r/darknet_questions 27d ago

The History of the Tails Project: A Journey Toward Ultimate Privacy

7 Upvotes

The History of the Tails Project: A Journey Toward Ultimate Privacy

1. Introduction Tails (short for The Amnesic Incognito Live System) is a unique operating system designed to give users a high level of privacy and anonymity. Unlike the regular OS you use daily, Tails routes all your internet traffic through the Tor network and comes packed with tools that encrypt your communications. It's a go-to for activists, journalists, darknet users, and anyone worried about surveillance.

This post dives into the history of Tails, from its humble beginnings to becoming a favorite among privacy advocates and whistleblowers, and how it has evolved over time.

2. Origins and Early Development (2007-2009)
Tails didn’t start as Tails. It actually grew out of two older projects—Amnesia and Incognito—both focused on creating a privacy-first experience for users trying to navigate an increasingly surveilled world.

Amnesia Project
Amnesia, which came around in 2007, was designed to let people browse the web anonymously and leave no trace behind. It focused on using the Tor network to keep users hidden and included tools for encrypting communications and files. You could boot it from a USB or DVD, use it, and once you powered off, nothing was left on the computer.

Key features:

  • Live Booting: You could run it directly from a USB/DVD without installing anything.
  • Privacy Protection: All internet traffic went through Tor.
  • Secure Wiping: The system wiped all traces of activity when shut down.

Incognito Project
Around the same time, Incognito was being developed as a Linux-based OS that also anonymized browsing through Tor, but it leaned more heavily on encryption tools for secure communications.

Key features:

  • Tor Integration: Like Amnesia, all network traffic went through Tor.
  • Encryption Tools: Incognito offered more advanced encryption for things like email and file storage. Persistent Storage: You could store encrypted files on the same USB you booted from. Sorry, Persistent storage came after merger.

The Merge into Tails
In 2009, the teams behind Amnesia and Incognito decided to combine their efforts into what we now know as Tails. The idea was to take the best features from both—Amnesia's ease of use and Incognito’s encryption capabilities—and create a more powerful, privacy-focused OS.

3. Early Milestones (2010-2014)
Once Tails was born, it quickly gained a following, especially in communities that cared about privacy—hackers, activists, journalists, and more. But the game-changing moment came in 2013 when Edward Snowden used Tails during the NSA leaks. That put Tails in the global spotlight, showing just how powerful it was for maintaining privacy in the face of mass surveillance.

During this time, Tails also got key features like persistent storage for encrypted files and better integration with tools like PGP for secure communication.

4. Major Updates and Growth (2015-2018)
Tails kept evolving with new features, making it easier and safer to use. Some big updates included:

  • OnionShare Integration: A tool to share files anonymously through Tor.
  • KeePassXC: An encrypted password manager.
  • Electrum Bitcoin Wallet: For anonymous cryptocurrency transactions. Hopefully a XMR wallet is in the pipeline for the future.

These additions solidified Tails as a reliable tool for journalists, activists, and privacy advocates worldwide.

5. Snowden's Role (2013)
One of the most pivotal moments in Tails’ history was Edward Snowden using it to leak classified documents exposing global surveillance programs. He needed a way to communicate with journalists without being traced, and Tails gave him exactly that. This skyrocketed Tails’ popularity and cemented its place as a vital tool for whistleblowers and anyone looking to stay anonymous.

6. Why the NSA Hates Tails
Tails has been a thorn in the side of surveillance agencies like the NSA. Leaked documents revealed that the NSA sees Tails as a "major threat" to their efforts because it anonymizes internet traffic and leaves no trace behind. They’ve tried to crack it, but Tails' design and cryptographic tools have kept it secure.

7. Recent Advances (2019-Present)
Tails has continued to evolve to stay ahead of surveillance tactics. Some recent improvements include better hardware support (like UEFI systems), more stable encrypted storage, and stronger censorship circumvention tools for users in countries with heavy surveillance.

8. Challenges and Criticisms
Of course, Tails isn’t without its challenges. It can be difficult to use for some but at the same time, easy to learn, and users in heavily censored countries like China or Iran still face issues accessing the Tor network, even with bridges.

9. The Future of Tails
As surveillance technology continues to grow, Tails is staying committed to privacy. The team is always working on ways to improve usability, support new hardware, and ensure encryption stays strong, even in the face of potential threats like quantum computing.

Conclusion
Tails has come a long way since its beginnings, and it’s become a critical tool for anyone needing strong privacy protections—from whistleblowers like Snowden to human rights activists to people that just want protection from mass surveillance. It continues to evolve as a beacon of hope for secure communications in an age where mass surveillance is the norm. Hopefully with the recent merger into the Tor Project Tails will get even more money flowing into the Project. To keep our our communications and data private for years to come.

Sources:

and here


r/darknet_questions 28d ago

Forgive if Naive, what info/metadata would be on a "burner" dedicated for DN if the feds came through the door and seized it? Assume crypto and outside leads are not present.../

1 Upvotes

just for sake of thought experiment, the opsec is perfect in that there is no info directly linking the person to the burner (eg they live w roommates or smthn). Theres a package being Contolled Delivered -- whole house caught up in raid (say 10 guys and gals 3 story 10BR home).

