The Darkest Web

Warning: This article covers subjects some readers may find distressing. 

The Dark Web has been covered extensively by news media since the seizure of infamous narcotics bazaar The Silk Road in 2013. This seizure combined with the Edward Snowden revelations gave the anonymity software, Tor, which is required to access the largest “Dark Web”, previously unknown popularity. 

Tor has been one of the most interesting and controversial developments of the Web over the last decade. It was first developed by the US Naval Research Laboratory to allow anonymous intelligence communications and is now run by the Tor Project (Torproject.org) “to advance human rights and freedoms”.

It is an essential tool for many of those carrying out investigations in law enforcement. It is also used by human rights activists wishing to avoid surveillance and monitoring by authorities. It is similarly used by criminals to avoid surveillance.

The Tor Dark Web is accessed by connecting to what is known as Tor Hidden Services (THS). The THS obfuscates the website’s IP address making it impossible for authorities to locate and seize the server. This technology was created by the Tor Project primarily to allow human rights activists to create websites anonymously, however, as we will see, this technology has most effectively been used by criminals to avoid the authorities.

The question is; on a balance does the THS do more to protect human rights activists, or does it just allow the worst criminals to continue their activities with impunity?

News media often cover the “exciting” topics on the Dark Web like the narcotics trading websites. Many seem to find the prevalence of these websites more entertaining than shocking. The failed wars on drugs, harm caused by outdated drugs legislation or the fact that 30% of the UK population have used illegal narcotics may be some factors here.

There are many rumours of shocking things on the Dark Web; assassination squads, to-the-death gladiator fights and others but the majority of these have been found to be just that; rumour. Sadly, the only subject not exaggerated is the child abuse content that is prevalent there.

A number of court cases have shone a light on the worst of these activities including what is known as “Hurtcore”. This is the most disturbing child abuse content involving deliberately causing pain and suffering to the victim over and above the sexual abuse taking place. This is content so disturbing even many paedophiles shun it. 22 year old Mathew Graham was convicted of running screen-shot-2015-09-10-at-8-54-44-pm“Hurt2theCore” Dark website that was reportedly getting 15,000 video downloads a day. (For more information on the case and please see allthingsvice blog. Warning: content discussed in these articles may disturb readers).

It is understandable that many news outlets would not want to cover these subjects as being far too distressing but without covering topics like this when discussing the Dark Web means it is underestimated as a force for bad in the world.

A recent study done by Dr Gareth Owen of Portsmouth University looked at traffic to the THS.  The results appear to show that 80 percent of traffic going to the THS were going to those sites hosting Child Abuse content.

These findings have been highly controversial and there has been much discussion in the Tor community about whether they are accurate or not. There are some valid points raised about particular research methods, but given the results, the study should be replicated multiple times and the findings verified.  If the results found by Dr Owen are correct and 80% of traffic to THS are in fact going to websites hosting child abuse content there needs to be an open and honest debate about how much the THS technology is helping protect human rights compared to the harm it may be doing in allowing the distribution of this content.

Here I differentiate between Tor and the Tor Hidden Services (THS). Tor is primarily used to access the surface web anonymously and there have been many documented cases of it being used effectively to protect human rights around the world . I am a supporter of the Tor as an anonymity product for these reasons, however, when it comes to the Tor Hidden Services (THS) the case for good is not so clear.

There are a large number of non-illegal websites on the THS, that range from the weird to the inane (just like the surface web); the dark website Anonymous Cat Facts comes to mind. There are also political, activist and human rights THS websites, for example Wikileaks has a THS version, though they also still have a presence on the surface web.

I have attempted to find case studies where THS have been used to protect human rights activists effectively. Due to the anonymous nature of this work publicising these stories is difficult in itself (if any reader knows of any please comment below). Sadly the Tor Project has so far not made a compelling case for THS being, on balance, a good thing for the world.

There will be people who vehemently oppose the idea of changing the way THS works or becoming involved in censorship of it in anyway. The Tor Project understandably don’t want to get drawn into a debate about censoring certain sites or making white/black lists as this would go against the whole reason THS was created. However, if the statistics above are correct stopping the distribution of child abuse content should be something everyone in the Tor Project and in government should want to work towards.

