why we need a "dark web"
TRANSCRIPT
Why we need a Dark WebJeroen Baert - @jbaert
De Privacyproef – Ghent, 2017 / 06 / 01
Why we need a Dark Web - @jbaert
About me
● Jeroen Baert (@jbaert)– Engineer – Computer Scientist
– PhD Student (Computer Graphics @ KU Leuven)
– Improv / Stand-up comedian ● Belgian Improv League
– jeroen-baert.be – forceflow.be
– PGP: 30F2 857D 9129 3519
Why we need a Dark Web - @jbaert
GRAPHICS! ALL THE GRAPHICS!
● Out-of-core construction and visualisation of Sparse Voxel Octree structures on modern GPU hardware
NOT TODAY
Why we need a Dark Web - @jbaert
BAD NEWS EVERYONE
Why we need a Dark Web - @jbaert
The internet is broken because ...
● TRACKING– Websites, apps, …
– Ads = Trackers (+ malware vector)
– Without knowledge or consent ● Everybody hates reading ToS / Cookie warnings
– Profiling / identifying you
● Content is not free– Business model: You pay with private data
Why we need a Dark Web - @jbaert
Tracking: Websites
● Belgian news sites– Not only connect to site itself
– Background: 30+ third-party connectionshttp://www.forceflow.be/2015/11/11/tracking-users-across-websites-wheres-my-data-going/
Why we need a Dark Web - @jbaert
Tracking: Websites (2)
● Third parties following you across ALL sites
Why we need a Dark Web - @jbaert
Tracking: People Farmers
● Facebook = “People Farmer”– Build advertising profile
– Everywhere you see
– All over the web
– Logging out won’t help
– Behavioural Advertising Tech
https://www.theguardian.com/technology/2017/may/01/facebook-advertising-data-insecure-teens
Why we need a Dark Web - @jbaert
Tracking: Big Data = Big Business
● Cambridge Analytica– Buy/collect massive amounts of data
● From Social Media, web trackers, ...
– Data mining & analysis
– Political microtargeting● Influenced Brexit, Trump Victory
● Would be impossible without current state of the internet to gather tracking data
Adam Curtis – Hypernormalization (2016)
Why we need a Dark Web - @jbaert
The internet is broken because of...
● CENSORSHIP– Internet services not
decentralized = easy to censor
– Easy to filter at ISP level● Packet inspection, DNS block ...
– For a lot of people: Internet = Social Media Platforms
– Private companies decide● What you see● When you see it● What you can and cannot share
Why we need a Dark Web - @jbaert
Censorship
● Turkey– Protests: National
shutdown of all social media
– Sharing Erdogan cartoons = block
● China– “Great Firewall of China”
– No Wikipedia (no “Tiananmen Square”)
Why we need a Dark Web - @jbaert
Centralization: DNS
● October 2016– Infected IoT devices (Mirai worm)
– DdoS attack on Dyn.org (DNS provider)● DNS : 9.21.102.183 → Paypal.com
– Twitter, Paypal, Spotify, … hit
Why we need a Dark Web - @jbaert
The internet is broken because ...
● Not designed with ANONIMITY in mind● Not designed with PRIVACY in mind● Problem for
– Journalists (protect identity sources)
– Activists / Whistleblowers (face prosecution)● Snowden / Manning
– Companies (protect communication)
– Everyone
Why we need a Dark Web - @jbaert
The internet is broken because ...
● Using the internet = leaking very personal info– Sites you visit tell your (intimate) story (Tim Berners-Lee)
– American ISP’s : Selling your browsing history
● Technical identifiers:– IP address
● In the clear (by design), (pretty) unique Identifier
– HTTP protocol and Browsers● Provide unique footprint● Time, Browser, Version, plugins, screen size, GPU, IP, Network,
Settings, …● Check it yourself! amiunique.org
Why we need a Dark Web - @jbaert
Am I Unique? - amiunique.org
Why we need a Dark Web - @jbaert
We need an alternative web
● The internet is a wonderful place– But by design, it makes it easy to
track, censor and identify users
● Need alternative, different network with better privacy properties
Why we need a Dark Web - @jbaert
Enter ...
THE “DARK WEB”
Why we need a Dark Web - @jbaert
The “Dark Web”
● A lot of misconceptions– Blame:
● Media & Politics● Technical nature● Confusing terminology
● “Dark Web” is actually really interesting from privacy POV
Why we need a Dark Web - @jbaert
“Dark Web” versus “Normal Web”
● Often explained:– Surface web
– Deep web
– Dark web
● But Dark Web is:– Alternative, parallel
– Can be used to accesssurface web
DARK
WEB
Why we need a Dark Web - @jbaert
Dark Web(s)
● There is no such thing as one Dark Web● Alternative networks focused on privacy:
– Tor (The onion router)● Most popular, we’ll focus on this
– I2P Project
– Freenet
– … (TRY THEM ALL!)