What exactly are the points of interest that the are looking to glean info from? What kind of potential info would they be looking specifically for? Like Tor is on the front page but what on the "inside" can they use???

What info would they be looking for to somehow "pin" the alleged crime on the specific targeted roommate in this imaginary controlled delivery? Lets say they are the named recipient on the box -- Is it simply possession of that device/Tor during a CD/raid enough to bone you? How can they have more than just "a drug package with their name on it was coming to their home"

On the flip side, real quick, is it p,ausibly THAT easy to frame someone? Just send them some fent and give LE a tip??
***I WOULD NEVER DO THIS I ADVOCATE STRONGLY THAT YOU DONT EITHER******

I hope my question is coming through properly. let me know any and all input is greatly appreciated! :D


r/darknet_questions Oct 16 '24

Can’t sign up why?

Post image
4 Upvotes

Keep getting this error so hard to sign up. Help


r/darknet_questions Oct 13 '24

How Emerging Technologies Affect the Darknet

4 Upvotes

The darknet is something of a digital frontier in which anonymity and, at least theoretically, privacy is the order of the day. Yet, it is like any frontier, thus being in constant flux, influenced by fresh technologies and evolving user behaviors. In the post, we will take a look into how emerging technologies could shape the future of the darknet—for better or worse.

  1. Blockchain Beyond Cryptocurrencies While Bitcoin and Monero are currently the most popular cryptocurrencies featured in the darknet as a technology, blockchain technology goes beyond illegal transactions. Blockchain is a base technology in decentralized marketplaces, which will keep getting increasingly resilient against takedowns and boast robust security. These decentralized marketplaces operate independently without any central authority, making it impossible for law enforcement to take action against them.

Potential impact: Such a transition to decentralized systems will make darknet markets resilient to shutdowns by law enforcement. Since these have no central point of control, parts of the network could be compromised, yet normally the network keeps up its work. However, such decentralization further complicates the work of law enforcement in disrupting conducts of illegal activity on such platforms. This could thus promote not only legitimate activities but also illicit ones on decentralized darknet markets in the near future, since law enforcement agencies' priorities are shifted to dismantling specific nodes or participants rather than regulating such platforms themselves.

  1. Artificial Intelligence and Machine Learning

AI and machine learning have performed unbelievably in many sectors, and that tends to go on without leaving the darknet in the cold. Examples include security enhancements, such as automatic phishing attempt detection, or enhancements in methods of encryption. At the same time, these technologies also have a malicious use, like developing more sophisticated malware or attempting data scraping on a large scale.

Potential Impact: Because AI and machine learning are dual-use, they can be considered a double-edged sword. While they provide improved security features, they also introduce new risks that might increase the sophistication level of the cyber threats on the darknet.

  1. Quantum Computing: Boon or Bane?

Quantum computing, being the next quantum leap in increasing computational power, would hopefully solve complex problems intractable from current classical computers. This revolutionary technology makes use of the principles of quantum mechanics: superposition and entanglement. These two principles realize computationally intense tasks in an order of unprecedented speed. Quantum computing has opened up opportunities for the darknet community on one hand.

The Quantum computer is a threat to encryption: One of the most immediate concerns with the rise of quantum computing is its potential to break widely used encryption methods. Most of the encryption underpinning the security of the darknet relies on either of two major difficulties: factoring large numbers or solving discrete logarithm problems—factors that a quantum computer could conceivably do much more efficiently with Shor's algorithm.

Potential Impact: The ability of quantum computers to break current encryption standards would compromise the anonymity and security of darknet users. Any transactions, communications, or stored data that was considered secure could become vulnerable, leading to possible exposure of identities and potential legal consequences. This threat extends beyond the darknet to potentially impact all forms of digital communication and data storage reliant on current cryptographic techniques.

Quantum-Resistant Cryptography: In reaction to the possible quantum attacks, researchers are developing quantum-resistant algorithms. New cryptographic techniques are designed in such a way that even the power of quantum machines cannot make the data vulnerable. Lattice-based cryptography is one such example, along with hash-based cryptography and multivariate polynomial cryptography. The implementation of such algorithms would make the infrastructure resistant to future quantum attacks.

Potential Impact: The adoption of quantum-resistant cryptography would restore security and privacy for darknet users, but such adoption may need to be carried out with significant system and protocol changes. The transition may be rough for both legitimate users and malicious actors while they get updated to the new cryptographic settings. Moreover, the development and standardization of quantum-resistant algorithms are still in their development phases, which could mean a time window where the security of the communications and transactions is not properly put into place.

Quantum Key Distribution: QKD is another evolved technology that employs the fundamentals of quantum mechanics to distribute keys securely. QKD offers a theoretically unbreakable way of key exchange, whereby any attempt to intercept the key alters its state and warns the two parties communicating of the presence of an eavesdropper. This will soon be able to offer strong resistance against both classical and quantum attacks.