One argument is that more resources should be spent on investigating child abuse rather than stopping a service that can be used to protect human rights. It is true that in comparison to other areas of government spending like anti-terrorism or the military very little spent combating child abuse online, which should be addressed, but that does not deal with the content currently being distributed via the THS.

Another argument is that if THS were removed the paedophiles would move to another Dark Web service (like I2P or Freenet) and while it is true that some would, crime prevention techniques have shown time and time again if you make crime harder to achieve a percentage of the criminals will actually stop doing it. The ease at which this content can be accessed using Tor and THS means the technological barrier to entry is non-existent.

This is a contentious topic in the Tor community and the very idea of changing or discontinuing the THS is thought as bowing to some form of government censorship. However, if the findings discussed above are accurate (and as mentioned they need to be verified) a reasoned debate about the actual pros and cons of the THS needs to be had by all those involved.

Max Vetter: 

« WhatsApp Implements Encryption
Taliban App Removed From Google Store »

CyberSecurity Jobsite
Perimeter 81

Directory of Suppliers

BackupVault

BackupVault

BackupVault is a leading provider of automatic cloud backup and critical data protection against ransomware, insider attacks and hackers for businesses and organisations worldwide.

LockLizard

LockLizard

Locklizard provides PDF DRM software that protects PDF documents from unauthorized access and misuse. Share and sell documents securely - prevent document leakage, sharing and piracy.

Practice Labs

Practice Labs

Practice Labs is an IT competency hub, where live-lab environments give access to real equipment for hands-on practice of essential cybersecurity skills.

Alvacomm

Alvacomm

Alvacomm offers holistic VIP cybersecurity services, providing comprehensive protection against cyber threats. Our solutions include risk assessment, threat detection, incident response.

Clayden Law

Clayden Law

Clayden Law advise global businesses that buy and sell technology products and services. We are experts in information technology, data privacy and cybersecurity law.

Centre for Development of Advanced Computing (C-DAC)

Centre for Development of Advanced Computing (C-DAC)

C-DAC is the premier R&D organization of the indian Ministry of Electronics & Information Technology. Areas of research include cyber security.

SecureDevice

SecureDevice

SecureDevice is a Danish IT Security company.

DataSunrise

DataSunrise

DataSunrise Data-Centric high-performance security software protects the sensitive data in real-time in cloud or on premises, and helps organizations to stay compliant.

DQM GRC

DQM GRC

DQM GRC are one of the UK's leading providers of data governance, e-privacy and GDPR services, to commercial organisations across all industries in the UK.

ReliaQuest

ReliaQuest

ReliaQuest’s GreyMatter solution connects existing technology, people, and process – then equips security teams with unified, actionable insights across their entire environment.

CleanCloud by SEK

CleanCloud by SEK

CleanCloud by SEK is a CSPM product focused on public cloud data protection and security regulations, with over 400 compliance checks for the market's leading frameworks and regulations.

ExchangeDefender

ExchangeDefender

ExchangeDefender provides cybersecurity services that secures your company email and data, and guarantees 24/7 email access.

CyberUp

CyberUp

CyberUp is a nonprofit organization created to strengthen the cybersecurity workforce. We help employers reimagine how they grow and scale their cybersecurity workforce.

VENZA

VENZA

VENZA is a data protection company that can help organisations mitigate their vulnerabilities and ensure compliance, keeping guests and their data safe from breaches.

Converged Communication Solutions

Converged Communication Solutions

Converged is an independent Internet Service Provider, telephony, IT support and security specialist.

Cyber Explorers

Cyber Explorers

Cyber Explorers is a fun, free and interactive learning platform for future digital superstars. An exciting addition to UK curriculum delivery or after school activities.

Cyphershield

Cyphershield

Cypershield is a Security and Smart Contract audit company providing professional smart contract auditing services for varied Crypto projects.

Inveo Group

Inveo Group

Inveo group is the Italian leader for the management of privacy and data protection issues.

RIIG Technology

RIIG Technology

Our mission is to empower organizations with high-quality, verifiable data and advanced intelligence solutions, ensuring robust security and effective risk management.

Adsigo

Adsigo

Adsigo AG is your reliable and professional partner for all topics concerning PCI certification, compliance and information security.

Dream

Dream

Dream is developing an AI platform that enables cyber resilience and protects nations from hostile nation-states cyber attacks.