►
From YouTube: Shedding Light on the Darknet by Nwokedi Idika, Google
Description
Shedding Light on the Darknet - Nwokedi Idika, Google
When you hear the world "darknet," what do you think of? I’ve found that if I ask 3 different people this question, I’ll get 3 different answers—all with different assumptions. Encountering this phenomena made me curious. So, I went looking for the cause. And, the answer I came up with was (drum roll please): confusion! Big and small. Thus, to do my little part in righting this wrong, this presentation will walk through common misconceptions about the darknet from concepts to technologies (and hopefully leave attendees *less* confused :-).
A
I
appreciate
you
folks,
coming
in,
and
hopefully
I
can
deliver
in
the
time
that
I
have,
but
my
hope
is
that
you
walked
out
with
a
little
bit
more
like
menu
around
darknet
in
technologies
and
concepts
about
me.
So
let
me
know
any
more
time
with
processing,
let's
just
jump
into
it,
so
misconception
number
one.
This
is
probably
the
biggest
misconception
that
if
you
have
when
talking
about
the
dark
net-
and
it's
the
following,
that
tour
is
the
darker.
A
A
Pull
out
now,
all
right,
so
now,
let's
resolve
what
these
terms
actually
mean,
so
there's
dark
and
net
when
you're
talking
about
the
dark
net
right,
there's
these
two
words
and
dark
contrary
to
popular
belief,
corresponds
to
anonymous
and
net
course
wants
to
overlay
Network.
So
now
we'll
look
at
each
one
of
these
terms
in
turn,
right
so
we'll
start
with
anonymous.
So
what
does
it
mean
to
be
anonymous?
A
Well,
we
can
start
with
the
ancient
Greek
definition
of
anonymous
right,
which
corresponds
to
without
a
name,
but
then
this
begs
the
question
of
what
is
a
name
and
it's
essentially
an
identifier.
One
is
known
by
in
a
given
context,
but
this
again
brings
up
a
number
of
other
questions,
namely
what
does
this
identifier
right?
What
do
we
mean
by
context
and
who
is
doing
this
knowing
about
this
name
in
this
context?
Right?
Let's
answer
each
one
of
these
questions,
so
you
probably
know
this
guy
right.
He
has
a
name
right,
Drake.
A
Some
of
you
probably
know
him
because
he's
known
by
that
name
mostly
if
you
follow
him
on
Twitter,
probably
know
his
name
is
also
drizzy.
You
probably
if
you
are
a
fan
of
Canadian
soap,
operas
Degrassi
in
particular,
you
probably
know
him
as
Jimmy
Brooks,
the
member
of
that
and
if
you
look
read
his
credits
on
albums
or
if
you
read
his
wikipedia
page,
probably
also
know
him
ask
Aubrey
Graham.
A
These
are
all
different
names
and
its
potential
for
different
people
to
know
him
by
these
different
names,
but
there's
also
other
identify,
as
if
you
will
that
are
associated
with
him
because
he's
Canadian
he
has
a
social
insurance
number,
not
a
social
security
number
that
he's
known.
But
there
is
a
phone
number
there's
email
address,
there's
IP
address
and
there's
browser
fingerprint,
that's
also
associated
with
them
right
and
do
you
can
imagine
different
entity?
Different
organizations
know
these
pieces
of
information
about
Drake.
Now
considering
this
right
this.
A
These
are
the
different
types
of
idea,
fires
that
we
could
be
referring
to
when
we're
talking
about
without
a
name
when
we
talk
about
anonymity,
but
we
also
need
to
sort
of
understand
what
we
mean
by
context
right
and
when
we're
talking
about
anonymity.
The
most
important
aspect
is
the
action
or
the
activity
that
you're
involved
in
right.
So
here
we
say
you
know,
I
know
what
you
did
last
summer,
with
the
emphasis
being
one
did
write.
