Successfully reported this slideshow.
We use your LinkedIn profile and activity data to personalize ads and to show you more relevant ads. You can change your ad preferences anytime.
WHY WE NEED A DARK(ER)
WEB
JEROEN BAERT – CHECKUP 2017
ABOUT ME
• Engineer – Computer Scientist
• Phd Student (Computer Graphics @ KU Leuven)
• Improv / Stand-up Comedian
• (Bel...
MY RESEARCH: GRAPHICS! ALL THE
GRAPHICS!
• Out-of-core construction and visualization of Sparse Voxel Octree
structures on...
BAD NEWS EVERYONE
TALK OVERVIEW
• Why the internet is broken
• Why a “dark web” is a possible solution
• What you can do
THE INTERNET IS BROKEN BECAUSE OF
TRACKING
• WWW evolution:
• Open, free source of information
• Ad-infested cesspool
• We...
THE INTERNET IS BROKEN BECAUSE OF
TRACKING
• GOAL: Profile & identify you and
your habits
• Over multiple services and web...
TRACKING & CONTENT
• Content is not free
• You pay with your private data
• Content has become delivery method for ads & t...
TRACKING – FLEMISH NEWS SITES
• Experiment:
• 4 popular news websites (HLN, DM, DS, HNB)
• Load homepage once (in fresh VM...
TRACKING – FLEMISH NEWS SITES
• Results:
• +40 connections to 3rd party trackers/ads
• Often located in other countries
• ...
TRACKING – FLEMISH NEWS SITES
Full report:
http://www.forceflow.be/2017/08/02/tracking-be-2017/
TRACKING – FLEMISH NEWS SITES
TRACKING – FLEMISH NEWS SITES
TRACKING – FLEMISH NEWS SITES
• Additional cost:
• Bandwidth (Money)
• Battery
• Time
TRACKING – FLEMISH NEWS SITES
• Some trackers on multiple sites
• Track your entire morning routine
• Journalism = Bait
• ...
TRACKING – PEOPLE FARMERS
• Facebook = “People Farmer” (Aral Balkan, 2016)
• Build advertising profile
• Everywhere you se...
TRACKING – PEOPLE FARMERS
https://www.theguardian.com/technology/2017/may/01/facebook-advertising-data-insecure-teens
TRACKING – BIG DATA = BIG BUSINESS
• Cambridge Analytica
• Buy/Collect massive amounts of data
• Sources: Social media, we...
TRACKING – CAMBRIDGE ANALYTICA
• Booming business
• Because of state WWW is in
• No legal framework
• (2018) GDPR?
• Enfor...
POLITICAL MICROTARGETING
Adam Curtis – Hypernormalization (2016)
AD/TRACKER BLOCKING
• Yes, there are ad/tracker-blockers
• Some good, some bad
• Need some technical skills to use
• Treat...
TRACKING - CONCLUSION
Adtech has transformed the WWW, and current technology and
protocols allow easy collection and stora...
TALK OVERVIEW
• Why the internet is broken
• Tracking
• Why a “dark web” is a possible solution
• What you can do
INTERNET IS BROKEN BECAUSE OF
CENSORSHIP
• Lots of WWW services = centralized
• Easy to filter / censor
• At local / ISP/ ...
CENSORSHIP - TURKEY
• Communication censorship
• Protests 2016: National shutdown of
social media
• Blackholing at ISP lev...
CENSORSHIP - CHINA
• Knowledge censorship
• “Great firewall of China”
• No Wikipedia
• No “Tiananmen Square”
CENTRALIZATION – DEMOCRACY RISK
• Catalonia Referendum (2017)
• Raid on registrar .cat
• To censor referendum info
• Force...
CENTRALIZATION – BUSINESS RISK
• October 2016
• Infected IoT devices (Mirai Worm)
• DDoS attack on Dyn.org (DNS provider)
...
CENTRALIZATION - SOCIAL MEDIA
PLATFORMS
• For a lot of people, WWW = Social media
• A few private companies decide
• What ...
TALK OVERVIEW
• Why the internet is broken
• Tracking
• Censorship
• Why a “dark web” is a possible solution
• What you ca...
THE INTERNET IS BROKEN BY DESIGN
• Not designed with PRIVACY in mind
• Not designed with ANONIMITY in mind
PRIVACY & ANONIMITY
• Important for everyone
• Regular users (protect personal life)
• Journalists (sources)
• Whistleblow...
PRIVACY & ANONIMITY
• Tim Berners-Lee, 2016:
“Sites you visit tell your own intimate story.
Internet history should never ...
TRACKING - TECHNICAL
• Browsing the internet = leaking information
• HTTP + Javascript make collection easy
• Unique finge...
AMIUNIQUE.ORG
TALK OVERVIEW
• Why the internet is broken
• Tracking
