The do's and don'ts for using a dark website

Before venturing onto the dark web, stay safe and legal with this list of dark website tips

It’s hardly a secret that when you go online, your activities are followed – not only by Google, Facebook and Amazon, but by official surveillance teams, ‘just in case’ you’re a criminal in waiting. We often recommend privacy add-ons and software that block at least some web trackers, but if you really want to preserve your anonymity, Tor is the best option available.

This stealthy browser keeps your web activities safe from spammers and advertisers, hides your personal data from corporations and other web users, and lets you browse without being followed by identity thieves and stalkers. You can send personal photos without having them intercepted, use social networks without being monitored, write genuinely anonymous blog posts and much more.

In this privacy special, we explain how to make the most of Tor’s anonymity tools and ensure you stay safe when browsing what’s referred to – somewhat misleadingly – as the Dark Web. We outline our essential dos and don’ts for using the browser and reveal some of the most interesting sites that can only
be accessed through Tor.

The do's and don'ts for using a dark website

Do: Make sure Tor is kept up to date

http://cdn1.alphr.com/sites/alphr/fi...?itok=jvMrSBoh

Tor is much more secure than Chrome and Firefox but as with any piece of software, it’s not impervious to attack. For example, the network was targeted in 2013 by a Trojan called Chewbacca, which stole banking details; and in 2016, it was revealed that the FBI had used specially created malware called Torsploit to ‘deanonymise’ Tor users and track their real IP addresses. There have also been cases of Tor exit nodes – the last relays that Tor traffic passes through before it reaches its destination – being used for malicious purposes rather than anonymous ones, and infecting users’ systems.

Fortunately, Tor usually addresses such threats and vulnerabilities very swiftly, which makes it essential to keep the browser up to date. Every time you launch Tor, click the onion icon on the toolbar and choose ‘Check for Tor Browser Update’ (Tor updates itself periodically, but checking manually ensures you’re using the latest version). Additionally, if you’re using a service that involves sharing personal information, you should change Tor’s security level to High, as explained in our Workshop opposite.

Don't: Use Tor for torrenting

As a powerful privacy tool, Tor might seem like the perfect means of downloading and uploading files via BitTorrent and other peer-to-peer networks, but it absolutely is not! Using a torrent client bypasses Tor’s protection and blows your anonymity by sending your real IP address to the torrent service and other ‘peers’. This allows them to identify you, the port you’re using for torrenting and even the data you’re sharing, if it isn’t encrypted.

They can then potentially target you with malware or even notify the relevant authorities (if you’re sharing copyrighted material). Additionally, torrent traffic places a heavy strain on the Tor network and slows it down for others, so it’s selfish as well as careless.

For all these reasons, Tor says file-sharing is “widely unwanted” and exit nodes are configured to block torrent traffic by default.

Do: Create a new identity when necessary

Tor does a great job of keeping you safe and anonymous, but you may still encounter websites that raise alarm bells – indeed, Tor may warn you that a site is trying to track you. If you’re worried that your privacy has been compromised, click the onion icon on the toolbar and choose New Identity. This will restart the Tor browser and reset your IP address, so you can carry on browsing as a fresh user.

Don't: Maximise the Tor window

Leave Tor browser windows at their default size because maximising them allows websites to determine the size of your monitor. This might not sound too worrying on its own but when combined with other information, it may provide the extra information websites need to identify you.

Do: Use a VPN alongside Tor

It’s important to remember that Tor is a proxy rather than a VPN, which means it only protects traffic routed through the Tor browser. As we explained earlier, there are some risks to using the Tor network, especially when downloading torrent files and inadvertently connecting through a malicious exit node.

You can boost your privacy and security by using Tor in conjunction with a VPN, to ensure all your data is encrypted and no logs are kept of your activities. Several VPNs offer features designed specifically for Tor users, including ProtonVPN, which lets you access servers pre-configured to redirect traffic through the Tor network; ExpressVPN, which lets you sign up anonymously through its ‘.onion’ website; and AirVPN, which routes traffic through the Tor network first and then through the VPN.

