Time
1 hour 55 minutes
Difficulty
Beginner
CEU/CPE
2

Video Transcription

00:12
Hello, peoples of the Interwebs. This is tensed over and welcome to the next video in our comprehensive guide to the Tor browser
00:19
on this episode, we're diving into the dot union address is what they are encryption behind them Dominion directories and deep Dark Web search. In years,
00:30
my name is test over again. All right, well, we get my brother into this lesson. It's time to look over the free Rex. We're back to encryption, Http. Yes, but really are any pre rex for you to watch this course? Is this your first time with me? Welcome aboard.
00:46
I would recommend going back and watching previous videos as they deal with great set where we are now. And lastly, you have a need or want to be safer, anonymous online stuff, since eyes peace contract you
01:00
due to the fact we're in discussions now of the Deep Web, Dark Lab and Dark Net. I'm going to give you the proper schools, teach you how to use them and advise on how to safely navigate the deep Web dark Web dark.
01:11
But that said, this is not an endorsement of going there illegally at your place of work or home. Nor, unfortunately, if anything should happen to you, your equipment or any other possessions is cyber or myself liable. Please be careful.
01:27
Onions. This a suit top level. The main those tough ex similar concepts. Such things at dot net Net and used t using earlier times designating anonymous hidden service writable the tor network. Such addresses are not actual D. N s names and dot onion Field D.
01:47
It is not in the Internet, Deena's brute,
01:49
but with the appropriate proxy software installed in most cases for
01:53
Internet program such as Web browsers can access size with dot onion addresses, fastening the request to mature network. The purpose of using such a system is to make both information provider and the person accessing the information more difficult to trace, whether by one another by immediate network host or by an outsider.
02:13
So basically got. Union addresses don't resolve themselves in common sense that there is no D. N s involved in all that looks up. Their introduction point on the hidden service directories than a rendezvous point is set up for the Hidden service and the client meet the hosting. That's just a truncated hash in a public key Italian Likely
02:31
that to service is
02:34
create the same ho's name.
02:36
Just kidding. LF please go away,
02:40
all right. The purpose of using such a system this to make both the information provider and the person accessing information more difficult to trace, whether by one another and enemy network hosed or by outside sites that offer dedicated onion addresses may provide a conditional layer of identity insurance via https certificates. The green lock
03:00
proxies into the tor network,
03:02
like Torre to Web, allow access to Onion Service's from dawn poor browsers and prefers engines that are not tour aware by using a Gateway Years give up their own anonymity and trust a gateway to deliver that correct content. Both the gateway ending in service is fingerprint, browser and access, whose I p address.
03:22
Some peroxide use cashing techniques to provide better pace, loading the official Tor browser. From a personal perspective,
03:28
I don't really trust them. And to be honest, it's not that hard to open up a tor browser at that point. Just hop on some dot onions from there.
03:36
What do you all think is a convenience worth losing? Being anonymous?
03:40
Website even says warning toward to have only protects publishers, not readers. As a reader, installing Tor browser will give you much greater anonymity confidentiality and authentication than using toward Web using toward to Web trades off security for convenience and usability. I rest my case.
03:59
Okay, this gets pretty deep, but bear with me. This isn't a dot Onion T L D Top level domain are generally 16 or 56. Character Alfa Soma Numerical Strings, Dave's, B's and C's in numbers, which are automatically generated based on a public key. When an onion service is configured,
04:16
these things can be made up of any letters of the alphabet and decimal digits from 2 to 7,
04:23
representing in base 3280. But hash version two or 16 characters or version three
04:30
six characters Because they are a hash. All combinations of 16 base 32 characters are dollar. 1st 2 addresses over three addresses are much more complex. It is possible to set up a human readable dot onion. Dorrell and I've seen a few of these sort of organizations names generating massive numbers of key pairs,
04:49
