SlideShare une entreprise Scribd logo
1  sur  77
Télécharger pour lire hors ligne
WHY WE NEED A DARK(ER)
WEB
JEROEN BAERT – CHECKUP 2017
ABOUT ME
• Engineer – Computer Scientist
• Phd Student (Computer Graphics @ KU Leuven)
• Improv / Stand-up Comedian
• (Belgian Improv League)
• jeroen-baert.be & forceflow.be
• PGP: 30F2 857D 9129 3519
MY RESEARCH: GRAPHICS! ALL THE
GRAPHICS!
• Out-of-core construction and visualization of Sparse Voxel Octree
structures on modern GPU hardware
BAD NEWS EVERYONE
TALK OVERVIEW
• Why the internet is broken
• Why a “dark web” is a possible solution
• What you can do
THE INTERNET IS BROKEN BECAUSE OF
TRACKING
• WWW evolution:
• Open, free source of information
• Ad-infested cesspool
• Websites / apps serve
• Advertisements
• Trackers
THE INTERNET IS BROKEN BECAUSE OF
TRACKING
• GOAL: Profile & identify you and
your habits
• Over multiple services and websites
• Without knowledge or consent
• Sell information for targeting
purposes
https://boingboing.net/2015/10/05/botwars-vs-ad-tech-
the-origin.html
TRACKING & CONTENT
• Content is not free
• You pay with your private data
• Content has become delivery method for ads & trackers
• “If you’re not paying, you are the product”
TRACKING – FLEMISH NEWS SITES
• Experiment:
• 4 popular news websites (HLN, DM, DS, HNB)
• Load homepage once (in fresh VM every time)
• Register # connections to 3rd-party servers
• Wireshark & Firefox+Lightbeam
TRACKING – FLEMISH NEWS SITES
• Results:
• +40 connections to 3rd party trackers/ads
• Often located in other countries
• Little or no info for end user
• Privacy policies: vague/non-existent
TRACKING – FLEMISH NEWS SITES
Full report:
http://www.forceflow.be/2017/08/02/tracking-be-2017/
TRACKING – FLEMISH NEWS SITES
TRACKING – FLEMISH NEWS SITES
TRACKING – FLEMISH NEWS SITES
• Additional cost:
• Bandwidth (Money)
• Battery
• Time
TRACKING – FLEMISH NEWS SITES
• Some trackers on multiple sites
• Track your entire morning routine
• Journalism = Bait
• Not only (these) news sites
TRACKING – PEOPLE FARMERS
• Facebook = “People Farmer” (Aral Balkan, 2016)
• Build advertising profile
• Everywhere you see
• Offer functionality (likes, comments, ...)
• In exchange for tracking
• “Behavioral Advertising Tech”
TRACKING – PEOPLE FARMERS
https://www.theguardian.com/technology/2017/may/01/facebook-advertising-data-insecure-teens
TRACKING – BIG DATA = BIG BUSINESS
• Cambridge Analytica
• Buy/Collect massive amounts of data
• Sources: Social media, web trackers, ...
• Data mining / analysis
• Psychographic profiling
• Political Microtargeting
TRACKING – CAMBRIDGE ANALYTICA
• Booming business
• Because of state WWW is in
• No legal framework
• (2018) GDPR?
• Enforcement?
https://www.theguardian.com/technology/2017/may/07/the-great-british-
brexit-robbery-hijacked-democracy
POLITICAL MICROTARGETING
Adam Curtis – Hypernormalization (2016)
AD/TRACKER BLOCKING
• Yes, there are ad/tracker-blockers
• Some good, some bad
• Need some technical skills to use
• Treating symptom, not disease
• Never-ending arms race
• Will not lead to structural change
TRACKING - CONCLUSION
Adtech has transformed the WWW, and current technology and
protocols allow easy collection and storage of vast amounts of data
TALK OVERVIEW
• Why the internet is broken
• Tracking
• Why a “dark web” is a possible solution
• What you can do
INTERNET IS BROKEN BECAUSE OF
CENSORSHIP
• Lots of WWW services = centralized
• Easy to filter / censor
• At local / ISP/ nation level
• Techniques
• DNS hijacking
• (Deep) Packet Inspection
• ...
CENSORSHIP - TURKEY
• Communication censorship
• Protests 2016: National shutdown of
social media
• Blackholing at ISP level
• Sharing Erdogan cartoons = internet
block
• Similar incidents in Egypt, Iran,...
CENSORSHIP - CHINA
• Knowledge censorship
• “Great firewall of China”
• No Wikipedia
• No “Tiananmen Square”
CENTRALIZATION – DEMOCRACY RISK
• Catalonia Referendum (2017)
• Raid on registrar .cat
• To censor referendum info
• Forced ISP’s to blacklist essential
vote system IP’s
• Several voting offices disabled
CENTRALIZATION – BUSINESS RISK
• October 2016
• Infected IoT devices (Mirai Worm)
• DDoS attack on Dyn.org (DNS provider)
• Twitter, Paypal, Spotify, ... down
CENTRALIZATION - SOCIAL MEDIA
PLATFORMS
• For a lot of people, WWW = Social media
• A few private companies decide
• What you see
• When you see it
• How long you can see it
• Who you can share it with
• Billion of eggs, handful of baskets
TALK OVERVIEW
• Why the internet is broken
• Tracking
• Censorship
• Why a “dark web” is a possible solution
• What you can do
THE INTERNET IS BROKEN BY DESIGN
• Not designed with PRIVACY in mind
• Not designed with ANONIMITY in mind
PRIVACY & ANONIMITY
• Important for everyone
• Regular users (protect personal life)
• Journalists (sources)
• Whistleblowers (identity)
• Companies (communication & trade secrets)
• ...
PRIVACY & ANONIMITY
• Tim Berners-Lee, 2016:
“Sites you visit tell your own intimate story.
Internet history should never be tracked.”
• US Congress, 2016:
ISP’s are allowed to sell your internet history
TRACKING - TECHNICAL
• Browsing the internet = leaking information
• HTTP + Javascript make collection easy
• Unique fingerprint:
• IP, location, network
• OS/Browser version, plug-ins, local time
• Screen size, cursor positions, settings