A
The
importance
is
that
you
have
an
understanding
on
what
it
is
that
you
have
engaged
in
if
I,
don't
really
know
what
you're
engaged
in
that's
low
value
to
me
from
an
anonymity
perspective,
but
then
there's
this
other
question
right.
Who
is
doing
this?
Knowing
about
the
activities
that
you're
involved
in
and
you
could
probably
tell
by
the
sort
of
nefarious
face
in
the
background?
That
is
not
a
very
nice
person
in
some
sense
it's
this
attacker.
A
Some
attacker
is
the
individual.
That
is
knowing
what
you've
done
right,
but
I'm,
probably
doing
you
a
disservice
by
characterizing.
This
attacker
has
this
red
bought,
like
demon
like
thing
on
this
screen
right,
because
the
reality
is
is
that
the
attacker
could
be
your
government,
it
could
be
somebody
else's
government
could
be
some
country
could
be
your
significant
other.
It
could
be
whomever
you
want
it
to
be,
and
these
are
not
necessarily
organizations
or
things
that
we
think
about
it.
A
Some
evil
demon,
like
boogie
man,
that
is
doing
these
attacks,
so
bear
that
in
mind
when
we
are
talking
about
anonymity
and
now
that
we've
laid
down
this
brown
work
for
what
anonymity
is
in
its
various
pieces,
we
can
put
this
whole
picture
together.
So
we
have
you
right,
and
we
call
that
you
have
some
association
with
some
identifiers
and
we
call
all
those
different
types
of
identifies
that
could
exist,
that
we
might
care
about,
and
then
here's
you
taking
some
sort
of
action
in
the
world
now.
A
The
attackers
objective
right
is
to
link
you
up
with
your
actions.
It's
to
link
up
your
identify
with
the
actions
that
you're
taking
in
the
world
and
the
way
that
the
attacker
tries
to
achieve
this
is
by
observing
both
your
identifiers
and
the
actress
that
you're
taking
in
the
world
right.
So
by
doing
that,
they
can
link
you
up
right.
So
if
you're,
you
know
going
on
various
websites
and
I
know
what
identifier
is
associated
with
you,
I
can
sort
of
figure
out
what
activity
is
involved
with
you
right.
A
So
you
can
imagine
various
concrete
scenarios,
but
this
is
anonymity.
So
now,
let's
deal
with
the
notion
of
a
overlay
Network-
and
you
probably
have
already
interacted
with
one
if
you
visited
any
sort
of
popular
website,
so
here's
an
example
right.
Huffington
Post
is
one
popular
example
of
a
website.
A
Here's
a
request-
and
you
can
look
at
the
response
and
the
thing
that's
sort
of
relevant
here
in
a
response.
Is
this
X
cash
component
or
this
X
cash
header
piece?
That
basically
indicates
that
there
is
a
content
distribution
at
work
involved
right
and
this
content
distribution
network
is
just
an
example
of
a
overlay
Network
and
so
to
zoom
out
a
little
bit
and
see
how
this
content
distribution
network
is
at
play.
A
So
you
have
all
these
application
servers
that
are
deployed
all
over
the
place
right
with
the
idea
that
it
was
trying
to
get
close
or
be
geographically
close
to
wherever
you
are
so
when
I
make
that
request
to
Huffington
Post
is
not
going
directly
to
the
earth.
Origin
server
is
going
to
one
of
those
edge
servers.
If
you
will
that's
a
part
of
that
CD
n,
that
is,
that
overlay
Network.
A
Now,
when
that
message
comes
to
that
overlay
Network,
that
edge
server
is
going
to
determine
whether
or
not
it
has
the
page
and
it's
going
to
return
the
page.
If
it
has
it
and
then
if
it
doesn't,
is
going
to
utilize
its
brethren
that
are
part
of
that
overlay
Network
to
potentially
get
that
request
all
the
way
back
to
the
origin
server.
So
we'll
see
an
example
here,
let's
say
there
was
a
mess
it's
going
to
sort
of
identify
which
other
hosts
that
understands
its
protocol.
