Why We Need a Dark(er) Web

WHY WE NEED A DARK(ER) WEBJEROEN BAERT –CHECKUP 2017

ABOUT ME

• Engineer – Computer Scientist

• Phd Student (Computer Graphics @ KU Leuven)

• Improv / Stand-up Comedian

• (Belgian Improv League)

• jeroen-baert.be & forceflow.be

• PGP: 30F2 857D 9129 3519

MY RESEARCH: GRAPHICS! ALL THE GRAPHICS!

• Out-of-core construction and visualization of Sparse Voxel Octree

structures on modern GPU hardware

BAD NEWS EVERYONE

TALK OVERVIEW

• Why the internet is broken

• Why a “dark web” is a possible solution

• What you can do

THE INTERNET IS BROKEN BECAUSE OF TRACKING

• WWW evolution:

• Open, free source of information

• Ad-infested cesspool

• Websites / apps serve

• Advertisements

• Trackers

THE INTERNET IS BROKEN BECAUSE OF TRACKING

• GOAL: Profile & identify you and

your habits

• Over multiple services and websites

• Without knowledge or consent

• Sell information for targeting

purposes

https://boingboing.net/2015/10/05/botwars-vs-ad-tech-the-origin.html

TRACKING & CONTENT

• Content is not free

• You pay with your private data

• Content has become delivery method for ads & trackers

• “If you’re not paying, you are the product”

TRACKING – FLEMISH NEWS SITES

• Experiment:

• 4 popular news websites (HLN, DM, DS, HNB)

• Load homepage once (in fresh VM every time)

• Register # connections to 3rd-party servers

• Wireshark & Firefox+Lightbeam


• Results:

• +40 connections to 3rd party trackers/ads

• Often located in other countries

• Little or no info for end user

• Privacy policies: vague/non-existent


Full report: http://www.forceflow.be/2017/08/02/tracking-be-2017/


• Additional cost:

• Bandwidth (Money)

• Battery

• Time


• Some trackers on multiple sites

• Track your entire morning routine

• Journalism = Bait

• Not only (these) news sites

TRACKING – PEOPLE FARMERS

• Facebook = “People Farmer” (Aral Balkan, 2016)

• Build advertising profile

• Everywhere you see

• Offer functionality (likes, comments, ...)

• In exchange for tracking

• “Behavioral Advertising Tech”

TRACKING – PEOPLE FARMERS

https://www.theguardian.com/technology/2017/may/01/facebook-advertising-data-insecure-teens

TRACKING – BIG DATA = BIG BUSINESS

• Cambridge Analytica

• Buy/Collect massive amounts of data

• Sources: Social media, web trackers, ...

• Data mining / analysis

• Psychographic profiling

• Political Microtargeting

TRACKING – CAMBRIDGE ANALYTICA

• Booming business

• Because of state WWW is in

• No legal framework

• (2018) GDPR?

• Enforcement?

https://www.theguardian.com/technology/2017/may/07/the-great-british-brexit-robbery-hijacked-democracy

POLITICAL MICROTARGETING

Adam Curtis – Hypernormalization (2016)

AD/TRACKER BLOCKING

• Yes, there are ad/tracker-blockers

• Some good, some bad

• Need some technical skills to use

• Treating symptom, not disease

• Never-ending arms race

• Will not lead to structural change

TRACKING - CONCLUSION

Adtech has transformed the WWW, and current technology and

protocols allow easy collection and storage of vast amounts of data

TALK OVERVIEW


• Tracking


• What you can do

INTERNET IS BROKEN BECAUSE OF CENSORSHIP

• Lots of WWW services = centralized

• Easy to filter / censor

• At local / ISP/ nation level

• Techniques

• DNS hijacking

• (Deep) Packet Inspection

• ...

CENSORSHIP - TURKEY

• Communication censorship

• Protests 2016: National shutdown of

social media

• Blackholing at ISP level

• Sharing Erdogan cartoons = internet

block

• Similar incidents in Egypt, Iran,...

