Dark Web is populated with pages appearing to be legitimate business/account logins
Last October I wrote several blogs on differences between the Surface Web, the Deep Web and the Dark Web. Essentially, The Deep Web is comprised of routine password-protected data that are not archived for standard search. According to most reports, the two combined are 500 times larger than the Surface Web. Though the Dark Web, under the domain .onion, ‘is just a small proportion of that–it has long been the focus of scrutiny.
- To recap–The Dark Web is a multi-layered Internet realm beneath The Deep Web, where your IP address and other identifying information being logged are invisible to all (except perhaps the most sophisticated NSA ‘investigators’ and criminal investigators). It is essentially a neutral domain–as it is used for many purposes, providing sanctuary for both serious criminal activity and socially beneficial, even vital, communication.
Is using the Dark Web a viable security option?
New versions of encryption technology are generally effective and easy to use. However, post-Snowdon revelations show that the NSA, and probably other entities, have had powerful decryption methods for many years. This combined with the fact that the most formidable, complex corporate Internet security systems have been breached, has caused some to consider using the Tor browser and other .onion anomyzing strategies. –So, should you consider going Dark to protect your vital transactions?
Probably not. –Why?
- While the standard Dark Web browser, Tor, can be used to maintain privacy on the Web, there is, nonetheless, a substantial risk of your personal data being exposed and used maliciously by cyber criminals who lay sophisticated traps that are more pervasive and even more difficult to detect than their counterparts on the Visible Internet.
- More specifically, the Dark Web is populated with pages appearing to be legitimate business/account logins–designed with the sole purpose of stealing vital information from users. Criminals then use captured data for hard-to-trace ‘back door’ attacks on private assets and/or businesses.
Anomyzing tools with fewer downsides
- HTTPS Everywhere–Most URLs have the “http://” prefix. You may have noticed that some have the more secure version: “https://” (HTTP Secure). The HTTPS Everywhere browser plugin works with Chrome, Firefox and other browsers to automatically switch HTTP web addresses to HTTPS. The benefit: it encrypts communication between you and the server to make you less visible to eavesdroppers and scammers.
- DuckDuckGo is a private search engine I’m aware of that doesn’t track or share your information, thereby preventing third party cookies. Nor does it use your browsing history to filter search results.
- The GNU Privacy Guard encryption system allows you to use a private ‘key’ to send an email that can only be opened with the receiver’s private key.
- The Guardian Project provides open-source free communication apps for Android smartphones. It includes a privacy-enhancement browser, Orbweb that also supports a Tor-enabled proxy (Orbot) for mobile. It even provides an image-blurring tool to blur faces in photos.
- Signal–To encrypt calls on iPhones, consider the Signal app, developed by Open Whisper Systems. It’s perhaps the best tool available for that purpose. The same company has developed the RedPhone app, identical in purpose, for Android phones.
- Wickr– sends attachments that are deleted from seconds to within a few days. Another benefit: unlike Snapchat, Wickr doesn’t ‘read’ the content of your video, image, or document messages.
- Cryptocat is still another encryption tool that can be added as a standard browser extension or downloaded as an app for Mac systems. A strong favorite of journalists and human rights advocates, only the sender/receiver can see message content.
- Ghostery is a browser extension that provides you with a list of companies that are tracking you, giving you the option of blocking them individually.