Why We Need a Dark(er) Web

1. WHY WE NEED A DARK(ER) WEB JEROEN BAERT – CHECKUP 2017

2. ABOUT ME • Engineer – Computer Scientist • Phd Student (Computer Graphics @ KU Leuven) • Improv / Stand-up Comedian • (Belgian Improv League) • jeroen-baert.be & forceflow.be • PGP: 30F2 857D 9129 3519

3. MY RESEARCH: GRAPHICS! ALL THE GRAPHICS! • Out-of-core construction and visualization of Sparse Voxel Octree structures on modern GPU hardware

4. BAD NEWS EVERYONE

5. TALK OVERVIEW • Why the internet is broken • Why a “dark web” is a possible solution • What you can do

6. THE INTERNET IS BROKEN BECAUSE OF TRACKING • WWW evolution: • Open, free source of information • Ad-infested cesspool • Websites / apps serve • Advertisements • Trackers

7. THE INTERNET IS BROKEN BECAUSE OF TRACKING • GOAL: Profile & identify you and your habits • Over multiple services and websites • Without knowledge or consent • Sell information for targeting purposes https://boingboing.net/2015/10/05/botwars-vs-ad-tech- the-origin.html

8. TRACKING & CONTENT • Content is not free • You pay with your private data • Content has become delivery method for ads & trackers • “If you’re not paying, you are the product”

9. TRACKING – FLEMISH NEWS SITES • Experiment: • 4 popular news websites (HLN, DM, DS, HNB) • Load homepage once (in fresh VM every time) • Register # connections to 3rd-party servers • Wireshark & Firefox+Lightbeam

10. TRACKING – FLEMISH NEWS SITES • Results: • +40 connections to 3rd party trackers/ads • Often located in other countries • Little or no info for end user • Privacy policies: vague/non-existent

11. TRACKING – FLEMISH NEWS SITES Full report: http://www.forceflow.be/2017/08/02/tracking-be-2017/

12. TRACKING – FLEMISH NEWS SITES

13. TRACKING – FLEMISH NEWS SITES

14. TRACKING – FLEMISH NEWS SITES • Additional cost: • Bandwidth (Money) • Battery • Time

15. TRACKING – FLEMISH NEWS SITES • Some trackers on multiple sites • Track your entire morning routine • Journalism = Bait • Not only (these) news sites

16. TRACKING – PEOPLE FARMERS • Facebook = “People Farmer” (Aral Balkan, 2016) • Build advertising profile • Everywhere you see • Offer functionality (likes, comments, ...) • In exchange for tracking • “Behavioral Advertising Tech”

17. TRACKING – PEOPLE FARMERS https://www.theguardian.com/technology/2017/may/01/facebook-advertising-data-insecure-teens

18. TRACKING – BIG DATA = BIG BUSINESS • Cambridge Analytica • Buy/Collect massive amounts of data • Sources: Social media, web trackers, ... • Data mining / analysis • Psychographic profiling • Political Microtargeting

19. TRACKING – CAMBRIDGE ANALYTICA • Booming business • Because of state WWW is in • No legal framework • (2018) GDPR? • Enforcement? https://www.theguardian.com/technology/2017/may/07/the-great-british- brexit-robbery-hijacked-democracy

20. POLITICAL MICROTARGETING Adam Curtis – Hypernormalization (2016)

21. AD/TRACKER BLOCKING • Yes, there are ad/tracker-blockers • Some good, some bad • Need some technical skills to use • Treating symptom, not disease • Never-ending arms race • Will not lead to structural change

22. TRACKING - CONCLUSION Adtech has transformed the WWW, and current technology and protocols allow easy collection and storage of vast amounts of data

23. TALK OVERVIEW • Why the internet is broken • Tracking • Why a “dark web” is a possible solution • What you can do

24. INTERNET IS BROKEN BECAUSE OF CENSORSHIP • Lots of WWW services = centralized • Easy to filter / censor • At local / ISP/ nation level • Techniques • DNS hijacking • (Deep) Packet Inspection • ...

