The Dark Web

(679 views)

What exactly is the Dark Web?

This is a secret part of the internet that’s hidden from the current surface web that covers most of the internet’s darkest activities, hence the name. Activities involved in the Dark Web include operating honeypots, drug dealing, strange chatrooms, malware and much more which will all be discussed in this article. This is different from the Deep Web that is part of the internet containing information not indexed by search engines and can be accessed for normal usage without having to index your information on the normal web while browsing it. The Deep Web can be easily accessed and be used legally in countries where censorship is highly recognized, such as China, to bypass such censorship. For example, religious freedom in China is restrictive and their internet is highly censored. Therefore, many Chinese people seek to access content, such as the Bible, over the Deep Web from the Hidden Wiki.

DISCLAIMER: Since this magazine article is mainly meant to be for cyber-security purposes. We do not condone any illegal activities here nor do we encourage anyone to practice such. Before doing anything pertaining to this article, please be sure to check if anything is supported by your jurisdiction before having to proceed. Anything you decide to do on your own will result in your own consequences that include civil liabilities and prosecution by the law. 

How is the Dark Web accessed?

There are two possible ways this can happen, and both options use The Onion Router, or what is best known as Tor. Tor was a special browser built by the United States Military to encrypt sensitive communication and data transmissions over the internet. The same has been used by intelligence agencies and international governments to encrypt intelligence and information over the Deep Web. It can be used by activists, informants, whistleblowers and others to privately communicate and send information to government agencies as well. Nonetheless, since people had privacy concerns, Tor had to become public for everyone to be able to use it for privacy purposes, making it possible for anyone to have access to both the Dark Web and Deep Web, which makes the Dark Web and Deep Web a privacy-friendly way of accessing the web and information on the web as well. The two common ways Tor can be accessed are either through the Tor browser or a Tor proxy, which will be explained below.

What is the safest way to access the Dark Web?

Speaking of safety, if you’re thinking of ways to access the Dark Web safely then use a Tor browser. Be sure not to include a VPN unless it’s a good one, like Mullvad. Any free VPN or VPNs whose privacy policy cannot be guaranteed (You must check the privacy policy of their website. This is important for you as a user since it’s what you consent to the VPN company owning about you.) must not be used when accessing the Dark Web as the exit nodes can become poisoned by the VPN and your data can be seen at the backend of the VPN server and certain laws that affect surveillance and censorship can affect the way of how you access the Dark Web over such non-protective VPN providers. From my own hosting of a VPN over a VPS I had purchased, I have seen for myself what information can be captured by a VPN at the backend of the VPN server itself. Since I cannot prove this claim because it was a long time ago, we can only say that it’s speculative of what exactly can happen at the backend of a VPN. Nonetheless, the links above provide further information on what kind of data some free VPNs could sniff at the backend of the VPN Server. Decentralized VPNs that offer residential Ips, such as Mysterium, wouldn’t be recommended either, as these kinds of VPNs are being run by other people’s own network who have decided to sell their own data which is at rest. This is referred to as node running; node running itself is a legal concept, but wouldn’t be recommended unless you’re sure you’re not in a limited network and are aware of your jurisdiction on selling data at rest from your network for additional money as a side hustle. You can add restrictions for people using your node to prevent them from doing illegal activities, as well, as illegal activities are not recommended to be practiced at all. Security measures in the Mysterium application can be implemented after installing the MystOS to help secure your network. While you may think using a decentralized VPN is a good idea, these kinds of VPNs lead to DNS Leaks (the bypassing of the encrypted tunnel) at a high potential and expose your main IP Address and unmask your ISP since they’re a new technology that depend on crypto-currencies and only recently came into the present world. Thus, if you’re using Tor, a decentralized VPN would poison the exit node by revealing your activities and deanonymizing the exit node, as it will be explained below.