• ...
AMIUNIQUE.ORG
TALK OVERVIEW
• Why the internet is broken
• Tracking
• Censorship
• Anonimity / Privacy
• Why a “dark web” is a possible solution
• What you can do
CONCLUSION
• The internet is a wonderful place
• But by design, makes it easy to track,
censor and identify users
• Need alternative, different network
with better privacy properties
ENTER...
THE DARK WEB
THE “DARK WEB”
• A lot of misconceptions
• Blame:
• Media
• Politics
• Technical nature
• Confusing terminology
THE “DARK WEB”
• Interesting from a privacy & anonimity PoV
• Solution to (some of) our problems?
“DARK WEB” VS “NORMAL WEB”
• Traditional explanation:
• Surface web
• Deep web
• Dark web
• Better explanation:
• Dark web is parallel to all
DARK
WEB
DARK WEB(S)
• No such thing as one dark web
• Alternative networks focused on
privacy/anonimity:
• Tor (The Onion Router)
• I2P Project
• Freenet
• Zeronet
• ...
QUESTION
• I have never heard of Tor
• I have heard of Tor
• I know Tor as the thing people use to get around my company firewall
• I buy drugs using Tor
• I am a Tor developer
TOR: THE ONION ROUTER
• Most popular & well-known
• Open-Source
• Originally developed by DARPA (US)
• Now: Nonprofit org
• Unrelated to torrents
• Network nodes run by volunteers
• Exit nodes to surface web
TOR: NODE TYPES
TOR: HOW IT WORKS (1)
TOR: HOW IT WORKS (2)
TOR: ENCRYPTION
TOR: HOW IT WORKS (3)
TOR: PROTECTING YOUR ANONIMITY
• Original IP never revealed
• No logs
• Strong encryption
• New circuit for every site
• No cross-site tracking
TOR: HIDDEN SERVICES
• Tor Hidden services
• “Rendezvous point”
• “Invisible” hosting
• Only accessible through Tor
TOR: HOW IT THWARTS CENSORSHIP
• No way of knowing where hidden service is hosted
• Takedown notice = where to send?
• Everyone can publish : no central authority
• Censorship impossible by design
TOR: HOW IT THWARTS CENSORSHIP (2)
• Link to surface web
• Exit nodes in various
countries
• Tor traffic can be disguised
• As Skype call, regular
browsing ...
• Very hard to filter: arms race
TOR NETWORK: USERS
TOR NETWORK: CURRENT STATUS
TOR NETWORK: CURRENT STATUS
THE “DARK WEB” IS NOT ILLEGAL
• Using or running an alternative network is not illegal
• You are simply using a different
• communication protocol
• way to exchange information
• way of processing data
• Like you already do for a lot of things!
• E-mail: POP3/IMAP
THE “DARK WEB” IS NOT ILLEGAL
• Media get it wrong all the time
THE “DARK WEB” IS NOT ILLEGAL
• Professionals get it wrong all the time
THE “DARK WEB” AND CRIMINALITY
• Alternative networks are not exclusively
used by criminals
• Technology is inherently neutral
• Lots of useful services:
• Webhosting / blogging platforms
• File storage
• E-mail
• ...
THE “DARK WEB” AND CRIMINALITY
• What about ...
• Drugs? Guns? Fake Ids? Terrorist forums? Hitmen?
• Same % of services on surface web
• A lot of scams
• Anonimity + cryptocurrencies
• Hidden web is actually tiny
• 7k – 30k sites = 0.03% of surface web
THE “DARK WEB” AND CHILD
PORNOGRAPHY
• CP is a problem on every network
• Research by Internet Watch Foundation (2015)
• 31k CP URL’s
• 51 (0.02%) on a Dark Web
• Need to break association Dark Web<->CP
• Without ignoring/minimalizing CP problem
IS TOR INFALLIBLE ?
• Nothing is
• Tor Browser exploits
• Get patched quickly
• Malicious nodes
• Network monitoring
• Peer voting
IS TOR INFALLIBLE: MARKET BUSTS
• Silk Road, AlphaBay, ...
• Admins got arrested, sites closed
• Tor fail?
• Admin fail:
• Re-using e-mail / passwords
• Paper trail
• Reckless bragging
• Bad service configuration
START USING TOR
• Using a Dark Web does not require advanced tech knowledge
• Go to www.torproject.org
• Download the Tor Browser bundle
• Install
• Go!
TOR BROWSER BUNDLE
• Custom version of Firefox
• Great browser
• Pre-configured for Tor
• Masked fingerprint
• Scripts blocked by default
• Auto-updater
• HTTPS everywhere
• Safe out-of-the-box
TOR ON MOBILE
• Android: Orbot + OrFox
• In Play Store
• VPN for all traffic
• Free
• iOS: Onion browser
• In App Store
• Free
MAYBE START USING IT...
• On public networks?
• All the time?
• More users = more diversity = safer network
HEY SYSADMINS, LISTEN UP
SYSADMINS & TOR
• Don’t block Tor usage on your network
• Don’t block Tor exit nodes
• Mitigate abuse using CAPTCHA
• If you use Cloudflare: explicitly allow Tor
• See Tor abuse FAQ:
https://www.torproject.org/docs/faq-abuse.html.en
SYSADMINS & TOR
• Run a TOR node!
• On VPS / dedicated
• You can limit bandwidth / ports
• (only 80 / 443, for example)
• Donate @ torservers.net
MEDIA / PRESS
• Offer your site as Hidden Service
• Set up SecureDrop for communication
EVERYONE ELSE
• Programmers / Writers /
Educators / Designers / ...
• Development
• Documentation
• Education
• Discussion
• Promotion
• Legal assistance
AND YOU...
• Try it!
• Spread the word
• Educate friends, family & colleagues
• Talk to your IT departement
• “Well Actually” when you hear misconceptions
IT DOESN’T STOP AT TOR
• Just an example of tech that can help us
• More decentralization needed:
• Mastodon
• Diaspora
• IPFS (Distributed Web)
“
”
THE INTERNET IS A MIRROR THAT
REFLECTS THE SOCIETY WE LIVE IN. IF
YOU DON’T LIKE WHAT YOU SEE, DON’T
JUST BREAK THE MIRROR.
Vint Cerf, co-inventor WWW
THANK YOU
QUESTIONS? JEROEN.BAERT@CS.KULEUVEN.BE - @JBAERT