CENSORSHIP - CHINA

• Knowledge censorship

• “Great firewall of China”

• No Wikipedia

• No “Tiananmen Square”

CENTRALIZATION – DEMOCRACY RISK

• Catalonia Referendum (2017)

• Raid on registrar .cat

• To censor referendum info

• Forced ISP’s to blacklist essential

vote system IP’s

• Several voting offices disabled

CENTRALIZATION – BUSINESS RISK

• October 2016

• Infected IoT devices (Mirai Worm)

• DDoS attack on Dyn.org (DNS provider)

• Twitter, Paypal, Spotify, ... down

CENTRALIZATION - SOCIAL MEDIA PLATFORMS

• For a lot of people, WWW = Social media

• A few private companies decide

• What you see

• When you see it

• How long you can see it

• Who you can share it with

• Billion of eggs, handful of baskets

TALK OVERVIEW


• Tracking

• Censorship


• What you can do

THE INTERNET IS BROKEN BY DESIGN

• Not designed with PRIVACY in mind

• Not designed with ANONIMITY in mind

PRIVACY & ANONIMITY

• Important for everyone

• Regular users (protect personal life)

• Journalists (sources)

• Whistleblowers (identity)

• Companies (communication & trade secrets)

• ...

PRIVACY & ANONIMITY

• Tim Berners-Lee, 2016:

“Sites you visit tell your own intimate story.

Internet history should never be tracked.”

• US Congress, 2016:

ISP’s are allowed to sell your internet history

TRACKING - TECHNICAL

• Browsing the internet = leaking information

• HTTP + Javascript make collection easy

• Unique fingerprint:

• IP, location, network

• OS/Browser version, plug-ins, local time

• Screen size, cursor positions, settings

• ...

AMIUNIQUE.ORG

TALK OVERVIEW


• Tracking

• Censorship

• Anonimity / Privacy


• What you can do

CONCLUSION

• The internet is a wonderful place

• But by design, makes it easy to track,

censor and identify users

• Need alternative, different network

with better privacy properties

ENTER...

THE DARK WEB

THE “DARK WEB”

• A lot of misconceptions

• Blame:

• Media

• Politics

• Technical nature

• Confusing terminology

THE “DARK WEB”

• Interesting from a privacy & anonimity PoV

• Solution to (some of) our problems?

“DARK WEB” VS “NORMAL WEB”

• Traditional explanation:

• Surface web

• Deep web

• Dark web

• Better explanation:

• Dark web is parallel to all

DARKWEB

DARK WEB(S)

• No such thing as one dark web

• Alternative networks focused on

privacy/anonimity:

• Tor (The Onion Router)

• I2P Project

• Freenet

• Zeronet

• ...

QUESTION

• I have never heard of Tor

• I have heard of Tor

• I know Tor as the thing people use to get around my company firewall

• I buy drugs using Tor

• I am a Tor developer

TOR: THE ONION ROUTER

• Most popular & well-known

• Open-Source

• Originally developed by DARPA (US)

• Now: Nonprofit org

• Unrelated to torrents

• Network nodes run by volunteers

• Exit nodes to surface web

TOR: NODE TYPES

TOR: HOW IT WORKS (1)

TOR: ENCRYPTION

TOR: PROTECTING YOUR ANONIMITY

• Original IP never revealed

• No logs

• Strong encryption

• New circuit for every site

• No cross-site tracking

TOR: HIDDEN SERVICES

• Tor Hidden services

• “Rendezvous point”

• “Invisible” hosting

• Only accessible through Tor

TOR: HOW IT THWARTS CENSORSHIP

• No way of knowing where hidden service is hosted

• Takedown notice = where to send?

• Everyone can publish : no central authority

• Censorship impossible by design

TOR: HOW IT THWARTS CENSORSHIP (2)

• Link to surface web

• Exit nodes in various

countries

• Tor traffic can be disguised

• As Skype call, regular

browsing ...