Using a Tor proxy isn’t recommended for privacy purposes, especially with regard to safety, as the proxy itself can be poisoned in multiple ways because it can be used in any browser and the exit node can retrieve and expose your data if you’re not careful on how you work it out (this will be explained below). For example, using the proxy over Google Chrome to access the Dark Web could expose your browser’s fingerprints because of JavaScript. Even worse, Google can know your exit node as well, since Google logs IPs every time you use their service, therefore, seeing all your activities that you’re doing at the backend.

Also, never use your main computer for browsing the Dark Web as this can be very risky and you could attract malware or become a victim of highly-sophisticated cyber-attacks if you’re not very careful. You could, however, configure and use a Virtual Machine, if you’re aware of what you’re doing and are sure that you want to download something from the Dark Web. Be sure nothing linking to your personal data or even personal files aren’t stored in either the Virtual Machine or the separate computer you’re using for these actions and be sure to take the best practices to harden the security of the device, such as using a local account instead of an administrator account. If you suspect malware has infected your system, quarantine that system from any connections (including network connections) and do the necessary to disinfect the malware before using it as soon as you notice it. Never use an administrator account from a device infected with malware as you’d risk giving that malware a possibility of performing privilege escalation to have access to and infect the administrator account. Use UAC where necessary, but not when the system is infected with malware, until the malware is disinfected.

The poisoning of the exit node is simple to explain. For example, when Tor assigns you an IP address to browse the Dark Web, and you use a service like VPN that isn’t safe for Google, the traffic from your browsing can be sniffed and at the same time the IP Address can be de-anonymized as they can see it. Even if your real IP address isn’t revealed, it still reveals your activities since those activities are seen and recorded by your VPN provider and Google.

My experience with the Dark Web

Browsing the Dark Web is a very hefty challenge and could lead to some consequences that you may regret later, if you’re not prepared to embrace what appears before your eyes. If you’d like to learn more, read on:

Chats on the Dark Web:

With my own experience, I’ve communicated with people who are wanted by the FBI and have even managed to escape being caught by the federal government through the means of building their own systems to make sure their data is secure so they don’t get caught. The hackers you’ll meet in the Dark Web aren’t the average script-kiddies, like you’d suppose. They don’t even release their contacts to you and neither do they disclose any information about themselves except for what they do, which they themselves would say takes years of learning to reach where they are. They will even tell you that the communication lines and programs they use to communicate are built by themselves on their own to make sure they don’t get traced and, even further, have their own encryption system and built their own devices including computers, phones and other electronics that they use in their everyday lives. The chat I had with this hacker was rather interesting for a fact knowing that he doesn’t even use Telegram, WickrMe, Google, DuckDuckGo, or any similar system and has his whole traffic router through his own ISP he built and even has his own search engine he uses to search the internet. After a few hours of having a chat with this wanted hacker who supposedly claimed that he was wanted by the FBI, we ended the chat. While I couldn’t export the chat I had with this hacker from that time, it’s best to say that it is speculative of what you’ll experience from chatting with hackers on the Dark Web.

Other chats you might have wouldn’t be quite impressive like the one you’d have with a person as I have described above, some range from scammers posting their ads over an anonymous chat and very strange and disgusting things that are posted by people such as images with extreme violence (which is totally destructive to the brain chemistry and can impair your mental health). Once again, since I couldn’t export these chats, we can just claim these as something speculative you’ll see in the Dark Web.

DISCLAIMER: Illegal activities aren’t encouraged to be done over the Dark Web. If you end up encountering anything over chat from your own experiences, it’s highly recommended you report them to the authorities as soon as possible and don’t engage, export the necessary conversations and have them reported (reporting will be explained below at the conclusion of this article). Illegal activities can have consequnces and cause serious litigation including civil liability and prosecution by the law.

