Hacker News new | comments | show | ask | jobs | submit login
Making Light of the “Dark Web” (troyhunt.com)
173 points by andimm 9 months ago | hide | past | web | favorite | 35 comments

You gotta be the change you want to see. Start putting every site you register/lease a domain for on the clear web also on the tor network with it's own onion address that you really own. I do it and now I get plenty of good traffic (along with all the bots/scans) over Tor to my technical hobby (radio) sites.

It's a better system that doesn't require you to trust the DNS companies to stand up to political/business/other pressure.

I've played around with Tor hidden services a bit, and the biggest problem I have with actually using them is discoverability. Even if a site I'm looking at does offer a hidden service version of itself, all search engine links still point to the clearnet version of the site.

I wonder if Tor browser would be open to some changes to fix that problem. Maybe offering to show the onion version of a site if the site includes

    <link rel="alternate" href="http://[address].onion/" />
in its head would be a good first step.

I put a big H1 link with the tor address on my domain index pages.

Sounds great. Do you know of any clear, easy to follow guides to make this happen? Something like the DigitalOcean reference tutorials would be optimal.

It's not quite DO caliber but this gist was sufficient for me: https://gist.github.com/mtigas/565718bbb928ce439e95

It was very simple. I think what we really need is web server integration like we are starting to have with TLS.

A Tor plugin for Caddy would be cool. Or some other way to make it as easy to setup a Tor hidden service as easily as a TLS site.

So.. At this point it's no secret that hostile nation state actors run a large number(majority) of Tor relays and exits and target users using their favorite 0 day of the month in addition to revealing their real IP.

Is it wise or even safe to use Tor at this point? The Tor network was not designed to be resistant to the current and very active global adversaries.

I say this because of all the comments I am reading about supporting Tor and having an onion service. If you are someone who still thinks Tor is safe,can you explain to me what threat model would make it a relevant solution? No matter how I look at it all the threat actors Tor might help against can either deanonymize you or they are so resource bound,using a reputable VPN will thwart them just as well (with the reduced risk of a hostile 'exit')

At this point,I think recommending Tor might actually be dangerous. Looking Forward to the Orchid project to go live.

Use tor for hidden services only. There's far less scope for a hostile geographic nation state to serve malware and/or record IPs.

I'm also confused about what exactly a nation state learns when it sees that you accessed nytimes.com (or some other site) using tor. They learn the same thing by monitoring all internet traffic.

Perhaps you could clarify your criticism of tor for the benefit of readers?

Certainly. As you said,a hostile nation state targeting a nobody (like myself) would gain no new information by the fact that it knows I used Tor to access nytimes. Unfortunately, intelligence community and law enforcement agencies do not presume innocence. They would presume that you're a "bad guy" who is "trying to hide". What harmless sites you visit is of little importance to them. You're a likely threat,essentially, a Tor user is an active target for proactive LE and Intelligence gathering operations.

This isn't parnoia,the snowden leaks which dated around 2008 show the NSA targeting visitors of sites like linux.com (xkeyscore).

When hunting for "threat" you look for the people trying to hide. For example,they love it when people use PGP encrypted emails,their sensors pick up on that and they correlate metadata gathered from that communication for further intel gathering and offensive targeting (PGP does not encrypt email metadata)

So,using Tor with a nation state actor or LE agency incorporated into your threat model would be very bad in my opinion,even if all you do is visit nytimes over https via hidden service with noscript.

Enjoyed the Experian video: https://www.youtube.com/watch?v=vjrydnr_pvQ

I can't get past the irony of Experian making a tool to help people find out if their personal data is being traded without their knowledge.

Here, I translated it:

"Is your personal information already being traded on Experian?

Find out on the dark web. Right now we're offering a one-time Experian scan completely free.

Go to xyz.onion/scan to see if your information is on Experian.

Then learn how the dark web can protect your identity.

Act now to keep your personal information safe."

I still trust them more^H^H^H^H as much as facebook.

You can use ^W to erase a whole word.

stty erase ^H

Quite interested in legal action against Experian. As a person who has faced a lot of cyberstalking in the past, I enrolled in their dark web product mostly for kicks (and it was free).

... then I posted my name buried in a long post in the most popular Tor forum.

Zero notifications months later.

I am shocked. Shocked, I say.

Am I the only one who finds Troy’s description of a tragic suicide offensive?

“Many [dark markets] with their operators in jail or dead (it didn't work out so well for the operator of AlphaBay)”

I didn't catch the implication of suicide there. I figured he was gunned down and then saw the headline and figured "oh, arrested, yeah that sounds like it not working out very well" and moved on.

No, I didn't find it offensive. And characterizing a suicide by someone who broke multiple laws, got rich doing so, and then being unwilling to face the laws as "tragic" is a bit disingenuous.

I have struggled a lot with depression and can assure you that all suicide is tragic.

edit: sorry, not trying to be argumentative. It's just a very personal topic for me having known victims. I wish you the best :)

I too wish you the best, sorry for coming across so aggressively.

