By Philipp Winter, Annie Edmundson, Laura Roberts, Agnieskza Dutkowska-Żuk, Marshini Chetty, and Nick FeamsterWant to find US military drone data leaks online? Frolick in a fraudster’s paradise for people’s personal information? Or crawl through the criminal underbelly of the Internet? These are the images that come to most when they think of the dark web and a quick google search for “dark web” will yield many stories like these. Yet, far less is said about how the dark web can actually enhance user privacy or overcome censorship by enabling anonymous browsing through Tor. Recently, for example, Brave, dedicated to protecting user privacy, integrated Tor support to help users surf the web anonymously from a regular browser. This raises questions such as: is the dark web for illicit content and dealings only? Can it really be useful for day-to-day web privacy protection? And how easy is it to use anonymous browsing and dark web or “onion” sites in the first place?To answer some of these pressing questions, we studied how Tor users use onion services. Our work will be presented at the upcoming USENIX Security conference in Baltimore next month and you can read the full paper here or the TLDR version here.What are onion services?: Onion services were created by the Tor project in 2004. They not only offer privacy protection for individuals browsing the web but also allow web servers, and thus websites themselves, to be anonymous. This means that any “onion site” or dark web site cannot be physically traced to identify those running the site or where the site is hosted. Onion services differ from conventional web services in four ways. First, they can only be accessed over the Tor network. Second, onion domains, (akin to URLs for the regular web), are hashes over their public key and consist of a string of letters and numbers, which make them long, complicated, and difficult to remember. These domains sometimes contain prefixes that are human-readable but they are expensive to generate (e.g. torprojectqyqhjn.onion). We refer to these as vanity domains. Third, the network path between the client and the onion service is typically longer, meaning slower performance owing to longer latencies. Finally, onion services are private by default, meaning that to find and use an onion site, a user has to know the onion domain, presumably by finding this information organically, rather than with a search engine.What did we do to investigate how Tor users make use of onion services?: We conducted a large scale survey of 517 Tor users and interviewed 17 Tor users in depth to determine how users perceive, use, and manage onion services and what challenges they face in using these services. We asked our participants about how they used Tor’s onion services and how they managed onion domains. In addition, we asked users about their expectations of privacy and their privacy and security concerns when using onion services. To compliment our qualitative data, we analyzed “leaked” DNS lookups to onion domains, as seen from a DNS root server. This data gave us insights into actual usage patterns to corroborate some of the findings from the interviews and surveys. Our final sample of participants were young, highly educated, and comprised of journalists, whistleblowers, everyday users wanting to protect their privacy to those doing competitive research on others and wanting to avoid being “outed”. Other participants included activists and those who wanted to avoid government detection for fear of persecution or worse.What were the main findings? First, unsurprisingly, onion services were mostly used for anonymity and security reasons. For instance, 71% of survey respondents reported using onion services to protect their identity online. Almost two thirds of the survey respondents reported using onion services for non-browsing activities such as TorChat, a secure messaging app built on top of onion services. 45% of survey participants had other сайт reasons for using Tor such as to help educate users about the dark web or for their personal blogs. Only 27% of survey respondents reported using onion services to explore the dark web and its content “out of curiosity”.Second, users had a difficult time finding, tracking, and saving onion links. Finding links: Almost half of our survey respondents discovered onion links through social media such as Twitter or Reddit or by randomly encountering links while browsing the regular web. Fewer survey respondents discovered links through friends and family. Challenges users mentioned for finding onion services included:Onion sites frequently change addresses and so often onion domain aggregators have broken and out of date links.Unlike traditional URLS, onion links give no indication of the content of the website so it is difficult to avoid potentially offensive or illicit content.Again, unlike traditional URLS, participants said it is hard to determine through a glance at the address bar if a site is the authentic one you are trying to reach instead of a phishing site.A frequent wish expressed by participants was for a better search engine that is more up to date and gives an indication of the content before one clicks on the link as well as authenticity of the site itself.Tracking and Saving links: To track and save complicated onion domains, many participants opted to bookmark links but some did not want to leave a trace of websites they visited on their machines. The majority of other survey respondents had ad-hoc measures to deal with onion links. Some memorized a few links and did so to protect privacy by not writing the links down. However, this was only possible for a few vanity domains in most cases. Others just navigated to the places where they found the