Contenu connexe

Tendances

Dark Web Impact on Hidden Services in the Tor-based Criminal Ecosystem Dr.
Dark Web Impact on Hidden Services in the Tor-based Criminal Ecosystem Dr.Dark Web Impact on Hidden Services in the Tor-based Criminal Ecosystem Dr.
Dark Web Impact on Hidden Services in the Tor-based Criminal Ecosystem Dr.Trend Micro
 
The dark web
The dark webThe dark web
The dark webBella M
 
Journey To The Dark Web
Journey To The Dark WebJourney To The Dark Web
Journey To The Dark WebMiteshWani
 
I2P and the Dark Web
I2P and the Dark WebI2P and the Dark Web
I2P and the Dark WebJohn Liu
 
Rolling in the Deep. ISACA.SV.2016
Rolling in the Deep. ISACA.SV.2016Rolling in the Deep. ISACA.SV.2016
Rolling in the Deep. ISACA.SV.2016Bich (Evelyn) Chu
 
Illuminating the dark web
Illuminating the dark webIlluminating the dark web
Illuminating the dark webJisc
 
Deepweb and darkweb vinodkumar ancha
Deepweb and darkweb vinodkumar anchaDeepweb and darkweb vinodkumar ancha
Deepweb and darkweb vinodkumar anchavinod kumar
 
The Deep and Dark Web - Spooky Halloween Information Security Lecture -- Info...
The Deep and Dark Web - Spooky Halloween Information Security Lecture -- Info...The Deep and Dark Web - Spooky Halloween Information Security Lecture -- Info...
The Deep and Dark Web - Spooky Halloween Information Security Lecture -- Info...Nicholas Davis
 
Cybersecurity and the DarkNet
Cybersecurity and the DarkNetCybersecurity and the DarkNet
Cybersecurity and the DarkNetJames Bollen
 
Dark web presentation
Dark web presentationDark web presentation
Dark web presentationTo Mal
 

Tendances (20)

Dark Web Impact on Hidden Services in the Tor-based Criminal Ecosystem Dr.
Dark Web Impact on Hidden Services in the Tor-based Criminal Ecosystem Dr.Dark Web Impact on Hidden Services in the Tor-based Criminal Ecosystem Dr.
Dark Web Impact on Hidden Services in the Tor-based Criminal Ecosystem Dr.
 
The Dark side of the Web
The Dark side of the WebThe Dark side of the Web
The Dark side of the Web
 
The dark web
The dark webThe dark web
The dark web
 
The Deep and Dark Web
The Deep and Dark WebThe Deep and Dark Web
The Deep and Dark Web
 
Deep Web
Deep WebDeep Web
Deep Web
 
The Dark Web
The Dark WebThe Dark Web
The Dark Web
 
Journey To The Dark Web
Journey To The Dark WebJourney To The Dark Web
Journey To The Dark Web
 
Deep Web
Deep WebDeep Web
Deep Web
 
I2P and the Dark Web
I2P and the Dark WebI2P and the Dark Web
I2P and the Dark Web
 
Deep web
Deep webDeep web
Deep web
 
Rolling in the Deep. ISACA.SV.2016
Rolling in the Deep. ISACA.SV.2016Rolling in the Deep. ISACA.SV.2016
Rolling in the Deep. ISACA.SV.2016
 
Illuminating the dark web
Illuminating the dark webIlluminating the dark web
Illuminating the dark web
 
Deep web
Deep webDeep web
Deep web
 
Deepweb and darkweb vinodkumar ancha
Deepweb and darkweb vinodkumar anchaDeepweb and darkweb vinodkumar ancha
Deepweb and darkweb vinodkumar ancha
 
The Deep and Dark Web - Spooky Halloween Information Security Lecture -- Info...
The Deep and Dark Web - Spooky Halloween Information Security Lecture -- Info...The Deep and Dark Web - Spooky Halloween Information Security Lecture -- Info...
The Deep and Dark Web - Spooky Halloween Information Security Lecture -- Info...
 
