
Making Light of the “Dark Web” - andimm
https://www.troyhunt.com/making-light-of-the-dark-web-and-debunking-the-fud/
======
superkuh
You gotta be the change you want to see. Start putting every site you
register/lease a domain for on the clear web also on the tor network with it's
own onion address that you really own. I do it and now I get plenty of good
traffic (along with all the bots/scans) over Tor to my technical hobby (radio)
sites.

It's a better system that doesn't require you to trust the DNS companies to
stand up to political/business/other pressure.

~~~
Ajedi32
I've played around with Tor hidden services a bit, and the biggest problem I
have with actually using them is discoverability. Even if a site I'm looking
at does offer a hidden service version of itself, all search engine links
still point to the clearnet version of the site.

I wonder if Tor browser would be open to some changes to fix that problem.
Maybe offering to show the onion version of a site if the site includes

    
    
        <link rel="alternate" href="http://[address].onion/" />
    

in its head would be a good first step.

~~~
superkuh
I put a big H1 link with the tor address on my domain index pages.

------
badrabbit
So.. At this point it's no secret that hostile nation state actors run a large
number(majority) of Tor relays and exits and target users using their favorite
0 day of the month in addition to revealing their real IP.

Is it wise or even safe to use Tor at this point? The Tor network was not
designed to be resistant to the current and very active global adversaries.

I say this because of all the comments I am reading about supporting Tor and
having an onion service. If you are someone who still thinks Tor is safe,can
you explain to me what threat model would make it a relevant solution? No
matter how I look at it all the threat actors Tor might help against can
either deanonymize you or they are so resource bound,using a reputable VPN
will thwart them just as well (with the reduced risk of a hostile 'exit')

At this point,I think recommending Tor might actually be dangerous. Looking
Forward to the Orchid project to go live.

~~~
kaffee
Use tor for hidden services only. There's far less scope for a hostile
geographic nation state to serve malware and/or record IPs.

I'm also confused about what exactly a nation state learns when it sees that
you accessed nytimes.com (or some other site) using tor. They learn the same
thing by monitoring all internet traffic.

Perhaps you could clarify your criticism of tor for the benefit of readers?

~~~
badrabbit
Certainly. As you said,a hostile nation state targeting a nobody (like myself)
would gain no new information by the fact that it knows I used Tor to access
nytimes. Unfortunately, intelligence community and law enforcement agencies do
not presume innocence. They would presume that you're a "bad guy" who is
"trying to hide". What harmless sites you visit is of little importance to
them. You're a likely threat,essentially, a Tor user is an active target for
proactive LE and Intelligence gathering operations.

This isn't parnoia,the snowden leaks which dated around 2008 show the NSA
targeting visitors of sites like linux.com (xkeyscore).

When hunting for "threat" you look for the people trying to hide. For
example,they love it when people use PGP encrypted emails,their sensors pick
up on that and they correlate metadata gathered from that communication for
further intel gathering and offensive targeting (PGP does not encrypt email
metadata)

So,using Tor with a nation state actor or LE agency incorporated into your
threat model would be very bad in my opinion,even if all you do is visit
nytimes over https via hidden service with noscript.

------
jstanley
Enjoyed the Experian video:
[https://www.youtube.com/watch?v=vjrydnr_pvQ](https://www.youtube.com/watch?v=vjrydnr_pvQ)

I can't get past the irony of Experian making a tool to help people find out
if their personal data is being traded without their knowledge.

Here, I translated it:

"Is your personal information already being traded on Experian?

Find out on the dark web. Right now we're offering a one-time Experian scan
completely free.

Go to xyz.onion/scan to see if your information is on Experian.

Then learn how the dark web can protect your identity.

Act now to keep your personal information safe."

~~~
zeth___
I still trust them more^H^H^H^H as much as facebook.

~~~
msla
You can use ^W to erase a whole word.

------
buildbuildbuild
Quite interested in legal action against Experian. As a person who has faced a
lot of cyberstalking in the past, I enrolled in their dark web product mostly
for kicks (and it was free).

... then I posted my name buried in a long post in the most popular Tor forum.