the computational process that could be parallel Mai's mobile computers, multiple hashes ***. We have our name until sufficiently is our boy Girls find I said don't seem too often, but they are out there.
05:02
Okay, This is gonna be deep and goes and regulations and compliance is But bear with me. I'll sum it up, but I can't.
05:11
But a background knowledge for site B A T T s. You have to have it signed. Certificate assess out stating you are who you say you are, and you are secure. This was an issue for dot onions until recent
05:24
certification. Authority Browser forum, also known as C A browser forum is a voluntary consortium of certification authorities. They basically regulate the giving of certificates to make sure you are body by the guidelines
05:35
prior to the adoption of a new ballot ballot. Wonderful. For a http s certificates for a dot onion name could only be acquired by treating that dot onion as an internal server name
05:48
website heard. See a brown performance. Based on requirements, these certificates could be issued but required to expire before there were 1st 1015 This is an issue. Despite these restrictions, Duck duck go launched an onion site with a self scientific it in July of present. Our team which technically
06:08
I work for the time being.
06:10
Facebook and obtained the first SSL Onion certificate to be issued by the Certificate Authority in October 2014. Block team dot in Bow in December 2014. The intercept in April 12 15 York Times later joined in October 17
06:28
following the adoption of seed. Rather forms new ballot for four Designation of domain as special use in September 2015 dot onion meets the criteria for the R. F. C. 6761 certificate. Authorities may issue as SSL certificates for a G T. P s onion sites
06:46
for the process documented in the browser
06:48
performance based on requirements. Introducing this
06:53
who
06:54
so as of August 1016 13 onion domains are HDTVs. Sign across seven different organizations.
07:00
Onions took him alone. Way to being secure and having https SSL certificates.
07:08
Okay, we have discussed this in the past. Let's go back to it for a bit and discuss how to get around with the onion links. Plus, you'd be right and wondering how the envious her attention for deep 11 dark Web sites.
07:19
A lot of what you see is actually a wicky blinks site like the Hidden Wiki,
07:25
which is exactly what you think it ISS on updated and curated list of onion links categorized for your pleasure.
07:31
You'll also find a number of sites using the hidden Ricky name, but isn't the official site to be careful? A lot of these sites don't curate the onion list. She may grow into a dead end or worse, another. This opinions air quote that is cool is Daniel's Onion Link list. Raspberry Pi Directory.
07:48
Daniel's Onion Link list is a tour directory. Hopes on a raspberry pot. That's pretty cool, right? Rat is very pious, so many awesome uses. That's a whole new lesson. Any league list is an index directory that gives you a brief site description, the last scene and last test that dates as well as when the onion site first hit for network.
08:09
That's actually really cool on the directory to seat us.
08:11
Okay, there are search engine onion addresses you can use. They won't be able to index all or even a large portion of the deep Web dark Web. But they do exist, crawling for certain words on some deep and dark Web sites, torch
08:26
torches of Walden tour search engine.
08:30
However, it doesn't work a regular search engine, for instance, using torch to her. Facebook doesn't return the Facebook site. Rather, every turns a long list of references to a Russian hacking forums.
08:41
If you use Google to search for Facebook, you end up on the social media website. If Torch doesn't help you find what you need. Try not evil, not evil. Works more director Internet Search and is a successor to research. Another tour search engine and the evil lik e have a listing site. For instance, a search for Facebook
08:58
returns the official Facebook onion site.
09:01
A search for Proton returns official Proton male onion site. And so
09:05
Okay, so this is a good place in this lesson. The next lesson is the last one. We're gonna wrap everything up in a nice, neat little bow,
09:15
and I will see you in next lesson.

Up Next

Guide to the Tor Browser

This is a comprehensive Tor Browser guide to getting through the mystique of the Tor Browser including, but not limited to: major misconceptions, installation, history, strengths and weaknesses, discussions on onion addresses, and ending on a comparison of the Deep Web and Dark Web.

Instructed By

Instructor Profile Image
Tim Stover
Cybersecurity Research Analyst
Instructor