Why are they dark? The Early Middle Ages The Dark Ages in Western Europe 476-1000AD.
Why We Need a Dark(er) Web
-
Upload
jeroen-baert -
Category
Technology
-
view
207 -
download
1
Transcript of Why We Need a Dark(er) Web
WHY WE NEED A DARK(ER) WEBJEROEN BAERT –CHECKUP 2017
ABOUT ME
• Engineer – Computer Scientist
• Phd Student (Computer Graphics @ KU Leuven)
• Improv / Stand-up Comedian
• (Belgian Improv League)
• jeroen-baert.be & forceflow.be
• PGP: 30F2 857D 9129 3519
MY RESEARCH: GRAPHICS! ALL THE GRAPHICS!
• Out-of-core construction and visualization of Sparse Voxel Octree
structures on modern GPU hardware
BAD NEWS EVERYONE
TALK OVERVIEW
• Why the internet is broken
• Why a “dark web” is a possible solution
• What you can do
THE INTERNET IS BROKEN BECAUSE OF TRACKING
• WWW evolution:
• Open, free source of information
• Ad-infested cesspool
• Websites / apps serve
• Advertisements
• Trackers
THE INTERNET IS BROKEN BECAUSE OF TRACKING
• GOAL: Profile & identify you and
your habits
• Over multiple services and websites
• Without knowledge or consent
• Sell information for targeting
purposes
https://boingboing.net/2015/10/05/botwars-vs-ad-tech-the-origin.html
TRACKING & CONTENT
• Content is not free
• You pay with your private data
• Content has become delivery method for ads & trackers
• “If you’re not paying, you are the product”
TRACKING – FLEMISH NEWS SITES
• Experiment:
• 4 popular news websites (HLN, DM, DS, HNB)
• Load homepage once (in fresh VM every time)
• Register # connections to 3rd-party servers
• Wireshark & Firefox+Lightbeam
TRACKING – FLEMISH NEWS SITES
• Results:
• +40 connections to 3rd party trackers/ads
• Often located in other countries
• Little or no info for end user
• Privacy policies: vague/non-existent
TRACKING – FLEMISH NEWS SITES
Full report: http://www.forceflow.be/2017/08/02/tracking-be-2017/
TRACKING – FLEMISH NEWS SITES
TRACKING – FLEMISH NEWS SITES
TRACKING – FLEMISH NEWS SITES
• Additional cost:
• Bandwidth (Money)
• Battery
• Time
TRACKING – FLEMISH NEWS SITES
• Some trackers on multiple sites
• Track your entire morning routine
• Journalism = Bait
• Not only (these) news sites
TRACKING – PEOPLE FARMERS
• Facebook = “People Farmer” (Aral Balkan, 2016)
• Build advertising profile
• Everywhere you see
• Offer functionality (likes, comments, ...)
• In exchange for tracking
• “Behavioral Advertising Tech”
TRACKING – PEOPLE FARMERS
https://www.theguardian.com/technology/2017/may/01/facebook-advertising-data-insecure-teens
TRACKING – BIG DATA = BIG BUSINESS
• Cambridge Analytica
• Buy/Collect massive amounts of data
• Sources: Social media, web trackers, ...
• Data mining / analysis
• Psychographic profiling
• Political Microtargeting
TRACKING – CAMBRIDGE ANALYTICA
• Booming business
• Because of state WWW is in
• No legal framework
• (2018) GDPR?
• Enforcement?
https://www.theguardian.com/technology/2017/may/07/the-great-british-brexit-robbery-hijacked-democracy
POLITICAL MICROTARGETING
Adam Curtis – Hypernormalization (2016)
AD/TRACKER BLOCKING
• Yes, there are ad/tracker-blockers
• Some good, some bad
• Need some technical skills to use
• Treating symptom, not disease
• Never-ending arms race
• Will not lead to structural change
TRACKING - CONCLUSION
Adtech has transformed the WWW, and current technology and
protocols allow easy collection and storage of vast amounts of data
TALK OVERVIEW
• Why the internet is broken
• Tracking
• Why a “dark web” is a possible solution
• What you can do
INTERNET IS BROKEN BECAUSE OF CENSORSHIP
• Lots of WWW services = centralized
• Easy to filter / censor
• At local / ISP/ nation level
• Techniques
• DNS hijacking
• (Deep) Packet Inspection
• ...
