Dark Web

Foundations

Surface Web

Google, Youtube, Facebook, Reddit, etc.
Anything accessible through a link.
Covers a total of 4% of internet.
- Access tools:
  - Common public browser (Chrome, Safari, Firefox, Brave)

Deep Web

Private Emails, Dropbox, Public Records, ETC.
Anything you can't directly link to, or has security
Covers a total of 90% of internet.
Access tools:
- Common public browser (Chrome, Safari, Firefox, Brave)

Dark Web

Markets, hidden sites, Tor sites
Purposefully hidden , special access to material either legal or illegal.
Covers a total of 6% of internet.
Access tools:
- Tor
- Tails (Operating System)

Using Tor is legal in most countries, but its ultimate legality depends on the purpose, laws governing the country, location, and the actions for which it is used.

Important Concepts

TOR

Tor (The Onion Router) is open-source software that allows you to browse the internet anonymously by routing your web traffic through a global network of volunteer-run servers called nodes or relays.

How TOR works

Imagine you need to send a card (your data) to someone (a website), but you don’t want anyone to know you are the sender (your IP address). Instead of sending the card directly, you wrap it in several layers of envelopes, one for each person (node or relay) it will pass through.

Each person (node) only knows:

Who they received the card from (the previous node’s IP).
Who they are giving it to (the next node).

When a node receives the card, it removes only the outer envelope to see where to send it next.

The first node (Guard Relay) doesn’t know the final destination, only the next node.
The last node (Exit Relay) doesn’t know the original sender, only where to deliver the card.

Pretty Good Privacy (PGP)

PGP, which stands for Pretty Good Privacy, is a security program that uses encryption and digital signatures to protect data communication.

How it works

Each person has two keys:
- Public key: you can give this to anyone who wants to send you a secure message.
- Private key: you keep this secret; it’s used to unlock the messages sent to you.
When someone sends you a message:
- They lock it using your public key.
- Only your private key can unlock it and read it.

BITCOIN

Bitcoin is a digital currency that exists only online. You can send and receive it over the internet without using a bank.

Bitcoin relies on a technology called the blockchain, which is like a giant public ledger where all transactions are recorded. Everyone can see the transactions, but they only see the addresses, not the real identities of the people sending or receiving Bitcoin.

Each user has:

Address: like a bank account number for receiving Bitcoin.
Private key: like a secret password used to spend your Bitcoin.

VPN and TOR

Setup

Purpose

Advantages

Disadvantages

VPN → Tor

Hide Tor usage from ISP

ISP cannot detect Tor; VPN hides your IP from Tor nodes

VPN sees your traffic; slightly slower

Tor → VPN

Hide Tor exit traffic from websites

Websites see VPN IP, protects against malicious exit nodes

Very slow; complex setup

Security Measures

Security Levels

Increasing the Security Level in the Tor Browser Security settings will disable or partially disable certain browser features to protect against possible attacks.

Security Level

Description

Key Changes / Restrictions

Standard

Default level, all features enabled

All Tor Browser and website features work normally

Safer

Disables some risky website features

- JavaScript disabled on non-HTTPS sites - Some fonts and math symbols disabled - Audio & Video (HTML5) click-to-play

Safest

Only allows features required for static/basic sites

- JavaScript disabled on all sites - Some fonts, icons, math symbols, and images disabled - Audio & Video (HTML5) click-to-play

Bridges

Pluggable Transport

Purpose

Advantages

Disadvantages

obfs4

Makes Tor traffic look like random data

Fastest for general use; works in moderately censored networks

Might not work in highly censored countries; requires bridges

Snowflake

Routes connection through temporary volunteer proxies, making traffic look like normal web/video traffic

Very effective in heavily censored networks; dynamically uses available proxies

Slower than obfs4; depends on volunteer proxies availability

meek-azure

Makes Tor traffic look like it’s connecting to a Microsoft website (Azure)

Works in very strict and heavily censored regions

Very slow; higher latency due to proxy routing

Checklist

Familiarize yourself with how TOR works.
Configure your security setting using the Safer or Safest .
Regularly check for updates and keep your Tor Browser up-to-date.
Use tor for all online activities.
Ensure that websites you visit are using HTTPS to encrypt your data.
Avoid torrenting over Tor.
Keep you OS and software up-to-date with security patches.
never share personal information while user Tor.

Installation TOR

sudo apt update && sudo apt upgrade -y
sudo apt install tor torbrowser-launcher -y
sudo systemctl start tor
sudo systemctl enable tor   # Optional: start Tor on boot
sudo systemctl status tor
torbrowser-launcher

IOS: https://apps.apple.com/us/app/onion-browser/id519296448

Android: https://play.google.com/store/apps/details?id=org.torproject.torbrowser

Windows: https://www.torproject.org/download/