It's About To Get Even Easier to Hide on the Dark Web

["Dave Farber" <farber () gmail com>]

Begin forwarded message:

> From: Dewayne Hendricks <dewayne () warpspeed com>
> Date: January 21, 2017 at 7:59:39 AM EST
> To: Multiple recipients of Dewayne-Net <dewayne-net () warpspeed com>
> Subject: [Dewayne-Net] It's About To Get Even Easier to Hide on the Dark Web
> Reply-To: dewayne-net () warpspeed com
>
> [Note:  This item comes from friend Jen Snow.  DLH]
>
> It’s About To Get Even Easier to Hide on the Dark Web
> By Andy Greenberg
> Jan 29 2017
> <https://www.wired.com/2017/01/get-even-easier-hide-dark-web/>
>
> Sites on the so-called dark web, or darknet, typically operate under what seems like a privacy paradox: While anyone 
> who knows a dark web site’s address can visit it, no one can figure out who hosts that site, or where. It hides in 
> plain sight. But changes coming to the anonymity tools underlying the darknet promise to make a new kind of online 
> privacy possible. Soon anyone will be able to create their own corner of the internet that’s not just anonymous and 
> untraceable, but entirely undiscoverable without an invite.
>
> Over the coming months, the non-profit Tor Project will upgrade the security and privacy of the so-called “onion 
> services,” or “hidden services,” that enable the darknet’s anonymity. While the majority of people who run the Tor 
> Project’s software use it to browse the web anonymously, and circumvent censorship in countries like Iran and China, 
> the group also maintains code that allows anyone to host an anonymous website or server—the basis for the darknet.
>
> That code is now getting a revamp, set to go live sometime later this year, designed to both strengthen its 
> encryption and to let administrators easily create fully secret darknet sites that can only be discovered by those 
> who know a long string of unguessable characters. And those software tweaks, says Tor Project co-founder Nick 
> Mathewson, could not only allow tighter privacy on the darknet, but also help serve as the basis for a new generation 
> of encryption applications.
>
> “Someone can create a hidden service just for you that only you would know about, and the presence of that particular 
> hidden service would be non-discoverable,” says Mathewson, who helped to code some of the first versions of Tor in 
> 2003. “As a building block, that would provide a much stronger basis for relatively secure and private systems than 
> we’ve had before.”
>
> Beyond Anonymity
>
> Most darknet sites today make no secret of their existence, widely publicizing their “.onion” web addresses on the 
> regular web and social media for potential visitors. Any whistleblower can visit WikiLeaks’ anonymous upload system, 
> for instance, by pasting wlupld3ptjvsgwqw.onion into their Tor browser, and many thousands of drug customers and 
> dealers knew that the notorious dark web drug market Silk Road could be found at silkroadvb5piz3r.onion before the 
> FBI took it offline.
>
> But even without knowing a Tor hidden service’s address, another trick has allowed snoops, security firms, hackers, 
> and law enforcement to discover them. Tor’s network comprises volunteers’ computers that serve as “nodes,” bouncing 
> traffic around the globe. Anyone can position their computer as a particular sort of node—one of thousands of “hidden 
> service directories” that route visitors to a certain hidden service.
>
> For that routing system to work, all hidden services have to declare their existence to those directories. A study 
> released at the hacker conference Defcon last year showed that more than a hundred of the 3,000 or so hidden service 
> directories were secretly crawling every site whose address they learned, in order to scan the dark web for 
> previously undiscovered sites.
>
> “The only people who should know about your hidden service are the people you tell about it,” says John Brooks, the 
> creator of the Tor-based chat program Ricochet. “That’s a pretty simple concept, and it’s currently not true.”
>
> The next generation of hidden services will use a clever method to protect the secrecy of those addresses. Instead of 
> declaring their .onion address to hidden service directories, they’ll instead derive a unique cryptographic key from 
> that address, and give that key to Tor’s hidden service directories. Any Tor user looking for a certain hidden 
> service can perform that same derivation to check the key and route themselves to the correct darknet site. But the 
> hidden service directory can’t derive the .onion address from the key, preventing snoops from discovering any secret 
> darknet address. “The Tor network isn’t going to give you any way to learn about an onion address you don’t already 
> know,” says Mathewson.
>
> [snip]
>
> Dewayne-Net RSS Feed: <http://dewaynenet.wordpress.com/feed/>



-------------------------------------------
Archives: https://www.listbox.com/member/archive/247/=now
RSS Feed: https://www.listbox.com/member/archive/rss/247/18849915-ae8fa580
Modify Your Subscription: https://www.listbox.com/member/?member_id=18849915&id_secret=18849915-aa268125
Unsubscribe Now: 
https://www.listbox.com/unsubscribe/?member_id=18849915&id_secret=18849915-32545cb4&post_id=20170121103706:74D82FBC-DFEF-11E6-92EE-128FBCDDB970
Powered by Listbox: http://www.listbox.com