Honeypots/Scam

Very strange things you might encounter in the Dark Web are probably honeypots. These are examples of marketplaces used for exit scams or even a place of honor for getting caught by authorities. An example of such would be the Besa Albanian Mafia Hitman-For-Hire Website, other Hitman Websites (which eventually lead to arrests out of nowhere for anyone attempting to perform a murder-for-hire), drug marketplaces that perform exit scams (these kinds of exit scams just increase your deposit by $1,000 if you deposit $4, which itself seems very strange and when you buy a product from the site, it never arrives and when you cash out the deposit, it doesn’t even reach your wallet) and crypto-currency scams.

Take note that scamming is one of the highest objectives that anyone would achieve when operating over the Dark Web. Most of the sites in the Dark Web operate scams, so you have to be very careful when selecting a marketplace. 

DISCLAIMER: Make sure you take account of the legality of what you want to purchase in your jurisdiction as we do not condone purchasing illegal items or performing illegal activities as these can lead to serious consequences from litigation that can cause civil liability and prosecution by the law. If you come across any of these sites, report them to law enforcement (reporting will be explained in the conclusion section).

Malware

If you aren’t very careful with how you’re operating around the Dark Web, you might come in contact with malware infecting your computer without you knowing it, especially, if you’re using the proxy instead of the Tor browser (this is because of JavaScript). When operating on the Dark Web, it is very important that you don’t download stuff that can risk your PC getting infected with trojans. PDFs and document files are good examples of files that can be infected with high class trojans while accessing the Dark Web. From my experience, there was a time I downloaded a PDF from the Dark Web onto my PC and at night before even expecting it, my Google, Instagram and ProtonMail were already hacked by someone whose IP Instagram managed to trace to Iran, who was operating without a VPN; I kicked the hacker out twice, and the third time he still managed to succeed to login to the account regardless of the fact that there was multi-factor authentication enabled. This brings me to the concept of a replay attack, which they most likely performed after capturing the authentication cookie from my device using their trojan; a similar hack happened to LinusTechTips (their case is different as they downloaded a file from email and not the Dark Web, but the principle of the replay attack remains the same). After they logged in, they managed to change the language to Persian and even accessed my Google Drive, Google Photos and Gmail. After attempting to log back into my account and resetting the password, I managed to kick them out of my account and changed the language back to English. About my Instagram Account, I kicked them out from there as well and even went forward to reset my ProtonMail as well. All IPs and locations indicated that the victim device was in Iran. Nonetheless, I was lucky enough to have had all my accounts restored back as expected, since I can’t have information pertaining to this to substantiate my claims as it was back in 2019. I would recommend you just take this as a speculative approach of what could happen if you were to download something off the Dark Web. 

Other ways you may encounter malware from the Dark Web is through images, text documents, some files, or even videos, if you’re not very careful. With Metasploit itself, there’s plenty of ways to configure trojan payloads for different kinds of files, such as MKV Video Files or even PDF Documents to exploit Adobe and similar or other exploits, that target specific vulnerabilities within the system. EternalBlue itself is exploitable till today regardless of patches being released for it (best recommended to filter the SMB Ports to help prevent the exploit from taking place or using a secure VPN like Mullvad), which isn’t much of a coincidence if we take into consideration what kind of malware you might attract over downloading some file on the Dark Web. Of course, EternalBlue directly connects to a system and doesn’t actually require a file or such, but I was just using it as an example.

While the above talks most about encountering malware infection, you should take caution that you could encounter a possibility of sites that offer malware services such as ransomware. A good example of this would be the Satan Ransomware, a RaaS that was around for some time and was offering people their own builder and ability to transfer Bitcoins that they could use to extort others for services and get themselves paid while offering a certain percentage of compensation funds back to the RaaS as well. Meanwhile, we even have other services in the Dark Web, such as LockBit, who upload the files of their targets who haven’t paid and put them up on the Dark Web as well as plenty of other ransomware builders out there in the Dark Web. Some sites even offer ransomware builders up to $3,000 in Bitcoin. While I wouldn’t even consider purchasing such items, I would still recommend staying away from such sites and, if possible, report them to the appropriate authorities (reporting will be explained in conclusion); I highly discourage illegal activities.