25. CENSORSHIP - TURKEY • Communication censorship • Protests 2016: National shutdown of social media • Blackholing at ISP level • Sharing Erdogan cartoons = internet block • Similar incidents in Egypt, Iran,...

26. CENSORSHIP - CHINA • Knowledge censorship • “Great firewall of China” • No Wikipedia • No “Tiananmen Square”

27. CENTRALIZATION – DEMOCRACY RISK • Catalonia Referendum (2017) • Raid on registrar .cat • To censor referendum info • Forced ISP’s to blacklist essential vote system IP’s • Several voting offices disabled

28. CENTRALIZATION – BUSINESS RISK • October 2016 • Infected IoT devices (Mirai Worm) • DDoS attack on Dyn.org (DNS provider) • Twitter, Paypal, Spotify, ... down

29. CENTRALIZATION - SOCIAL MEDIA PLATFORMS • For a lot of people, WWW = Social media • A few private companies decide • What you see • When you see it • How long you can see it • Who you can share it with • Billion of eggs, handful of baskets

30. TALK OVERVIEW • Why the internet is broken • Tracking • Censorship • Why a “dark web” is a possible solution • What you can do

31. THE INTERNET IS BROKEN BY DESIGN • Not designed with PRIVACY in mind • Not designed with ANONIMITY in mind

32. PRIVACY & ANONIMITY • Important for everyone • Regular users (protect personal life) • Journalists (sources) • Whistleblowers (identity) • Companies (communication & trade secrets) • ...

33. PRIVACY & ANONIMITY • Tim Berners-Lee, 2016: “Sites you visit tell your own intimate story. Internet history should never be tracked.” • US Congress, 2016: ISP’s are allowed to sell your internet history

34. TRACKING - TECHNICAL • Browsing the internet = leaking information • HTTP + Javascript make collection easy • Unique fingerprint: • IP, location, network • OS/Browser version, plug-ins, local time • Screen size, cursor positions, settings • ...

35. AMIUNIQUE.ORG

36. TALK OVERVIEW • Why the internet is broken • Tracking • Censorship • Anonimity / Privacy • Why a “dark web” is a possible solution • What you can do

37. CONCLUSION • The internet is a wonderful place • But by design, makes it easy to track, censor and identify users • Need alternative, different network with better privacy properties

38. ENTER... THE DARK WEB

39. THE “DARK WEB” • A lot of misconceptions • Blame: • Media • Politics • Technical nature • Confusing terminology

40. THE “DARK WEB” • Interesting from a privacy & anonimity PoV • Solution to (some of) our problems?

41. “DARK WEB” VS “NORMAL WEB” • Traditional explanation: • Surface web • Deep web • Dark web • Better explanation: • Dark web is parallel to all DARK WEB

42. DARK WEB(S) • No such thing as one dark web • Alternative networks focused on privacy/anonimity: • Tor (The Onion Router) • I2P Project • Freenet • Zeronet • ...

43. QUESTION • I have never heard of Tor • I have heard of Tor • I know Tor as the thing people use to get around my company firewall • I buy drugs using Tor • I am a Tor developer

44. TOR: THE ONION ROUTER • Most popular & well-known • Open-Source • Originally developed by DARPA (US) • Now: Nonprofit org • Unrelated to torrents • Network nodes run by volunteers • Exit nodes to surface web

45. TOR: NODE TYPES

46. TOR: HOW IT WORKS (1)

48. TOR: ENCRYPTION

50. TOR: PROTECTING YOUR ANONIMITY • Original IP never revealed • No logs • Strong encryption • New circuit for every site • No cross-site tracking

51. TOR: HIDDEN SERVICES • Tor Hidden services • “Rendezvous point” • “Invisible” hosting • Only accessible through Tor

52. TOR: HOW IT THWARTS CENSORSHIP • No way of knowing where hidden service is hosted • Takedown notice = where to send? • Everyone can publish : no central authority • Censorship impossible by design

53. TOR: HOW IT THWARTS CENSORSHIP (2) • Link to surface web • Exit nodes in various countries • Tor traffic can be disguised • As Skype call, regular browsing ... • Very hard to filter: arms race

