
Dark Web Map - xkcd-sucks
https://www.hyperiongray.com/dark-web-map/
======
Red_Tarsius
I found the screenshot of a hitmen-for-hire service.
[https://imgur.com/a/6vfcx](https://imgur.com/a/6vfcx) I wish users could
share the coordinates of any item in the map. But it's a really fascinating
work. Kudos to the creators!

~~~
andrepd
Is it me or is that an easy way to make money? Create a "murder-for-hire"
website, or whatever illegal service you want, then disappear with the
bitcoins.

~~~
elorant
Sure, you could do that but bare in mind that you're dealing with criminals
and whatnot. I wouldn't want to fraud such people.

~~~
c22
Why not? They wont go to the authorities and without assistance it's unlikely
they'd be able to find an anonymous actor who took the right precautions.

------
iooi
This looks ominous, anyone have any ideas on how to solve the puzzle?

[https://imgur.com/XXpyoqW](https://imgur.com/XXpyoqW)

~~~
esnard
Ideas:

\- The "vbizukfplsqf...." is not part of the puzzle

\- The original website is available at
[https://vbizukfplsqfdhbr.onion/](https://vbizukfplsqfdhbr.onion/)

\- The page title is "Caesar Was Rome's 2nd Emperor", hinting to Caesar cipher

\- In a HTML comment: "kcovjgfktgevgf" which is "I am the directed" encrypted
via Caesar cipher

\- In a HTML comment: "6e6f71696e796c6e646e7179736d77666163766a7272666a0a"
which is the hexadecimal for "noqinylndnqysmwfacvjrrfj\n"

\- The image is named "vigenere.png", hinting to Vigenere cipher

~~~
BlackLotus89
The solution is

> endofthelinenineninenine

every one of your obervations was correct (btw I got to know the tabula recta
as vigenere square [1])

kcovjgfktgevgf was the key for noqinylndnqysmwfacvjrrfj\n (and \n is indeed
endoftheline)

I used an online vigenere chiffre "applet" (ok it is javascript so not really
an applet but who cares) and I got an off by one (just define the alphabet as
bcdefghijklmnopqrstuvwxyza or use jbnuifejsfdufe as the key)

PS. Without tor you can use [3] and thx for making me waste that 5 minutes :D
it was fun

[1]
[https://en.wikipedia.org/wiki/Tabula_recta](https://en.wikipedia.org/wiki/Tabula_recta)

[2] [https://cryptii.com/vigenere-cipher](https://cryptii.com/vigenere-cipher)

[3] [https://vbizukfplsqfdhbr.onion.link](https://vbizukfplsqfdhbr.onion.link)

~~~
iooi
So what does that solution mean? Are you supposed to visit /999?

~~~
BlackLotus89
Don't know it isn't my puzzle. Maybe I'm wrong and this isn't the solution and
there is still some way to go.

Edit: damn wanted to try the /999 but the site is down (yeah I'm using tor and
not the onion.link link) I hope this is just the HN effect and it will soon
work again

Edit2: I hoped to find something hidden in the image itself but it wasn't

Edit3: If anyone else wants to give it a shot
[https://blacklotus.github.io/](https://blacklotus.github.io/) uploaded the
index.html and vigenere.png (oviously no other files)

~~~
esnard
I read "Hax and Vax" as "Horizontal axis and Vertical axis", but I'm not sure
what to think about it.

------
swarnie_
Wait until after work to take a look at this one. Even before you agree to the
disclaimer a lot of enterprise filters will alert based on the description of
the content it hasn't loaded.

~~~
commandlinefan
... if it's still even up by then. Things like this tend to disappear pretty
fast.

------
blackflame7000
If an image containing illegal content is sent to the browser of an
unsuspecting user, does that constitute a breach of the law? If a CDN goes
rogue and suddenly starts pushing out child porn then is every person whos
browser cached that image now guilty? What if they didn't even know it got
cached? A very grey area with these sorts of things.

~~~
nawtacawp
Not illegal:

(d)Affirmative Defense.—It shall be an affirmative defense to a charge of
violating subsection (a)(5) that the defendant— (1) possessed less than three
images of child pornography; and (2) promptly and in good faith, and without
retaining or allowing any person, other than a law enforcement agency, to
access any image or copy thereof— (A) took reasonable steps to destroy each
such image; or (B) reported the matter to a law enforcement agency and
afforded that agency access to each such image.

[https://www.law.cornell.edu/uscode/text/18/2252A](https://www.law.cornell.edu/uscode/text/18/2252A)

Also, the main charge of possession is __knowingly __possessed

~~~
stordoff
That may be the case in the US, but FWIW it is not necessarily true across
jurisdictions. In the UK, for instance:

> A person who views an image on a device which is then automatically cached
> onto its memory would not be in possession of that image unless it can be
> proved that he / she knew of the cache [...but...] the person would also
> have "made" the image in question. Subject to there being evidence of the
> act which constituted the making and the necessary mental element, an
> offence contrary to section 1 of the PCA 1978 is preferable and in most
> cases would suffice. [...] The charge of 'making' [has been] widely
> interpreted to cover such activities as opening attachments to emails and
> downloading or simply viewing images on the internet.

Further note:

> So, for example, in a "pop-up" case, it would have be to be proved [for the
> act of making] that suspect knew that accessing a website would generate
> "pop-ups" and that those "pop-ups" would depict, or be likely to depict,
> indecent images of children

That is far shakier legal ground than I would like to be on, especially for
readers of this thread who would presumably be aware of the cache and where it
has been hinted that the images may contain at best questionable content.

[https://www.cps.gov.uk/legal-guidance/indecent-images-
childr...](https://www.cps.gov.uk/legal-guidance/indecent-images-children-
iioc)

------
philfrasty
This one site says if I give them 1 Bitcoin I will make 350% profit in 48
hours...Bernie Madoff approves

~~~
blackflame7000
If he's not a Nigerian, I'd be careful. It's possible he's not insured by a
recent family inheritance.