The Dark Net
The Dark NetThe Dark Net
The Dark Net
 
Deep web
Deep webDeep web
Deep web
 
Cybersecurity and the DarkNet
Cybersecurity and the DarkNetCybersecurity and the DarkNet
Cybersecurity and the DarkNet
 
Research in the deep web
Research in the deep webResearch in the deep web
Research in the deep web
 
Dark web presentation
Dark web presentationDark web presentation
Dark web presentation
 

Similaire à Why We Need a Dark(er) Web

Demystifying the Dark Web
Demystifying the Dark WebDemystifying the Dark Web
Demystifying the Dark WebTom Kranz
 
Pichman privacy, the dark web, &amp; hacker devices i school (1)
Pichman privacy, the dark web, &amp; hacker devices i school (1)Pichman privacy, the dark web, &amp; hacker devices i school (1)
Pichman privacy, the dark web, &amp; hacker devices i school (1)Stephen Abram
 
The Dark Web : Hidden Services
The Dark Web : Hidden ServicesThe Dark Web : Hidden Services
The Dark Web : Hidden ServicesAnshu Singh
 
Acpe 2014 Internet Anonymity Using Tor
Acpe 2014  Internet Anonymity Using TorAcpe 2014  Internet Anonymity Using Tor
Acpe 2014 Internet Anonymity Using TorJack Maynard
 
Deep Web and TOR Browser
Deep Web and TOR BrowserDeep Web and TOR Browser
Deep Web and TOR BrowserArjith K Raj
 
Defcon 22-metacortex-grifter-darkside-of-the-internet
Defcon 22-metacortex-grifter-darkside-of-the-internetDefcon 22-metacortex-grifter-darkside-of-the-internet
Defcon 22-metacortex-grifter-darkside-of-the-internetPriyanka Aash
 
Dark Web Presentation.pptx
Dark Web Presentation.pptxDark Web Presentation.pptx
Dark Web Presentation.pptxAbhinavRaj219245
 
2006: Hack.lu Luxembourg 2006: Anonymous Communication
2006: Hack.lu Luxembourg 2006: Anonymous Communication2006: Hack.lu Luxembourg 2006: Anonymous Communication
2006: Hack.lu Luxembourg 2006: Anonymous CommunicationFabio Pietrosanti
 
Dark Side of the Net Lecture 4 TOR
Dark Side of the Net Lecture 4 TOR Dark Side of the Net Lecture 4 TOR
Dark Side of the Net Lecture 4 TOR Marcus Leaning
 
Team4_DeepDarkWeb the reality of dark web
Team4_DeepDarkWeb the reality of dark webTeam4_DeepDarkWeb the reality of dark web
Team4_DeepDarkWeb the reality of dark webIkramUlhaq401878
 
Getting started with using the Dark Web for OSINT investigations
Getting started with using the Dark Web for OSINT investigationsGetting started with using the Dark Web for OSINT investigations
Getting started with using the Dark Web for OSINT investigationsOlakanmi Oluwole
 
The Deep Web, TOR Network and Internet Anonymity
The Deep Web, TOR Network and Internet AnonymityThe Deep Web, TOR Network and Internet Anonymity
The Deep Web, TOR Network and Internet AnonymityAbhimanyu Singh
 

Similaire à Why We Need a Dark(er) Web (20)

Demystifying the Dark Web
Demystifying the Dark WebDemystifying the Dark Web
Demystifying the Dark Web
 
Pichman privacy, the dark web, &amp; hacker devices i school (1)
Pichman privacy, the dark web, &amp; hacker devices i school (1)Pichman privacy, the dark web, &amp; hacker devices i school (1)
Pichman privacy, the dark web, &amp; hacker devices i school (1)
 
The Dark Web : Hidden Services
The Dark Web : Hidden ServicesThe Dark Web : Hidden Services
The Dark Web : Hidden Services
 
Acpe 2014 Internet Anonymity Using Tor
Acpe 2014  Internet Anonymity Using TorAcpe 2014  Internet Anonymity Using Tor
Acpe 2014 Internet Anonymity Using Tor
 
ToR - Deep Web
ToR -  Deep Web ToR -  Deep Web
ToR - Deep Web
 
Deep Web and TOR Browser
Deep Web and TOR BrowserDeep Web and TOR Browser
Deep Web and TOR Browser
 
Darknet
DarknetDarknet
Darknet
 
Defcon 22-metacortex-grifter-darkside-of-the-internet
Defcon 22-metacortex-grifter-darkside-of-the-internetDefcon 22-metacortex-grifter-darkside-of-the-internet
Defcon 22-metacortex-grifter-darkside-of-the-internet
 
Overview of Deep web
Overview of Deep webOverview of Deep web
Overview of Deep web
 
Dark Web Presentation.pptx
Dark Web Presentation.pptxDark Web Presentation.pptx
Dark Web Presentation.pptx
 
2006: Hack.lu Luxembourg 2006: Anonymous Communication
2006: Hack.lu Luxembourg 2006: Anonymous Communication2006: Hack.lu Luxembourg 2006: Anonymous Communication
2006: Hack.lu Luxembourg 2006: Anonymous Communication
 
Dark Side of the Net Lecture 4 TOR
Dark Side of the Net Lecture 4 TOR Dark Side of the Net Lecture 4 TOR
Dark Side of the Net Lecture 4 TOR
 
Darknet - Is this the future of Internet?
Darknet - Is this the future of Internet? Darknet - Is this the future of Internet?
Darknet - Is this the future of Internet?
 
