5. TALK OVERVIEW
• Why the internet is broken
• Why a “dark web” is a possible solution
• What you can do
6. THE INTERNET IS BROKEN BECAUSE OF
TRACKING
• WWW evolution:
• Open, free source of information
• Ad-infested cesspool
• Websites / apps serve
• Advertisements
• Trackers
7. THE INTERNET IS BROKEN BECAUSE OF
TRACKING
• GOAL: Profile & identify you and
your habits
• Over multiple services and websites
• Without knowledge or consent
• Sell information for targeting
purposes
https://boingboing.net/2015/10/05/botwars-vs-ad-tech-
the-origin.html
8. TRACKING & CONTENT
• Content is not free
• You pay with your private data
• Content has become delivery method for ads & trackers
• “If you’re not paying, you are the product”
9. TRACKING – FLEMISH NEWS SITES
• Experiment:
• 4 popular news websites (HLN, DM, DS, HNB)
• Load homepage once (in fresh VM every time)
• Register # connections to 3rd-party servers
• Wireshark & Firefox+Lightbeam
10. TRACKING – FLEMISH NEWS SITES
• Results:
• +40 connections to 3rd party trackers/ads
• Often located in other countries
• Little or no info for end user
• Privacy policies: vague/non-existent
11. TRACKING – FLEMISH NEWS SITES
Full report:
http://www.forceflow.be/2017/08/02/tracking-be-2017/
15. TRACKING – FLEMISH NEWS SITES
• Some trackers on multiple sites
• Track your entire morning routine
• Journalism = Bait
• Not only (these) news sites
16. TRACKING – PEOPLE FARMERS
• Facebook = “People Farmer” (Aral Balkan, 2016)
• Build advertising profile
• Everywhere you see
• Offer functionality (likes, comments, ...)
• In exchange for tracking
• “Behavioral Advertising Tech”
17. TRACKING – PEOPLE FARMERS
https://www.theguardian.com/technology/2017/may/01/facebook-advertising-data-insecure-teens
18. TRACKING – BIG DATA = BIG BUSINESS
• Cambridge Analytica
• Buy/Collect massive amounts of data
• Sources: Social media, web trackers, ...
• Data mining / analysis
• Psychographic profiling
• Political Microtargeting
19. TRACKING – CAMBRIDGE ANALYTICA
• Booming business
• Because of state WWW is in
• No legal framework
• (2018) GDPR?
• Enforcement?
https://www.theguardian.com/technology/2017/may/07/the-great-british-
brexit-robbery-hijacked-democracy
21. AD/TRACKER BLOCKING
• Yes, there are ad/tracker-blockers
• Some good, some bad
• Need some technical skills to use
• Treating symptom, not disease
• Never-ending arms race
• Will not lead to structural change
22. TRACKING - CONCLUSION
Adtech has transformed the WWW, and current technology and
protocols allow easy collection and storage of vast amounts of data
23. TALK OVERVIEW
• Why the internet is broken
• Tracking
• Why a “dark web” is a possible solution
• What you can do
24. INTERNET IS BROKEN BECAUSE OF
CENSORSHIP
• Lots of WWW services = centralized
• Easy to filter / censor
• At local / ISP/ nation level
• Techniques
• DNS hijacking
• (Deep) Packet Inspection
• ...
25. CENSORSHIP - TURKEY
• Communication censorship
• Protests 2016: National shutdown of
social media
• Blackholing at ISP level
• Sharing Erdogan cartoons = internet
block
• Similar incidents in Egypt, Iran,...
26. CENSORSHIP - CHINA
• Knowledge censorship
• “Great firewall of China”
• No Wikipedia
• No “Tiananmen Square”
27. CENTRALIZATION – DEMOCRACY RISK
• Catalonia Referendum (2017)
• Raid on registrar .cat
• To censor referendum info
• Forced ISP’s to blacklist essential
vote system IP’s
• Several voting offices disabled
28. CENTRALIZATION – BUSINESS RISK
• October 2016
• Infected IoT devices (Mirai Worm)
• DDoS attack on Dyn.org (DNS provider)
• Twitter, Paypal, Spotify, ... down
29. CENTRALIZATION - SOCIAL MEDIA
PLATFORMS
• For a lot of people, WWW = Social media
• A few private companies decide
• What you see
• When you see it
• How long you can see it
• Who you can share it with
• Billion of eggs, handful of baskets
30. TALK OVERVIEW
• Why the internet is broken
• Tracking
• Censorship
• Why a “dark web” is a possible solution
• What you can do
31. THE INTERNET IS BROKEN BY DESIGN
• Not designed with PRIVACY in mind
• Not designed with ANONIMITY in mind
32. PRIVACY & ANONIMITY
• Important for everyone
• Regular users (protect personal life)
• Journalists (sources)
• Whistleblowers (identity)
• Companies (communication & trade secrets)
• ...
33. PRIVACY & ANONIMITY
• Tim Berners-Lee, 2016:
“Sites you visit tell your own intimate story.
Internet history should never be tracked.”
• US Congress, 2016:
ISP’s are allowed to sell your internet history
34. TRACKING - TECHNICAL
• Browsing the internet = leaking information
• HTTP + Javascript make collection easy
• Unique fingerprint:
• IP, location, network
• OS/Browser version, plug-ins, local time
• Screen size, cursor positions, settings
• ...