A
It
can
send
the
message
to
or
send
that
request
to
to
try
to
serve
that
page
up
to
that
end
user.
So
in
this
particular
case
it
goes
all
the
way
back
to
origin
server,
and
then
it
gets
served
all
the
way
back
to
me
in
Canada.
So
this
is
sort
of
an
example
right
of
an
overlay
Network,
because
these
servers
are
leveraging
the
under
network,
namely
the
internet.
A
In
order
to
achieve
this
so
now,
we've
accomplished
both
pieces
of
this
dark
net
right,
anonymous
overlay
Network,
which
is
basically
saying
you're,
obscuring
some
sort
of
identifier,
that's
associated
with
an
individual
and
leveraging
some
underlying
network.
In
order
to
accomplish
that
right,
so
we've
gotten
it
to
something:
that's
slightly
less
abstract,
but
hopefully
more
useful
in
terms
of
talking
about
the
dark
net,
so
the
next
sort
of
relevant
bit
to
refer
to
now.
Is
it
store?
A
So,
despite
the
appearances
of
this
logo
for
tor
tor
is
in
fact
an
acronym
for
The
Onion
Router,
and
when
you
talk
about
tor,
you
could
be
talking
about
one
of
two
things.
One
is
the
projects
and
the
other
is
the
system
itself
and
we'll
talk
a
little
bit
about
both
so
starting
off
with
the
project.
These
are
the
three
individuals
that
actually
start
at
the
implementation
of
tour.
A
Now
the
notion
of
Onion
Routing
had
existed
well
before
they
started,
but
in
2002
they
began
development
of
tour
and
then
in
2004
they
presented
this
paper
at
the
EU's
next
13
security
symposium
that
really
showed
what
they
had
done.
What
was
possible,
what
was
practical
and
then
in
2006
it
became
501,
C
3
officially
became
an
official,
not-for-profit
and
people
could
have
more
faith
that
there
would
be
efforts
continued
over
time
on
this
particular
project
and
that
it
wouldn't
just
go
away
overnight.
A
Now,
given
this
sort
of
very
very
brief
history,
there
is
a
design
attribute
associated
with
tor
right,
there's
a
principal
design
that
toward
tips
to
achieve,
and
it's
about
preventing
something
and
that
something
happens
to
be
traffic.
Analysis
attacks,
so
the
next
sort
of
natural
question
might
be,
or
what
will
you
mean
traffic
analysis
attack
Trey
like
it
sounds
like
something
crazy
right,
but
really
is
just
saying,
given
only
communication
metadata.
A
First
things
you're
not
supposed
to
know
infer
things
that
the
users
who
own
that
who'll
generated
that
metadata.
If
you
will
don't
want
you
to
know
so,
if
I'm
able
to
figure
out,
say
very
intimate
things
about
what
you're
doing
with
various
parties
from
only
looking
at
the
metadata
associated
with
your
communication,
that
is
an
example
of
a
traffic
analysis
attack.
A
So
we'll
talk
a
little
bit
more
about
this,
you
probably
are
getting
maybe
flashbacks
of
the
Snowden
revelations
and
things
like
this
when
you
talk
about
communication
metadata,
but
we're
talking
about
it
from
the
internet
perspective
and
we'll
talk
a
little
bit
more
specifically
about
what
that
means
for
tour.
So
when
we
talk
about
the
darknet
right,
we
say
dark
refers
to
anonymity,
so
the
question
might
be:
what
is
tor
anonymizing?
What
is
tor
making
anonymous
for
me
right?
So
there
is
this
six
tuple
right.
This
is
kind
of
a
TCP
flow.
A
If
you
will-
and
so
it's
trying
to
make
it
very
very
difficult
for
someone
to
have
complete
information
about
this
tuple
over
time,
so
there
might
be
certain
nodes
or
certain
actors
who
have
the
ability
to
know
a
piece
of
this
16,
but
not
all
of
it
right
and
by
not
having
all
of
it.