links in the first place and used the links from there to open the websites they needed.Third, onion domains are also hard to verify as authentic. Vanity domains: Users appreciated vanity domains where onion services operators have taken extra effort and expense to set up a domain that is almost readable such as the case of Facebook’s onion site, facebookcorewwwi.onion. Many participants liked the fact that vanity domains give more indication of the content of the domain. However, our participants also felt vanity domains could lead to more phishing attacks since people would not try to verify the entire onion domain but only the readable prefix. “We also get false expectations of security from such domains. Somebody can generate another onion key with same facebookcorewwwi address. It’s hard but may be possible. People who believe in uniqueness of generated characters, will be caught and impersonated.” – Participant S494Verification Strategies: Our participants had a variety of strategies such as cutting and pasting links, using bookmarks, or verifying the address in the address bar to check the authenticity of a website. Some checked for a valid HTTPS certificate or familiar images in the website. However, a over a quarter of our survey respondents reported that they could not tell if a site was authentic (28%) and 10% did not even check for authenticity at all. Some lamented this is innate to the design of onion services and that there is not real way to tell if an onion service is authentic epitomized by a quote from Participant P1: “I wouldn’t know how to do that, no. Isn’t that the whole point of onion services? That people can run anonymous things without being able to find out who owns and operates them?”Fourth, onion lookups suggest typos or phishing. In our DNS dataset, we found similarities between frequently visited popular onion sites such as Facebook’s onion domain and similar significantly less frequently visited websites, suggesting users were making typos or potentially that phishing sites exist. Of the top 20 onion domains we encountered in our data set, 16 were significantly similar to at least one other onion domain in the data set. More details are available in the paper.What do these findings mean for Tor and onion services? Tor and onion services do have a part to play in helping users to protect their anonymity and privacy for reasons other than those usually associated with a “nefarious” dark web such as support for those overcoming censorship, stalking, and exposing others’ wrong-doing or whistleblowing. However, to better support these uses of Tor and onion services, our users wanted onion service improvements. Desired improvements included more support for Tor in general in browsers, improvement in performance, improved privacy and security, educational resources on how to use Tor and onion services, and finally improved onion services search engines. Our results suggest that to enable more users to make use of onion services, users need:better security indicators to help them understand Tor and onion services are working correctlyautomatic detection of phishing in onion servicesopt in publishing of onion domains to improve search for legitimate and legal contentbetter ways to track and save onion links including privacy preserving onion bookmarking.Future studies to further demystify the dark web are warranted and in our paper we make suggestions for more work to understand the positive aspects of the dark web and how to support privacy protections for everyday users.You can read more about our study and its limitations here (such as the fact our participants were self-selected and may not represent those who do use the dark web for illicit activities for instance) or skim the paper summary.
Tor onion site - Кракен ссылка kramp.cc
not indexed by search engines, and use self-certifying domain names that are long and difficult for humans to read. In this paper, we study how people perceive, understand, and use onion services based on data from 17 semi-structured interviews and an online survey of 517 users. We find that users have an incomplete mental model of onion services, use these services for anonymity, and have vary- ing trust in onion services in general. Users also have difficulty discovering and tracking onion sites and authenticating them. Finally, users want technical improvements to onion services and better information on how to use them. Our findings suggest various improvements for the security and usability of Tor onion services, including ways to automatically detect phishing of onion services, clearer security indicators, and better ways to manage onion domain names that are difficult to remember.Open Access MediaUSENIX is committed to Open Access to the research presented at our events. Papers and proceedings are freely available to everyone once the event begins. Any video, audio, and/or slides that are posted after the event are also free and open to everyone. Support USENIX and our commitment to Open Access.View the slidesPresentation Video Presentation Audio
