Tor, DarkWeb, Hacking, Anonymity, Security & other resources

[Julius_Van_Der_Beak]

A nickel could buy you five rashers of bacon and about a hogshead of cider!

 

[LovecraftianMonstrosity]

Any recommendations, or personal experiences with these SW?

Not yet, but I am buying a new phone this week and I plan on buying one that cryptophone companies strip down and put their own proprietary software on (usually they use android because it is easy to build with). I may share about it, but I don't like to release my phone model info on the net so I may be vague. There is definitely a tradeoff for the security though. You won't be able to run some apps and it may block functionality on some to prevent personally identifiable data collection so be prepared for that if you're interested.

 

[LovecraftianMonstrosity]

http://zqktlwi4fecvo6ri.onion/wiki/Security

 

[LovecraftianMonstrosity]

This may be a naive question, but is there safety in something simple like having a second tracfone with a number you don't share with many people? Even though it could be easily hacked, at least someone with a specific intention towards a specific person may not find the number? I'm assuming the phone and minutes could be purchased with cash at Walmart or something?

Actually, that is not a bad idea, but if you do do that I would not recommend downloading any apps on it or internet browsing. Also your number would likely be compromised by those who keep your number in their contact list. Basically you're talking about a burner phone, but remember the more you use it the more your identity gets tied to it.

I use a VM to get into the dark webs and nothing else, it's a full Linux system will all kinds of tools on it for diving into scary places:
Whonix - Anonymous Operating System

For general and non critical anonymity, like browsing from a coffee shop, and torrents I use TorGuard, which doesn't really have anything to do with Tor, it's just a VPN:
Anonymous VPN, Proxy & Anonymous Proxy Services | TorGuard

Currently migrating all of my passwords to random strings kept in a password vault:
KeePass Password Safe

I haven't found a satisfactory way of buying/laundering BitCoin. I keep trying different things, it all tends to be awkward and risky or incredibly inconvenient. I haven't looked in a while, alternative crypto currency may help.

How would you compare your experience with whonix to tails if you have tried it? I am thinking of switching to Kali and using Tails for interactions that require more security.

 

[Norrsken]

All those scary stories about the nasty things on the deep web are fabricated, right? I don't know if I'll ever feel comfortable going there from the things I've heard so far, haha.

 

[LovecraftianMonstrosity]

I think the dark web is the bi-polar part of the internet. It attracts the darkest sickest shit you can buy in a black market along with a lot of smart skilled white hats that are in cybersecurity, work for three letter agencies, researchers at major institutions of learning, etc.

 

[skimpit]

So what is the dark web exactly? The only thing I know about it comes from videogames on YouTube let's plays.

 

[1487610420]

So what is the dark web exactly? The only thing I know about it comes from videogames on YouTube let's plays.

Dark web - Wikipedia, the free encyclopedia

visiting the dark web - YouTube

 

[skimpit]

Dark web - Wikipedia, the free encyclopedia

visiting the dark web - YouTube

Thank you. I avoid Googling it for the precise reasons this thread exists. So I suppose I'll read up on those now.

 

[Fate]

All those scary stories about the nasty things on the deep web are fabricated, right? I don't know if I'll ever feel comfortable going there from the things I've heard so far, haha.

I don't mean to start an argument but...look at 10:28-11:22.

 

[lowtech redneck]

So what is the dark web exactly? The only thing I know about it comes from videogames on YouTube let's plays.

Yeah, most of what I know comes from the SomeOrdinaryGamers and creepypastas.

 

[lowtech redneck]

All those scary stories about the nasty things on the deep web are fabricated, right? I don't know if I'll ever feel comfortable going there from the things I've heard so far, haha.

I've heard the authorities have finally caught up to the really nasty elements, and most of the remaining bad sites are operated by them to catch the criminals....but I don't really know for sure. Redrooms seem to be unverified, but illegal porn was rampant and everything else seems to have existed to some degree, and viruses are endemic. I've also heard that most of the deep web (not to be confused with the dark web) is innocuous stuff that for whatever reason standard browsers just can't link to. It frankly doesn't sound like a good place for most people to go exploring.

I stress that I don't really know, this just seems to be the conventional wisdom on youtube.

 

[Norrsken]

[MENTION=921]lowtech redneck[/MENTION]: (Nice username!) Yes, I think those "silk road" stories are definitely a thing in the past now, but it still is possible to buy illicit drugs off the deep web. I find that somewhat fascinating, even if I'll never participate in such activities.

 

[LovecraftianMonstrosity]

 

[skimpit]

Yeah, most of what I know comes from the SomeOrdinaryGamers and creepypastas.