Dark Net
Dark NetDark Net
Dark Net
 
Team4_DeepDarkWeb the reality of dark web
Team4_DeepDarkWeb the reality of dark webTeam4_DeepDarkWeb the reality of dark web
Team4_DeepDarkWeb the reality of dark web
 
From OSINT to Phishing presentation
From OSINT to Phishing presentationFrom OSINT to Phishing presentation
From OSINT to Phishing presentation
 
Getting started with using the Dark Web for OSINT investigations
Getting started with using the Dark Web for OSINT investigationsGetting started with using the Dark Web for OSINT investigations
Getting started with using the Dark Web for OSINT investigations
 
The Deep Web, TOR Network and Internet Anonymity
The Deep Web, TOR Network and Internet AnonymityThe Deep Web, TOR Network and Internet Anonymity
The Deep Web, TOR Network and Internet Anonymity
 
Deep web
Deep webDeep web
Deep web
 
DECEPTICONv2
DECEPTICONv2DECEPTICONv2
DECEPTICONv2
 

Dernier

Apres-Cyber - The Data Dilemma: Bridging Offensive Operations and Machine Lea...
Apres-Cyber - The Data Dilemma: Bridging Offensive Operations and Machine Lea...Apres-Cyber - The Data Dilemma: Bridging Offensive Operations and Machine Lea...
Apres-Cyber - The Data Dilemma: Bridging Offensive Operations and Machine Lea...Will Schroeder
 
activity_diagram_combine_v4_20190827.pdfactivity_diagram_combine_v4_20190827.pdf
activity_diagram_combine_v4_20190827.pdfactivity_diagram_combine_v4_20190827.pdfactivity_diagram_combine_v4_20190827.pdfactivity_diagram_combine_v4_20190827.pdf
activity_diagram_combine_v4_20190827.pdfactivity_diagram_combine_v4_20190827.pdfJamie (Taka) Wang
 
ADOPTING WEB 3 FOR YOUR BUSINESS: A STEP-BY-STEP GUIDE
ADOPTING WEB 3 FOR YOUR BUSINESS: A STEP-BY-STEP GUIDEADOPTING WEB 3 FOR YOUR BUSINESS: A STEP-BY-STEP GUIDE
ADOPTING WEB 3 FOR YOUR BUSINESS: A STEP-BY-STEP GUIDELiveplex
 
20230202 - Introduction to tis-py
20230202 - Introduction to tis-py20230202 - Introduction to tis-py
20230202 - Introduction to tis-pyJamie (Taka) Wang
 
NIST Cybersecurity Framework (CSF) 2.0 Workshop
NIST Cybersecurity Framework (CSF) 2.0 WorkshopNIST Cybersecurity Framework (CSF) 2.0 Workshop
NIST Cybersecurity Framework (CSF) 2.0 WorkshopBachir Benyammi
 
Connector Corner: Extending LLM automation use cases with UiPath GenAI connec...
Connector Corner: Extending LLM automation use cases with UiPath GenAI connec...Connector Corner: Extending LLM automation use cases with UiPath GenAI connec...
Connector Corner: Extending LLM automation use cases with UiPath GenAI connec...DianaGray10
 
Videogame localization & technology_ how to enhance the power of translation.pdf
Videogame localization & technology_ how to enhance the power of translation.pdfVideogame localization & technology_ how to enhance the power of translation.pdf
Videogame localization & technology_ how to enhance the power of translation.pdfinfogdgmi
 
COMPUTER 10 Lesson 8 - Building a Website
COMPUTER 10 Lesson 8 - Building a WebsiteCOMPUTER 10 Lesson 8 - Building a Website
COMPUTER 10 Lesson 8 - Building a Websitedgelyza
 
9 Steps For Building Winning Founding Team
9 Steps For Building Winning Founding Team9 Steps For Building Winning Founding Team
9 Steps For Building Winning Founding TeamAdam Moalla
 
Cybersecurity Workshop #1.pptx
Cybersecurity Workshop #1.pptxCybersecurity Workshop #1.pptx
Cybersecurity Workshop #1.pptxGDSC PJATK
 
Anypoint Code Builder , Google Pub sub connector and MuleSoft RPA
Anypoint Code Builder , Google Pub sub connector and MuleSoft RPAAnypoint Code Builder , Google Pub sub connector and MuleSoft RPA
Anypoint Code Builder , Google Pub sub connector and MuleSoft RPAshyamraj55
 
Salesforce Miami User Group Event - 1st Quarter 2024
Salesforce Miami User Group Event - 1st Quarter 2024Salesforce Miami User Group Event - 1st Quarter 2024
Salesforce Miami User Group Event - 1st Quarter 2024SkyPlanner
 
Machine Learning Model Validation (Aijun Zhang 2024).pdf
Machine Learning Model Validation (Aijun Zhang 2024).pdfMachine Learning Model Validation (Aijun Zhang 2024).pdf
Machine Learning Model Validation (Aijun Zhang 2024).pdfAijun Zhang
 
Linked Data in Production: Moving Beyond Ontologies
Linked Data in Production: Moving Beyond OntologiesLinked Data in Production: Moving Beyond Ontologies
Linked Data in Production: Moving Beyond OntologiesDavid Newbury
 
Secure your environment with UiPath and CyberArk technologies - Session 1
Secure your environment with UiPath and CyberArk technologies - Session 1Secure your environment with UiPath and CyberArk technologies - Session 1
Secure your environment with UiPath and CyberArk technologies - Session 1DianaGray10
 
OpenShift Commons Paris - Choose Your Own Observability Adventure
OpenShift Commons Paris - Choose Your Own Observability AdventureOpenShift Commons Paris - Choose Your Own Observability Adventure
OpenShift Commons Paris - Choose Your Own Observability AdventureEric D. Schabell
 
Igniting Next Level Productivity with AI-Infused Data Integration Workflows
Igniting Next Level Productivity with AI-Infused Data Integration WorkflowsIgniting Next Level Productivity with AI-Infused Data Integration Workflows
Igniting Next Level Productivity with AI-Infused Data Integration WorkflowsSafe Software
 
AI You Can Trust - Ensuring Success with Data Integrity Webinar
AI You Can Trust - Ensuring Success with Data Integrity WebinarAI You Can Trust - Ensuring Success with Data Integrity Webinar
AI You Can Trust - Ensuring Success with Data Integrity WebinarPrecisely
 

Dernier (20)

Apres-Cyber - The Data Dilemma: Bridging Offensive Operations and Machine Lea...
Apres-Cyber - The Data Dilemma: Bridging Offensive Operations and Machine Lea...Apres-Cyber - The Data Dilemma: Bridging Offensive Operations and Machine Lea...
Apres-Cyber - The Data Dilemma: Bridging Offensive Operations and Machine Lea...
 