• Censorship
• Anonimity / Privacy
• Why a “dark web” is a possible ...
CONCLUSION
• The internet is a wonderful place
• But by design, makes it easy to track,
censor and identify users
• Need a...
ENTER...
THE DARK WEB
THE “DARK WEB”
• A lot of misconceptions
• Blame:
• Media
• Politics
• Technical nature
• Confusing terminology
THE “DARK WEB”
• Interesting from a privacy & anonimity PoV
• Solution to (some of) our problems?
“DARK WEB” VS “NORMAL WEB”
• Traditional explanation:
• Surface web
• Deep web
• Dark web
• Better explanation:
• Dark web...
DARK WEB(S)
• No such thing as one dark web
• Alternative networks focused on
privacy/anonimity:
• Tor (The Onion Router)
...
QUESTION
• I have never heard of Tor
• I have heard of Tor
• I know Tor as the thing people use to get around my company f...
TOR: THE ONION ROUTER
• Most popular & well-known
• Open-Source
• Originally developed by DARPA (US)
• Now: Nonprofit org
...
TOR: NODE TYPES
TOR: HOW IT WORKS (1)
TOR: HOW IT WORKS (2)
TOR: ENCRYPTION
TOR: HOW IT WORKS (3)
TOR: PROTECTING YOUR ANONIMITY
• Original IP never revealed
• No logs
• Strong encryption
• New circuit for every site
• N...
TOR: HIDDEN SERVICES
• Tor Hidden services
• “Rendezvous point”
• “Invisible” hosting
• Only accessible through Tor
TOR: HOW IT THWARTS CENSORSHIP
• No way of knowing where hidden service is hosted
• Takedown notice = where to send?
• Eve...
TOR: HOW IT THWARTS CENSORSHIP (2)
• Link to surface web
• Exit nodes in various
countries
• Tor traffic can be disguised
...
TOR NETWORK: USERS
TOR NETWORK: CURRENT STATUS
TOR NETWORK: CURRENT STATUS
THE “DARK WEB” IS NOT ILLEGAL
• Using or running an alternative network is not illegal
• You are simply using a different
...
THE “DARK WEB” IS NOT ILLEGAL
• Media get it wrong all the time
THE “DARK WEB” IS NOT ILLEGAL
• Professionals get it wrong all the time
THE “DARK WEB” AND CRIMINALITY
• Alternative networks are not exclusively
used by criminals
• Technology is inherently neu...
THE “DARK WEB” AND CRIMINALITY
• What about ...
• Drugs? Guns? Fake Ids? Terrorist forums? Hitmen?
• Same % of services on...
THE “DARK WEB” AND CHILD
PORNOGRAPHY
• CP is a problem on every network
• Research by Internet Watch Foundation (2015)
• 3...
IS TOR INFALLIBLE ?
• Nothing is
• Tor Browser exploits
• Get patched quickly
• Malicious nodes
• Network monitoring
• Pee...
IS TOR INFALLIBLE: MARKET BUSTS
• Silk Road, AlphaBay, ...
• Admins got arrested, sites closed
• Tor fail?
• Admin fail:
•...
START USING TOR
• Using a Dark Web does not require advanced tech knowledge
• Go to www.torproject.org
• Download the Tor ...
TOR BROWSER BUNDLE
• Custom version of Firefox
• Great browser
• Pre-configured for Tor
• Masked fingerprint
• Scripts blo...
TOR ON MOBILE
• Android: Orbot + OrFox
• In Play Store
• VPN for all traffic
• Free
• iOS: Onion browser
• In App Store
• ...
MAYBE START USING IT...
• On public networks?
• All the time?
• More users = more diversity = safer network
HEY SYSADMINS, LISTEN UP
SYSADMINS & TOR
• Don’t block Tor usage on your network
• Don’t block Tor exit nodes
• Mitigate abuse using CAPTCHA
• If y...
SYSADMINS & TOR
• Run a TOR node!
• On VPS / dedicated
• You can limit bandwidth / ports
• (only 80 / 443, for example)
• ...
MEDIA / PRESS
• Offer your site as Hidden Service
• Set up SecureDrop for communication
EVERYONE ELSE
• Programmers / Writers /
Educators / Designers / ...
• Development
• Documentation
• Education
• Discussion...
AND YOU...
• Try it!
• Spread the word
• Educate friends, family & colleagues
• Talk to your IT departement
• “Well Actual...
IT DOESN’T STOP AT TOR
• Just an example of tech that can help us
• More decentralization needed:
• Mastodon
• Diaspora
• ...
“
”
THE INTERNET IS A MIRROR THAT
REFLECTS THE SOCIETY WE LIVE IN. IF
YOU DON’T LIKE WHAT YOU SEE, DON’T
JUST BREAK THE MI...
THANK YOU
QUESTIONS? JEROEN.BAERT@CS.KULEUVEN.BE - @JBAERT
Upcoming SlideShare
Loading in …5
×

