Based on a recent article in Wired Magazine, I thought it might be helpful to touch on the “dark web” a bit. After all, I do teach CMWEB 270 (Web Application Security) and often talk about the dark alleys on the Internet. But, first, a few disclaimers. Seriously. I do not condone nor support the illegal use of computer resources in any manner. Laws exist for a reason. I am providing this information for educational purposes only. Should you choose to use anything in this post for malicious purposes, I will be glad to testify against you in court. I hope this is sufficiently clear to everyone reading this. That being said, you should know a little about it (without risking exposure to malicious sites and there are a lot of them). Keep in mind the current estimate is that the deep web (including the dark web) is 550 times larger than the visible web. This is the content not indexed by standard search engines.
So, let’s learn a little about the dark web. First, many sites will appear to have a top level domain of .onion. [This link takes you to a Wikipedia article about this “domain.”] Dot onion is a [not so] subtle reference to TOR (The Onion Router). You need to be part of the TOR network in order to access these resources. These are not valid top level domains. They are 16 letter and number hashes (numbers from 2 – 7) representing an 80 bit number in base 32. In theory, you can replace any .onion address with .tor2web.org and still visit the site (of course, you won’t have as much anonymity).
Next, in order to access these resources, you need a browser which can connect to the TOR network. Surprisingly, there is a variant of Firefox which does just that. Read more »