1. What is darknet?
A darknet is a hidden network on the Internet in which connections are established only between trusted peers using non-standard ports and unique, customized data transfer protocols.
Quite often the term “darknet” is used interchangeably with “darkweb” (from the English “dark web”). Darknet refers to that part of the World Wide Web that can be accessed via overlay networks, i.e., the “darknet” itself.
Sometimes the darknet (darkweb) is confused with the so-called deep web – web pages not indexed by search engines. Unlike the darknet, no specific software is required to access the deep web.
The complete opposite of the darknet is the so-called visible or top network – a part of the Internet, which is indexed by search engines and is publicly available.
2. When and how did the darknet appear?
The term “darknet” originally referred to computers on the ARPANET network, created in 1969 by the Defense Advanced Research Projects Agency (DARPA) of the US Department of Defense. ARPANET was the prototype of the Internet. Computer networks – “darknet” – were programmed to receive messages from ARPANET, but their addresses were not on network lists and did not respond to external requests, thus remaining “dark”.
The term “darknet” became famous with the 2002 publication of a scientific report entitled “The Darknet and the Future of Information Dissemination”. It was authored by Microsoft employees Brian Willman, Marcus Peinadu, Paul England, and Peter Biddle. They argued that the presence of the darknet serves as a major obstacle to the development of electronic rights management (DRM) technologies and will inevitably lead to copyright infringement. The report described the darknet broadly as any network that requires a specific protocol to gain access and exists “in parallel” with an overhead or visible network.
The term “darknet” became widespread thanks to the media, which associated it with the Silk Road anonymous marketplace, which operated from 2011 to 2013 in the .onion zone of the Tor anonymous network.
3. What are the scenarios of darknet use?
Darknet is used to circumvent online censorship, content filtering systems, and surveillance. It is also suitable for file sharing.
Both political dissidents and criminals can use the technology.
4. What anonymous networks are used in the darknet?
The total number of anonymous darknet networks is unknown. There are small networks with a few dozen users.
5. What is Tor?
Tor (short for The Onion Router) is the most famous and popular anonymous darknet network. It is a system of proxy servers that support “onion routing” – the technology of anonymous information exchange through a computer network. Tor makes it possible to remain anonymous on the Internet and protects user traffic from analysis.
6. How does Tor work?
Unlike a normal browser, which sends user input immediately to a server, allowing third parties to learn its location, the Tor browser sends data through a chain of nodes – intermediary nodes scattered around the world. This model makes tracking much more difficult.
The process of how a Tor network works:
- Once started, the software forms a network of three random nodes over which traffic flows.
- Once a request is sent, the data is covered by three layers of encryption (the multi-layered encryption resembles the structure of an onion, which is why the TOR network is called the “onion” network).
- The first node, accepting traffic, “removes” the top encryption layer from it. It learns the address of the previous node and the next, and then sends the data to it.
- The process repeats, and the data goes to the last node in the network, the output node.
- The output node performs a full decryption and sends the request to the addressee.
- The response to the request is returned in the same way, going through similar steps.
7. Does Tor provide complete anonymity?
Tor does not provide one hundred percent anonymity. Nodes see the real IP address, and it can theoretically be intercepted. The degree of anonymity can be increased by combining Tor with special operating systems and VPNs.
8. How did Tor come about?
Tor development began in 1995 at the Naval Research Laboratory (NRL) “High Performance Computing Center” as part of the Free Haven Project, in cooperation with the Defense Advanced Research and Development Agency (DARPA), at the request of the U.S. government. The source code was distributed as free software.
In the early 2000s, the project was called The Onion Routing (Tor). In October 2002, a router network was deployed, which by the end of 2003 included more than ten network nodes in the United States and one in Germany.
Since 2004, the human rights organization Electronic Frontier Foundation had been providing financial and informational support for the project.
In 2006, a non-profit organization Tor Project was founded to develop the Tor network in the United States.
In 2008, the Tor browser appeared.
9. Who finances Tor?
The main sponsors of the project are the U.S. Department of State and the National Science Foundation. Another source of funding is the collection of donations, including cryptocurrencies.