Why We Need a Dark(er) Web

401 views

Published on

Presentation on Securelink 2017 Checkup Event : Why the internet is broken and why a Dark(er) web might provide some solutions.

Published in: Technology
  • Be the first to comment

  • Be the first to like this

Why We Need a Dark(er) Web

  1. 1. WHY WE NEED A DARK(ER) WEB JEROEN BAERT – CHECKUP 2017
  2. 2. ABOUT ME • Engineer – Computer Scientist • Phd Student (Computer Graphics @ KU Leuven) • Improv / Stand-up Comedian • (Belgian Improv League) • jeroen-baert.be & forceflow.be • PGP: 30F2 857D 9129 3519
  3. 3. MY RESEARCH: GRAPHICS! ALL THE GRAPHICS! • Out-of-core construction and visualization of Sparse Voxel Octree structures on modern GPU hardware
  4. 4. BAD NEWS EVERYONE
  5. 5. TALK OVERVIEW • Why the internet is broken • Why a “dark web” is a possible solution • What you can do
  6. 6. THE INTERNET IS BROKEN BECAUSE OF TRACKING • WWW evolution: • Open, free source of information • Ad-infested cesspool • Websites / apps serve • Advertisements • Trackers
  7. 7. THE INTERNET IS BROKEN BECAUSE OF TRACKING • GOAL: Profile & identify you and your habits • Over multiple services and websites • Without knowledge or consent • Sell information for targeting purposes https://boingboing.net/2015/10/05/botwars-vs-ad-tech- the-origin.html
  8. 8. TRACKING & CONTENT • Content is not free • You pay with your private data • Content has become delivery method for ads & trackers • “If you’re not paying, you are the product”
  9. 9. TRACKING – FLEMISH NEWS SITES • Experiment: • 4 popular news websites (HLN, DM, DS, HNB) • Load homepage once (in fresh VM every time) • Register # connections to 3rd-party servers • Wireshark & Firefox+Lightbeam
  10. 10. TRACKING – FLEMISH NEWS SITES • Results: • +40 connections to 3rd party trackers/ads • Often located in other countries • Little or no info for end user • Privacy policies: vague/non-existent
  11. 11. TRACKING – FLEMISH NEWS SITES Full report: http://www.forceflow.be/2017/08/02/tracking-be-2017/
  12. 12. TRACKING – FLEMISH NEWS SITES
  13. 13. TRACKING – FLEMISH NEWS SITES
  14. 14. TRACKING – FLEMISH NEWS SITES • Additional cost: • Bandwidth (Money) • Battery • Time
  15. 15. TRACKING – FLEMISH NEWS SITES • Some trackers on multiple sites • Track your entire morning routine • Journalism = Bait • Not only (these) news sites
  16. 16. TRACKING – PEOPLE FARMERS • Facebook = “People Farmer” (Aral Balkan, 2016) • Build advertising profile • Everywhere you see • Offer functionality (likes, comments, ...) • In exchange for tracking • “Behavioral Advertising Tech”
  17. 17. TRACKING – PEOPLE FARMERS https://www.theguardian.com/technology/2017/may/01/facebook-advertising-data-insecure-teens
  18. 18. TRACKING – BIG DATA = BIG BUSINESS • Cambridge Analytica • Buy/Collect massive amounts of data • Sources: Social media, web trackers, ... • Data mining / analysis • Psychographic profiling • Political Microtargeting
  19. 19. TRACKING – CAMBRIDGE ANALYTICA • Booming business • Because of state WWW is in • No legal framework • (2018) GDPR? • Enforcement? https://www.theguardian.com/technology/2017/may/07/the-great-british- brexit-robbery-hijacked-democracy
  20. 20. POLITICAL MICROTARGETING Adam Curtis – Hypernormalization (2016)
  21. 21. AD/TRACKER BLOCKING • Yes, there are ad/tracker-blockers • Some good, some bad • Need some technical skills to use • Treating symptom, not disease • Never-ending arms race • Will not lead to structural change
  22. 22. TRACKING - CONCLUSION Adtech has transformed the WWW, and current technology and protocols allow easy collection and storage of vast amounts of data
  23. 23. TALK OVERVIEW • Why the internet is broken • Tracking • Why a “dark web” is a possible solution • What you can do
