By: Bas van den Berg – hacker, developer and architect.
Five tips on how to remain anonymous on the Dark Web
The Dark Web is most often associated with criminal activities such as drug trade, weapon trafficking and money laundering. While it is true that the Dark Web’s privacy protections attract criminals, the “hidden side of the internet” is also used for a variety of legal and beneficial purposes. Journalists, whistle-blowers, law enforcement agencies, cyber security specialists and other legitimate users rely on the Dark Web to communicate securely, track illicit activities, investigate crimes and identify threats. Cyber security professionals use Dark websites to gain valuable threat intelligence and proactively improve their organisation’s security stance (see our article on Using the Dark Web for Threat Intelligence). Due to a growing cyber security awareness across all sectors, individuals and companies increasingly venture into the dark corners of the web to find out whether their information has been stolen and published online.
There are several legitimate reasons to access Darknet sites. For security professionals and law enforcement agents, being able to surf the Dark Web safely and anonymously is even a necessity. Since preserving your anonymity is key to staying safe on the Dark Web, in this article we will give you five simple tips on how to stay anonymous when visiting Dark sites.
Is the Dark Web truly anonymous?
Many people believe that using the Tor browser is enough to stay anonymous when surfing the (Dark) Web. Unfortunately, this perception could not be more wrong. Although Tor is the best option to provide online anonymity, it has some weak points that can be used to identify users. Security professionals, law enforcement agents and all other parties using the Dark Web for legitimate purposes should be aware of the risks and take the necessary security measures to increase their anonymity when diving into the Dark Web. First, because Tor’s weaknesses can be used by malicious parties to exploit other users. Second, because the Dark Web is still primarily associated with crime. Even if accessing the Dark Web is not a crime in your country and you do not access Dark sites that are a crime to view (we strongly discourage you from doing so!), the authorities may still see your activity as suspicious. Do not think of Tor as a guarantee for anonymity, and take our tips to avoid problems in the future.
Preserving your anonymity online is more difficult than you may think. Just remember the ways you can be tracked when using the Clear Web. When engaging in online activities, you are tracked through (third-party) tracking cookies. In addition, you can also be identified based on your so-called browser fingerprint. Your browser fingerprint consists of several data points which, when combined, can uniquely identify you. Examples of such data points are:
- The browser you use;
- The version of your browser;
- The features of your browser (even the “Do Not Track” feature can be used to track people);
- Your operating system;
- Your battery level;
- Add-ons you have (or have not) installed;
- Your geographical location;
- Your language preferences;
- Your screen resolution;
- Your typing speed…
This list can go on and on. Trackers can, in some cases, even identify different family members using the same computer and browser.
If you must dive into the Dark Web (we assume you have a legitimate reason to do so, e.g., to investigate a crime or negotiate with hackers who infected your client’s network with ransomware), you must be careful to protect your identity. Always be aware that even a small mistake can lead to identifying you. There are several hidden networks, but in this article we will stick to the most commonly used method: connecting to the Tor network using the Tor browser.
Your internet service provider can see the type of your network traffic. They can’t see the content of the traffic, but they do see that you are using the Tor network. The first step towards being anonymous is to find a VPN provider that doesn’t track you, so you can hide your Tor use from the internet service provider.
Use a privacy-focused OS, for example Tails (The Amnesic Incognito Live System). Tails is a Linux distribution aimed at securing the user’s activities from any type of surveillance. You can either run it as a virtual machine or start it from a USB stick or DVD. All the default settings are set to provide maximum privacy. There are other similar Linux distributions (for example, Whonix and Kodachi), but most of these are harder to use and set up.
Avoid installing add-ons when using the Tor browser. The Tor browser is based on Firefox, so add-ons for Firefox will work. But every additional add-on you install increases the risk of others being able to track you. Installing even one add-on will increase the uniqueness of your browser fingerprint. What is more, add-ons can also send usage statistics and other data to the add-on’s creator, giving your real identity away.
Do not maximise your Tor browser’s window. When starting the Tor browser, the browser window has a default size. Maximising the browser window will give away your screen resolution, and therefore make your browser fingerprint more unique.
Use these tips and your common sense to stay safe on the Dark Web. Remember that, in addition to preserving your anonymity, you must also stay vigilant to avoid being scammed or getting involved in illegal activities.
If you are interested in learning more about how to safety navigate the Dark Web, Dark Web Foundation is a hands on introductory course.
About the Author
Bas van den Berg – hacker, developer and architect.
Bas started his career as a developer and grew from a solution architect into an enterprise architect. Later he changed into the role of a security consultant.
Bas is one of SECO-Insitute most experienced trainers, his patience, communication skills and ability to explain difficult topics make him an excellent teacher.