You
can
make
it
very
very
difficult
for
someone
to
do
their
traffic
analysis
attack
successfully.
Now.
A
The
second
piece
of
dark
net
is
the
net
component
right
and
tour
implements
that
by
way
of
having
volunteers,
run
the
so-called
relays
or
tour
nodes
around
the
world,
and
so
these
tour
relays
and
nodes
that
are
all
around
the
world
kind
of
similar
to
that
CDN
example
that
I
demonstrated
earlier
they
are
responsible
for
tunneling
traffic.
All
through
the
network
now
misconception
one
right
misconception:
one
is
that
tour
is
the
darknet
and
now
having
gone
through
the
dark
net
and
gone
through
tor.
A
We
know
that
the
correction,
for
that
is
that
tour
is
only
an
example
of
a
dark
net
right,
there's
other
darkness.
You
can
have
many
many
darknets
right.
In
fact,
the
invisible
internet
project
is
another
example
of
it
dark
net
that
people
generally
don't
talk
about,
but
it's
probably
the
second
most
popular
darknet
that
exists.
So
this
is
a
misconception,
one
correction
one.
So
now,
let's
go
to
one
of
the
second
biggest
misconceptions
around
the
darknet
tour.
A
Specifically
in
this
one
tour
is
secure,
so
there's
a
lot
of
people
who
seem
to
believe
that
tour
is
a
secure
way
of
getting
around
on
the
interwebs
or
just
in
general
and
I.
Don't
really
know
why
that's
the
case,
so
here's
an
example
where
there's
this
article
about
how
Carnegie
Mellon,
allegedly
exploited
tour
and
there's
many
examples
of
there
being
exploits
with
respect
to
tour
and
tour
fixing
them,
and
things
like
this,
so
certainly
one
shouldn't
believe
that
tour
is
just
secure,
but
for
some
reason
this
idea
persists,
and
it
made
me
think.
A
Maybe
wonder
why
is
that
the
case
and
what
I
concluded
was
that
people
didn't
really
understand
what
security
was
all
right
like
fundamentally
like
there's
this
fundamental
misperception
of
what
it
is
to
be
secure
and
I.
Think
that
if
we
address
what
that
is,
if
we
address
what
security
is,
then
it
becomes
obvious
that
tour
isn't
secure,
at
least
in
the
ways
that
people
think
about
it.
So
what
is
security
right?
A
So
if
you
look
at
a
lot
of
different
manifestations
of
what
security
is,
you'll
probably
see
that
those
definitions
are
somewhat
lacking
or
missing,
or
they
don't
provide
practical
utility,
so
that
led
me
to
come
up
with
one
that
I
hope
resonates
with
you.
So
security
is
very
much
about
implementing
or
assessing
a
mechanism
that
upholds
a
policy
in
the
presence
of
an
avatar.
So
you
have
to
have
all
three
of
these
elements:
mechanism,
policy
and
absurd.
So
if
you're
not
dealing
with
all
of
those
elements,
you're
not
really
dealing
with
security.
A
Now,
at
this
point,
this
system,
as
specified,
isn't
there's
no
security
concerns
whatsoever
right.
This
is
just
some
system.
I've
specified
access
from
requirements,
and
that
requirement
is
that
Adele
needs
to
be
able
to
talk
to
Beyonce
done
right.
There's
no
security
concerns.
We
haven't
even
begun
to
consider
security
right
in
order
to
begin
that
process.
We
need
to
consider
the
adversary
right.
A
So
here
we
have
this
sort
of
eavesdropping,
Eddie
right
now
we're
beginning
to
think
about
some
of
the
potential
security
concerns,
but
we're
not
done
yet
right
because
I
said
that,
there's
this
notion
of
there
being
an
adversary
and
there's
also
a
policy
that
needs
to
be
specified.
So
what
is
that
policy
right?