None of these options are free – prices generally start at £5 per month – but they are faster, more flexible and more trustworthy than free VPN services.

Don't: Search the web using Google

Google isn’t known for respecting its users’ privacy, so to continue using it in Tor (it’s one of the available options) is rather self-defeating.

Not only does Google still try to track you and record your searches (based on your exit node’s IP address) but when it finds you’re connecting in an ‘unusual’ manner, it gets very uppity about it. Try searching with Google in Tor and you’ll continually get CAPTCHAs that ask you to prove you’re not a robot.

We recommend using either Tor’s default search engine DuckDuckGo, its ‘Onion’ variant or Startpage (which uses non-tracked Google results), all of which come preinstalled alongside Google.

Do: Consider running a Tor relay

Tor relies on its loyal and ever-expanding community to provide the relays that create the circuits that deliver the anonymity it’s become (in)famous for. The more relays – or ‘nodes’ – there are running, the faster and more secure the Tor network will be.

If you become a regular Tor user, consider giving something back to the community by sharing your bandwidth and running your own relay. You can either be a ‘middle relay’ – one of the two or more nodes that receives Tor traffic and then passes it on – or an ‘exit relay’.

Being a middle relay is much safer because if another user employs the Tor network to do something malicious or illegal, your IP address will not show up as the source of the traffic.

In contrast, an exit relay can be identified as that source, which means people who run exit relays may have to deal with complaints and even legal attention. Therefore you shouldn’t host an exit node from your home PC and, if you’re sensible, not at all!

One further problem: you need to have a Linux computer running Debian or Ubuntu to host a reliable relay. In Windows, you need to run a Linux distro as a virtual machine and set up your relay from there. It’s a bit of a hassle, but at least it will keep your Tor traffic separate from the rest of your system.

Don't: Share your real email address

It may sound obvious, but there’s no point using Tor to stay anonymous if you sign up to a website using your real email address. It’s like putting a paper bag over your head, then scrawling your name and address on it. A disposable email service such as MailDrop or Nada, or the brilliant Fake Name Generator can be used to create a temporary address and/or identity for site registrations and keep your Tor persona separate from your standard web one.

Do: Use Tor for anonymous email

You can use your favourite email services in Tor – although pesky Google may ask you to verify your Gmail account – but the content of your messages won’t be encrypted in transit. Tor will of course disguise where you are, but unless you’re using a disposable email address (see above), anyone intercepting your messages will see your real address and, potentially,
your name.

For total privacy and anonymity, you can use a Tor-enabled email service. Several of these have been closed down by law-enforcement agencies in recent years because they were linked to criminal activities, but using one is not illegal, nor does it place you under suspicion. The best and most trustworthy option is ProtonMail, an end-to-end encrypted-email provider, launched by the CERN research facility in 2013.

Earlier this year, ProtonMail introduced a Tor hidden service specifically to combat the censorship and surveillance of its users. You can sign up for a free ProtonMail account at protonirockerxow.onion, but this limits you to 500MB of storage and 150 messages per day; to get advanced features, you need the Plus plan (£3.70 per month).

Alternatively, you could try Bitmessage, a free Desktop client that lets you send and receive encrypted messages using Tor, and can be run from a USB stick.

Don't: Go overboard with browser add-ons

Because Tor is based on Firefox, it’s possible to install your favourite add-ons to customise it to your preference, which makes sense if you are planning to use Tor as your default browser. Don’t be tempted! Even if extensions aren’t infected with malware (as some Chrome ones were recently found to be), they may seriously compromise your privacy.

Tor comes with two of the best protective add-ons preinstalled – NoScript and HTTPS Everywhere – and that’s really all you need if your reason for switching to the browser is to be anonymous. Also, bear in mind that browsing with Tor can be slower than Chrome or Firefox because of its roundabout way of connecting, so overloading it with add-ons will further reduce your speed.