If you’re a malware researcher, you could reverse engineer such malware and work on experimenting with them. Personally, I reverse engineered the GBWhatsApp and even managed to traceback its owner and origin and further noticed that it was a malware used in SMS fraud as well, by performing static analysis, and analyzing the strings and code of the program. You can see details on the reverse engineering from my Medium article over here. Nonetheless, for those who aren’t malware researchers, it’s highly recommended to report these kinds of sites and malware to law enforcement (reporting will be explained below in conclusion) and submit the malware to the security community for analysis by using an online malware analysis tool like VirusTotal.

DISCLAIMER: It’s highly suggested that you don’t perform any illegal activities, such as performing ransomware attacks and/or joining a ransomware-as-a-service such as Satan Ransomware (which doesn’t exist anymore since they’ve been taken down) or purchasing a ransomware making toolkit. Such activities are regarded as terrorism by the United States Department of Homeland Security, and since they involve extortion, can result in serious litigation including extradition and federal imprisonment with civil liabilities and prosecution by the law. 

Information to consider while browsing through the Dark Web

While browsing through the Dark Web, you have to be very careful as you could fall into traps that could lead to serious trouble. For example, imagine finding a simple blog about ethical hacking but end up falling into a website that’s filled with child sexual abuse material, or some website that offers the buying and selling of slaves, or even worse some cult website or some website operated by ISIS. This happens often in the Dark Web, so you have to be very careful when you’re operating through the Dark Web as some of the stuff that you might end up browsing can lead to serious mental deficit (very graphic images of extreme violence or war) or even worse could get you in serious trouble with the law. Especially with curiosity, it’s often possible that you could end up indulging in such actions if you start browsing the Dark Web from a young age without noticing what you’re doing; I would consider that you aren't involved in social networking when using the Dark Web as well. Public social networks in the Dark Web (excluding Facebook, I’m talking about the main ones that are in the Dark Web) tend to offer similar services that any Dark Web marketplace would offer but sometimes could get even more extreme to the point that people want to sell themselves as slaves as well because they don’t have money to help themselves or even worse.

DISCLAIMER: While you can access Facebook and other social networks over the Deep Web, the Dark Web wouldn’t be recommended for social networking activities. Any sites seen to be considered having such illegal activities as mentioned should be reported to law enforcement (reporting will be explained in conclusion) as it’s not recommended to participate or engage in illegal activities over the Dark Web. These can lead to serious litigation including civil liabilities and prosecution by the law.

Drug Dealings

These are very common on the Dark Web and the majority of drug dealings carried out from the Dark Web often ship products from either Europe or America, especially countries such as the United States, the Netherlands, Canada and similar places. While I wouldn’t recommend trusting such websites, as most of them could be exit scams or honeypots, and even depending on the legality of the drugs or the drug deal in your country or region, it would still be upon you to decide whether to proceed or not. Again, I wouldn’t recommend it due to the mental issues caused by drugs, since I’ve studied drugs myself as well, since high school, and understand how they work, and have read case studies and research from reputable medical resources, such as the NCBI, and also have a background in medical knowledge. As a legal stance in all accord, I wouldn’t recommend purchasing or performing drug deals either. Also, be warned that most research has concluded that drugs sold from the Dark Web actually contain and/or have included Fentanyl, which would be a big red flag for anyone deciding to purchase such compounds out of the Dark Web, since they would be practicing drug trafficking as well, if they’re in a different country, and would once again not be recommended in any chance to be performed.

DISCLAIMER: It’s still highly not recommended that you carry out any drug deals over the Dark Web as you cannot know what other compounds are added to the drugs you purchase (even if they’re legal in your jurisdiction, they could mix it with a compound that’s illegal, such as Fentanyl or something similar) and it’s highly likely that you will be prosecuted if you get caught.

