-
                              
                                         "Exploring the web to Where newbies cant reach"
Anthony Bartoletti
Anthony Bartoletti, Senior Cybersecurity Analyst at Lawrence Livermore National Laboratory (1990-present)

Answered Jul 29, 2018


Technically, “DEEP” and “DARK” are independent concepts in terms of the Internet. A site can be neither, it can be “only deep”, or “only dark”, or both.
Begin by considering the non-deep, non-dark web as the “Open Web”. An open web site allows anyone to connect and view content, including search engines. Hence, you can find them or their content with a search engine, and you can connect to freely peruse their pages. This makes them “non-deep”. If someone is monitoring network traffic, they can see that you are visiting these sites (even if you use HTTPS or end-to-end encryption) because the packet headers include the source and destination addresses, from beginning to end. The packet contents (payloads) might be encrypted, so the eavesdropper may not know what is being viewed, but they can know that you (or at least, your home router address) is visiting the site. This makes them “non-dark”.
People or companies that set up “private” servers that will not allow anyone but selected members to connect and visit are “deep sites”. Sites that put up “paywalls” (some news sites, for instance) are the “least deep” - you cannot immediately get to most of their content unless you subscribe (and pay). But of course you can get to their “sign-up” page for free (duh) or else they would not get many paying customers. The “deepest” sites will not even acknowledge your attempt to connect, or even acknowledge they exist, if you do not come from one of the IP addresses on their “member list”. I can host my family photos on a website server at (say), 111.222.222.111 (if I owned that address), and ONLY allow my family members (IP addresses) to visit, and totally ignore all packets from any other addresses (even ICMP “pings”) from being acknowledged. Someone could tell you the address, but it would do you no good (assuming I have made it hack-proof by shutting down ALL other services, and use a firewall to block other access, etc.) Such a site is VERY deep. But again, it is NOT dark, because a network eavesdropper (an ISP, or someone operating a mid-path traffic router) could still see that my family’s IP addresses are connecting to 111.222.222.111, and even see that you are attempting to connect to it, and failing.
(CAVEAT: You could send packets that forge my family’s source IP address, and my site might allow you in - but anything it sends back would be directed to my family’s systems, not your true address. If you are the eavesdropper, and are positioned along the return path, you could see the content if it is not encrypted. I could guard against this by using encryption. In fact, I could even prevent you from spoofing my family’s IP addresses in the first place, by demanding that the connections authenticate with private keys you do not possess.)
Now, if I wanted my private site to be DARK (as well as DEEP), I would only allow (say) the IP addresses of TOR network exit nodes to access (connect) to my private server, and I would require that my family members use the TOR browser to connect to the server. This will prevent an eavesdropper from being able to tell (from my family’s side of the network) where they are going, because the intended packet addressing is now an encrypted part of the payloads. All the eavesdropper would know is that my family is connecting to TOR. At the exit-side of TOR, all an eavesdropper can learn is that “someone somewhere” is visiting my private server. They cannot know whether it is my family, or someone else. All they can know is that some “TOR user” is visiting my site. It is this “un-traceability” of endpoints that makes these sites “DARK”. Note that I must use some kind of session authentication (password, etc) in order to know that it is my family that is visiting (keeping my site “deep”), and not a stranger, since (by address) even I only know that a TOR user is visiting.
Finally, I can even change my website from “private” to PUBLIC, so that it is no longer necessarily “deep”, and it can still remain DARK. I can publish my “dark” address publicly, and I can allow ANYONE to visit, so long as I require that they use the TOR routing system (as I will still only allow connections to my server from TOR exit nodes.) This will allow the public to use my site anonymously.
In summary: A site can be
  • Open: Content publicly accessible, addresses visible
  • Deep: Content privately accessible, addresses visible
  • Dark: Content publicly accessible, addresses hidden
  • Deep&Dark: Content privately accessible, addresses hidden
I hope this clears things up, from a technical definitions perspective.