36. TALK OVERVIEW
• Why the internet is broken
• Tracking
• Censorship
• Anonimity / Privacy
• Why a “dark web” is a possible solution
• What you can do
37. CONCLUSION
• The internet is a wonderful place
• But by design, makes it easy to track,
censor and identify users
• Need alternative, different network
with better privacy properties
39. THE “DARK WEB”
• A lot of misconceptions
• Blame:
• Media
• Politics
• Technical nature
• Confusing terminology
40. THE “DARK WEB”
• Interesting from a privacy & anonimity PoV
• Solution to (some of) our problems?
41. “DARK WEB” VS “NORMAL WEB”
• Traditional explanation:
• Surface web
• Deep web
• Dark web
• Better explanation:
• Dark web is parallel to all
DARK
WEB
42. DARK WEB(S)
• No such thing as one dark web
• Alternative networks focused on
privacy/anonimity:
• Tor (The Onion Router)
• I2P Project
• Freenet
• Zeronet
• ...
43. QUESTION
• I have never heard of Tor
• I have heard of Tor
• I know Tor as the thing people use to get around my company firewall
• I buy drugs using Tor
• I am a Tor developer
44. TOR: THE ONION ROUTER
• Most popular & well-known
• Open-Source
• Originally developed by DARPA (US)
• Now: Nonprofit org
• Unrelated to torrents
• Network nodes run by volunteers
• Exit nodes to surface web
50. TOR: PROTECTING YOUR ANONIMITY
• Original IP never revealed
• No logs
• Strong encryption
• New circuit for every site
• No cross-site tracking
51. TOR: HIDDEN SERVICES
• Tor Hidden services
• “Rendezvous point”
• “Invisible” hosting
• Only accessible through Tor
52. TOR: HOW IT THWARTS CENSORSHIP
• No way of knowing where hidden service is hosted
• Takedown notice = where to send?
• Everyone can publish : no central authority
• Censorship impossible by design
53. TOR: HOW IT THWARTS CENSORSHIP (2)
• Link to surface web
• Exit nodes in various
countries
• Tor traffic can be disguised
• As Skype call, regular
browsing ...
• Very hard to filter: arms race
57. THE “DARK WEB” IS NOT ILLEGAL
• Using or running an alternative network is not illegal
• You are simply using a different
• communication protocol
• way to exchange information
• way of processing data
• Like you already do for a lot of things!
• E-mail: POP3/IMAP
58. THE “DARK WEB” IS NOT ILLEGAL
• Media get it wrong all the time
59. THE “DARK WEB” IS NOT ILLEGAL
• Professionals get it wrong all the time
60. THE “DARK WEB” AND CRIMINALITY
• Alternative networks are not exclusively
used by criminals
• Technology is inherently neutral
• Lots of useful services:
• Webhosting / blogging platforms
• File storage
• E-mail
• ...
61. THE “DARK WEB” AND CRIMINALITY
• What about ...
• Drugs? Guns? Fake Ids? Terrorist forums? Hitmen?
• Same % of services on surface web
• A lot of scams
• Anonimity + cryptocurrencies
• Hidden web is actually tiny
• 7k – 30k sites = 0.03% of surface web
62. THE “DARK WEB” AND CHILD
PORNOGRAPHY
• CP is a problem on every network
• Research by Internet Watch Foundation (2015)
• 31k CP URL’s
• 51 (0.02%) on a Dark Web
• Need to break association Dark Web<->CP
• Without ignoring/minimalizing CP problem
63. IS TOR INFALLIBLE ?
• Nothing is
• Tor Browser exploits
• Get patched quickly
• Malicious nodes
• Network monitoring
• Peer voting
64. IS TOR INFALLIBLE: MARKET BUSTS
• Silk Road, AlphaBay, ...
• Admins got arrested, sites closed
• Tor fail?
• Admin fail:
• Re-using e-mail / passwords
• Paper trail
• Reckless bragging
• Bad service configuration
65. START USING TOR
• Using a Dark Web does not require advanced tech knowledge
• Go to www.torproject.org
• Download the Tor Browser bundle
• Install
• Go!
66. TOR BROWSER BUNDLE
• Custom version of Firefox
• Great browser
• Pre-configured for Tor
• Masked fingerprint
• Scripts blocked by default
• Auto-updater
• HTTPS everywhere
• Safe out-of-the-box
67. TOR ON MOBILE
• Android: Orbot + OrFox
• In Play Store
• VPN for all traffic
• Free
• iOS: Onion browser
• In App Store
• Free
68. MAYBE START USING IT...
• On public networks?
• All the time?
• More users = more diversity = safer network
70. SYSADMINS & TOR
• Don’t block Tor usage on your network
• Don’t block Tor exit nodes
• Mitigate abuse using CAPTCHA
• If you use Cloudflare: explicitly allow Tor
• See Tor abuse FAQ:
https://www.torproject.org/docs/faq-abuse.html.en
71. SYSADMINS & TOR
• Run a TOR node!
• On VPS / dedicated
• You can limit bandwidth / ports
• (only 80 / 443, for example)
• Donate @ torservers.net
72. MEDIA / PRESS
• Offer your site as Hidden Service
• Set up SecureDrop for communication
74. AND YOU...
• Try it!
• Spread the word
• Educate friends, family & colleagues
• Talk to your IT departement
• “Well Actually” when you hear misconceptions
75. IT DOESN’T STOP AT TOR
• Just an example of tech that can help us
• More decentralization needed:
• Mastodon
• Diaspora
• IPFS (Distributed Web)
76. “
”
THE INTERNET IS A MIRROR THAT
REFLECTS THE SOCIETY WE LIVE IN. IF
YOU DON’T LIKE WHAT YOU SEE, DON’T
JUST BREAK THE MIRROR.
Vint Cerf, co-inventor WWW