Zero notifications months later.

~~~
buildbuildbuild
Am I the only one who finds Troy’s description of a tragic suicide offensive?

“Many [dark markets] with their operators in jail or dead (it didn't work out
so well for the operator of AlphaBay)”

~~~
EnFinlay
No, I didn't find it offensive. And characterizing a suicide by someone who
broke multiple laws, got rich doing so, and then being unwilling to face the
laws as "tragic" is a bit disingenuous.

~~~
buildbuildbuild
I have struggled a lot with depression and can assure you that all suicide is
tragic.

edit: sorry, not trying to be argumentative. It's just a very personal topic
for me having known victims. I wish you the best :)

~~~
EnFinlay
I too wish you the best, sorry for coming across so aggressively.

~~~
brokenmachine
I love seeing nice people on the internet. __group hug __!!

------
wgerard
I'm actually shocked that the "dark web" makes up anywhere close to 6% (not
sure what that's a percent of, I assume it's 6% of all websites).

That seems pretty high, but admittedly I don't head down that route very
often.

~~~
ryanlol
I don't see any reason to believe that the numbers in that infographic might
be accurate.

~~~
ktpsns
It does not even define how it measures the "size" of someting in the web. I
own a website where most files are by intention not clickable from the home
page (I would call them "private). By definition, is it "dark"? How do we
measure how much the website is dark -- by the file size, number of files or
information entropy? And how can it be measured by anybody except me?

"Dark Web" is just a buzzword to sound scary and fancy, nothing more.

------
zitterbewegung
I had trouble explaining someone what the Deep Web was. I was using the
analogy : "Imagine the Internet without google.". I also tried to say "Imagine
you only had access to a set of links to find content". I was unable to get
over this mental hurdle when explaining this to them.

~~~
jayd16
So its like AOL homepage era dial up?

~~~
seandougall
And nearly as fast!

------
tbirrell
Actually, "dark-web" is not (yet) in the list of words the bulshit generator
uses. The whole generator function is in `#mk-boxed-layout script` (viewable
in the element inspector) along with the word list it uses.

    
    
      var verbs = Array('aggregate', 'architect', 'benchmark', 'brand', 'cultivate', 'deliver', 'deploy', 'disintermediate', 'drive', 'e-enable', 'embrace', 'empower', 'enable', 'engage', 'engineer', 'enhance', 'envisioneer', 'evolve', 'expedite', 'exploit', 'extend', 'facilitate', 'generate', 'grow', 'harness', 'implement', 'incentivize', 'incubate', 'innovate', 'integrate', 'iterate', 'leverage', 'matrix', 'maximize', 'mesh', 'monetize', 'morph', 'optimize', 'orchestrate', 'productize', 'recontextualize', 'redefine', 'reintermediate', 'reinvent', 'repurpose', 'revolutionize', 'scale', 'seize', 'strategize', 'streamline', 'syndicate', 'synergize', 'synthesize', 'target', 'transform', 'transition', 'unleash', 'utilize', 'visualize', 'whiteboard');
              
      var adjectives = Array('24/365', '24/7', 'B2B', 'B2C', 'back-end', 'best-of-breed', 'bleeding-edge', 'bricks-and-clicks', 'clicks-and-mortar', 'collaborative', 'compelling', 'cross-platform', 'cross-media', 'customized', 'cutting-edge', 'distributed', 'dot-com', 'dynamic', 'e-business', 'efficient', 'end-to-end', 'enterprise', 'extensible', 'frictionless', 'front-end', 'global', 'granular', 'holistic', 'impactful', 'innovative', 'integrated', 'interactive', 'intuitive', 'killer', 'leading-edge', 'magnetic', 'mission-critical', 'next-generation', 'one-to-one', 'open-source', 'out-of-the-box', 'plug-and-play', 'proactive', 'real-time', 'revolutionary', 'rich', 'robust', 'scalable', 'seamless', 'sexy', 'sticky', 'strategic', 'synergistic', 'transparent', 'turn-key', 'ubiquitous', 'user-centric', 'value-added', 'vertical', 'viral', 'virtual', 'visionary', 'web-enabled', 'wireless', 'world-class');
              
      var nouns = Array('action-items', 'applications', 'architectures', 'bandwidth', 'channels', 'communities', 'content', 'convergence', 'deliverables', 'e-business', 'e-commerce', 'e-markets', 'e-services', 'e-tailers', 'experiences', 'eyeballs', 'functionalities', 'infomediaries', 'infrastructures', 'initiatives', 'interfaces', 'markets', 'methodologies', 'metrics', 'mindshare', 'models', 'networks', 'niches', 'paradigms', 'partnerships', 'platforms', 'portals', 'relationships', 'ROI', 'synergies', 'web-readiness', 'schemas', 'solutions', 'supply-chains', 'systems', 'technologies', 'users', 'vortals', 'web services');

------
mandelbulb
>Check out his mum's face - he is so grounded!

:>

~~~
Pica_soO
Young man, i had enough of this. You are getting outside, sunshine, no
technology, no internet. We bought you a skate-board and a e-guitar as
punishment. This is what your summer looks like.