• Very hard to filter: arms race

TOR NETWORK: USERS

TOR NETWORK: CURRENT STATUS

THE “DARK WEB” IS NOT ILLEGAL

• Using or running an alternative network is not illegal

• You are simply using a different

• communication protocol

• way to exchange information

• way of processing data

• Like you already do for a lot of things!

• E-mail: POP3/IMAP


• Media get it wrong all the time


• Professionals get it wrong all the time

THE “DARK WEB” AND CRIMINALITY

• Alternative networks are not exclusively

used by criminals

• Technology is inherently neutral

• Lots of useful services:

• Webhosting / blogging platforms

• File storage

• E-mail

• ...

THE “DARK WEB” AND CRIMINALITY

• What about ...

• Drugs? Guns? Fake Ids? Terrorist forums? Hitmen?

• Same % of services on surface web

• A lot of scams

• Anonimity + cryptocurrencies

• Hidden web is actually tiny

• 7k – 30k sites = 0.03% of surface web

THE “DARK WEB” AND CHILD PORNOGRAPHY

• CP is a problem on every network

• Research by Internet Watch Foundation (2015)

• 31k CP URL’s

• 51 (0.02%) on a Dark Web

• Need to break association Dark Web<->CP

• Without ignoring/minimalizing CP problem

IS TOR INFALLIBLE ?

• Nothing is

• Tor Browser exploits

• Get patched quickly

• Malicious nodes

• Network monitoring

• Peer voting

IS TOR INFALLIBLE: MARKET BUSTS

• Silk Road, AlphaBay, ...

• Admins got arrested, sites closed

• Tor fail?

• Admin fail:

• Re-using e-mail / passwords

• Paper trail

• Reckless bragging

• Bad service configuration

START USING TOR

• Using a Dark Web does not require advanced tech knowledge

• Go to www.torproject.org

• Download the Tor Browser bundle

• Install

• Go!

http://www.torproject.org/

TOR BROWSER BUNDLE

• Custom version of Firefox

• Great browser

• Pre-configured for Tor

• Masked fingerprint

• Scripts blocked by default

• Auto-updater

• HTTPS everywhere

• Safe out-of-the-box

TOR ON MOBILE

• Android: Orbot + OrFox

• In Play Store

• VPN for all traffic

• Free

• iOS: Onion browser

• In App Store

• Free

MAYBE START USING IT...

• On public networks?

• All the time?

• More users = more diversity = safer network

HEY SYSADMINS, LISTEN UP

SYSADMINS & TOR

• Don’t block Tor usage on your network

• Don’t block Tor exit nodes

• Mitigate abuse using CAPTCHA

• If you use Cloudflare: explicitly allow Tor

• See Tor abuse FAQ:

https://www.torproject.org/docs/faq-abuse.html.en

SYSADMINS & TOR

• Run a TOR node!

• On VPS / dedicated

• You can limit bandwidth / ports

• (only 80 / 443, for example)

• Donate @ torservers.net

MEDIA / PRESS

• Offer your site as Hidden Service

• Set up SecureDrop for communication

EVERYONE ELSE

• Programmers / Writers /

Educators / Designers / ...

• Development

• Documentation

• Education

• Discussion

• Promotion

• Legal assistance

AND YOU...

• Try it!

• Spread the word

• Educate friends, family & colleagues

• Talk to your IT departement

• “Well Actually” when you hear misconceptions

IT DOESN’T STOP AT TOR

• Just an example of tech that can help us

• More decentralization needed:

• Mastodon

• Diaspora

• IPFS (Distributed Web)

“

”

THE INTERNET IS A MIRROR THAT REFLECTS THE SOCIETY WE LIVE IN. IF YOU DON’T LIKE WHAT YOU SEE, DON’T JUST BREAK THE MIRROR.

Vint Cerf, co-inventor WWW

THANK YOUQUESTIONS? [email protected] - @JBAERT

mailto:[email protected]

Why We Need a Dark(er) Web

Technology

Transcript of Why We Need a Dark(er) Web