------
donmcronald
The censoring is not 100%. The map is cool, but there are definitely some
thumbnails you don’t want in your browser cache.

------
kaennar
Why does Indeed.com have a dark web site? Is there an advantage to that?

I'm also surprised at the number of pun-sites/joke-sites on here. It's like
the early internet.

------
jstanley
The disclaimer didn't make it clear (I thought it would just be showing
hostnames), but this map shows screenshots of hidden service home pages.

So it's probably wise not to look closely at too many.

~~~
gremy0
> Each site is represented in the map as a screenshot,

and

> The Dark Web Map contains uncensored content from thousands of dark web
> sites.

You thought the (onion) hostnames would be considered uncensored content? and
that this required a disclaimer?

and

> These sites include mature and/or offensive content, including pornography,
> violence, and racism.

and

> By clicking the "Accept" button, you are affirming that you are at least 18
> years old and accept all responsibility for viewing this content.

~~~
matte_black
Why on earth would they think posting uncensored screenshots from the dark web
would be a good idea? When browsing the dark web you should always be going in
with images turned off, before you run into child porn at work and end up in
prison.

~~~
always_good
Because it's the only reason the project is somewhat interesting.

------
l0b0
The most interesting thing about this was how the "map" part of it was
completely irrelevant. From a quick scan every single large interconnected
subgraph contained only completely or virtually identical sites.

------
TheRealPomax
Wow, didn't realise the darkweb was so tiny.

~~~
fmj
They made this map by spidering public onion sites, so you're only seeing
sites that were publicly linked to on a site they crawled. You could brute
force the .onion address space to get a more accurate estimate of the number
of onion sites currently online, but that would take a long time at the speed
Tor operates.

~~~
anamexis
There are 2^80 possible onion addresses, so it would take a very, very long
time at any speed.

~~~
CognitiveLens
to get an estimate, you only need a sample

------
esseti
the intresting stuff is on the side ;) (looking at the map it seems to be a
90-ish version of the internet made by wiredo)

------
crankylinuxuser
SO, that's annoying and pretty pointless. I can't search the HSDir names or
the related content per page. I have to manually and visually look at a map. I
was curious if my services were on there, as I run quite a few HSDirs. But no
way I'm going to look at every image.

This would have been interesting if they either released the data or make the
content searchable. Oh well.

~~~
nawtacawp
How do you think they got this data? It appears more than just hidden wiki
entries.

~~~
crankylinuxuser
Any bridge can see announced HSDirs communicating to it. So technically you
can be a bridge and save all HSDirs that are being passed.

This will get your bridges banned by Tor __IF __they know you 're doing that.
So the ones who do, stay quiet about it. I'd give it 3 days before their
bridge is distrusted and revoked.

------
anc84
That is very hard to navigate and slow to render. I suggest you simply use
standard image tiling via
[https://www.maptiler.com/](https://www.maptiler.com/) or something similar.

------
fimdomeio
I suppose it's a very small portion. either that or the dark web is really way
smaller than I thought.

~~~
nawtacawp
The blog post states it is about 10% of the total sites.

------
mancerayder
What makes it so hard for undercover agents to browse this stuff and make
purchases of <insert illegal substance or act here> to nab the seller? Or set
up fake services and nab buyers?

It must be a mess. I can't see how people wouldn't be paranoid on here to the
point of chilling it.

~~~
mirimir
Undercover agents can buy whatever they like. But smart sellers aren't so easy
to identify. There's always a risk in mailing stuff, of course. But Bitcoin
can be anonymized well enough.

Buyers are more vulnerable. Many have stuff mailed to their actual addresses.
Even if they pay with well anonymized Bitcoin. Some have stuff sent to places
that are empty, where people are on vacation, or infirm, and so on.

I haven't heard of fake markets. But investigators have taken over markets,
and identified both sellers and buyers.

------
mirimir
A search button would be cool.

There used to be a cool site by Harry71 that listed all onion sites. But I
suspect that it was trawling hidden service directories, which Tor Project
frowns on.

------
Freak_NL
A small oversight in the censoring of the onion addresses: some of the
screenshots show websites that list the full address somewhere on it (e.g.
'gunbizme…').

~~~
Freak_NL
Also, some of the pages shown link to other (uncensored) onion addresses in
the screenshot.

------
elorant
Thanks but no thanks. The last thing I want for my Friday afternoon is to see
a picture of an abused child or worse.

~~~
wingworks
They removed them from what I understood. It's mostly filled with prank sites.

~~~
blattimwind
Looks like about 1/3 of everything are the equivalent of "It works!" pages
(the huge white clusters and the large cluster of "You made a site on the dark
side").

Doesn't mean that there is nothing to be accessed on those servers, though.

------
mlamat
How can I get the full link address?

~~~
crankylinuxuser
You can't. Creator intentionally crippled HSDirs for "reasons".

