Have You Ever Visited The Deep Web?

face1990 wrote: »

You can get enough info to identify people if you're running lots of the servers that the TOR network uses (usernames and passwords have been gotten). Surely most of them must be run by the NSA or similar.

Funnily enough they're not, the Snowden slides state that they have access to an extremely low number of nodes.

"If you actually look in to where these Tor nodes are hosted and how big they are, some of these nodes cost thousands of dollars each month just to host because they're using lots of bandwidth, they're heavy-duty servers and so on. Who would pay for this and be anonymous?"
link

Ironically, Tor gets a huge amount of funding from the US Navy, who use it for confidential communication while abroad. Since they need to make sure it's uncrackable up to the highest standard they know of, by definition they're going to be trying to make it stronger than the NSA's ability to crack it, which would be the US military's "benchmark" for how strong encryption should be.

It's essentially a big dilemma - the US government wants easy access to identifying Tor users, but they know that if they make it accessible for themselves, it will also be accessible for others. So you effectively have the Navy actually competing with the NSA in trying to help develop stronger encryption and easier cracking respectively. Nice balance really

It must also be pointed out that large criminal gangs of various kinds also use Tor and they would presumably be more than happy to fund their own anonymity, so that's probably where the rest of these nodes are coming from.

syklops wrote: »

but if you include all the nodes accessible by all of the US intelligence service, lets just say I wouldnt want to bbe on the FBI's most wanted list and depending on Tor for my freedom. NSA, ONI, CIA etc etc.

Well, it's fair to say that the Dread Pirate Roberts of Silk Road had been on their most wanted list for years, and in the end the only way they could get him was when he ****ed up with his personal email address, they never actually managed to target his Tor connection... Same seems to apply to the Irish guy

Vivienne23 wrote: »

,

One thing I did see which I thought was shocking was PayPal accounts that you could buy and "cash in" , I.e hacked accounts with an amount for sale , I shuddered to think that could be me someday ...

Just a thought, but if you had access to such accounts why wouldn't you just empty them yourself rather than sell that option to a third party - presumably for less money?

sbsquarepants wrote: »

Just a thought, but if you had access to such accounts why wouldn't you just empty them yourself rather than sell that option to a third party - presumably for less money?

Obviously because by using that "hot" money you're taking a substantial risk, by selling it for Bitcoin they're washing their hands of it, and the eejits who buy from them are getting "hot" money which is almost certainly the subject of theft investigations. :pac:

As always, a lot of successful crime relies on a steady supply of gullible muppets.

The Backwards Man wrote: »

To me it's a lot like Waterford. I have absolutely zero interest in ever going there.

ignorance is bliss,

BillyMitchel wrote: »

This post makes it sound tempting. What's the craziest thing you've came across on it?

Nothing major, it's mostly boring like the regular internet.
Gunmen for hire, call girls, guns for sale, hacker for hire. That kind of thing.

hatrickpatrick wrote: »

Tor is not the only manifestation of the deep web, just the one which has received the most mainstream publicity. There are many other protocols for running underground web applications - i2p is a good example, which apart from allowing anonymous browsing, contains its own built in hidden chat system.

i2p is what's referred to as a Black Net. It is completely separate from the Clear Web. Where a computer on TOR can access the Clear Web, a computer on i2p cannot.

I would consider TOr to be a Dark Net and i2p to be a Black Net.

Boskowski wrote: »

This is a complete misconception of how the internet works.

People these days think if it's not on google it's deep and dark and not legit. Scrap that people think Google is the internet. I have seen people entering urls into google.

All Google does is indexing websites. Some websites don't want to be indexed for very legitimate reasons. Some websites are pay services and they don't want their content 'out there'. Some websites are educational for example universities they don't want every bloody thesis on Google but they want them available for uni members. Stuff like that. There is loads of other scenarios.

Then there is the part if the web that isn't even www/HTML. Like usenet FTP etc.

Technically that's all 'deep web'. Cis it can't be searched and accessed by everyone. You actually have to know yourself where it is.

People think not on google == paedo.

It's just ignorance. 15 years ago people thought www == internet now it's google == internet. Both wrong but the more non techy people use something the more dumbing down it needs. Then when something isn't dumbed down and people don't get it becomes shady or something.