CENSORSHIP - TURKEY
• Communication censorship
• Protests 2016: National shutdown of
social media
• Blackholing at ISP level
• Sharing Erdogan cartoons = internet
block
• Similar incidents in Egypt, Iran,...
CENSORSHIP - CHINA
• Knowledge censorship
• “Great firewall of China”
• No Wikipedia
• No “Tiananmen Square”
CENTRALIZATION – DEMOCRACY RISK
• Catalonia Referendum (2017)
• Raid on registrar .cat
• To censor referendum info
• Forced ISP’s to blacklist essential
vote system IP’s
• Several voting offices disabled
CENTRALIZATION – BUSINESS RISK
• October 2016
• Infected IoT devices (Mirai Worm)
• DDoS attack on Dyn.org (DNS provider)
• Twitter, Paypal, Spotify, ... down
CENTRALIZATION - SOCIAL MEDIA PLATFORMS
• For a lot of people, WWW = Social media
• A few private companies decide
• What you see
• When you see it
• How long you can see it
• Who you can share it with
• Billion of eggs, handful of baskets
TALK OVERVIEW
• Why the internet is broken
• Tracking
• Censorship
• Why a “dark web” is a possible solution
• What you can do
THE INTERNET IS BROKEN BY DESIGN
• Not designed with PRIVACY in mind
• Not designed with ANONIMITY in mind
PRIVACY & ANONIMITY
• Important for everyone
• Regular users (protect personal life)
• Journalists (sources)
• Whistleblowers (identity)
• Companies (communication & trade secrets)
• ...
PRIVACY & ANONIMITY
• Tim Berners-Lee, 2016:
“Sites you visit tell your own intimate story.
Internet history should never be tracked.”
• US Congress, 2016:
ISP’s are allowed to sell your internet history
TRACKING - TECHNICAL
• Browsing the internet = leaking information
• HTTP + Javascript make collection easy
• Unique fingerprint:
• IP, location, network
• OS/Browser version, plug-ins, local time
• Screen size, cursor positions, settings
• ...
AMIUNIQUE.ORG
TALK OVERVIEW
• Why the internet is broken
• Tracking
• Censorship
• Anonimity / Privacy
• Why a “dark web” is a possible solution
• What you can do
CONCLUSION
• The internet is a wonderful place
• But by design, makes it easy to track,
censor and identify users
• Need alternative, different network
with better privacy properties
ENTER...
THE DARK WEB
THE “DARK WEB”
• A lot of misconceptions
• Blame:
• Media
• Politics
• Technical nature
• Confusing terminology
THE “DARK WEB”
• Interesting from a privacy & anonimity PoV
• Solution to (some of) our problems?
“DARK WEB” VS “NORMAL WEB”
• Traditional explanation:
• Surface web
• Deep web
• Dark web
• Better explanation:
• Dark web is parallel to all
DARKWEB
DARK WEB(S)
• No such thing as one dark web
• Alternative networks focused on
privacy/anonimity:
• Tor (The Onion Router)
• I2P Project
• Freenet
• Zeronet
• ...
QUESTION
• I have never heard of Tor
• I have heard of Tor
• I know Tor as the thing people use to get around my company firewall
• I buy drugs using Tor
• I am a Tor developer
TOR: THE ONION ROUTER
• Most popular & well-known
• Open-Source
• Originally developed by DARPA (US)
• Now: Nonprofit org
• Unrelated to torrents
• Network nodes run by volunteers
• Exit nodes to surface web
TOR: NODE TYPES
TOR: HOW IT WORKS (1)
TOR: HOW IT WORKS (2)
TOR: ENCRYPTION
TOR: HOW IT WORKS (3)
TOR: PROTECTING YOUR ANONIMITY
• Original IP never revealed
• No logs
• Strong encryption
• New circuit for every site
• No cross-site tracking
TOR: HIDDEN SERVICES
• Tor Hidden services
• “Rendezvous point”
• “Invisible” hosting
• Only accessible through Tor
TOR: HOW IT THWARTS CENSORSHIP
• No way of knowing where hidden service is hosted
• Takedown notice = where to send?
