software tool, called a sniffer, can monitor and analyze data for things that might be incriminating or useful. For instance, cybersecurity firms use sniffers to monitor networks for vulnerabilities.
Fullz: A slang term that describes full packages of a person’s information: credit cards, Social Security, birth date, etc. Fullz can easily be purchased for $10 to $40 worth of bitcoin from websites that function just like eBay. Prices vary depending on the quality and breadth of the accounts in the package.
Tumblers: Also known as mixers, tumblers are web-based services that ingest potentially identifiable funds like bitcoin and anonymize them with a pool of other funds seeking anonymity. Basically, it’s digital money laundering.
SecureDrop: A Tor-based document submission service that links whistleblowers to journalists.
MEMEX project: A U.S. government-led initiative aimed at indexing content across every layer of the internet, including data from forums, Tor services and chats, to make it more searchable. MEMEX’s first mission was to help federal agents discover and disrupt human trafficking networks on the internet.
Honeypot: An enticing website that’s designed to trap users and steal their identifying information. A federal agency might use a honeypot to locate drug dealers or pedophiles by planting malware on their computer when they access the site.