Peeling back the layers of the onionThe Tor anonymity network receives no small amount of attention from the mainstream press – not least for its purported association with cybercrime and darknet drug dealings.But what is Tor? And how secure is it? The Daily Swig asked several security and privacy experts to answer all of your questions, and many more.What is Tor?Tor is an internet communication method for enabling online anonymity. The same term is commonly used to refer to both the anonymity network and the open source software that supports it.The Tor name derives from The Onion Router – the name of a pioneering privacy project run by the US Naval Research Lab.How does Tor work?Tor directs internet traffic through a network of thousands of relays, many of which are set up and maintained by volunteers.Messages are encapsulated in layers of encryption, comparable to the layers of an onion. Inside the Tor network are .onion sites, or ‘hidden services’.Tor facilitates anonymized browsing by allowing traffic to pass onto or through the network through nodes that only know the immediately preceding and following node in a relay.The source and destination of messages is obscured by encryption.Tor directs internet traffic through a network of thousands of relaysHow can I access Tor?The easiest way to access the Tor network is through the Tor Browser. The Tor Browser is automatically connected to the Tor network and will place all your requests through it, while ensuring anonymity.In addition, the browser comes with an added functionality that improves your security and privacy by disabling JavaScript, automatic image, video loading and more.The Tor Browser bundle is developed by the Tor Project, a non-profit organisation that carries out research as well as maintaining the software used by the Tor anonymity network.The Tor Browser is currently available for Windows, Linux, and macOS. There’s also a version of Tor Browser for Android but not, as yet, an official version for iOS.What is Tor used for?The Tor Browser is just a web browser, and you can still view the ‘surface’ internet – or ‘clear web’ – using the software.However, the Tor Browser offers an extra level of privacy for normal web use or as a way to bypass government surveillance and censorship.Some sites on the so-called dark web can only be accessed using Tor. Vince Warrington, managing director of Protective Intelligence, explained: “The dark web – primarily those sites that can only be accessed via Tor – is still generally the host to the illegal and illicit.“Whilst there are some legitimate sites (for example, the BBC now has a .onion version of the BBC News website) our research indicates that over 95% of .onion sites contain illegal or illicit material,” he added.Who uses Tor and why?While most people are only familiar with Tor’s use for illegal activities – such as accessing online markets that sell drugs – many other users access the Tor network.These include:JournalistsPolitical activistsThe US militaryLaw enforcementThose living in repressive regimesAnyone who does not want a third-party to observe their online activitiesTor uses vary from bypassing censorship and avoiding online spying and profiling, to disguising the origin of traffic and hiding sensitive communications.What expectation of anonymity can people have when they use Tor?Tor offers anonymity, but only up to a point.Those using the technology, and looking to keep their identity secret, also need to apply best practices in operational security (OpSec).Charity Wright, a cyber threat intelligence advisor at IntSights and former NSA Chinese espionage expert, explained: “Tor is a browser that can anonymize your network connection and your IP address that you are logging on from.“However, once you venture into illicit spaces, it is important to use pseudonyms and to hide your real name and never reveal your true location, nationality, or identifying pieces of information.“Any small clue can be used for people to find out who you are. Even more, federal agencies and law enforcement will use every detail about an online persona to find a wanted suspect,” she added.Tor is easily accessible via the Tor BrowserHow anonymous is Tor?Tor is aimed at providing anonymous communication, but there have been numerous examples of people whose identities have been unmasked despite using Tor.For example, The FBI recently closed a criminal case against the owner of Freedom Hosting, a dark web service that ran on the Tor network.In addition, several research projects have shown varying levels of successful attacks that either attempted to eavesdrop on Tor-encrypted traffic or identify users.Read more of the latest privacy news from The Daily SwigProtective Intelligence’s Warrington commented: “It’s a myth to think that using Tor (even with a VPN) gives you total anonymity. With the tools we are using nowadays we can slowly strip back the layers of anonymity to find out who is behind the computer.“By using specialist software combined with open source intelligence – basically searching the surface, deep, and dark web for small snippets of information – we can build up a picture of a Tor user who is involved in illegal activity.”The era where Tor was a thorn in the side of law enforcement seems to be coming to an end.Warrington explained: “In the UK, the police and intelligence agencies have access to these tools, and the only limitation on identifying users of the dark web is resources. There’s simply not enough police dedicated to these kinds of investigations.”What are the limitations of Tor, and how can these be overcome?Tor has its limitations. Maintaining online anonymity is much more far reaching an exercise than simply using Tor.Israel Barak, chief information security officer at Cybereason, told The Daily Swig: “Tor, at its core, only gives you network level anonymity. It won't help you with applications on your computer that retain your identity and provide your identity to the internet service providers.“As an example, when an individual connects to Gmail, the computer or device you are using saves your identity, so you don't have to log on in the future.“Tor will not protect your anonymity from this,” he warned.INSIGHT How to become a CISO – Your guide to climbing to the top of the enterprise security ladderWhile the Tor network is designed to keep browsing habits away from service providers or webpage trackers, the most privacy-conscious users can go even further.Boris Cipot, senior security engineer at Synopsys, added: “To achieve the highest level of anonymity, one would need to get rid of any installation of OS or software with tracking, thus allowing the user to enter the Tor network with a clean slate.