• Everyone can publish : no central authority
• Censorship impossible by design
TOR: HOW IT THWARTS CENSORSHIP (2)
• Link to surface web
• Exit nodes in various
countries
• Tor traffic can be disguised
• As Skype call, regular
browsing ...
• Very hard to filter: arms race
TOR NETWORK: USERS
TOR NETWORK: CURRENT STATUS
TOR NETWORK: CURRENT STATUS
THE “DARK WEB” IS NOT ILLEGAL
• Using or running an alternative network is not illegal
• You are simply using a different
• communication protocol
• way to exchange information
• way of processing data
• Like you already do for a lot of things!
• E-mail: POP3/IMAP
THE “DARK WEB” IS NOT ILLEGAL
• Media get it wrong all the time
THE “DARK WEB” IS NOT ILLEGAL
• Professionals get it wrong all the time
THE “DARK WEB” AND CRIMINALITY
• Alternative networks are not exclusively
used by criminals
• Technology is inherently neutral
• Lots of useful services:
• Webhosting / blogging platforms
• File storage
• ...
THE “DARK WEB” AND CRIMINALITY
• What about ...
• Drugs? Guns? Fake Ids? Terrorist forums? Hitmen?
• Same % of services on surface web
• A lot of scams
• Anonimity + cryptocurrencies
• Hidden web is actually tiny
• 7k – 30k sites = 0.03% of surface web
THE “DARK WEB” AND CHILD PORNOGRAPHY
• CP is a problem on every network
• Research by Internet Watch Foundation (2015)
• 31k CP URL’s
• 51 (0.02%) on a Dark Web
• Need to break association Dark Web<->CP
• Without ignoring/minimalizing CP problem
IS TOR INFALLIBLE ?
• Nothing is
• Tor Browser exploits
• Get patched quickly
• Malicious nodes
• Network monitoring
• Peer voting
IS TOR INFALLIBLE: MARKET BUSTS
• Silk Road, AlphaBay, ...
• Admins got arrested, sites closed
• Tor fail?
• Admin fail:
• Re-using e-mail / passwords
• Paper trail
• Reckless bragging
• Bad service configuration
START USING TOR
• Using a Dark Web does not require advanced tech knowledge
• Go to www.torproject.org
• Download the Tor Browser bundle
• Install
• Go!
TOR BROWSER BUNDLE
• Custom version of Firefox
• Great browser
• Pre-configured for Tor
• Masked fingerprint
• Scripts blocked by default
• Auto-updater
• HTTPS everywhere
• Safe out-of-the-box
TOR ON MOBILE
• Android: Orbot + OrFox
• In Play Store
• VPN for all traffic
• Free
• iOS: Onion browser
• In App Store
• Free
MAYBE START USING IT...
• On public networks?
• All the time?
• More users = more diversity = safer network
HEY SYSADMINS, LISTEN UP
SYSADMINS & TOR
• Don’t block Tor usage on your network
• Don’t block Tor exit nodes
• Mitigate abuse using CAPTCHA
• If you use Cloudflare: explicitly allow Tor
• See Tor abuse FAQ:
https://www.torproject.org/docs/faq-abuse.html.en
SYSADMINS & TOR
• Run a TOR node!
• On VPS / dedicated
• You can limit bandwidth / ports
• (only 80 / 443, for example)
• Donate @ torservers.net
MEDIA / PRESS
• Offer your site as Hidden Service
• Set up SecureDrop for communication
EVERYONE ELSE
• Programmers / Writers /
Educators / Designers / ...
• Development
• Documentation
• Education
• Discussion
• Promotion
• Legal assistance
AND YOU...
• Try it!
• Spread the word
• Educate friends, family & colleagues
• Talk to your IT departement
• “Well Actually” when you hear misconceptions
IT DOESN’T STOP AT TOR
• Just an example of tech that can help us
• More decentralization needed:
• Mastodon
• Diaspora
• IPFS (Distributed Web)
“
”
THE INTERNET IS A MIRROR THAT REFLECTS THE SOCIETY WE LIVE IN. IF YOU DON’T LIKE WHAT YOU SEE, DON’T JUST BREAK THE MIRROR.
Vint Cerf, co-inventor WWW
THANK YOUQUESTIONS? [email protected] - @JBAERT