This site may earn chapter commissions from the links on this page. Terms of utilize.

onion

The go-to solution for keeping something secret online is to ready up a Tor subconscious service, ofttimes called the dark web. Information technology'southward likely most of what'due south going on in the dark web is illegal, horrifying, or both, but non all the fourth dimension. If you're wondering near the security of a hidden service, security researcher Sarah Jamie Lewis is well-nigh to release a tool called OnionScan that lets you scan it automatically for common vulnerabilities and errors that can de-anonymize the owner or users.

When Lewis was first toying with the idea of creating a tool to check subconscious services for anonymity, she started by looking at dark web markets where people buy and sell drugs, fake IDs, and other illegal content. The thinking was that these sites take a strong interest in maintaining superlative-notch security. All the same, she found many of the aforementioned issues on these sites that were prevalent throughout the night web. To understand the problems, y'all have to kickoff know a little about how the dark web works.

The dark web is accessible just from within the encrypted Tor network. Tor was originally but an anonymization tool that routed you to different parts of the open internet. When you connect to Tor, your packets are bounced to multiple encrypted relays (also chosen nodes). Since each relay just knows the IP accost of the concluding hop and the next one, after a few layers your real IP address and location are obscured.

Tor-Encryption

While a hidden service within Tor is not vulnerable in the way a regular website is, the operators often make mistakes. Lewis cites frequent misconfigurations in the servers that exit important administrator pages accessible. This can reveal the tools used to build a site, likewise as other services run by the aforementioned political party. It's also common to meet images that have not been stripped of EXIF data, which can include the device they were taken with and fifty-fifty the location they were taken. That would make information technology quite easy for someone to place the owner of such a hidden service, and that could pb to problems for the users.

OnionScan, which Lewis will release this weekend, checks a hidden service for all these potential bug so they can be solved. Lewis does annotation it'southward not exactly a subtle tool — OnionScan will ping a service repeatedly to download various images and files to exam.

This isn't about protecting shady nighttime web markets, co-ordinate to Lewis. Privacy is of import fifty-fifty if some people use it to do illegal things. There are plenty of individual sites and political blogs hosted on the dark web considering the owners need that privacy and security.