“This can be achieved with the use of Tails or Qubes OS, which run from a USB stick. They run fully in memory, so it is safe to use on existing hardware, but once activated, there is no trace of you.”The Tails operating system can be combined with Tor to help improve users’ anonymity onlineWhy does Tor take so long to load sites?Using Tor to browse the web involves accepting trade-offs.The Tor Browser gives a user considerable anonymity advantages over other web browsers, such as Edge, Firefox, and Chrome.While standard browsers can leak data that goes a long way to identifying the user – even in ‘private’ mode – Tor was designed with anonymity in mind.RELATED Firefox and Chrome yet to fix privacy issue that leaks user searches to ISPsTor does, however, saddle the user some significant limitations when browsing the internet.For starters, browsing with Tor can be very slow, and so many people are unlikely to want to swap out their current browser.Sluggish traffic speeds arise because data packets take a circuitous route through Tor, bouncing between various volunteers’ computers to reach their destinations.Network latency is always going to be a problem in this scenario – even if you’re fortunate enough to avoid bottlenecks.Tor also makes websites look like they were built 20 years ago, as much of the presentation and customization content of websites is stripped away by Tor, since these technologies can be used to identify the computer that’s being used. What have software developers learned from Tor?Opinions among experts are split over whether or not Tor has done much to directly affect browser development, but at a minimum the technology has done a great deal to raise awareness about privacy.Chad Anderson, senior security researcher at DomainTools, commented: “I don’t know how much we can attribute back to modern browser improvements due to Tor, but I think privacy issues have certainly become more focused.“The browser shift to DNS-over-HTTPS, commonly called DoH, is a boost for user privacy and where DNS didn’t work over Tor before, and in fact was an attack vector for de-anonymizing users, DoH fixes that,” he added.RECOMMENDED A guide to DNS-over-HTTPS – how a new web protocol aims to protect your privacy onlineAnderson continued: “It used to be you could listen to traffic on a Tor exit node… but now that SSL is near ubiquitous thanks to free certificates [from the likes of Let’s Encrypt] that’s less of an issue.”Arthur Edelstein, senior product manager for Firefox Privacy and Security, gave The Daily Swig a list of projects involving collaborations between Mozilla and Tor:First-Party Isolation – This feature was developed jointly by Tor and Mozilla and is now fully integrated into Firefox, although currently disabled by default. It fully prevents users from being tracked across websites via cookies.Fingerprinting Resistance – Also developed jointly between Tor and Mozilla, when Fingerprinting Resistance is enabled in Firefox, it modifies the behavior of a large collection of browser features so they can’t be used to fingerprint users and track them across websites.Proxy bypass protection – Tor contributed a number of patches to Firefox to tighten up proxy usage, so that the browser doesn’t leak the user's IP address when a proxy is in use.How is Tor’s technology itself being further developed?Current examples of Tor’s development projects include proof-of-concept work on human-memorable names, a collaboration with SecureDrop, the open source whistleblowing system based on Tor, among other examples.Tor Project representative Al Smith told The Daily Swig: “Currently, we only partnered with Freedom of the Press Foundation (FPF), but we want to continue expanding the proof-of-concept with other media and public health organizations in the future.” In July 2021, the Tor Project released Tor Browser 10.5, a version of the browser that improves censorship circumvention for Tor users by "simplifying the connection flow, detecting censorship, and providing bridges"."Snowflake is now a default bridge option," a representative of the Tor Project explained. "Snowflake is a kind of pluggable transport allows volunteers to download a web extension on Firefox or Chrome and easily run an anti-censorship proxy (aka "bridge")". How is the Tor Project coping with the coronavirus pandemic?The Tor Project was recently obliged to lay off a third of its core staff in response to the coronavirus pandemic. The Daily Swig asked how the non-profit has sought to minimize the effect of this on development pipelines. A representative of the Tor Project responded: “Because we are now a smaller organization, we are creating more projects where different teams (e.g., Browser, Network, UX, Community, Anti-Censorship) come together and work on the same issue, instead of working in isolated groups on disparate pieces of work.“This is the approach we took to improve onion services for the Tor Browser 9.5 release,” they added.Is Tor safe?Despite the many and varied caveats about Tor the security experts we spoke to raised, none made any suggestion that the technology was ‘unsafe’.In a typical response, Charles Ragland, a security engineer at threat intel agency Digital Shadows, explained: “Generally speaking, as long as security updates are in place, and users are following privacy and anonymity best practices, yes, Tor is safe to use.”INTERVIEW Shodan founder John Matherly on IoT security, dual-purpose hacking tools, and information overload