For the past few years, local and international law enforcement agencies around the world have been stepping up their game against the dark web. They are investing more money and effort to seize and arrest dark-net markets and users. When realizing how much the darknet has grown in the past decade, both in popularity and number of markets, it becomes quite apparent why governments are so interested in taking it down.
In view of this, it becomes important for individuals to educate themselves more on security and learn about the best practices in order to counter these efforts. In this article, we mention ways the government can track you on the dark net and ways to defend yourself from that. Remember, security is a practice, not a product!
Ways the Government Can Track You on the Darknet
One common mistake that many people make is using the Tor network without a VPN. While Tor is a pretty good anonymizing network, the fact that you’re connected to it can still be seen by your ISP, and by extent, your government. Law enforcements exploit this common misconception to try to identify potential darknet users. Another more severe mistake is sharing personal information on the darknet without encrypting it. For instance, when purchasing goods from the dark net, some would submit their shipping address without encrypting it, making for a huge risk in the event that the market gets seized by law enforcements later on.
Ways to Protect Yourself on the Darknet
Using a VPN Alongside Tor
When using the Tor network it’s always a good idea to combine it with a VPN. The reason for this, as mentioned earlier, is that your ISP can still notice that you are accessing the Tor network. Granted, your ISP will not be able to see your browsing activities when you use Tor, but if you can completely hide the fact that you are using Tor, you should go for it! However, you are just shifting the burden here; the VPN provider you choose will now be able to learn that you are accessing Tor. For this reason, you should aim for a VPN that does not keep logs. Here’s a list of VPNs that don't keep logs. If you don’t feel like trusting anyone (nice!), you can set up your own VPN server in the cloud.
Enter privacy-focused Linux distros
Although you can easily access the darknet by just installing the Tor Browser on your default Operating System, you really shouldn’t do so. There are good reasons for this. First, you don’t want to associate your darknet activities with your regular clearnet/work activities. In other words, you want to have your dark net activities in a completely separate Operating System. Second, there are already good privacy-focused Operating Systems out there that you can use alongside your main OS.
Tails Operating System
One example of those privacy-focused Operating Systems is Tails. Tails is designed and meant to be live booted from USB sticks and DVDs. In other words, unlike most operating systems, Tails does not run on a computer Hard Drive. Tails is installed on external mediums that can be plugged in and booted from on any computer. This implies that the computer used will not change in any way. This results in a much safer dark-net experience as no digital footprint is left on the computer. As soon as the system is shut-down and the external media is removed, nothing is left behind.
Furthermore, Tails is set in a way that doesn’t allow the creation of files or any modifications. When booting into Tails, a new session is created, all the data etc is temporarily stored and removed upon shutdown. Put differently, Tails rolls back to its initial state when the computer shuts down. Of course, this configuration can be changed if needed.
Finally, it goes without saying that Tails includes pre-installed apps that can help you in your security endeavor, such as password generators and volume encryptors.
Whonix Privacy Operating System
Another privacy-focused OS besides Tails is called Whonix. Whonix’s approach is similar to Tails with the distinction that it uses virtual machines as opposed to external mediums. We recommend storing this virtual machines on encrypted drives. It is divided to two virtual machines that are run together. One being the workstation and the other being the gateway. The gateway VM is responsible for running and connecting to Tor. The workstation VM then connects to the gateway. This is done through a virtual local network,. From there, the workstation connects to the Tor network.
This concept of security by isolation is what gives Whonix its edge. For example, since the workstation VM only connects to the gateway VM locally, even user applications on the workstation can’t attain the user’s real IP address. This is especially effective against malware attacks aiming to get your real IP address, and by extent your physical location. Needless to say, Whonix also includes many apps that help with privacy.
Qubes Operating System
Another alternative is called Qubes. Qubes takes the principle of security by isolation even further than Whonix. It achieves that without using any new technology. Qubes is basically a fancy hypervisor available to the masses. Using the type 1 hypervisor Xen, Qubes is able to create separate virtual machines. These virtual machines are called qubes in its context. This implies that every single user application can be given its own isolated environment, unlike with Whonix where only the gateway VM and the workstation VM are separated.
Furthermore, those qubes can be given different levels of privileges based on how much you trust them. For instance, if you want to run a program that you don’t trust very much, you can run it in a low-privilege qube. Even if that program turned out to be malware, it would have no chance of spreading to other qubes.
With this advanced level of isolation, Qubes is considered the best in terms of security. However, it doesn’t focus much on anonymity and privacy. To incorporate anonymity, you can install Whonix inside Qubes, with the gateway and workstation residing in two different qubes. Disposable qubes similar to tails can also be created and are deleted upon shutdown.
Defending Against Physical Attacks
Encrypting and hiding data on your PC
When thinking about security, people seem to neglect the possibility of physical attacks. What if your PC, or just your hard drive, gets stolen? Or seized? Your computer password wouldn’t stop your data from being recovered and accessed. Accordingly, you’ll need to account for such attacks by encrypting and hiding data on your hard drive.
Full Disk Encrypting (FDE) means encrypting your entire hard drive, rendering recovery attempts completely worthless. Here’s a nice a nice tutorial by Ubuntu. The steps are similar for other Debian-based Linux Distributions.
If you feel like Full Disk Encryption is a bit extreme, you can alternatively encrypt certain partitions or volumes on you hard drive. VeryCrypt is a very powerful encryption tool that can do many types of encryption. One of its greatest features that we recommend is called hidden volumes. Simply it means storing an encrypted volume (a volume is basically a storage container in a file system) within another encrypted volume. In this case, the inner encrypted volume would be impossible to prove the existence of, since encrypted data and empty space both look like garbage data anyway.
Besides encryption, you can use tools like BleachBit to irrecoverably delete temp data such as temporary files, logs, cache, etc.
Defending against raid attacks with kill switches
Worst case scenario you got yourself in trouble. You followed the whole tutorial but still somehow managed to get tracked. You have an encrypted partition with Whonix that is running. All you need to do now is shutdown your computer to hide everything. Agencies tend to use mouse jigglers to prevent computers from locking. Forensic USB devices to gather data from a computer.
Now, even if your hard drive and data are properly encrypted, there’s still the chance of raid attacks when your computer happens to be on. You will need to shut down your computer for the encryption to take effect. To this end, you can use scripts that will shut down your computer right away if a forensic device is plugged in. One such script is called usbkill.
This article is purely educational. We are not encouraging anyone to take part in any illicit activity online. This article is using the law-enforcement and the dark-net as a scenario, there are other reasons why people might want to achieve complete anonymity. Ignoring that, following this guide is one of the best ways to achieve great anonymity. Anything beyond this is outside the scope of normal consumers.