CC Overlapping Puzzles

I am a security researcher and speaker currently focusing the dark web, cryptocurrencies, cybercrime, and digital underground economies. My day job is with Akamai Technologies, but my "work" and my "hobbies" tend to overlap quite a bit. I've spoken at conferences such as Thotcon, USENIX Enigma, HTCIA Conference, DeepSec, SOURCE Boston, Defcamp, and Derbycon.


Deep web, Dark web, Darknet…

These terms are often used interchangeably despite representing distinct, but related segments of the Internet. The deep web (sometimes called the ‘hidden’ or ‘invisible’ web) refers to pages and services on servers that are accessible through standard Internet browsers and methods of connection, but not indexed by the major search engines. This lack of indexing can be due to website or service misconfiguration, search listing opt-out requests, paywalls, registration requirements, or other content access limitations.

The dark web, as opposed to the ‘clearnet’, is itself a relatively small portion of the deep web. The term dark web relates to web services and pages that are intentionally hidden and cannot be directly accessed through standard browsers alone, but rely on the use of an overlay (like Tor and I2P) or side-loaded (like Netsukuku) network requiring specific access rights, proxy configurations, or dedicated software. There are dark web sites and services that span multiple darknets, however the Tor darknet looks to be the current ‘king of the hill’ for go-to dark web offerings.

Darknets are frameworks where access is restricted at the network level, think Tor, Freenet, I2P, or Zeronet. Private VPNs and mesh networks can also fall into this category as authenticating and connecting to a private VPN service renders your traffic content “dark” to unprivileged systems passing your encrypted traffic along its route, be it an Internet service provider (ISP), Content Delivery Network (CDN), or other Internet traffic mapping or passage enabler. Network traffic over these frameworks is masked in such a way that snooping shows only which darknet you are connected to and how much data you move, but not necessarily what sites you visit or the content of said data. This is in contrast with simply interacting with the clearnet where your ISP and those network operators between you and your requested resources can openly see the content of the traffic you generate.


Note: HTTPS services fall into a strange gap here. In an idealized use scenario end-to-end encryption (E2EE) between you and the resources you seek would constitute a darknet service of its own. However, the reality is much murkier as implementation is increasingly often not E2EE, but a series of man-in-the-middle (MitM) connections along the path between you and said resources. There was a paper recently released discussing this very issue. The paper is titled “The Security Impacts of HTTPS Interception” and is set to be presented and published via the Network and Distributed System Security Symposium 2017 (NDSS’17), San Diego, California, February 2017.


(Image released under Creative Commons CC0 into the public domain from pixabay)

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.