First of to answer your question – NO! The dark web is not illegal. You are not doing anything wrong by visiting the other side of the internet. The Tor project and its network were both created to be part of the free entity that the internet is today.
The Tor network was created to fight censorship and provide support to the free speech movement. It is just a way of communication and manner of sending information – just like any cell or TV network. People have a misconception that if you visit the dark web using the Tor browser you are doing something wrong. Those same people will probably tell you that you can get arrested for doing so.
These people are misinformed and have no clue what they are talking about.
BBC News & The Dark Web
Many people use the dark web to protect their privacy and to keep their identities secure. An example is BBC NEWS. Sound familiar? They are an internationally syndicated news outlet, respected by millions.
Aside from their regular news site, which you can find at bbc.com, they also maintain and update a dark web version. Don’t believe me? Visit it here using Tor:
https://www.bbcnewsd73hkzno2ini43t4gblxvycyac5aw4gnv7t2rccijh7745uqd.onion/So why would they create an alternate version of their site on the dark web? Isn’t the dark web supposed to be illegal? The answer lies in the fact that they want their news accessible by everyone in the world. As you may already know, in some countries the internet is censored and certain sites cannot be accessed due to government-imposed firewalls. This allows the government that is imposing these website blocks to create their own narrative of what is going on in the world – hiding the fact-finding of news sites like BBC from their citizens.
What if you lived in one of these countries and still wanted to read the news? Simple, you would use the dark web. Tor would keep you anonymous and bypass the firewall placed by your authorities, allowing you to fact check and discover news outside of the government biased sites that are available to you regularly.
Is the dark web illegal? Only sometimes.
Just like you can visit any website on Google – legal or illegal, the same can be done on the Dark web. This does not make visiting the dark web a crime. Only the content and activities you partake in on the dark web can lead to illegal activity. Since the way you browse the dark web is powered by the Tor Network – your activities are being anonymized by default. This makes it somewhat of a safe haven for criminals to take their activities online. However, just because you are being granted anonymity through the Tor browser, doesn’t make it foolproof. The truth is you can get caught performing illegal activities on the dark web, based on the level of operational security you employ.
Anonymity Failures
Let‘s talk about some operational security failures. Because smart people learn from others’ mistakes and not their own. The last thing you want to do is decide to visit the dark side and get in trouble on your first job.
DreadPirateRoberts (Ross Ulbricht) aka Silk Road Founder
Ross was a revolutionary, extremely intelligent programmer, but not necessarily smart at all. Among many stupid things he did were:
- using a misconfigured CAPTCHA server extensive period of time
- shipping contraband to his home address
- advertising Silk Road on Shroomery using his own Gmail address
- befriending a former undercover (corrupt) DEA agent (who later extorted him for money)
- keeping logs of all of his conversations and down to detail diary of this Silk Road adventures
But, the most fatal one was him not being aware of his surroundings. For the most part, he operated Silk Road from the comfort of the San Francisco Public Library. Where he went wrong was sitting at a table with his back turned to the room. While two FBI agents staged a couple of fighting, their colleagues swooped in from behind and grabbed his laptop before he could shut it off and trigger the encryption process. He basically documented all of his crimes among others – so don‘t be like DPR.
Shiny Flakes (German Vendor) aka Netflix Documentary
This 20-year-old created one of the biggest cocaine trafficking operations in Germany at the time. Police confiscated more than half a million in various currencies and an ungodly amount of drugs, all stored in his bedroom. And his biggest anonymity failure was he sent all his shipments from the same DHL outpost. He also stored everything in plaintext (orders, customers, financials, login credentials, etc.) on an unencrypted hard drive, which just like the Netflix documentary outlines – the cops got a hold of these files and started executing search warrants on his clients and suppliers.
Sabu (Hector Xavier Monsegur) LulzSEC
He Forgot to use TOR to connect to an IRC server monitored by the FBI. They got his IP address from his ISP, one correlation attack later he was cuffed and gave up his friends in exchange for a plea deal. Don‘t be a snitch, own up to your fuck-ups. This wouldn’t have happened if he was using a Zero Trace Pen…
nCux / BulbaCC / Track2 (Roman Seleznev, Russain Carder)
Among many stupid things he did, he rented online servers with an e-mail address he previously used to open a PayPal account. He then used said PayPal account to pay for his wife’s flowers. But, that‘s not all. He traveled with his work laptop which contained hundreds of thousands of stolen credit card information. Unfortunately, his password „Ochko123“ was guessed by law enforcement, as it was the same as his public e-mail. The lesson here is: don‘t carry your work when you travel, don‘t mix crime and love life, and don‘t re-use passwords. Don‘t be BulbaCC.
Willy Clock (Ryan Gustefson, Ugandan Counterfeiter)
He reused the personal e-mail he used to apply for US citizenship, for a Facebook account he used to sell fake counterfeit money. He had also uploaded his own picture to that account in the past. I don‘t even have anything to say for this one.
FrecnhMaid aka nob (DEA Agent from DRP case)
He used his work laptop to extort Ross Ulbricht (Yes, the laptop he was given by the Government to do DEA work), you can guess how that went. Among other things, he moved the money he extorted to bank accounts under his own name to countries with non-strict banking secrecy laws. He got what was coming to him.
Alexandre Cazes (AlphaBay Admin)
He used his personal e-mail address for AlphaBay password reset e-mails, kept all data stored in unencrypted format on his device, and hosted Alphabay servers in Quebeck, Canada under his own name. Do I need to say more?
What To Do If You Mess Up
We are all human, which means sooner or later you will make a mistake. Will it be the end of you? It depends, but the main thing is knowing how to clean up your own mess.
Here is a recurring example of a screw-up and how you could proceed afterward, but keep in mind this is speculated situation and you must know we can’t predict every possible outcome.
Controlled Delivery
This is the situation when law enforcement seizes your package, but allows the mail to go ahead and be delivered in order to catch you in the act. Usually, to try and force you to flip and cooperate. There are usually two signs of such a predicament: 1) it’s taking suspiciously long for the package to be delivered and 2) the package has not shown any signs of transit for several days.
Now if it’s a controlled delivery and the postman makes you sign for the package – just know you will be raided seconds later. So, if you think it’s set up, the best course of action is to remove any evidence from your devices and your home.
Purging Evidence
Good old data shredders are always the way to go, but if you had some critical information that must never fall into enemy hands, the best course of action is always to get rid of the SSD/HDD in question. First, shred the data (recommended is at least 7 passes), then shred the disk. Usually, burning it crisp will do the job. It’s always best to destroy the device so nobody can do forensics and dig up the data later. Because no new shiny device (laptop, computer, HDD, SSD, etc.) is worth more than your freedom.
The point being, if something feels wrong it’s because it probably is! Be vigilant, don’t order to your home address, play the game don’t let the game play you. If you are looking to up your operational security and don’t want to leave any room for mistakes – check out the Zero Trace Pen.
