Friday, May 13, 2016

The Real Deep Web

< Introduction >

    I wanted to take a minute to talk about the deep web.  Stories about the deep web are very easy to find and generally will tell you about someone stumbling into a red room or having someone show up at there house after they try to buy drugs online.  Endless floods of stories about how dangerous of a place the deep web is.  I highly encourage you to forget these warning, if you want to learn about the deep web download the tor bundle and go experience it for yourself.  Before you take my advice I will warn you, child pornography and human trafficking are real things and you do have a chance of stumbling on a site that deals in one of these things.  Don't get mad at me if you decide to click a random deep web site and see some cp.  In this post I am going to first go over some basic information about the tor network and connecting yourself to the deep web.  I will then discuss various places to get started and find your way around to some hidden services.  To wrap it up we'll talk about common rumors I hear about the deep web and how much truth I believe is behind them.  Everything you read here are just my personal opinions.  If you already know a bit about tor and only care to read about the rumors and what of it I believe to be bullshit skip to the last section.

< What Is Tor >

    Tor stands for "The Onion Router".  In its simplest definition tor is a cluster of servers acting as proxies bouncing your network traffic around from one node to another before handing it back to you.  The idea here is that it is really hard to track someone when they are bouncing through multiple IP addresses spanning many countries.  A common misconception about tor is that you are fully untraceable when you are on the deep web.  This is almost true but there are a few exceptions.  Though tor does protect your traffic from being monitored inside of the network it does NOT protect the monitoring of traffic as it enters or exits the tor network.  Monitoring the exit nodes can lead timing based end-to-end correlation attacks.  There are also all sorts of javascript solutions that will ping a server and log your real ip address.  Moral of that story is always keep noscript enabled in the tor browser.
    Tor sites are not accessible unless you are using the tor network.  They are also not using a standard DNS system or cached by search engines.  There are many great uses of this technology.  The most prominent in my mind being the ability to access information that may normally be blocked in your part of the world.  I feel that in America we sometimes tend to forget that not every country has a free and open internet.  Tor URLs are a random 16 character base32 strings with .onion at the end.  When a new URL needs to be issued the tor network will generate it by first generating a 1024 bit RSA key pair.  It then takes the public key from that pair and computes its SHA-1 digest.  Once it has this it cuts it in half and bam you have your URL.

< Getting On The Deep Web >

    The easiest way to get on tor is to download the tor browser.  You can find the download link for the browser here.  The tor browser is available on Linux, Windows and OSX and very easy to install on all three platforms.  Once you have that downloaded and installed give it a run.  You should have something looking like this open.

    You are now ready to start anonymously browsing skynet!  Another great alternative for getting on the deep web is tails.  Tails is a bootable live operating system that comes with the tor browser pre installed and setup for you.  Tails can be downloaded here.  They have instructions on the site for getting the live cd/usb all setup and running.  Running tails gives you the massive advantage of nothing you do ever touching disk.  On top of being on tor all physical evidence of your access is deleted when you shut your machine down.

< Staying Safe >

    There are a few basic rules to staying safe on tor.  The first and most important is always keep your browser up to date.  I can't stress this enough.  The other really easy and important thing you can do to keep yourself safe is make sure to keep javascript and flash disabled at all times.

< Getting Started >

    Check out the links below for some great resources on getting started on the deep web.


< Rumors And Stories >

    Now to the juicy part.  I want to start out with the things you will find on the deep web.  Drugs, guns, child pornography, hitmen and cults are easy to come by.  Conspiracy theory websites galore.  These things are out there for anyone who is interested.  Im not saying I support those activities I am simply stating that they exist and are real.
    The first story that I hear all the time is someone stumbling into a red room.  For those who don't know a red room is a place where someone is killed on live stream while people pay to watch and in most stories give suggestions on how to slay the victim.  Now I love these stories as much as the next guy and they are very entertaining but, they are just that... entertainment.  There are no red rooms on the deep web and anyone who tells you they have been to one is lying to you.  For starters that would be a terrible business that would be impossible to turn a profit in.  I would imagine it is not cheap to hire people to kidnap and murder on camera.  You are selling something that already has an extremely limited interest base.  On top of that you are limiting your customer base down even further to not only people who know how to access the deep web but, to people who know how to find your site as well.  The next point, streaming live video over tor would not go well.  Inherently the fact that your traffic bounces through so many servers is going to make it impossible to keep a  live stream running well.
    The next story you hear a lot is the classic 'I ordered drugs on the deep web and the person showed up at my house to kidnap me'.  First things first, the odds that the person you are buying from lives anywhere near you are slim to none.  Secondly I would imagine that there are much more effective ways of finding people to kidnap than putting an ad up for drugs on the deep web and praying someone in your area places and order.
    That is the end of my little rant.  Feel free to comment and let me know if you disagree.  Everything above is my personal opinions.


  1. Great article, nicely explained without the usual FUD. Yes, it you can find some scary stuff, you can also find some very thought provoking stuff. If you do happen to land on a site that you find morally corrupt (illegal, pornographic or both) don't hang around there! Close your browser or navigate away.
    Crazyask the DarkWeb Howmate

    1. Thanks for the comment and kind words! Glad to hear you liked and and totally agree! It gets a bad rap for being a terrible dark place but, I find the deep web has a very bright side full of people that care very much about freedom of information. This is far to often forgotten