Is it safe to browse the deep web?

Answer by Adrián Lamo:

The term "Deep Web" refers to the unindexed web – databases and other content that search engines can't crawl. Your question most likely refers to what's sometimes called the "Dark Web", or more technically, Tor's hidden services.

It's understandable to be a bit nervous about the so-called Dark Web. It's been played up in popular culture quite a bit, and indeed it contains interesting and sometimes rather terrible content. It's also the subject of occasionally amusing speculation and fiction.

But scary stories to tell in the dark aside, Tor hidden services are no more unsafe than the regular Internet. The key part of "Dark Web" is web. The same best practices you should apply anywhere else on the web will help keep you out of trouble on the "Dark" web.

  1. In fact, you might even be safer on the Dark Web if you play your cards right. If you're using the Tor browser bundle, it comes preconfigured to protect you against some of the privacy threats that normal browser configurations would subject you to.
  2. This should go without saying, but it's surprising how often it comes up: If you register on a hidden service site, don't use your real email address. Create a throwaway email. And don't use a username – for the email address or anything else – that you've used before or plan to use elsewhere. And most certainly don't use your real name.
  3. If you engage in a commercial transaction, use a site that has a good reputation. Never pay with a credit card – there's little recourse in tracking down a hidden service operator, and a chargeback might be awkward to explain depending on your transaction. If you pay in Bitcoin, use a site which provides an escrow service.
  4. If you absolutely must download something (and I wouldn't suggest it if you don't know what you're doing), scan at VirusTotal or a similar service.
  5. If you live somewhere connecting to Tor might cause problems for you, consider connecting to Tor via a "bridge". This isn't foolproof, but it will make it less obvious that you're connecting to the Tor network. You can find instructions for getting bridge addresses and configuring your software at Tor Project: Bridges.
  6. Most importantly, exercise common sense. If something seems too good to be true, it probably is. If someone is being unusually friendly, ask yourself why. If someone is making outlandish threats, consider whether the threats are actually realistic. Your own sense of possibility and perspective are your greatest allies. Hone them and learn to use them – they'll do you more good than any antivirus or defensive software.
  7. To directly address the original poster's concern, accessing hidden services won't "piss off" the authorities unless you live in an unusually authoritarian country. So many people use Tor, you'll basically be lost in the noise. If you're particularly concerned, you can connect to a VPN before connecting to Tor in order to further obfuscate your traffic.

When using Tor, be aware that when browsing the normal web, the operator of the exit node (the server in the chain closest to the site you're accessing) can see your traffic if it's not encrypted. Be mindful of using sites that don't support encryption if you're submitting personally identifiable information.

A user in the comments section (who for some reason I can't tag) reminded me of Tails, a Linux distribution that can be booted from a USB stick, and automatically routes all traffic through Tor. One of its benefits is that even if something goes terribly wrong, you just have to reboot (or in a worst-case scenario, reformat the USB stick) and everything is back to normal – you can browse with minimal risk.

Tor and its hidden services are a great resource to explore, and learning to navigate them is a keen way to build your skills for day-to-day web use – after all, if you can make it there, you can make it anywhere.

To learn more about Tor, VPNs, and other privacy-enhancing technologies, you can check out an article I wrote a while back for PenTest Magazine*: "Privacy and Anonymity Techniques Today"


Edit: Updated answer to include "Resources" section, link to PenTest article, added item seven, added Tails info.

* – Don't blame me for the lede. Some lame-arse editor had never heard the phrase "The Internet is serious business."

Is it safe to browse the deep web?


Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out /  Change )

Google+ photo

You are commenting using your Google+ account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )


Connecting to %s