54. TOR NETWORK: USERS

55. TOR NETWORK: CURRENT STATUS

56. TOR NETWORK: CURRENT STATUS

57. THE “DARK WEB” IS NOT ILLEGAL • Using or running an alternative network is not illegal • You are simply using a different • communication protocol • way to exchange information • way of processing data • Like you already do for a lot of things! • E-mail: POP3/IMAP

58. THE “DARK WEB” IS NOT ILLEGAL • Media get it wrong all the time

59. THE “DARK WEB” IS NOT ILLEGAL • Professionals get it wrong all the time

60. THE “DARK WEB” AND CRIMINALITY • Alternative networks are not exclusively used by criminals • Technology is inherently neutral • Lots of useful services: • Webhosting / blogging platforms • File storage • E-mail • ...

61. THE “DARK WEB” AND CRIMINALITY • What about ... • Drugs? Guns? Fake Ids? Terrorist forums? Hitmen? • Same % of services on surface web • A lot of scams • Anonimity + cryptocurrencies • Hidden web is actually tiny • 7k – 30k sites = 0.03% of surface web

62. THE “DARK WEB” AND CHILD PORNOGRAPHY • CP is a problem on every network • Research by Internet Watch Foundation (2015) • 31k CP URL’s • 51 (0.02%) on a Dark Web • Need to break association Dark Web<->CP • Without ignoring/minimalizing CP problem

63. IS TOR INFALLIBLE ? • Nothing is • Tor Browser exploits • Get patched quickly • Malicious nodes • Network monitoring • Peer voting

64. IS TOR INFALLIBLE: MARKET BUSTS • Silk Road, AlphaBay, ... • Admins got arrested, sites closed • Tor fail? • Admin fail: • Re-using e-mail / passwords • Paper trail • Reckless bragging • Bad service configuration

65. START USING TOR • Using a Dark Web does not require advanced tech knowledge • Go to www.torproject.org • Download the Tor Browser bundle • Install • Go!

66. TOR BROWSER BUNDLE • Custom version of Firefox • Great browser • Pre-configured for Tor • Masked fingerprint • Scripts blocked by default • Auto-updater • HTTPS everywhere • Safe out-of-the-box

67. TOR ON MOBILE • Android: Orbot + OrFox • In Play Store • VPN for all traffic • Free • iOS: Onion browser • In App Store • Free

68. MAYBE START USING IT... • On public networks? • All the time? • More users = more diversity = safer network

69. HEY SYSADMINS, LISTEN UP

70. SYSADMINS & TOR • Don’t block Tor usage on your network • Don’t block Tor exit nodes • Mitigate abuse using CAPTCHA • If you use Cloudflare: explicitly allow Tor • See Tor abuse FAQ: https://www.torproject.org/docs/faq-abuse.html.en

71. SYSADMINS & TOR • Run a TOR node! • On VPS / dedicated • You can limit bandwidth / ports • (only 80 / 443, for example) • Donate @ torservers.net

72. MEDIA / PRESS • Offer your site as Hidden Service • Set up SecureDrop for communication

73. EVERYONE ELSE • Programmers / Writers / Educators / Designers / ... • Development • Documentation • Education • Discussion • Promotion • Legal assistance

74. AND YOU... • Try it! • Spread the word • Educate friends, family & colleagues • Talk to your IT departement • “Well Actually” when you hear misconceptions

75. IT DOESN’T STOP AT TOR • Just an example of tech that can help us • More decentralization needed: • Mastodon • Diaspora • IPFS (Distributed Web)

76. “ ” THE INTERNET IS A MIRROR THAT REFLECTS THE SOCIETY WE LIVE IN. IF YOU DON’T LIKE WHAT YOU SEE, DON’T JUST BREAK THE MIRROR. Vint Cerf, co-inventor WWW

77. THANK YOU QUESTIONS? JEROEN.BAERT@CS.KULEUVEN.BE - @JBAERT

Why We Need a Dark(er) Web

You are reading a preview.

Check these out next

Why We Need a Dark(er) Web

More Related Content

Slideshows for you (20)

Similar to Why We Need a Dark(er) Web (20)

Recently uploaded (20)