Téchne Digitus InfoSec Artigos

<índice "[ Hacking ]-[ Redes de Comunicação ]-[ DeepWeb ]-[ Anonimato ]-[ Criptomoedas ]-[ Programação ]-[ InfoSec em Geral ]-[ Off-Topic but Important ]-[ Redes Sociais ]" />

Logo Téchne Digitus InfoSec

Deep Web - Same Article, English Version

After the big volume of access that was received to this article in Brazilian Portuguese that I posted in Reddit (http://redd.it/2h5i5s) I was forced to translate to English. Sorry about my language... (But my grammar in portuguese is not very well too... lol)

Deep Web Logo

Deep Web

Deep Web is popular term to sites that can't be indexed by tradicional web crawlers (Google, Bing, Baidu, Iandex etc). (But don't have doubt that companies as Google are allready studing ways to index it... If they not allready did it...)

In a technical focus (personally I must admit that still under development), considering that normal websites with a robot.txt blockig webcrawlers, aren't considered here, I see Deep Web as a group of different ways where anyone can connect to a network using some kind of client using certain criptography levels and access or publish contents.

Part of this ideology in Deep Web, inside the head of your developers and fans, is the freedom of information. Keep in mind, any information should be accessed freely with security and anonimiy by anyone.

There are three main "deep web networks" that are allways refered in articles like this one that I'm writting:

- The Onion Router
URL: https://www.torproject.org/
Tor Logo

- Freenet
URL: https://freenetproject.org/
Freenet Banner

- I2P
URL: http://geti2p.net/en/
I2P Logo

I started my studies with Tor Network like this :
First I installed the client for Windows and started to browse and look for content .
I glimpsed some possibilities about protesters (this from more than a year ago - keep in mind the current scenario in Brazil) publishing content without their origin be traced.

Now, we shall analyze:

No one system is 100% safe. Then, there is not a way to keep 100% anonymous. So, using a group of techniques, free proxies, public internet, "deep web", etc, etc, etc in a combined way, will create a high level of difficult to be traced from the destiny of communication. But, of course this must be done by a especialized professional.

Talking specifically about Brazilian government and only expressing my opinion based in my limited knowledge, I believe that brazilian government don't have technology or ready resources to do a forense response in Tor Network, for example.

In turn, North American Government, represented here by NSA, have (they created) technology for this.
Back to the example of especialized professional that wants to "test" the NSA: I believe that a well done job can bring difficulties to NSA, in turn, should spend time and resources to trace this guy. But NSA will really needs have a motivation to do that.

Another point that I shall to recognize, and for sure I will write more about this in future, is: Tor Network is extremel vulnerable that compromises users. Anyone with a middle level of knowledge can just sniff data that pass through Tor (exit relays - using ssl strip too) and collect login users and passwords. If someone with middle knowledge level can do this... So imagine, what can do the biggest security agency in the world!

After glimpsed possiblities, I started to study how we could help the information freedom idea, making my computer a volunteer resource in Tor Network. After learned do that,  to know how to publish content (a web site, for example) without be identified.

Another very interesting utility about networks like Tor is the capability to overcome censorshit (ops censorship) and internet filters. About this, I will write to examples:

- Recently in Turkey the Twitter was blocked due political censorship. The first workaround method was population change their network card DNS configuration point to Google DNS. In few hours the Turkish government blocked this workaround. And second and liberating solution was use Tor Browser to access Twitter.

- Another example is in corporative environment, here in Brazil, enterprises blocks a lot of sites: social networks, news etc. Use the Tor Network is a great workaround in many cases! And the most interesting is, if the company don't have a rigorous access control, Tor can't be defeated!

Get Started in Tor Network in Two Steps:

1. Access the site www.torproject.org, and download Tor Browser and execute the browser.

2. Start to browse in: http://zqkth3uimqxgl6ri.onion/wiki/index.php/Main_Page

Suggested reading: http://zqkth3uimqxgl6ri.onion/wiki/The_Matrix

If you liked, please, share this article! :)