  24. 24. INTERNET IS BROKEN BECAUSE OF CENSORSHIP • Lots of WWW services = centralized • Easy to filter / censor • At local / ISP/ nation level • Techniques • DNS hijacking • (Deep) Packet Inspection • ...
  25. 25. CENSORSHIP - TURKEY • Communication censorship • Protests 2016: National shutdown of social media • Blackholing at ISP level • Sharing Erdogan cartoons = internet block • Similar incidents in Egypt, Iran,...
  26. 26. CENSORSHIP - CHINA • Knowledge censorship • “Great firewall of China” • No Wikipedia • No “Tiananmen Square”
  27. 27. CENTRALIZATION – DEMOCRACY RISK • Catalonia Referendum (2017) • Raid on registrar .cat • To censor referendum info • Forced ISP’s to blacklist essential vote system IP’s • Several voting offices disabled
  28. 28. CENTRALIZATION – BUSINESS RISK • October 2016 • Infected IoT devices (Mirai Worm) • DDoS attack on Dyn.org (DNS provider) • Twitter, Paypal, Spotify, ... down
  29. 29. CENTRALIZATION - SOCIAL MEDIA PLATFORMS • For a lot of people, WWW = Social media • A few private companies decide • What you see • When you see it • How long you can see it • Who you can share it with • Billion of eggs, handful of baskets
  30. 30. TALK OVERVIEW • Why the internet is broken • Tracking • Censorship • Why a “dark web” is a possible solution • What you can do
  31. 31. THE INTERNET IS BROKEN BY DESIGN • Not designed with PRIVACY in mind • Not designed with ANONIMITY in mind
  32. 32. PRIVACY & ANONIMITY • Important for everyone • Regular users (protect personal life) • Journalists (sources) • Whistleblowers (identity) • Companies (communication & trade secrets) • ...
  33. 33. PRIVACY & ANONIMITY • Tim Berners-Lee, 2016: “Sites you visit tell your own intimate story. Internet history should never be tracked.” • US Congress, 2016: ISP’s are allowed to sell your internet history
  34. 34. TRACKING - TECHNICAL • Browsing the internet = leaking information • HTTP + Javascript make collection easy • Unique fingerprint: • IP, location, network • OS/Browser version, plug-ins, local time • Screen size, cursor positions, settings • ...
  35. 35. AMIUNIQUE.ORG
  36. 36. TALK OVERVIEW • Why the internet is broken • Tracking • Censorship • Anonimity / Privacy • Why a “dark web” is a possible solution • What you can do
  37. 37. CONCLUSION • The internet is a wonderful place • But by design, makes it easy to track, censor and identify users • Need alternative, different network with better privacy properties
  38. 38. ENTER... THE DARK WEB
  39. 39. THE “DARK WEB” • A lot of misconceptions • Blame: • Media • Politics • Technical nature • Confusing terminology
  40. 40. THE “DARK WEB” • Interesting from a privacy & anonimity PoV • Solution to (some of) our problems?
  41. 41. “DARK WEB” VS “NORMAL WEB” • Traditional explanation: • Surface web • Deep web • Dark web • Better explanation: • Dark web is parallel to all DARK WEB
  42. 42. DARK WEB(S) • No such thing as one dark web • Alternative networks focused on privacy/anonimity: • Tor (The Onion Router) • I2P Project • Freenet • Zeronet • ...
  43. 43. QUESTION • I have never heard of Tor • I have heard of Tor • I know Tor as the thing people use to get around my company firewall • I buy drugs using Tor • I am a Tor developer
  44. 44. TOR: THE ONION ROUTER • Most popular & well-known • Open-Source • Originally developed by DARPA (US) • Now: Nonprofit org • Unrelated to torrents • Network nodes run by volunteers • Exit nodes to surface web
  45. 45. TOR: NODE TYPES
  46. 46. TOR: HOW IT WORKS (1)
  47. 47. TOR: HOW IT WORKS (2)
  48. 48. TOR: ENCRYPTION
  49. 49. TOR: HOW IT WORKS (3)
  50. 50. TOR: PROTECTING YOUR ANONIMITY • Original IP never revealed • No logs • Strong encryption • New circuit for every site • No cross-site tracking
  51. 51. TOR: HIDDEN SERVICES • Tor Hidden services • “Rendezvous point” • “Invisible” hosting • Only accessible through Tor