● All different specifications / properties
Why we need a Dark Web - @jbaert
Tor: The Onion Router
● Most popular alternative network● Open-Source
– Original development: US Navy, DARPA
– Now: Non-profit org– Network nodes run by volunteers
– Endorsed: EFF, HRW, Amnesty, …– Unrelated to torrents
● Internal content:– Websites hosted on the Tor network : “Hidden services”
● Link with Surface Web
Why we need a Dark Web - @jbaert
Tor: How it works
Why we need a Dark Web - @jbaert
Tor: How it works
Why we need a Dark Web - @jbaert
Tor: The onion
Acpe 2014 Internet Anonymity Using Tor
Why we need a Dark Web - @jbaert
Tor: How it works
Why we need a Dark Web - @jbaert
Tor: How does it protect you
● Anonimity / Privacy– Original IP stays hidden
– Strong encryption
– New circuit for every site● Cannot track users across websites
– No logs
Why we need a Dark Web - @jbaert
TOR: How does it protect you (2)
● Anti-censorship– Internal Tor content cannot be censored
● Nobody knows where it’s hosted
– Circumvents surface web censorship● Exit nodes in different countries
– Tor traffic can be “disguised”● As regular traffic: Browsing, Skype Call, …● Very hard to filter at ISP level
Why we need a Dark Web - @jbaert
Tor: Current status
● Network = growing
Why we need a Dark Web - @jbaert
Tor: Detecting censorship events
● Censorship events = sudden peak in TOR usage
Why we need a Dark Web - @jbaert
The “Dark Web” is not illegal
● Using an alternative network is not illegal● You are simply using a
– Different communication protocol
– Different way to exchange information
– Different way to output 0’s and 1’s
● Like you do for a lot of other things– E-mail protocol: POP3 / IMAP
Why we need a Dark Web - @jbaert
The “Dark Web” is not illegal
● Media get it wrong all the time
Why we need a Dark Web - @jbaert
The “Dark Web” is not illegal
● National council of medical professionals:
Why we need a Dark Web - @jbaert
The “Dark Web” and criminality
● Alternative networks are not exclusively used for criminal activities
● Technology = inherently neutral● Protecting your identity &
privacy● Useful services
– Blogging platforms
– E-mail / File storage
– News
– Whistleblowing services
– ...
Why we need a Dark Web - @jbaert
The “Dark Web” and criminality
● What about– Drugs / Guns / Fake ID’s?
– Terrorist forums? Murder plots?
● Same % of services on Surface Web● A lot of Hidden Web services are scams
– Anonimity + untraceable Bitcoin
● Hidden Web is actually tiny– 7k – 30k sites = 0.03% of surface web
Why we need a Dark Web - @jbaert
The “Dark Web” and child pornography
● Child pornography is a problem on every network
● Research by Internet Watch Foundation (2015)– 31,266 URLs with CP content
– 51 (0.2%) on Dark Web
● Break association Dark Web ↔CP– Without ignoring /
minimalizing CP problem
Why we need a Dark Web - @jbaert
Using the “Dark Web”
● Using the Dark Web does not require advanced technical knowledge
● For example, Tor:– Go to www.torproject.org
– Download the TOR Browser Bundle
– Install
– Go!
Why we need a Dark Web - @jbaert
Tor on your desktop: Browser Bundle
● Custom version of Firefox– Great browser
– Pre-configured for Tor
– Masked fingerprint
– Scripts blocked by default
– Auto-updater
● Safety out-of-the-box
Why we need a Dark Web - @jbaert
Tor on your phone: Orbot
● Android: Orbot– In Play Store
– VPN for all traffic
– Free
● iOS– Onion Browser
– App Store
– Free
Why we need a Dark Web - @jbaert
Maybe start using it ...
● Unsafe networks– Free wifi networks
● All the time?● More users = more diversity = more security
Why we need a Dark Web - @jbaert
Tor: Helping the network
● Run a TOR node– I run a node!
● Dystopia: CCE6294300F6E075733E247DD05ADFE9875BCF08
– VPS / Self-hosted
– Limit bandwidth
● Donate at torservers.net
Why we need a Dark Web - @jbaert
Tor: Helping the network
● Webmasters / IT:– Don’t block Tor usage
– Don’t block Tor exit nodes● Other ways to mitigate abuse (Captcha, …)● If you use Cloudflare: explicitly allow Tor
● See Tor Abuse FAQ:– https://www.torproject.org/docs/faq-abuse.html.en
Why we need a Dark Web - @jbaert
Tor: Helping the network
● Media / Press– Offer your site as a Hidden Service
– Set up a SecureDrop
Why we need a Dark Web - @jbaert
Tor: Helping the network
● Programmers / Writers / Educators/ Jurists / Enthousiasts / Designers– Development
– Documentation
– Discussion
– Education
– Assist with legal issues of running Tor nodes
Why we need a Dark Web - @jbaert
And you ...
● Try it!● Spread the word
– Educate friends & family
– Talk to your IT department
– “Well actually” when you hear misconceptions
Why we need a Dark Web - @jbaert
Questions?@jbaert
[email protected] me @reception
“The internet is a mirror which reflects the society we live in. If you don’t like what you see, don’t break the mirror.” - Vint Cerf