Same. I saw a few guys play that one game with the skull face a while back which isn't really the darkweb but something close, they claim. It was pretty creepy. And now I hear there's something called the deep web which is apparently worse. What're ya'll doing on those machines you jailbreak and hijack into Windows/Apple hybrids, ah? Do you really need those porcelain doll bodies for your collection or a picture of a witch from the 1870s? Whoa, there, silver.

 

[lowtech redneck]

Same. I saw a few guys play that one game with the skull face a while back which isn't really the darkweb but something close, they claim. It was pretty creepy. And now I hear there's something called the deep web which is apparently worse. What're ya'll doing on those machines you jailbreak and hijack into Windows/Apple hybrids, ah? Do you really need those porcelain doll bodies for your collection or a picture of a witch from the 1870s? Whoa, there, silver.

My understanding is that its the other way around: the deep web is simply all the stuff that ordinary browsers can't access (I don't know why), most of it innocuous and comprising the vast majority of the internet, while the dark web is basically everything on the deep web that is illegal (which, while theoretically a small part of the deep web, seems to be disproportionately easy to access through popular deep web browsers, at least according to Youtube videos-apparently, most people use them to access regular websites anonymously, but the people who use them to access the deep web most often go to illegal sites).

Any tech savvy TypeC members wish to educate us and (hopefully) dispel a few entertaining but scary myths? This subject seems to have all the makings of a technological Satanic Panic.

 

[LovecraftianMonstrosity]

Yeah, you are more correct lowtech_redneck, the deep web is largely innocuous (depending on how you think maybe your myspace profile from 2005 might be pretty embarrassing, but it is hardly on the same level drugs, weapons, etc. A lot of the suppliers on the dark web congregate around certain websites, but the "dark web" isn't entirely filled with evil, there is a recent site launched that indexes poetry for example, but I do think there is more going on there than you believe there is. Some suppliers of illegal goods move goods from one supplier to another, so they're not necessarily involved with street level crime, but they let a lot of it be encouraged. Some people even argue that online sale of drugs may decrease street crime by cutting into the profits of gangs and creating a better (safer) supply chain. With that said the recent attack using the IoT to DDOS a lot of major sites is probably just a taste of things to come (though that doesn't necessarily have anything to do with .onion sites themselves). Not everything is very clean and clearcut. For example, the UN is meeting now on new internet standards in part to try to understand the risk of the dark web and what actions to take to get a handle on it. Anyone can start a .onion site themselves from a mobile phone or host one on their home computer and you can put whatever you like on it so it is not necessarily all illegal. Some apparently go there to create online forums to discuss things related to a particular subculture that feels it needs privacy and anonymity to avoid reprisals for the activities they conduct like a chinese hacker who wishes to avoid state detection and may post information that the CCP may not approve of, another example may be whistleblowers, or people who say are into bdsm and do not want their colleagues finding out. One example is that facebook has a .onion portal so that you can connect to their site even if you live in a country that may normally restrict your access to it like Iran or North Korea.

 

[skimpit]

Yeah, you are more correct lowtech_redneck, the deep web is largely innocuous (depending on how you think maybe your myspace profile from 2005 might be pretty embarrassing, but it is hardly on the same level drugs, weapons, etc. A lot of the suppliers on the dark web congregate around certain websites, but the "dark web" isn't entirely filled with evil, there is a recent site launched that indexes poetry for example, but I do think there is more going on there than you believe there is. Some suppliers of illegal goods move goods from one supplier to another, so they're not necessarily involved with street level crime, but they let a lot of it be encouraged. Some people even argue that online sale of drugs may decrease street crime by cutting into the profits of gangs and creating a better (safer) supply chain. With that said the recent attack using the IoT to DDOS a lot of major sites is probably just a taste of things to come (though that doesn't necessarily have anything to do with .onion sites themselves). Not everything is very clean and clearcut. For example, the UN is meeting now on new internet standards in part to try to understand the risk of the dark web and what actions to take to get a handle on it. Anyone can start a .onion site themselves from a mobile phone or host one on their home computer and you can put whatever you like on it so it is not necessarily all illegal. Some apparently go there to create online forums to discuss things related to a particular subculture that feels it needs privacy and anonymity to avoid reprisals for the activities they conduct like a chinese hacker who wishes to avoid state detection and may post information that the CCP may not approve of, another example may be whistleblowers, or people who say are into bdsm and do not want their colleagues finding out. One example is that facebook has a .onion portal so that you can connect to their site even if you live in a country that may normally restrict your access to it like Iran or North Korea.

To me the darkweb or deepweb always sounded like the normal Internet, or what the Internet would be if we didn't have the restrictions we currently have atm. Like what it would've been in the nineties or before before we had Norton or other things like that. The new web, the brand new web without any true browsers or anything like that. Nothing truly commercial about it or anything. But I see what you mean here. I guess it's a good idea from the standpoint of that Chinese hacker there.