  52. 52. TOR: HOW IT THWARTS CENSORSHIP • No way of knowing where hidden service is hosted • Takedown notice = where to send? • Everyone can publish : no central authority • Censorship impossible by design
  53. 53. TOR: HOW IT THWARTS CENSORSHIP (2) • Link to surface web • Exit nodes in various countries • Tor traffic can be disguised • As Skype call, regular browsing ... • Very hard to filter: arms race
  54. 54. TOR NETWORK: USERS
  55. 55. TOR NETWORK: CURRENT STATUS
  56. 56. TOR NETWORK: CURRENT STATUS
  57. 57. THE “DARK WEB” IS NOT ILLEGAL • Using or running an alternative network is not illegal • You are simply using a different • communication protocol • way to exchange information • way of processing data • Like you already do for a lot of things! • E-mail: POP3/IMAP
  58. 58. THE “DARK WEB” IS NOT ILLEGAL • Media get it wrong all the time
  59. 59. THE “DARK WEB” IS NOT ILLEGAL • Professionals get it wrong all the time
  60. 60. THE “DARK WEB” AND CRIMINALITY • Alternative networks are not exclusively used by criminals • Technology is inherently neutral • Lots of useful services: • Webhosting / blogging platforms • File storage • E-mail • ...
  61. 61. THE “DARK WEB” AND CRIMINALITY • What about ... • Drugs? Guns? Fake Ids? Terrorist forums? Hitmen? • Same % of services on surface web • A lot of scams • Anonimity + cryptocurrencies • Hidden web is actually tiny • 7k – 30k sites = 0.03% of surface web
  62. 62. THE “DARK WEB” AND CHILD PORNOGRAPHY • CP is a problem on every network • Research by Internet Watch Foundation (2015) • 31k CP URL’s • 51 (0.02%) on a Dark Web • Need to break association Dark Web<->CP • Without ignoring/minimalizing CP problem
  63. 63. IS TOR INFALLIBLE ? • Nothing is • Tor Browser exploits • Get patched quickly • Malicious nodes • Network monitoring • Peer voting
  64. 64. IS TOR INFALLIBLE: MARKET BUSTS • Silk Road, AlphaBay, ... • Admins got arrested, sites closed • Tor fail? • Admin fail: • Re-using e-mail / passwords • Paper trail • Reckless bragging • Bad service configuration
  65. 65. START USING TOR • Using a Dark Web does not require advanced tech knowledge • Go to www.torproject.org • Download the Tor Browser bundle • Install • Go!
  66. 66. TOR BROWSER BUNDLE • Custom version of Firefox • Great browser • Pre-configured for Tor • Masked fingerprint • Scripts blocked by default • Auto-updater • HTTPS everywhere • Safe out-of-the-box
  67. 67. TOR ON MOBILE • Android: Orbot + OrFox • In Play Store • VPN for all traffic • Free • iOS: Onion browser • In App Store • Free
  68. 68. MAYBE START USING IT... • On public networks? • All the time? • More users = more diversity = safer network
  69. 69. HEY SYSADMINS, LISTEN UP
  70. 70. SYSADMINS & TOR • Don’t block Tor usage on your network • Don’t block Tor exit nodes • Mitigate abuse using CAPTCHA • If you use Cloudflare: explicitly allow Tor • See Tor abuse FAQ: https://www.torproject.org/docs/faq-abuse.html.en
  71. 71. SYSADMINS & TOR • Run a TOR node! • On VPS / dedicated • You can limit bandwidth / ports • (only 80 / 443, for example) • Donate @ torservers.net
  72. 72. MEDIA / PRESS • Offer your site as Hidden Service • Set up SecureDrop for communication
  73. 73. EVERYONE ELSE • Programmers / Writers / Educators / Designers / ... • Development • Documentation • Education • Discussion • Promotion • Legal assistance
  74. 74. AND YOU... • Try it! • Spread the word • Educate friends, family & colleagues • Talk to your IT departement • “Well Actually” when you hear misconceptions
  75. 75. IT DOESN’T STOP AT TOR • Just an example of tech that can help us • More decentralization needed: • Mastodon • Diaspora • IPFS (Distributed Web)
  76. 76. “ ” THE INTERNET IS A MIRROR THAT REFLECTS THE SOCIETY WE LIVE IN. IF YOU DON’T LIKE WHAT YOU SEE, DON’T JUST BREAK THE MIRROR. Vint Cerf, co-inventor WWW
  77. 77. THANK YOU QUESTIONS? JEROEN.BAERT@CS.KULEUVEN.BE - @JBAERT

×