20150722 - AGV
20150722 - AGV20150722 - AGV
20150722 - AGV
 
activity_diagram_combine_v4_20190827.pdfactivity_diagram_combine_v4_20190827.pdf
activity_diagram_combine_v4_20190827.pdfactivity_diagram_combine_v4_20190827.pdfactivity_diagram_combine_v4_20190827.pdfactivity_diagram_combine_v4_20190827.pdf
activity_diagram_combine_v4_20190827.pdfactivity_diagram_combine_v4_20190827.pdf
 
ADOPTING WEB 3 FOR YOUR BUSINESS: A STEP-BY-STEP GUIDE
ADOPTING WEB 3 FOR YOUR BUSINESS: A STEP-BY-STEP GUIDEADOPTING WEB 3 FOR YOUR BUSINESS: A STEP-BY-STEP GUIDE
ADOPTING WEB 3 FOR YOUR BUSINESS: A STEP-BY-STEP GUIDE
 
20230202 - Introduction to tis-py
20230202 - Introduction to tis-py20230202 - Introduction to tis-py
20230202 - Introduction to tis-py
 
NIST Cybersecurity Framework (CSF) 2.0 Workshop
NIST Cybersecurity Framework (CSF) 2.0 WorkshopNIST Cybersecurity Framework (CSF) 2.0 Workshop
NIST Cybersecurity Framework (CSF) 2.0 Workshop
 
Connector Corner: Extending LLM automation use cases with UiPath GenAI connec...
Connector Corner: Extending LLM automation use cases with UiPath GenAI connec...Connector Corner: Extending LLM automation use cases with UiPath GenAI connec...
Connector Corner: Extending LLM automation use cases with UiPath GenAI connec...
 
Videogame localization & technology_ how to enhance the power of translation.pdf
Videogame localization & technology_ how to enhance the power of translation.pdfVideogame localization & technology_ how to enhance the power of translation.pdf
Videogame localization & technology_ how to enhance the power of translation.pdf
 
COMPUTER 10 Lesson 8 - Building a Website
COMPUTER 10 Lesson 8 - Building a WebsiteCOMPUTER 10 Lesson 8 - Building a Website
COMPUTER 10 Lesson 8 - Building a Website
 
9 Steps For Building Winning Founding Team
9 Steps For Building Winning Founding Team9 Steps For Building Winning Founding Team
9 Steps For Building Winning Founding Team
 
Cybersecurity Workshop #1.pptx
Cybersecurity Workshop #1.pptxCybersecurity Workshop #1.pptx
Cybersecurity Workshop #1.pptx
 
Anypoint Code Builder , Google Pub sub connector and MuleSoft RPA
Anypoint Code Builder , Google Pub sub connector and MuleSoft RPAAnypoint Code Builder , Google Pub sub connector and MuleSoft RPA
Anypoint Code Builder , Google Pub sub connector and MuleSoft RPA
 
Salesforce Miami User Group Event - 1st Quarter 2024
Salesforce Miami User Group Event - 1st Quarter 2024Salesforce Miami User Group Event - 1st Quarter 2024
Salesforce Miami User Group Event - 1st Quarter 2024
 
Machine Learning Model Validation (Aijun Zhang 2024).pdf
Machine Learning Model Validation (Aijun Zhang 2024).pdfMachine Learning Model Validation (Aijun Zhang 2024).pdf
Machine Learning Model Validation (Aijun Zhang 2024).pdf
 
Linked Data in Production: Moving Beyond Ontologies
Linked Data in Production: Moving Beyond OntologiesLinked Data in Production: Moving Beyond Ontologies
Linked Data in Production: Moving Beyond Ontologies
 
Secure your environment with UiPath and CyberArk technologies - Session 1
Secure your environment with UiPath and CyberArk technologies - Session 1Secure your environment with UiPath and CyberArk technologies - Session 1
Secure your environment with UiPath and CyberArk technologies - Session 1
 
OpenShift Commons Paris - Choose Your Own Observability Adventure
OpenShift Commons Paris - Choose Your Own Observability AdventureOpenShift Commons Paris - Choose Your Own Observability Adventure
OpenShift Commons Paris - Choose Your Own Observability Adventure
 
201610817 - edge part1
201610817 - edge part1201610817 - edge part1
201610817 - edge part1
 
Igniting Next Level Productivity with AI-Infused Data Integration Workflows
Igniting Next Level Productivity with AI-Infused Data Integration WorkflowsIgniting Next Level Productivity with AI-Infused Data Integration Workflows
Igniting Next Level Productivity with AI-Infused Data Integration Workflows
 
AI You Can Trust - Ensuring Success with Data Integrity Webinar
AI You Can Trust - Ensuring Success with Data Integrity WebinarAI You Can Trust - Ensuring Success with Data Integrity Webinar
AI You Can Trust - Ensuring Success with Data Integrity Webinar
 

