Between Good and Evil: The Truth About the Dark Web

Episode Resources:

• Resilience Cybersecurity & Data Privacy

• 8 Useful Small Business Cybersecurity Tips You Need to Know – Resilience Cybersecurity & Data Privacy

• How To Destroy Perfectly Good Cybersecurity Policies – Resilience Cybersecurity & Data Privacy

• What Is the Dark Web and How to Access It? – Avast Academy

• What is the Dark Web – Crowdstrike

• What is the Deep Web and What Will You Find There? – TechTarget

• Deep Web vs. Dark Web: What is the Difference? – Norton

Today, we’re talking about something that is regularly depicted as a sinister and malevolent force in popular culture: the “Dark Web.” This portrayal of the Dark Web is an oversimplification, akin to the way that conflicts are often depicted in black-and-white terms, with the United States cast as the good guy and its enemies as evil. Much as in those real-world conflicts, the reality of the Dark Web is far more nuanced than popular media suggests.

While the Dark Web can be, and regularly is, used for illicit activities, it is not exclusively used that way. The Dark Web, like most things, exists in a gray area between good and evil. Understanding what the Dark Web is, how it operates, and the risks of using it are crucial antidotes to irrational fear.

What is the Dark Web?

Internet users often find themselves divided between two worlds: the one they know and the one they might have heard about but never fully understood. The internet itself is actually made up of three distinct layers: the surface web, deep web, and the Dark Web.

The internet, as we know it, can be likened to an iceberg. The surface web represents the visible part, only about a fifth of the total internet. This layer comprises all the websites that are publicly accessible, searchable, and indexed by search engines. These include all your “www” prefixed sites that you daily visit like news sites, social media platforms, and more.

Beneath this veneer of the internet is the larger section, known as the “deep web.” Despite its ominous title, the deep web isn’t something clandestine. Instead, it is merely the non-indexable part of the internet, much of which requires specific rights or permissions for access. Logging into your Gmail account, viewing your Amazon shopping cart, accessing private company networks, or anything hidden behind a login— all these belong to the deep web. This vast space, while not publicly visible, is a significant part of the internet.

In simple terms, indexing is the process by which search engines send out bots to ‘crawl’ a site, read its contents, and make it searchable. One way the distinction between indexable and not has played out recently is in Europe’s “right to be forgotten” law. This law allows individuals to request that certain personal information be removed or de-indexed from search engines. While the information still exists on the internet, it cannot be found on a search engine, essentially making it ‘forgotten’ by the majority of web users who confine their internet experience to indexed sites.

Getting to the Dark Web

The Dark Web, unlike the surface or deep web, can’t be accessed through regular browsers. It demands special protocols and encryption. One of the most popular parts of the Dark Web is hosted on a system known as the Tor network or The Onion Router network. It encompasses a labyrinth of sites ending with “.onion”, necessitating an entirely distinct browser and network setup.

While the Tor network facilitates access, it doesn’t provide a search engine to crawl the Dark Web. This means you must possess explicit knowledge or a direct link to the site you’re attempting to access.

Within the onion routing network, each service can choose to be public or private, echoing the properties of both the surface and deep web. It could be a simple information site or a login portal, serving authentication for more closed services. Essentially, the Dark Web offers the same tools as the surface and deep web to regulate accessibility, with the added advantage of obfuscating the direct path to the asset.

The essence of the Dark Web is a meticulously organized chaos designed to deter direct links between the consumer and the service provider, thus offering an added layer of privacy. However, there are techniques to potentially de-anonymize the traffic, albeit these are technically challenging due to the nature of proxying and relaying the traffic.

Beyond the Tor network, the Dark Web encompasses smaller peer-to-peer networks and larger ones like Freenet.

What is the Dark Web Used For?

While the term “Dark Web” often conjures images of a digital underworld, contrary to popular belief, the Dark Web isn’t exclusively designed for dubious activities and is frequently used by individuals seeking anonymity and privacy.

Originally developed by the US Department of Defense, the Dark Web was primarily intended to facilitate encrypted, non-attributable, and non-traceable communications. Far from being a nefarious haven exclusively, the Dark Web also offers a critical space for freedom of speech and anonymity, notably for journalists under oppressive regimes or whistleblowers seeking to disclose sensitive information.

When asked about his experiences navigating the Dark Web, the guest highlighted some of its legitimate uses. The Dark Web serves as a significant tool for secure communication, particularly in scenarios where revealing the source’s identity could result in grave risk.

However, despite its valuable contributions to freedom of information, the Dark Web isn’t a risk-free zone. The Dark Web has been the stage for notorious illegal activities, such as the infamous Silk Road. It’s impossible to ignore the ‘dark side’ of the Dark Web, which serves as a hub for activities such as drug trafficking, human trafficking, and various offensive services.

The Risks of Using the Dark Web

Entering the Dark Web without a clear understanding and preparedness can invite serious risks to both your digital and real-life security. The Dark Web is fundamentally unregulated, offering an ideal breeding ground for those with malicious intent. If you’re not cautious or experienced enough, merely connecting to a single service on the Dark Web could lead to the loss of all data and control of your device.

Indeed, one mustn’t underestimate the potency of malware lurking in the corners of the Dark Web. With no regulations, Dark Web sites can embed exploitative elements in their website code. Simply visiting such a site could trigger the automatic execution of this code, infecting your system with malware in a flash.

What amplifies these risks is the predominance of individuals or entities on the Dark Web with malevolent intent. Driven mostly by financial motives, they will likely stop at nothing to exploit vulnerabilities, gather sensitive information, or gain unauthorized access to systems.

Failure to act with caution may extend these risks to your acquaintances as well. By gaining access to your contact list, malicious actors can exploit your connections, threatening to expose personal data or blackmailing them for financial gain.

Conclusion

In summary, the Dark Web, while providing avenues for untraceable communication and anonymity, is also a potential minefield of threats to your digital and personal security. The key to navigating this complex space is knowledge and cautiousness. If you venture into the Dark Web, ensure that you understand the potential risks and have measures in place to protect your data and privacy.

We’re here to help make the complex language of cybersecurity understandable. So if there are topics or issues that you’d like Ryan and I to break down in an episode, send us an email at info@fearlessparanoia.com or reach out to us on Facebook or LinkedIn. For more information about today’s episode, be sure to check out Fearless Paranoia.com where you’ll find a full transcript as well as links to helpful resources and any research and reports discussed during this episode. While you’re there, check out our other posts and podcasts as well as additional helpful resources for learning about cybersecurity.