10. How is the Tor Project evolving?
The project team is engaged in its popularization, calling for the use of Tor to protect the rights of free access to information and privacy.
The Tor Project’s administrators speak out against cybercrime: they work with the U.S. Agency for International Development, the Brookings Institution, the Cato Institute, the Bill & Melinda Gates Foundation, Trend Micro, and the Bitcoin Foundation on the Cybercrime Working Group.
Tor is supported by many online security and privacy advocates, including former NSA employee Edward Snowden and WikiLeaks founder Julian Assange.
Under the pretext that the Tor network hosts numerous trafficking sites for drugs, weapons, pornography, etc., law enforcement agencies of various states are fighting it. In 2014, the FBI paid $1 million to researchers from Carnegie Mellon University in the United States to help de-anonymize Tor users.
In 2017, the Russian Federation passed a law requiring anonymizers, including Tor, to block services and sites and services from Roskomnadzor’s blacklist, but Tor refused to comply.
In July 2019, hacker group 0v1ru$ hacked the server of Saitek, which is allegedly a contractor of the Russian secret services. The documents obtained by the hackers contain information about a number of secret projects of the Russian authorities, aimed, among other things, at analyzing Tor network traffic.
In October 2019, the Tor administration conducted a massive “purge” of the network, blocking 13% of the total number of active nodes. They were blocked due to the use of outdated software. The “purge” was intended to make the network faster and more secure.
In November 2019, Tor released a software update capable of automatically blocking access to outdated nodes. It also blocked abandoned entry points to the network whose IP addresses were not listed in public directories.
In March 2020, the Main Radio Frequency Center, subordinate to the Russian Roskomnadzor, began studying the possibility of restricting mesh-networks, IoT-networks and anonymous protocols. The list of investigated technologies includes The Onion Router (TOR), Invisible Internet Project (I2P), Telegram Open Network, Freenet, Zeronet, anoNet, as well as mesh networks Yggdrasill, cjDNS, Briar, Signal Offline and FireChat.
The Federal Research Center “Informatics and Management” under the Russian Academy of Sciences was commissioned to carry out the work. Experts have been allocated 9.2 million rubles and set the deadline for preparation of the report until June 30, 2020.
Russia is in second place for the number of Tor users after Iran. In 2019, just over 330 thousand Russians used the browser daily, which is 17.39% of the total number of users.
11. What other anonymous darknet networks exist?
Freenet is a peer-to-peer network designed for decentralized distributed data storage.
Unlike Tor and I2P, Freenet provides anonymity only within its own network.
Freenet has no servers, all data is stored in encrypted form in users’ computers, which are pooled in a common pool (pooling). Users provide the bandwidth and disk space of their computers to publish or retrieve information. Freenet uses key-based routing, similar to a distributed hash table, to locate data.
Users can choose the security level: the lower the level, the faster the connection, but data protection then suffers.
Even with a low security level, the connection speed is slow: it takes several minutes to download an image, and watching video is impossible, because Freenet does not support the databases and scripts needed to display dynamic content. The purpose of the project is to store data without the possibility of censorship, not performance and ease of use.
Freenet is divided into two parts: Opennet and Darknet. Opennet is the public segment of the network. You can only access Darknet by invitation from another user.
12. What is I2P?
I2P (Invisible Internet Project) is an anonymous overlay network consisting of two types of nodes:
- Routers. Have intranet and normal IP addresses. Available on the normal Internet and are responsible for the work of the I2P network.
- Hidden nodes. Do not have IP addresses.
I2P distinguishes between routers and addressees, hiding data about where the addressee is and which router is connected to. Each user has multiple addresses: for site connections, for torrents, etc., making it difficult to track and identify.
I2P is based on a model of tunnels – paths through multiple routers. Like the Tor network, it uses multiple layers of encryption: one router decrypts one layer. Unlike Tor, return traffic is sent through a separate tunnel.
The length of the tunnels can be set by the user. The longer the tunnel, the less chance of detection, but the connection speed is correspondingly lower.
Electronic signatures and strong cryptography make I2P the most secure darknet network at the moment.