Why We Need a Dark(er) Web

  • 1. WHY WE NEED A DARK(ER) WEB JEROEN BAERT – CHECKUP 2017
  • 2. ABOUT ME • Engineer – Computer Scientist • Phd Student (Computer Graphics @ KU Leuven) • Improv / Stand-up Comedian • (Belgian Improv League) • jeroen-baert.be & forceflow.be • PGP: 30F2 857D 9129 3519
  • 3. MY RESEARCH: GRAPHICS! ALL THE GRAPHICS! • Out-of-core construction and visualization of Sparse Voxel Octree structures on modern GPU hardware
  • 5. TALK OVERVIEW • Why the internet is broken • Why a “dark web” is a possible solution • What you can do
  • 6. THE INTERNET IS BROKEN BECAUSE OF TRACKING • WWW evolution: • Open, free source of information • Ad-infested cesspool • Websites / apps serve • Advertisements • Trackers
  • 7. THE INTERNET IS BROKEN BECAUSE OF TRACKING • GOAL: Profile & identify you and your habits • Over multiple services and websites • Without knowledge or consent • Sell information for targeting purposes https://boingboing.net/2015/10/05/botwars-vs-ad-tech- the-origin.html
  • 8. TRACKING & CONTENT • Content is not free • You pay with your private data • Content has become delivery method for ads & trackers • “If you’re not paying, you are the product”
  • 9. TRACKING – FLEMISH NEWS SITES • Experiment: • 4 popular news websites (HLN, DM, DS, HNB) • Load homepage once (in fresh VM every time) • Register # connections to 3rd-party servers • Wireshark & Firefox+Lightbeam
  • 10. TRACKING – FLEMISH NEWS SITES • Results: • +40 connections to 3rd party trackers/ads • Often located in other countries • Little or no info for end user • Privacy policies: vague/non-existent
  • 11. TRACKING – FLEMISH NEWS SITES Full report: http://www.forceflow.be/2017/08/02/tracking-be-2017/
  • 12. TRACKING – FLEMISH NEWS SITES
  • 13. TRACKING – FLEMISH NEWS SITES
  • 14. TRACKING – FLEMISH NEWS SITES • Additional cost: • Bandwidth (Money) • Battery • Time
  • 15. TRACKING – FLEMISH NEWS SITES • Some trackers on multiple sites • Track your entire morning routine • Journalism = Bait • Not only (these) news sites
  • 16. TRACKING – PEOPLE FARMERS • Facebook = “People Farmer” (Aral Balkan, 2016) • Build advertising profile • Everywhere you see • Offer functionality (likes, comments, ...) • In exchange for tracking • “Behavioral Advertising Tech”
  • 17. TRACKING – PEOPLE FARMERS https://www.theguardian.com/technology/2017/may/01/facebook-advertising-data-insecure-teens
  • 18. TRACKING – BIG DATA = BIG BUSINESS • Cambridge Analytica • Buy/Collect massive amounts of data • Sources: Social media, web trackers, ... • Data mining / analysis • Psychographic profiling • Political Microtargeting
  • 19. TRACKING – CAMBRIDGE ANALYTICA • Booming business • Because of state WWW is in • No legal framework • (2018) GDPR? • Enforcement? https://www.theguardian.com/technology/2017/may/07/the-great-british- brexit-robbery-hijacked-democracy
  • 20. POLITICAL MICROTARGETING Adam Curtis – Hypernormalization (2016)
  • 21. AD/TRACKER BLOCKING • Yes, there are ad/tracker-blockers • Some good, some bad • Need some technical skills to use • Treating symptom, not disease • Never-ending arms race • Will not lead to structural change
  • 22. TRACKING - CONCLUSION Adtech has transformed the WWW, and current technology and protocols allow easy collection and storage of vast amounts of data
  • 23. TALK OVERVIEW • Why the internet is broken • Tracking • Why a “dark web” is a possible solution • What you can do
  • 24. INTERNET IS BROKEN BECAUSE OF CENSORSHIP • Lots of WWW services = centralized • Easy to filter / censor • At local / ISP/ nation level • Techniques • DNS hijacking • (Deep) Packet Inspection • ...
  • 25. CENSORSHIP - TURKEY • Communication censorship • Protests 2016: National shutdown of social media • Blackholing at ISP level • Sharing Erdogan cartoons = internet block • Similar incidents in Egypt, Iran,...
  • 26. CENSORSHIP - CHINA • Knowledge censorship • “Great firewall of China” • No Wikipedia • No “Tiananmen Square”
  • 27. CENTRALIZATION – DEMOCRACY RISK • Catalonia Referendum (2017) • Raid on registrar .cat • To censor referendum info • Forced ISP’s to blacklist essential vote system IP’s • Several voting offices disabled
  • 28. CENTRALIZATION – BUSINESS RISK • October 2016 • Infected IoT devices (Mirai Worm) • DDoS attack on Dyn.org (DNS provider) • Twitter, Paypal, Spotify, ... down
  • 29. CENTRALIZATION - SOCIAL MEDIA PLATFORMS • For a lot of people, WWW = Social media • A few private companies decide • What you see • When you see it • How long you can see it • Who you can share it with • Billion of eggs, handful of baskets
  • 30. TALK OVERVIEW • Why the internet is broken • Tracking • Censorship • Why a “dark web” is a possible solution • What you can do
  • 31. THE INTERNET IS BROKEN BY DESIGN • Not designed with PRIVACY in mind • Not designed with ANONIMITY in mind
  • 32. PRIVACY & ANONIMITY • Important for everyone • Regular users (protect personal life) • Journalists (sources) • Whistleblowers (identity) • Companies (communication & trade secrets) • ...
  • 33. PRIVACY & ANONIMITY • Tim Berners-Lee, 2016: “Sites you visit tell your own intimate story. Internet history should never be tracked.” • US Congress, 2016: ISP’s are allowed to sell your internet history
  • 34. TRACKING - TECHNICAL • Browsing the internet = leaking information • HTTP + Javascript make collection easy • Unique fingerprint: • IP, location, network • OS/Browser version, plug-ins, local time • Screen size, cursor positions, settings • ...