Franklin Veaux
Franklin Veaux, using the Internet since it was called ARPAnet

Answered Dec 29, 2018


I’ve read the answers to this question so far, and I weep for the amount of ignorance on parade. It’s hard to know where to start with this.
Okay, let’s start with this: Anyone who tells you “the deep web is dangerous because…” can automatically be ignored.
Like a person who says “GMOs are bad because farmers spray GMOs all over their fields,” a person who says “the deep web is bad because” is demonstrating an incredible level of ignorance and confusion.
Here is a partial list of deep web sites:
  • Amazon
  • Netflix
  • Facebook
  • Wordpress
  • Your bank
  • Your blog dashboard
  • Expedia

The deep web is any page you can’t see from a search engine. I can’t see your Amazon shopping cart from a search engine. I can’t see your trip itinerary on Expedia or your bank account balance page.
Absolutely anything you have to sign in to see is “deep web.”
Anyone who actually knows anything about the dark web knows the dark web, which is probably what you’re really curious about, is completely different from the deep web.
Anyone who confuses the deep web and the dark web, like almost every answer to this question, is merely parroting a mishmash of Hollywood movie tropes and garbled should mething they thought they heard somewhere.
The dark web is any network that works like the Web but requires special software to access. The largest such network, Tor, was originally created by the Defense Advance Research Projects Agency and the first Tor routing software was written at the Naval Research Lab. (There are other darkness too, including I2P, Freenet, and ZeroNet.)
They are not dangerous to access. Millions of people access them every day. In fact, the whole reason they exist is to protect your identity. They use advanced encryption and routing to make it very hard for anyone, even the FBI, to trace you.
Because users are hard to trace, some people have thought “hey, we can set up e-commerce sites on the dark web to sell illegal things!”
This generally hasn’t worked out so well, because sure, I can buy things from you, but then you have to send those things in the real world, and that can be traced. If you can’t track me online, you can’t tell I’m a cop. So I can buy illegal things from you, then find you when you mail me the package. This is just one of the many ways darknet vendors get caught by the cops.
But that hasn’t stopped low-budget B movies from saying “oh mah gawd, people sell illegal things on the dark web! Scary! Scary! Be afraid! Be afraid!”
tl:dr: It’s not. And anyone who confuses the deep web and the dark web doesn’t know what they’re talking about

403

Comments

Post a Comment

Popular posts from this blog

-
Image
  Why should you choose yarn over npm   What is Yarn? Yarn is a JavaScript package manager created by Facebook. Yarn stands for Yet Another Resource Negotiator. It provides similar functionalities as NPM. It is an alternative to NPM when installing, uninstalling, and managing package dependencies from the NPM registry or GitHub repositories. Installation NPM is bundled with Node.js Runtime . It is Node.js Default Package Manager. In other words, when you install Node.js , NPM gets installed. To install a package using NPM, you use the syntax below. npm install <package name> . The package name can be any package you want to use in your project. For example, to install Express run npm install express . Some more distinct NPM package installation include: npm installs <package name> -- global . These are packages you install into your computer system’s local path and not your project location. Such packages can be used or accessed by any project you create.
Read more
-
Image
7 Common Programming Mistakes That Every Beginner Must Avoid Programming…  Where counting starts from 0 not 1. If you are not in programming and you will be pointing this a mistake made by a programmer then be ready to see a sarcastic angry young man look of a programmer throwing a paper or stone at yourself. Programming is one of the funniest (We have already given example), hardest (If you don’t enjoy coding) and easiest (If you love to play with code) thing to do in the world. A semicolon, a bracket, a loop and a lot of small and big things matter a lot in coding and you might have definitely experienced your silly mistakes especially in the initial phase-in programming. Mistakes are part of coding and every programmer makes tonnes of mistakes especially as a beginner but that’s how they grow and become a good developer. We are going to discuss some most common mistakes that programmers make during the initial phase of coding but these are not limited. It’s good to
Read more
-
Image
Not late , start to code now I'm 26 and know nothing about programming. Would it be too late for me to start learning Python and R? I’m one of the highest paid software engineers in America, in the top 1%. I work for a Fortune 50 international enterprise. I started programming in in the late 1970’s with BASIC, COBOL, FORTRAN, PASCAL, then VB, classic ASP, SQL, ECMA (JavaScript), PHP, JAVA, Python, and NodeJS. I build and run my own servers in Windows and Linux (various flavors) and have infrastructure running in the cloud on AWS. I am to say the least, a veteran “developer”. Oh, and did I mention — I don’t have a college degree. I am completely self-taught. I would encourage anyone who wants to get into programming to do so, but like someone else offered here, why do you want to do it? Technology is in my blood. But if all you are looking for is a higher paying job, find another career. Why? Because without the enthusiasm, desire and drive to immerse
Read more