Owners of this billion sites compete for the demand for search engines and the attention of about 3.6 billion Internet users.

But there is another part of the Internet, where owners and visitors visit sites and make business transactions in secret.

This is the Dark Web, a territory of hidden services, where the absence of traces and the preservation of anonymity are valued above the ranking in search engines and personalization of the web interface.

Dark Web

Dark Web is an important part of the Internet ecosystem. Here you can publish sites and disseminate information without revealing the identity or location of the author. Dark Web is only available through tools such as Tor.

Many people use Tor or similar services to enjoy freedom of speech and assembly, access information, and exercise their right to privacy.

Deep Web

Deep Web is a set of sites that search engines do not index. Some deep web sites host non-traditional markets that offer an intimidating range of products and services for sale.

You can buy or broker illegal drugs, weapons, counterfeit goods, stolen credit cards or illegally obtained data, cryptocurrencies, malware, ID cards or passports.

You can order digital or illegal services, ranging from spamming campaigns to denial of service (DDoS) attacks. Beginners can even purchase e-books that explain how to attack a site, steal a person or otherwise benefit from illegal activities.

Dark Web can also be used to anonymously share information with media such as the New York Times, Washington Post, The Intercept, and others, and can also be used by search engines without disclosing personal information, or legal e-commerce platforms such as Open Bazaar.

No trace: Encryption and evasion for Dark Web

Many Internet users use encryption, such as virtual private networks (VPNs), to keep their online activities private.

Typically, VPN connections adhere to traditional Internet routing behavior to determine the end-to-end path from the user’s computer to the server where the user’s desired content is located, as well as for two-way forwarding of requests and response traffic over that path.

But traditional routing is sensitive to traffic analysis, a surveillance technology that can reveal the sources of traffic, the recipients and the number of transfers to third parties. Traffic analysis is related to the collection of metadata, a topic we discussed in our previous publication.

Tor Networks is a popular solution for maintaining anonymity and privacy, as well as for combating traffic analysis. Who uses Tor? Journalists, alarmed citizens, dissidents and, in principle, all Internet users who do not want their behaviour or interests to be monitored by third parties.

Tor is used for a variety of noble purposes, but it also attracts Dark Web users who want to keep their activities or trading platforms private and untraceable.

Like VPNs, Tor networks use virtual tunnels, but unlike VPNs, these tunnels do not connect clients directly to the servers. Instead, Tor clients create tunnel networks through switching points – the “hosts” on the Tor network. Tor networks have three important characteristics.

  • None of the nodes are aware of the entire path between the input and destination nodes of the tunnel network.
  • Each connection between the nodes is encrypted individually.
  • All connections are short term to prevent monitoring of traffic behavior over an extended period of time.

Thanks to these features, Tor’s private network routes make it impossible to analyze traffic and allow you to publish content without revealing your identity or location.

Domains for Dark Web sites

In contrast to the human-readable domain names that we used to use when navigating the Internet, Dark Web sites use the names of hidden services Tor. The .onion top-level domain is always preceded by 16 characters.

Any computer with Tor software is used as a platform to host a hidden (e.g. online) service. Dark Web users find names through external channels, such as the Pastebin web application or Dark Web market lists.

Tor software running on the Tor host creates a local file directory, assigns a port number to the service, and creates a pair of public/private keys when configuring a hidden service.

Tor software creates a 16-character hostname as follows: first, it calculates the public key hash of the pair and then converts the first 80 bits of the binary hash into ASCII to make sure that the 16 characters meet the Domain Name System (DNS) protocol letter-digit-default requirement.

Dark Web users do not use open DNS to resolve .onion to Internet Protocol (IP) addresses – on the contrary, resolution occurs when using a fully separate protocol of hidden services Tor.

This protocol allows services to notify customers of their existence and helps customers to find services while maintaining anonymity and location (IP address) of both the customer and the service. Both the client and the main node of the hidden service play an active role in this process.

First, the main Tor node “advertises” the hidden service by creating and publishing a service description in a distributed service directory. This description contains the public key of the hidden service and a list of Tor nodes that will serve as dating points, reliable intermediaries for the hidden service.

The main Tor node then creates connections to the listed dating points. Any Tor client who wants to connect to a hidden service can now do so through these dating points.

To connect to a hidden service, the Tor client sends a request for a description of the service to the directory service. The dating point is selected randomly from the list in the service description.

The Tor customer then randomly selects a “rendezvous point” on the Tor network, anonymously connects to the selected rendezvous point through the rendezvous point and transmits a message to the hidden service through the dating point.

This message contains the rendezvous point’s identification data encrypted with the public key of the hidden service, as well as the materials necessary to initiate a cryptographic “handshake”.

The hidden service also creates a connection back to the selected rendezvous point and sends a message that completes the cryptographic handshake. At this stage, the client and the hidden service created an untraceable private network route – and now they can exchange data anonymously and confidentially.

Why are all Dark Web sites in the .onion top-level domain?

The .onion top-level domain is reserved for hidden service names. Contrary to common misconceptions, ICANN has not delegated .onion from the open root DNS.

The Internet Engineering Task Force (IETF) has defined .onion as a special purpose top-level domain (see RFC 7686) to be used in the implementation of anonymous services with a high level of privacy, which is considered “necessary new functionality” (see RFC 6761).

Can I visit Dark Web? Is it worth it?

It may happen that you want to use Tor in order to take advantage of some of the products and properties of Dark Web trading platforms. Although the increased level of anonymity in Dark Web can be useful, it can in no way justify illegal activities.

In the next publication, I will explain how to prepare for Dark Web navigation. We will look at the risks you may face and discuss the mandatory self-protection measures.