Fraudsters

The Dark Web is the best fraud marketplace to buy products such as stolen credit card information, stolen crypto-wallet private keys, stolen crypto-wallet logins and recovery phrases, PayPal accounts, Skrill accounts and similar stuff. They even offer additional citizenship to other countries by means of forgery and hacking governments to have you added to the registry as a citizen of that country for as little as $1,000. Hackers are quite popular on the Dark Web as well, and you can hire a hacker; in fact, there are multiple sites used to hire hackers on the Dark Web. Nonetheless, what fascinates and attracts people the most to the Dark Web is the ability to purchase electronic devices for half the original price of the device. If you don’t want to purchase a $1,400 iPhone off a normal marketplace, then a Dark Web marketplace is an option which can offer you half the price of the original phone. 

DISCLAIMER: I wouldn’t recommend messing around with fraud, especially in purchasing products like these from the Dark Web because of the legality of the actions being produced, as these can result in serious litigation including civil liabilities and prosecution by the law and you can’t know if you’re likely to be scammed in a purchase. It’s highly recommended that you report such websites to law enforcement (reporting will be explained in conclusion) and not proceed to them any further from the point of seeing them.

Configuring Tor

As explained earlier, Tor can either be configured using a Tor proxy or a Tor browser, whichever option you choose. Here are ways you can configure both a proxy and the browser. 

The browser is the simplest way of configuring Tor as all you’d need to do is go to the Tor Project Website, download the browser, open the installer and follow the installation wizard to successfully install the browser. If you’re using Linux, download the Browser from the website and extract the .tar.gz file then run Terminal in the directory of the extracted file and change the permission to ensure it’s executable and run it. You can follow this guide for Linux and Windows. Since it’s based on Firefox, it is recommended you go to Settings and configure the strictest Security Controls for better privacy during usage.

Configuring the proxy is a little bit of a complicated process depending on which browser you are using. All you’d need to do is navigate to the browser extension store and download a Tor button. You can download it for Firefox or for Chrome. Any button can be used, as long as it’s named Tor Button or Onion Button. After this, all you’d need to do is download the Tallow Bundle (Windows) or if you’re on Linux then run the apt-get install tor from Terminal while root to install the tor plugin. Get out of root then simply type tor in terminal and leave the terminal open and you’ll have your proxy. On Windows, you’ll have to run the installer and follow the installation wizard for the Tallow Bundle. Once installed, head over to the installation directory and create a shortcut of the executable under the name of tor.exe to the desktop. This will be what you’ll be running all the time when you need to use Tor, so simply run it and that’s all you’ll need to do for the installation and getting the proxy started. Connecting the browser to the proxy is as simple as clicking on the tor button that you specifically downloaded for your browser and clicking on connect. A message should appear saying you’re connected to Tor over 127.0.0.1:9900. From here on you can connect to a VPN like Mullvad and you’ll be all good to browse the Dark Web from now on. 

As there is no comprehensive guide I’ve seen anywhere on how to configure Tor using a proxy and it was just a matter of figuring out how to do it for myself from self-learning and self-discovery, I have made the step-by-step guide on accessing Tor using a proxy on this Medium article right here

Browsing the Dark Web

In order to access the pages of the Dark Web, you’ll have to find these pages. Using safe Dark Web search engines, such as Ahmia, is more reputable than using a search engine like Evil, which most of the time gives plenty of good results but could lead to pages containing child sexual abuse material or serious violent videos from terrorist organizations, such as ISIS and others. Since illegal practices aren’t recommended, it’s highly suggested you avoid this kind of search engine. The best information acquired from the Dark Web depends on your decision of what kind of search engine you use and preferences that you need. Candle search engine reveals information in context to exactly what you’re looking for without using quotations on a search or any kind of advanced search engine hacking. Nonetheless, if you’re looking for a more reputable search engine to browse the Dark Web, it’s recommended you use Ahmia. 

These search engine links can easily be found on the clearnet by searching for Dark Web search engines on DuckDuckGo or Google from a normal browser, taking that link then visiting it yourself from either Tor or the proxy you configured (in case you’re using a proxy, you can use Incognito to perform the search). From there, you can search and browse through anything you want on the Dark Web.