  • 36. TALK OVERVIEW • Why the internet is broken • Tracking • Censorship • Anonimity / Privacy • Why a “dark web” is a possible solution • What you can do
  • 37. CONCLUSION • The internet is a wonderful place • But by design, makes it easy to track, censor and identify users • Need alternative, different network with better privacy properties
  • 39. THE “DARK WEB” • A lot of misconceptions • Blame: • Media • Politics • Technical nature • Confusing terminology
  • 40. THE “DARK WEB” • Interesting from a privacy & anonimity PoV • Solution to (some of) our problems?
  • 41. “DARK WEB” VS “NORMAL WEB” • Traditional explanation: • Surface web • Deep web • Dark web • Better explanation: • Dark web is parallel to all DARK WEB
  • 42. DARK WEB(S) • No such thing as one dark web • Alternative networks focused on privacy/anonimity: • Tor (The Onion Router) • I2P Project • Freenet • Zeronet • ...
  • 43. QUESTION • I have never heard of Tor • I have heard of Tor • I know Tor as the thing people use to get around my company firewall • I buy drugs using Tor • I am a Tor developer
  • 44. TOR: THE ONION ROUTER • Most popular & well-known • Open-Source • Originally developed by DARPA (US) • Now: Nonprofit org • Unrelated to torrents • Network nodes run by volunteers • Exit nodes to surface web
  • 46. TOR: HOW IT WORKS (1)
  • 47. TOR: HOW IT WORKS (2)
  • 49. TOR: HOW IT WORKS (3)
  • 50. TOR: PROTECTING YOUR ANONIMITY • Original IP never revealed • No logs • Strong encryption • New circuit for every site • No cross-site tracking
  • 51. TOR: HIDDEN SERVICES • Tor Hidden services • “Rendezvous point” • “Invisible” hosting • Only accessible through Tor
  • 52. TOR: HOW IT THWARTS CENSORSHIP • No way of knowing where hidden service is hosted • Takedown notice = where to send? • Everyone can publish : no central authority • Censorship impossible by design
  • 53. TOR: HOW IT THWARTS CENSORSHIP (2) • Link to surface web • Exit nodes in various countries • Tor traffic can be disguised • As Skype call, regular browsing ... • Very hard to filter: arms race
  • 57. THE “DARK WEB” IS NOT ILLEGAL • Using or running an alternative network is not illegal • You are simply using a different • communication protocol • way to exchange information • way of processing data • Like you already do for a lot of things! • E-mail: POP3/IMAP
  • 58. THE “DARK WEB” IS NOT ILLEGAL • Media get it wrong all the time
  • 59. THE “DARK WEB” IS NOT ILLEGAL • Professionals get it wrong all the time
  • 60. THE “DARK WEB” AND CRIMINALITY • Alternative networks are not exclusively used by criminals • Technology is inherently neutral • Lots of useful services: • Webhosting / blogging platforms • File storage • E-mail • ...
  • 61. THE “DARK WEB” AND CRIMINALITY • What about ... • Drugs? Guns? Fake Ids? Terrorist forums? Hitmen? • Same % of services on surface web • A lot of scams • Anonimity + cryptocurrencies • Hidden web is actually tiny • 7k – 30k sites = 0.03% of surface web
  • 62. THE “DARK WEB” AND CHILD PORNOGRAPHY • CP is a problem on every network • Research by Internet Watch Foundation (2015) • 31k CP URL’s • 51 (0.02%) on a Dark Web • Need to break association Dark Web<->CP • Without ignoring/minimalizing CP problem
  • 63. IS TOR INFALLIBLE ? • Nothing is • Tor Browser exploits • Get patched quickly • Malicious nodes • Network monitoring • Peer voting
  • 64. IS TOR INFALLIBLE: MARKET BUSTS • Silk Road, AlphaBay, ... • Admins got arrested, sites closed • Tor fail? • Admin fail: • Re-using e-mail / passwords • Paper trail • Reckless bragging • Bad service configuration
  • 65. START USING TOR • Using a Dark Web does not require advanced tech knowledge • Go to www.torproject.org • Download the Tor Browser bundle • Install • Go!
  • 66. TOR BROWSER BUNDLE • Custom version of Firefox • Great browser • Pre-configured for Tor • Masked fingerprint • Scripts blocked by default • Auto-updater • HTTPS everywhere • Safe out-of-the-box
  • 67. TOR ON MOBILE • Android: Orbot + OrFox • In Play Store • VPN for all traffic • Free • iOS: Onion browser • In App Store • Free
  • 68. MAYBE START USING IT... • On public networks? • All the time? • More users = more diversity = safer network
  • 70. SYSADMINS & TOR • Don’t block Tor usage on your network • Don’t block Tor exit nodes • Mitigate abuse using CAPTCHA • If you use Cloudflare: explicitly allow Tor • See Tor abuse FAQ: https://www.torproject.org/docs/faq-abuse.html.en
  • 71. SYSADMINS & TOR • Run a TOR node! • On VPS / dedicated • You can limit bandwidth / ports • (only 80 / 443, for example) • Donate @ torservers.net
  • 72. MEDIA / PRESS • Offer your site as Hidden Service • Set up SecureDrop for communication
  • 73. EVERYONE ELSE • Programmers / Writers / Educators / Designers / ... • Development • Documentation • Education • Discussion • Promotion • Legal assistance
  • 74. AND YOU... • Try it! • Spread the word • Educate friends, family & colleagues • Talk to your IT departement • “Well Actually” when you hear misconceptions
  • 75. IT DOESN’T STOP AT TOR • Just an example of tech that can help us • More decentralization needed: • Mastodon • Diaspora • IPFS (Distributed Web)
  • 76. “ ” THE INTERNET IS A MIRROR THAT REFLECTS THE SOCIETY WE LIVE IN. IF YOU DON’T LIKE WHAT YOU SEE, DON’T JUST BREAK THE MIRROR. Vint Cerf, co-inventor WWW