TitanHQ Blog

What is Tor and the Dark Web?

Posted by Geraldine Hunt on Fri, Oct 14th, 2016

There's a lot of talk about the dark web these days, including how cybercriminals use it to spread malware, sell stolen data and publish user account credentials.

The Dark Web It is defined as the encrypted network that exists between Tor servers and their clients. It is completely separate from the World Wide Web. Tor, an acronym for "The Onion Router", enables users to surf the Internet, chat, and send instant messages anonymously. In and of itself, it is not nefarious. Here is how Tor developers view their creation on https://www.torproject.org/: “Tor is free software and an open network that helps you defend against traffic analysis, a form of network surveillance that threatens personal freedom and privacy, confidential business activities and relationships, and state security. “

There has been a 24 percent growth rate of onion sites on the Dark Web between 2014 and 2015, according to Flashpoint research. Tor use jumped again in the last year since the revelation of the National Security Agency's surveillance program.

A little history

Negative stereotypes about the Dark Web abound. In March, a CIGI study showing 7 in 10 people want the Dark Web shut down. Many people heard of the Dark Web for the first time in 2013 when the FBI dismantled the Silk Road, the largest black market site (at the time) trafficking in guns and drugs. But the Dark Web did not start out as haven for criminals. Tor was developed in the mid-1990s by computer scientists and U.S. government agencies. In 2006, the Tor Project was created as a nonprofit organization to maintain Tor for public use.

There are plenty of reasons that people might want to anonymize their web activity using Tor:

In countries where many websites are blocked, Tor provides a way to access those sites. For example, in mainland China as of September 2015, around 3,000 websites were blocked. These includes most of Google’s offerings, Facebook, YouTube, Twitter, and Instagram. Anonymity is critical when communicating sensitive information or whistle-blowing. Today, news outlets like The Guardian, The Intercept, and The New Yorker all host Dark Web drop sites for anonymously leaked tips and documents. So, of course, does WikiLeaks. Tor and the Dark Web was used to mobilize the Arab spring. Some people use Tor to keep websites from tracking them for advertising purposes.

How does Tor work?

Tor is not the only tool to access the Dark Web; it is simply the most popular. Other systems include Freenet or the Invisible Internet Project (I2P). Here is how Tor works. Tor forwards network traffic from the user’s computer and shuffles it through a random series of relays to reach its destination. Each node (or onion router) in the path knows its predecessor and successor, but no other nodes in the circuit. Traffic flowing down the circuit is sent in fixed-size packets which are unwrapped by a symmetric key at each node (like the layers of an onion) and relayed downstream. This process anonymizes the user’s location and makes it difficult to monitor the user’s activity.

Tor encryption is performed by the Tor servers, not on your desktop. Traffic between two Tor nodes is not traceable, but traffic entering or exiting Tor gateways to or from the “normal” Internet is, unless SSL encryption is in effect. Tor is not an end-to-end encryption mechanism; if communication is not encrypted using separate software before entering the Tor network, anyone can read it at the gateways. Since the U.S. National Security Agency is suspected of administering a high percentage of all the world’s public Tor exit gateways, you can bet that any unencrypted traffic is monitored by the NSA.

Many users access Tor through a VPN. Here’s why:

  • A VPN allows you to spoof your geographic location. 
  • As mentioned above, anyone at the Tor exit gateway can read unencrypted communication passing through.
  • A VPN provides privacy.
  • Some ISPs block Tor. An ISP will not know you are accessing the Dark Web if you use a VPN.
  • The Tor entry gateway will see the IP address of the VPN server, not the user’s true IP address.

However, Tor exit gateways are often blocked. Also, a VPN provides no protection from malicious Tor exit gateways. Instead of using a VPN, some Tor users route through a Tor bridge such as Obfsproxy. This can be effective at hiding Tor use if deep packet inspection is not configured to detect Tor.

What does the Dark Web look like?

The first thing to notice is how slow the Tor browser is; even slower if a VPN is used in tandem. The URLs also look a bit strange. An example is wlupld3ptjvsgwqw.onion, the Dark Web site for Wikileaks. Protocols outside the standard HTTP/HTTPS abound, most commonly IRC, IRCS, Gopher, XMPP, and FTP. A long-term survey by TrendMicro showed that 41% of URLs are Russian, while 40% are English.

Finding what you are looking for is a bit of a challenge since many sites appear and disappear within days. This is not to say that there are no search engines; the drug search engine Grams looks like Google. Since there are many malicious webpage links, some users rely on Tor .onion link lists or a friend’s tip to get around. An alternative is one of the Dark or Deep Web search engines that talks to the onion service via Tor and relays, resolves the .onion links, and then delivers the final output to your regular browser on the World Wide Web.

The Dark Web has some of the same kinds of sites available on the “normal” internet. Deep Web Radio is a worldwide music radio station. There are dedicated hosting services, anonymous email and chat; even Twitter clones. Of course, there are blogs and forums. in January 2016, ProPublica launched the Dark Web’s first major news site.

Whistleblowers, human rights activists, journalists, military, and law enforcement all have a presence. Victims of domestic abuse use the Dark Web to communicate without being tracked by their abusers.

A description of the Dark Web would not be complete without mentioning the .BIT financial sites involving Bitcoin, markets for stolen information and illegal goods, and exploit kits and information for blackhats. Daniel Moore and Thomas Rid in their book Cryptopolitik and the Darknet report that 57% of the Dark Web consists of illegal activity. It is fair to say that Deep Web is an immense information-sharing tool that facilitates criminal activity. Cryptocurrencies like bitcoin and anonymization networks such as Tor make it easy for adversaries to enter the malware market and quickly begin generating revenue.

Stay tuned…

In an upcoming article, we will discuss the technical ramifications of the Dark Web and measures that will (or will not) stop Tor from being accessed from your network.

Never Miss a Blog Post

Sign-up for email updates...

Get Your 30 Day FREE Trial

Talk to Our Email and DNS Security Team

Call us on USA +1 813 304 2544 or IRL +353 91 545555

Contact Us