 

[ThaumaturgicTheorist]

This thread's a bit old, but as long as it's still around, I've been trying to find info about going "off the digital grid" for a while. The problem is that the answer is often to basically to never use modern technology ever. Don't have a cell phone, don't go online, definitely don't have accounts anywhere or use the internet to shop or make money....there has to be an in-between?

How can a person conduct themselves digitally while avoiding tracking as much as possible?

I already don't have social media - nearly all of my online activities are conducted under usernames. I have, unfortunately, probably given out loads of personal information through surveys and other things, though I've largely stopped - I can't find any info about possibly erasing those, though. A VPN seems like a good idea for masking an IP address (probably my greatest digital vulnerability in my case). And what about mobile devices - apparently those are huge targets when it comes to being tracked and hacked; how can a person use those as safely as possible?

 

[SearchingforPeace]

I ran into this old article about the origins of cyber security and the lack thereof in the early Internet.

Very interesting to find out that when I watched War Games, I had no idea that it would be so important.

...

In 1967, the ARPANET was about to roll out. The ARPANET was the precursor to the internet. This was a great boon to scientific research. All the contractors of the Defense Department and labs and universities could communicate with each other on one network, instead of having to go through a zillion consoles. But there was a computer scientist named Willis Ware. He had been a computer pioneer. He was the head of the Computer Science Department at the RAND Corporation and a member of the Scientific Advisory Board at the National Security Agency (NSA). He wrote a paper. It was classified at the time. It’s been declassified since. It’s fascinating to read. He basically said, look, once you put information on a computer network — once you have online access from multiple, unsecured locations — you’re creating inherent vulnerabilities. You’re not going to be able to keep secrets anymore.

.....

He said, “Well, I took it to the team working on the ARPANET, and they said, ‘Don’t saddle us with a security requirement. Look how hard it is to do what we’ve done. It’s like telling the Wright Brothers that the first plane has to carry 20 passengers for 50 miles. Let’s do this one step at a time. Meanwhile, it’s going to be decades before the Russians can do anything like this.’” Well, it was about two and a half or three decades. In the meantime, whole networks and systems had sprouted up with no provision for security whatsoever. I look at this as the bitten apple in the digital Garden of Eden. It was something that was foreseeable, and by a small number of people, actually foreseen from the beginning; something inherent in the technology.

...

It’s 15 years after Willis Ware’s paper. Ronald Reagan is up at Camp David the first weekend of June in 1983. He watches a lot of movies up there. On that Saturday night, he watches War Games. This is the Matthew Broderick movie where he plays a teenage whiz kid who unwittingly hacks into the main computer at the North American Air Defense Command. Thinking that he’s playing a new, online game called Global Thermonuclear War, he almost sets off World War III. So, Reagan comes back to the White House. There’s a big meeting on Wednesday with his national security staff about something else completely. But at some point, he puts down his index cards, and he says, “Has anybody seen this movie War Games?” And nobody has. It had just come out.

He launches into this very detailed plot description. People are looking around the room like, where is this going? He turns to General John Vessey, who is the Chairman of the Joint Chiefs of Staff. He said, “General, could something like this really happen?” The general says, “I’ll look into that, Mr. President,” like generals do. He comes back a week later and says, “Mr. President, the problem is much worse than you think.” This leads, 10 months later, to the presidential signing of the first national security directive on communications and computer security. It reads very much like government papers you read today: “Our computer systems,” which were then just going up, “are vulnerable to electronic interference and interception by foreign powers, by criminals.” But then it takes an interesting step.

.....

The two guys writing this movie – who also later wrote a movie called Sneakers, which also had some impact – had heard from some friends who were hackers, about this technique called war dialing, or demon dialing. This is before the internet, where you program a phone to dial every number in an area code, and it rings twice. If a modem picks up, it squawks. The program records what that number is so you can come back to it later. That’s how Matthew Broderick breaks into the NORAD computer in the game. But they are wondering, is this plausible? I mean, wouldn’t it be a closed network? They lived in Santa Monica, which is where the RAND Corporation was. They called up the Public Affairs Department, laid out their problems. They said, “Oh, you want to talk to Willis Ware.” They go meet with Willis Ware, who is a very nice, genial guy. He listens to their problem, and he says, “You know, it’s funny, I designed the software for that computer in real life.” And he says, “You know, you’re right. It’s a closed system. But there’s always some officer who wants to work at home on the weekends, so they leave a port open. And yeah, if somebody dialed into that number, it could happen.” Then he said something that in retrospect, is very profound. He said, “You know what people don’t realize is the only completely secure computer is a computer that no one can use.”

......

So until Reagan asked about cyber security, there was none. And the movie, as well as the cyberpunk books of the era, was ahead of their time....