Other ways of browsing the Dark Web are using pug sites such as The Hidden Wiki, which is a Dark Web repository containing a whole bunch of sites to search the Dark Web from. The Hidden Wiki has several sites including chat rooms that I’ve spoken about above, sites containing leaks, Dark Net marketplaces for drugs, a site that updates you on any arrests performed on some Dark Net marketplaces, celebrity leaked information, more search engines (all of which have been mentioned above and more) and much more and is updated occasionally by whoever runs it. The entire repository contains over fifty or more sites pertaining to different topics of interest. The Hidden Wiki can easily be accessed by searching for it on Google or DuckDuckGo, just as mentioned earlier.

DISCLAIMER: You can use the Hidden Wiki or Deep and Dark Web search engines to access resources based on cyber-security, Bibles (for countries that are censored), government websites or reputable resources for research and medical documentation (for example, in Canada, medical resources have been highly censored by governments as seen here and here and I’ve further confirmed these sources with my sister, who's a doctor in Canada as well. Therefore, access to the Deep Web removes that censorship and allows access to medical resources that doctors in Canada are restricted to for medical examination of patients). While illegal activities as mentioned above are seen around the Dark Web, it’s highly suggested reporting sites that participate in leaking peoples information, child sexual abuse material and other illegal activities, as such activities aren’t allowed or condoned by us and neither do we allow such activities to take place in any manner, as litigation including civil liability and prosecution could follow (reporting will be explained below in the conclusion).

Practicing Proper Operational Security (Use this for protection in the Dark Web)

This is probably one of the most important parts of doing anything before accessing the Dark Web. Operational security is the practice of keeping sensitive information from reaching the wrong hands. This can easily be done by never using your real identity or name on the Dark Web, turning off any plugins or resources on the browser that can lead to your identity being traced on the Dark Web (this would include JavaScript and it’s the main reason why the Tor Browser has NoScript), never giving out any personal information over the Dark Web (even if they gain your trust, as they would probably be performing a social engineering attack, and even if they attempt to harass or intimidate you, end the chat or conversation, block them if needed, don’t hand out any sensitive information), making sure you don’t click links you are sure you wouldn’t trust that may contain malware (especially, file servers over the Dark Web that host and index files over the Dark Web web servers, such as file servers from Daniel’s Hosting, which has indexes of plenty of documents such as PDFs, MOVs and other video and picture files over the Dark Web), don’t download stuff you’re not sure of (matter of fact, probably never do it), make sure you take the right steps to harden the security of the computer you’re using (Keep it up-to-date, use a standard instead of administrator account, use a different computer that’s different from normal usage or run a virtual machine, try use a different network from your own and make sure your VPN is always on), Never use your Dark Web Identity anywhere else apart from the Dark Web (This could lead to identities being tied to each other and different accounts, which can lead to you being traced), Never use the same emails and credentials that you use in the Dark Web for day-to-day activities and normal usage of clearnet (This again could lead to you being traced, even if you’re using a pseudonymous name, such as a username that you think people won’t be able to trace, when they can. Your goal is to remain Anonymous, not Pseudonymous when browsing the Dark Web), Never disclose information about anything you do in the Dark Web (Whether this be purchases or whatnot, never disclose it publicly as no one needs to know about it unless you’re sure you can trust people with the kind of information you spread across to the world, like how I’m doing in this article), Never use a password that you use on the clearnet on the Dark Web (Password reuse can put you at risk, even with 2FA being offered in some sites in the Dark Web, your identity can be traced if they find out that the same password used on your normal emails you use on the clearnet is same as the ones you use in the Dark Web), Never disclose anything sensitive on Dark Web Threads and Forums that can lead to your identity being traced such as Pictures, Videos, Address and similar information about yourself. Normally, when purchasing something, the addresses are usually PGP Encrypted before they’re sent to the person you’re purchasing from for your safety (This could be anything from a Web Server for Hosting or literally anything, even Bibles for a censored country. We highly don’t recommend using the Deep or Dark Web for any illegal activities). Any site not using PGP is most definitely a scam. 

