The Dark Web Issue

Author

Digital Defenses
April 30, 2024

What the heck is the dark web?

If you’re interested in security online and offline, you’ve probably heard of “The Dark Web”.

Sounds seedy as all hell, amirite?

And, well, it is. Kinda. Sorta.

In today’s newsletter, you’ll get a glimpse into what it is, and we’ll dispel some of the rumors you may’ve heard.

First, the good news:

You’re no more likely to stumble into The Dark Web cruising around the web than you’re likely to stumble into a Jersey back-alley mob-run gambling den.

That’s not the way it works. So, what is it? And, if you can’t even get there without trying, why does it matter?

Lions and Tigers and Bears? Exactly that. But completely different.

Images of illicit marketplaces and illegal activity spring to mind, and there’s a boatload of nefarious shit out there, but those parts are more symptoms of the Dark Web than defining.

The dark web is made up of privacy-centric overlay networks that sit atop the broader Internet infrastructure but are not readily accessible.

Huh??

For most people the web browser and mail client are the Internet.

Except they’re not.

There are aaaaall kinds of other tools and software that let you use and connect to different parts of the Internet outside of what happens in your web browser and mail client.

So, the first thing to know is where you’re going… and how to get there.

Welcome to Onionland!

Let me introduce Tor (The Onion Router). Tor is one of the most well-known of these overlay networks.

Tor started out as a project at the U.S. Naval Research Lab (NRL) and is now a 501(c)(3) non-profit.

The idea was to create a means of private communication by routing and re-routing encrypted Internet traffic through multiple blind relays.

Imagine a crowd of blindfolded people. On one side you have a person with an envelope. On the other side you have the intended recipient.

The sender hands a random person the envelope. That person hands it to another, and that one to another who hands it to the recipient.

The recipient only knows they received an envelope from the crowd. The sender has been anonymized.

That’s how Tor works.

There are also sites and services on the Tor network that are only accessible via Tor. You can’t find them, can’t get to them, can’t see them without going through Tor.

Can’t see, hence the word “Dark.”

Because darknets offer anonymity, they’re the corners of the web frequented by bad actors, criminals, botnets, and pedophiles, but they’re also home to political dissidents, intelligence operatives, victims of domestic violence, security researchers, and others concerned with privacy.

You know what? Tor is an over-complicated example. Here’s an easy one.

Napster.

For those of you who missed the ‘90s Internet, Napster enabled people to share music files.

You couldn’t go on a search engine and see what songs I was sharing, but you COULD see what I was sharing through the Napster software.

And, you could download ‘em directly from my computer.

Think of it as two parts:

  • The Napster software

  • The Napster network

The Napster network was an “overlay network” of people sharing files via the Internet, BUT it was only, only, ONLY accessible through the Napster software.

Couldn’t get there in a web browser. Couldn’t get there in a mail client. HAD to get there via the Napster’s software.

Only the Napster software let you talk to the Napster network and see what files people were sharing.

(The idea of opening my computer up to file sharing gives me the shivers today, but that was a different time, and I digress.)

Okay, so we’ve established what the dark web is, looked at a couple of examples of overlay networks, and talked a little bit about what’s out there, but what’s it all mean for you?

Here’s the scoop, even if you never have direct interactions with the dark web, the dark web has direct interactions with you.

Even if you’ve never opened a web browser IN YOUR ENTIRE LIFE, there’s a good chance your data is on the dark web.

Think about some of the more newsworthy data breaches of the past decade:

  • Equifax

  • AT&T

  • Target

  • Marriott

  • Ashley Madison

  • The Republican National Committee

  • Facebook

  • Yahoo

  • Friend Finder Network

  • First American Financial Corp.

If you’ve registered to vote (even as an independent or Democrat), had a phone, shopped in a Target store, had any sort of credit, stayed at a Marriott, or bought/sold a house, your data is almost definitely for sale on the dark web.

Now, you might look at that list and think, “Nope, not me!” but you’d be wrong.

Somewhere, somehow, some legitimate entity has your data and has probably sold it multiple times.

And somewhere down the line there has been (or will be) a breach.

You can pretty much count on it.

So, let’s go forward with the assumption that your data has been compromised. What can you do?

First, it’s a good idea to change your passwords from time to time, or, like a friend of mine, EVERY time.

Using a password manager/wallet can help.

(We’ll go into tricks for making easy-to-remember passwords in our next issue.)

Password Managers from our Sponsors:

Check your credit reports.

You can request reports directly or visit AnnualCreditReport.com for a free annual report from Equifax, Experian, and TransUnion.

See anything you don’t recognize?

  1. If you live in the U.S., report it to IdentityTheft.gov.

  2. Place a credit/security freeze with the reporting agencies.

This prevents new lines of credit from being opened in your name.

Mind you, freezing your credit report freezes it for you too, so you’ll need to do a temporary lift of the freeze if you want to apply for a loan.

Delete old accounts.

If you’re like most people, when you quit using a membership website, you simply stop using it.

If you’ve been online for any length of time, that means dozens, if not hundreds of abandoned accounts, any one of which could be compromised any day.

Does it matter if your old gym membership or dating profile data is compromised?

Let’s ask a different question:

What is the make and model of your first vehicle?

Wha…?

How many websites use that as a security question?

A breach at any of those sites could expose your answer.

The good news, most jurisdictions support the right to be forgotten, which means companies are legally obligated to delete your data when you request it.

So, request it!

If you’re not using the account, you don’t need to keep it around. Just delete it.

And that’s pretty much it.

Parts of the dark web are, in fact, seedy as hell, and in those dark recesses of the Internet, your data is being bought and sold, but you can cover your butt by:

  • Changing your passwords

  • Checking your credit reports

  • Deleting old accounts (both on and offline)

  • Like we covered in our past issues, not over-sharing

If you have a friend who might enjoy learning more about personal digital security, share our URL: https://DigitalDefenses.org

They can subscribe and/or read past issues for free.

Until next time, take care!

The Squids