Post

privacy anaonymity and security

Privacy anonymity and security for dark web

Hello friends this is a continuation of our dark web series, this is part 2 of the series, if you have not read the first part take a look here : Dark Web Introduction This will be the first blog of the Dark Web Documentary Seriessystemweakness.com

before diving more deeply, we need to understand some more basic concepts so, let’s start.

Anonymity

what is anonymity?

It is condition in identification whereby an entity can be recognized as distinct, without sufficient identity information to establish a link to a known identity.

in simple terms, when it comes to anonymity, the activities of the personnel can be seen publically, but who is doing the activity is hidden. here activity can be referred to as any activity on the internet.

Privacy

What is privacy?

the right or mandate of personal privacy concerning the storing, repurposing, provision to third parties, and displaying of information pertaining to oneself via Internet. Internet privacy is a subset of data privacy.

in simple terms, when it comes to privacy, the person who is performing any activity is known, but what activities are being performed is unknown. here activity can be any internet activity

Psedoanonymity

what is pseudo-anonymity?

Pseudonymity is a process of using a fictional persona to conduct an activity without revealing your true identity. In terms of Di-Fi networks, this means that whilst the identity of the person making transactions is unknown, all of the transactions that they make can be linked to the same pseudonymous identity.

Ghost Profile

what is a ghost profile?

A ghost Profile is the fake identity, of a person that doesn’t even exist, or the profile/account fake account created by an unknown person. This is generally used to manipulate a big internet agenda.

what is anonymization and how to achieve it?

anonymization is a step/procedure to make ourselves anonymous. but due to the presence of a third party in every communication, we do on the internet, there are more chances that third parties like GOV or ISP would be monitoring and logging our activity whatever we do online. so, how can we achieve anonymization? well, at a very high-level overview we can use TOR (The Onion Router). but we are not limited to TOR there are several ways to achieve maximum anonymity. like using Tails OS, QubeOS, Whonix, proxy chains, VPN …etc. not only limited to anonymity, we can also achieve privacy at a very high level using these methods/techniques. But for now, we will be utilizing TOR for anonymity.

How Does TOR Works at a basic level?

These is just very basic intro, we will dive deeper into it

At a very high level, Tor operates by relaying connections between your computer and destinations (like google.com) across a network of intermediary computers.

There are more than 6000 TOR relay, which is basically normal computer running TOR software, configure to route the traffic. These relays are located all over the world and anyone can convert their computer to a Relay if they want to voluntarily share the bandwidth.

The computer/nodes connect together in the TOR network, which doesn’t only provide anonymity or route the Tor traffic. These computers can also provide hidden/onion service.

What are Hidden / Onion services?

The hidden / onion services are basically the webservers providing services. Just as we have normal web services on the normal web.

for example, we have **Facebook **on the normal web, but there also exists an onion version of Facebook.

These hidden services have very gibberish URL names ending with the .onion extension.

anyone can self-host a hidden service or can host a hidden service using a dark web hosting provider.

Problem With Tor Browser :

since as penetration testers or security researchers or any normal guy, we as a human are more inclined towards anonymity and privacy, But TOR isn’t fully a powerpack solution to these problems. there are some problems with TOR like :

  • Speed drops, yes due to less realy the speed of TOR will drop.

  • In TOR it is difficult to prevent information leaks

  • The TOR web browsers can also leak information

  • Data leaves the exit node un-encrypted [more on that later]

Tor is simple but not the best, alternatively, we can use TAILS OS or Qubes OS with Whonix configured.

THANK YOU FOR READING MY ARTICLE !! 👊👊

please support me by following me on medium and other social platforms:

https://surya-dev.medium.com/

https://twitter.com/kryolite_secure/

https://www.instagram.com/kryolite_security/

https://github.com/surya-dev-singh/

you guys can subscribe to me 🙌on YouTube: I post walkthroughs and other ethical hacking-related videos there. Kryolite Security Hello World! On Kryolite Security you will find videos on ethical hacking , cyber security , penetration testing , CTFs…www.youtube.com Dark Web Introduction This will be the first blog of the Dark Web Documentary Seriessystemweakness.com Nmap — The Complete Guide [Part 1] reconnaissance with Nmap — the complete guidesystemweakness.com Attacktive Directory — Exploitation of Vulnerable Domain controller [TryHackMe] 99% of Corporate networks run off of AD. But can you exploit a vulnerable Domain Controller?systemweakness.com Dirty Pipe: CVE-2022–0847 [TryHackMe] tryhackme walkthrough for Interactive lab for exploiting Dirty Pipe (CVE-2022–0847) in the Linux Kernelsystemweakness.com Steel Mountain [TryHackMe] Hack into a Mr. Robot-themed Windows machine. Use Metasploit for initial access, utilize PowerShell for Windows…systemweakness.com

This post is licensed under CC BY 4.0 by the author.