The above information on Operational Security should help you kickstart and get the understanding and knowledge of how important it is to maintain such practices in the Dark Web. Matter of fact, since it’s very common to be traced over a regular browser using a proxy even though you may have a VPN Enabled, it’s highly recommended you use the Tor Browser instead of using the Proxy as it’s much easier to configure and use and you can apply the strongest security settings easily from the settings of the browser itself, as explained here. Using a regular browser with a proxy would require you to keep changing the necessary settings over and over again after you visit the Dark Web and even clear your cache, cookies, and all other related information including your passwords which is gonna get pretty annoying at some point, so it’s highly recommended you use the Tor Browser instead and set the settings to make sure no information is saved, Do Not Track Requests are Enabled, IP Tracking and Cookies are disabled (You don’t need these when accessing the Dark Web) as well as having the strictest security setting being activated before browsing the Dark Web, on whichever browser you are using. Requiring a Tor Bridge from the Tor Browser is important depending on the Tor Censorship in your country and even highly recommended if you want to avoid censorship.

Since we are mainly talking about the Dark Web here, device usage requires that you take its consideration. If you’re sure that you need to be changing your devices and buying new ones frequently to access the Dark Web or destroying Virtual Machines and creating new ones then do it. Another thing to consider is the crypto-currency wallets that you use as well. Be sure to be creating and destroying wallets frequently, especially in a highly censored country like China. Trust Wallet is the best option to be used here as it gives you the ability to create new wallets and back them up over paper. Never backup to the Cloud unless you’re not using the Wallet for Dark Web or Deep Web Purchases. Destroy any wallets you don’t need and be creating new ones at any interval you desire (Maybe every month or so, all depends on how you decide to do it).

It’s also highly recommended you avoid password reuse, use strong passwords and implement Multi-Factor Authentication Methods for both your devices and accounts that you use for browsing and accessing the Deep and Dark Web. Always keep your systems up-to-date, whether it’s a mobile device or PC, and always ensure to update the apps to patch the latest security vulnerabilities that may be present in them that could be used by hackers to infiltrate your devices and networks.

DISCLAIMER: Being harassed and intimidated by people in the Dark Web is a very common phenomenon that occurs often, it’s highly recommended you export chats of such harassers and report them. Especially, if they release sensitive information pertaining to themselves such as aliases or pseudonyms that they use. Reporting will be explained at the conclusion section. Illegal activities are not recommended to be performed as these can lead to serious consequences and litigation including civil liability and prosecution by the law.

Mullvad VPN

Mullvad is the best recommended choice for a good VPN to use over the Tor Network that will not log any information about you or comply with any subpoena submitted by law enforcement for the access of your data. While Mullvad itself is a good VPN, they recently partnered with Tor and released their own browser as well. You could decide to use the Mullvad browser if you want but be sure to follow best security practices for the safety of your data and information when browsing through the Dark Web over the proxy using the Mullvad browser. Mullvad VPN recently received a subpoena request and told the local police that even if they do check the servers, they won’t find anything on the customers they’re requesting information about and even went further, telling them that checking through their servers breaks the law in Sweden (which is where Mullvad is based). Mullvad is considered best for privacy and if you read their privacy policy, it shows that the only thing they log is your payment information and invoices for about 30 days before it’s deleted and erased from their servers. Therefore, it would be best considered to use Monero or Bitcoin when purchasing a Mullvad subscription. Following best practices will keep you from easily getting traced as well. 

DISCLAIMER: Since Mullvad is indeed a reputable VPN, it is highly recommended for security. 