So
I
only
want
Beyonce
to
interpret
Adele's
message
right.
If
that's
the
case
now
we
have
Eddie
Murphy.
We
have
the
policy,
and
now
we
either
we
can
consider
a
mechanism.
What
mechanism
was
going
to
uphold
this
policy
right?
A
And
so
now
you
can
think
about
a
mechanism
may
be
say
aes-128
now
you
can
hand
this
over
to
say
a
security
engineer
or
security
analyst
and
they
can
assess
whether
or
not
this
system
actually
upholds
this
mechanism.
But
if
you
don't
have
all
these
pieces
in
place,
you
can't
really
deal
with
security.
So
remember
this
picture
when
you
think
about
security,
when
somebody
tells
you
they
have
a
secure
system,
you
need
to
ask
yourself:
what
is
the
mechanism?
What's
the
policy?
What's
the
threat
model
right
which
eddie
murphy
is
representing
here?
A
So
let's
look
at
tour
through
this
lens,
so
now
that
we
have
this
definition
of
security,
let's
look
at
tour
through
this
lens
and
see
what
we
come
up
with.
Luckily,
the
authors
of
tour
essentially
did
this
analysis,
for
so
we
won't
have
to
do
too
much
work
to
actually
achieve
this
analysis
and
we'll
put
it
into
this
mechanism
policy
and
adversary
framework.
So
here
we
go.
We
have
tour
and
the
policy
there
is
too
frustrating.
A
This
is
from
the
paper
to
frustrate
attackers
from
linking
communication
partners
or
from
linking
multiple
communications
to
or
from
a
single
user.
So
one
potential
issue
you
might
see
what
this
policy
is,
that
to
frustrate
an
attacker
is
your
goal.
So
what
does
that
really
mean?
This?
Is
it's
kind
of
fuzzy
right?
Well,
you!
You
would
need
to
define
this
a
little
bit
more
concretely
in
order
for
you
to
actually
determine
whether
or
not
you
two
achieved
your
policy
right,
so
this
is
already
kind
of
becoming.
A
They
talked
about
active
and
passive,
so
active
is
having
the
ability
to
do
whatever
you
want.
In
some
sense,
you
can
generate
traffic,
you
can
compromise
nodes,
you
can
you
just
effectively
cause
havoc
by
taking
action
and
then
passives
just
listening
to
everything,
you
have
the
ability
to
listen,
but
note
that
this
is
no
there's
no
global
view,
so
you
can't
cause
destruction
or
the
entire
network
by
way
of
compromising
every
node
or
you
can't
passively
listen
to
everything,
that's
happening
on
a
network.
You
go
only
listen
to
a
fraction.
A
This
is
the
assumption
that
they're
making
right
and
then,
given
that
assumption,
they
go
on
to
do
a
thorough
security
analysis
of
what's
happened
right
and
so
we're
only
looking
at
a
couple
of
them
that
they
actually
walk
through
in
this
paper.
So
the
first
is
observing
user
traffic
patterns.
So
observing
you,
a
user's
connection,
will
not
reveal
her
destination
or
data,
but
it
will
reveal
traffic
patterns.
So
you
know
you
can
ask
yourself
whether
or
not
the
policy
is
upheld.
Given
their
own
analysis,
then
there's
this
notion
of
into
end
timing
correlations
right.
A
So
in
their
paper
you
know
you
only
need
to
read
the
first
enters
tour.
Only
minimally
hide
such
correlations
done
right.
Does
this
really
uphold
the
the
policy
that
they
have
in
the
paper,
but
they're
very
open
about
it,
and
so
one
might
think
that
well,
this
is
some
academic
paper
in
in
2004.
You
know,
maybe
there's
no
real
consequence
of
this.
This
seems
kind
of
extract
right,
but
the
reality
is:
is
that
there's
practical
scenarios
that
exemplify
this?
So
imagine,
if
you
will,
that
is
2013.