I could offer a better explanation but going by the tone here on the subject I had to dumb it down a bit.

To be fair, that's one definition of the Deep Web but it's changing now, to encompass new protocols which attempt to obscure both the destination and origin of web traffics to third parties, from ISPs to spies etc.

While traffic on the internet is usually encrypted, anyone watching can see where it's going and where it came from. So I couldn't see what you were posting on Facebook by tapping a fibre cable, but would be able to see that your IP was requesting a page from Facebook at X time. The new definition of Deep Web includes technology which attempts to obscure this destination metadata as well as content, and also includes websites and hosts which hide behind protocols designed to make it impossible (or as hard as possible) for anyone to figure out where the server is located.

Oat23 wrote: »

Never knew freedom hosting was owned by an Irish guy. I remember first hearing about it when Anonymous started attacking it.

Never been a fan of extraditing citizens to foreign countries. But ship this c*nt out to the Americans. He'll get 10 years here probably :rolleyes:.

TBH I feel that's a difficult one to answer - as abhorrent as the content was, should it be ultimately his responsibility as the hosting provider or his customers' responsibility as the direct uploaders and hosters of the stuff?

Before you answer, consider that if we decide that hosting providers should be responsible for knowing what all of the content on all of their servers is, that could create a fair amount of havoc in terms of the real time internet. For instance, should Facebook be held responsible for libel posted on it, or should its customers who post it? If we decide that the platform provider is ultimately responsible, we run the risk of creating a chilling effect on people providing unmoderated, real-time platforms for people to post on. Megaupload is a good example - lots of piracy and lots of legit uses, but the internet has lost a fantastic file storage service because the US decided that it was responsible for all the illegal activity it was used for and shut the whole thing down, taking the good and the bad down with it. Other file lockers such as Filesonic shut down or disabled their file sharing capabilities fearing a similar crackdown, meaning that a lot of the most convenient ways of transferring large files have been lost.

To give you one example, Marques also hosted Tor Mail, an anonymous email service. Because of the shutdown, that has now fallen into the hands of the FBI who are actively trawling it, and you can bet that activists and political dissidents have now had their communications exposed as well as criminals.

At what point does collateral damage become too much to justify such actions?

Not saying I have an answer, just saying I don't think it's as clear cut as advocating Marques getting thrown in jail - while he may have been an evil man (or he may not have been, depending on how much he knew), holding him responsible for freedom hosting's users' content creates a precedent which applies to platforms across the entire internet.
Is that something we want to do?

hatrickpatrick wrote: »

To a point. Longer keys will combat more efficient computers, but if a new mathematical theorem is discovered which allows easy factoring of large prime numbers without the need for brute force calculations, we're screwed. And the NSA is working very hard on this.



Anything that can be used by political dissidents to protect themselves can also be used by criminals - in my view, the benefits far outweigh the drawbacks.

I'm the opposite, I would sacrifice protecting political dissident if it exposed paedophiles anonymity and got children out of that hell.

enfant terrible wrote: »

I'm the opposite, I would sacrifice protecting political dissident if it exposed paedophiles anonymity and got children out of that hell.

It depends what we're sacrificing though. Supposing TorMail was used by Chinese activists to bypass China's web filters? Their lives could arguably have been put in danger by the exposure of such emails. What about Mexican drug informants?

It's not as clear cut as it seems.

hatrickpatrick wrote: »

It depends what we're sacrificing though. Supposing TorMail was used by Chinese activists to bypass China's web filters? Their lives could arguably have been put in danger by the exposure of such emails. What about Mexican drug informants?

It's not as clear cut as it seems.

Could the NSA break TOR to expose paedophiles, then keep the technology from everyone else?

A black project or whatever they call them.

hatrickpatrick wrote: »

Do you really think if the NSA managed to break Tor they wouldn't then use that capability to disrupt anything else it decided was bad for society, like the way its been controlling internet discourse as we've seen in the latest Snowden files?

Organizations like the NSA are the entire reason ordinary non-criminal people would start using Tor in the first place!

Also, what I'm talking about isn't hypothetical - the FBI are already using their Tormail access to go after other people who have nothing to do with child porn.

So what are we weighing up now the evil NSA cracking TOR or catching paedophiles?

I'm ok with being spied on if it helps catch child rapists.