DISCLAIMER: Whether a VPN is subpoena compliant or not, it’s highly recommended that you don’t perform illegal activities whether you’re using it to access Tor or not. VPN IPs can be logged by third-party services that you use, such as Google. Matter of fact, you could go to Google Account Manager and click on ‘Devices’ then click on ‘More information’ and you’ll see the IP address there, this is the same thing that occurs with the exit nodes (which is how they can be poisoned) and using a proxy can actually log all your data as explained earlier. You can see all this data from Google Activity Manager if you’re using Chrome or Firefox Activity Manager or simply by your Browser History by clicking CTRL+H. This is why it’s highly recommended to turn off sync when using Tor over proxy and once done, to enable it again (not recommended to use a proxy as it would involve a lot of things that you’ll need to do, just proceed with using the regular Tor Browser with the strongest security settings and you’ll be all good without having to worry about this). My point here is that, if you’re suspected of doing illegal activities, law enforcement could subpoena your Google account and other online accounts and view your data. Since your IP address will be there (whether you’re using a VPN, Tor or whatnot, it’ll still be tied to your account and your identity), they’ll proceed to investigate and have you arrested over an IP address. This is how the owner of BreachForums, Conor Brian Fitzpatrick, was investigated and arrested by the FBI, only using an IP Address that was tied to him (so once again, return to the Operational Security Section of this magazine and understand how to implement best security practices to protect yourself from potential dangers in the Dark Web). Most of which were VPN’s, but again, there is a time you could forget to use your VPN or Tor and it could expose you when you use your normal ISP’s Internet as IP Histories are even logged by third-party providers like Google. You can read more about how the BreachForums owner was caught here. Once again, illegal activities aren’t recommended and shouldn’t be done at all. These can lead to severe civil liabilities and prosecution by the law.

Conclusion

For avoiding censorship and purposes of your own security and privacy, it’s highly recommended to access the Deep or Dark Web as long as the best security practices as explained in the Operational Security Section of this article are taken into consideration. While performing the necessary tasks that need to be accomplished, remember not to disclose anything about what you do in the Dark or Deep Web unless you’re sure that it’s okay to be seen by the public. Also, as recommended in every disclaimer that I’ve included, you should report any sites that involve or bring up illegal activities, as the kinds of crimes taking place in the Dark Web are very serious and can lead to serious consequences including civil liability and prosecution by the law. Reporting can be done the following way:

There are several sites to perform reporting such as iC3, NCMEC (National Center for Missing and Exploited Children) and similar. iC3 itself has a site linked to it that can be used to report life threatening situations as well, so be sure to perform reporting where appropriate.

Always take into consideration that unless a Tor site is integrated with Tor2Web, it won’t be indexed to Google or any other search engines, even if it's social media. Sometimes you may find Dark Web data indexed on the clearnet and be wondering how this is so when Dark Web sites aren’t supposed to be indexed like that. This is mainly due to Tor2Web and always remember that Wayback Machines and archives don’t have anything to do with Dark Web sites as Dark Web sites are hidden, they can’t be indexed on the normal web or Wayback Machine.



November 9, 2023
Subscribe
Notify of
guest
2 Comments
Newest
Oldest Most Voted
Inline Feedbacks
View all comments
5 months ago

A great hacker is really worthy of good recommendation , Henry
really help to get all the evidence i needed against my husband and
and i was able to confront him with this details from this great hacker
to get an amazing service done with the help ,he is good with what he does and the charges are affordable, I think all I owe him is publicity for a great work done via, Henryclarkethicalhacker AT gmail.com

6 months ago

Nice. Thanks for the upload of the article to your site, can’t wait till the magazine is officially released.

© HAKIN9 MEDIA SP. Z O.O. SP. K. 2023
What certifications or qualifications do you hold?
Max. file size: 150 MB.
What level of experience should the ideal candidate have?
What certifications or qualifications are preferred?

Download Free eBook

Step 1 of 4

Name(Required)

We’re committed to your privacy. Hakin9 uses the information you provide to us to contact you about our relevant content, products, and services. You may unsubscribe from these communications at any time. For more information, check out our Privacy Policy.