A
You
have
been,
you
know,
studying
for
an
exam,
but
not
the
one
that
you're
supposed
to
happen
tomorrow.
So
you
wake
up
that
next
day
and
you
realize
you're
not
prepared,
and
you
decide
that
the
right
thing
for
you
to
do
is
to
make
a
bomb
threat
to
the
institution.
And
so
you
say:
hey
here's,
the
subject
line.
A
Obviously-
and
so
you
say
well,
I'm
going
to
use
tor
to
anonymize
my
IP
information
and
I'm
going
to
connect
to
gorilla
mail,
because
it
says
it
has
anonymous
email,
and
so
I'm
going
to
send
this
email
from
gorilla
mail
to
Harvard
and
then
no
one
would
be
none
the
wiser.
But
you
know
what
you
got
caught
up
in,
though,
is
this
into
end
timing,
correlation
odo
Kim?
He
got
caught
up
because
he
didn't
realize
that
at
the
time
he
sent
that
email
in
the
sort
of
message
header.
They
were
able
to
discern
that.
A
That
message
came
from
the
Tor
network.
So
what
that
then
meant
is
that
hey,
okay,
we
need
to
figure
out
who
was
on
our
network
that
was
connecting
to
tour
around
that
time,
and
so
there
was
just
a
handful
of
people
at
most
that
were
on
tour
at
that
time
from
the
Harvard
network
and
they
just
went
to
the
various
students
and
they
quizzed
them
out
until
one
confessed
in
eldo
kim
confessed
and
then
he
got
caught,
and
so
this
is
all
you
know
could
have
been
predicted.
A
Had
one
understood
this
principle
of
into
end
timing
correlations
right.
So
this
is
just
an
example.
One
manifestation
of
this
thing
that
tour
says
explicitly:
does
you
know
minimal
good
in
terms
of
hiding?
So
if
eldo
kim
had
read
that
paper
and
he
internalized
it,
he
would
not
have
gotten
caught
in
this
way,
not
to
say
that
he
shouldn't
have
got
caught.
A
He
should
have
very
well
gotten
quote
for
this
particular
act,
but
there's
other
people
in
different
countries
who
are
activists
we're
trying
to
bypass
censorship,
who
are
probably
miss
using
this
tool
because
they're
not
aware-
and
hopefully
you
all
are
a
little
bit
more
aware
now
so
misconception
to
towards
secure
but
correction
number
two.
Is
that
tour
secure
under
carefully
chosen
assumptions,
so
you
have
to
choose
your
assumptions
carefully
right.
A
You
have
to
construct
it
so
that
it
meets
your
definition
of
secure,
but
maybe
it
for
what
you
want
to
use
it
for
it's
not
actually
secure.
So
you
have
to
think
about
it
a
little
bit
more
carefully.
So
wrapping
up
tour
is
an
example
of
the
darknet.
It
is
not
the
darknet
and
number
two
tour
is
secure,
but
only
under
carefully
chosen
assumptions
with
that
I
want
it
close.
Thank
you
for
your
time.
A
A
A
If
I
define
frustration
of
an
attacker
as
basically
making
it,
but
some
definition
harder
than
it
is
for
you
to
like
look
at
some
set
of
web
laws
and
determine
what
somebody
is
doing
on
your
website,
then
it's
like
a
little
bit
more
difficult
right.
It's
slightly
more
difficult!
You!
You
could
make
the
argument.
A
I
can
make
the
argument,
but
it
may
not
be
very
compelling
right
because
there's
lots
of
other
context
that
isn't
really
included
into
it,
and
so,
when
you
think
about
whether
or
not
a
particular
technology
is
secure,
one
has
to
make
a
concerted
effort
to
understand
the
policy
that
it's
designed
for
as
well
as
the
adversary
that
is
designed
for
okay.
It
looks
like
we're
a
rat
a
time,
so
we
won't
have,
but
that,
thank
you
very
much.
Do
the
talk.