I love seeing nice people on the internet. group hug!!

I'm actually shocked that the "dark web" makes up anywhere close to 6% (not sure what that's a percent of, I assume it's 6% of all websites).

That seems pretty high, but admittedly I don't head down that route very often.

I don't see any reason to believe that the numbers in that infographic might be accurate.

It does not even define how it measures the "size" of someting in the web. I own a website where most files are by intention not clickable from the home page (I would call them "private). By definition, is it "dark"? How do we measure how much the website is dark -- by the file size, number of files or information entropy? And how can it be measured by anybody except me?

"Dark Web" is just a buzzword to sound scary and fancy, nothing more.

It's a very nice infographic though. Aren't nice graphics always true? :)

Dark does not just mean the Tor network. Anything not indexed by search engines or behind authentication but accessible from the internet can be called part of the dark web.

You are confusing the broader Deep Web with the subset known as the Dark Web.

I had trouble explaining someone what the Deep Web was. I was using the analogy : "Imagine the Internet without google.". I also tried to say "Imagine you only had access to a set of links to find content". I was unable to get over this mental hurdle when explaining this to them.

It's not perfect by all means, but maybe this analogy will work:

If the internet was a fast food restaurant then the surface web would be like the counter where you order and get your food.

The deep web would be like the kitchen where your food is processed. Sometimes visible, sometimes not, but nothing really secret going on. You may ask and you may get answers depending on your clearance level.

Maybe the dark web would be the secrets of the fast food restauraunt they don't want customers to know about for lots of reasons. Like the recipes, the trades, the money flow, the illegal trash dumping, how to kill the competition, that time people almost died of food poisoning, etc.

"Imagine you sign in to Facebook and decide to read some posts in a private group."

So its like AOL homepage era dial up?

And nearly as fast!

Actually, "dark-web" is not (yet) in the list of words the bulshit generator uses. The whole generator function is in `#mk-boxed-layout script` (viewable in the element inspector) along with the word list it uses.

  var verbs = Array('aggregate', 'architect', 'benchmark', 'brand', 'cultivate', 'deliver', 'deploy', 'disintermediate', 'drive', 'e-enable', 'embrace', 'empower', 'enable', 'engage', 'engineer', 'enhance', 'envisioneer', 'evolve', 'expedite', 'exploit', 'extend', 'facilitate', 'generate', 'grow', 'harness', 'implement', 'incentivize', 'incubate', 'innovate', 'integrate', 'iterate', 'leverage', 'matrix', 'maximize', 'mesh', 'monetize', 'morph', 'optimize', 'orchestrate', 'productize', 'recontextualize', 'redefine', 'reintermediate', 'reinvent', 'repurpose', 'revolutionize', 'scale', 'seize', 'strategize', 'streamline', 'syndicate', 'synergize', 'synthesize', 'target', 'transform', 'transition', 'unleash', 'utilize', 'visualize', 'whiteboard');
  var adjectives = Array('24/365', '24/7', 'B2B', 'B2C', 'back-end', 'best-of-breed', 'bleeding-edge', 'bricks-and-clicks', 'clicks-and-mortar', 'collaborative', 'compelling', 'cross-platform', 'cross-media', 'customized', 'cutting-edge', 'distributed', 'dot-com', 'dynamic', 'e-business', 'efficient', 'end-to-end', 'enterprise', 'extensible', 'frictionless', 'front-end', 'global', 'granular', 'holistic', 'impactful', 'innovative', 'integrated', 'interactive', 'intuitive', 'killer', 'leading-edge', 'magnetic', 'mission-critical', 'next-generation', 'one-to-one', 'open-source', 'out-of-the-box', 'plug-and-play', 'proactive', 'real-time', 'revolutionary', 'rich', 'robust', 'scalable', 'seamless', 'sexy', 'sticky', 'strategic', 'synergistic', 'transparent', 'turn-key', 'ubiquitous', 'user-centric', 'value-added', 'vertical', 'viral', 'virtual', 'visionary', 'web-enabled', 'wireless', 'world-class');
  var nouns = Array('action-items', 'applications', 'architectures', 'bandwidth', 'channels', 'communities', 'content', 'convergence', 'deliverables', 'e-business', 'e-commerce', 'e-markets', 'e-services', 'e-tailers', 'experiences', 'eyeballs', 'functionalities', 'infomediaries', 'infrastructures', 'initiatives', 'interfaces', 'markets', 'methodologies', 'metrics', 'mindshare', 'models', 'networks', 'niches', 'paradigms', 'partnerships', 'platforms', 'portals', 'relationships', 'ROI', 'synergies', 'web-readiness', 'schemas', 'solutions', 'supply-chains', 'systems', 'technologies', 'users', 'vortals', 'web services');

>Check out his mum's face - he is so grounded!


Young man, i had enough of this. You are getting outside, sunshine, no technology, no internet. We bought you a skate-board and a e-guitar as punishment. This is what your summer looks like.

Guidelines | FAQ | Support | API | Security | Lists | Bookmarklet | Legal | Apply to YC | Contact