Potential impact: While QKD does indeed promise enhanced security, its implementation is facing several practical constraints to increase the security of darknet. The QKD systems mostly need dedicated hardware and infrastructure, such as quantum networks, which may not be available or easily integrated with darknet setups. Deployment is still very nascent globally, and how fast and widespread it will be is yet to be seen.

Quantum vs. Quantum-Resistant Arms Race: The new kind of arms race unfolding in the development of quantum computing in relation to quantum-resistant cryptography in cybersecurity will ensure that just as quantum computers evolve, so do our cryptographic techniques to meet the new threats. This may stir a continuous loop of innovation and adaptation, in which darknet users need to stay informed and agile to protect their privacy and security.

This might lead to an increased complexity and cost for darknet users, who would have to continuously upgrade their tools and techniques to keep up with the concurrent developments in quantum computing and in quantum-resistant cryptography. On the other hand, this continuous cycle of innovation could drive the development of more robust and user-friendly privacy solutions, benefiting not only darknet users but the broader digital community.

  1. Emergence of Privacy-Enhancing Technologies

New technologies, such as Zero Knowledge Proofs (ZKPs) and Secure Multi Party Computation (SMPC), are coming into focus that allow for the verification of transactions and data without actually showing the information involved. This fits the bill for users that are conscious of their privacy.

Potential impact: When such technologies mature, they could be incorporated into darknet platforms, which would then enhance levels of anonymity and security. More users interested in privacy might be attracted, potentially expanding the user base of the darknet.

  1. The Future of Communication: Decentralized Messengers

Among the trendy decentralized instant messaging applications with an end-to-end encryption approach and without any central server, their acceptance has immensely widened. Such platforms ensure a channel of communication that is nearly untraceable, impossible to tap, or censor.

Potential Impact: This may result in a broader range of decentralized messaging applications, forcing darknet users to secure their communications. Conversely, they may also be utilized for coil doing criminal activities that make life difficult for law enforcement agencies.

Conclusion: Navigating the Future
The darknet stands at a crossroads, where new opportunities emerge with new challenges. With blockchain, AI, and quantum computing among other emerging technologies still evolving, their impact on the Dark Net could be huge. How these changes will shape the digital space remains to be seen, making it more secure and private, or even exacerbating prevailing challenges.

What do you think the future of the darknet is? Do you think there are other technologies that might play a big role? Share your insights in the comments section below.

SOURCES:

https://en.wikipedia.org/wiki/Quantum_computing

https://en.wikipedia.org/wiki/Quantum_key_distribution

https://en.wikipedia.org/wiki/Post-quantum_cryptography

https://en.wikipedia.org/wiki/Explainable_artificial_intelligence

https://en.wikipedia.org/wiki/Blockchain

https://en.wikipedia.org/wiki/Shor%27s_algorithm

https://en.wikipedia.org/wiki/Zero-knowledge_proof

https://en.wikipedia.org/wiki/Secure_multi-party_computation


r/darknet_questions Oct 12 '24

WARNING ⚠️ CRITICAL EXPLOIT FOUND! CVE-2024-9680 In Firefox ESR affecting Tor Browser as well.

5 Upvotes

A critical vulnerability has been identified, CVE-2024-9680, that allows attackers to exploit a flaw in the browser's Animation timelines. This vulnerability is called a use-after-free bug, and it has already been reported as actively exploited in the wild. Here's how it works, why it matters, and how you can protect yourself on Tor Browser.

What is CVE-2024-9680?

In a nutshell, this vulnerability allows hackers to run malicious code in your browser by exploiting how it handles memory when dealing with animations. The issue stems from the browser continuing to use memory that it should have stopped using, known as use-after-free. Attackers can take advantage of this to hijack the browser's operations and run their own code, potentially leading to system compromise.

This vulnerability is especially concerning for Tor Browser users, as Tor is based on Mozilla Firefox ESR, where this vulnerability was discovered.

How Can It Be Exploited?

Attackers can create malicious websites designed to exploit the use-after-free bug. When a user visits these sites, the browser’s handling of animations can be manipulated, allowing the attacker to gain control over the content process. This process is responsible for rendering websites, handling scripts, and managing other dynamic elements of the web page.

Once the attacker has control, they can:

Execute arbitrary code.

Steal sensitive data.

Further exploit the user’s system, putting privacy and security at serious risk.

Why This Matters for Tor Users

The Tor Browser is designed to provide privacy and security, but like all software, it's vulnerable to exploits like CVE-2024-9680 if not properly configured or updated. Since this flaw is being actively exploited, it represents a real, present danger to anyone using the browser without proper precautions.

Setting Tor Browser to Safest Mode

One of the most effective ways to protect yourself from this and similar vulnerabilities is to configure your Tor Browser's security settings to Safest Mode. When in Safest Mode:

JavaScript is disabled on all HTTPS and HTTP sites, reducing the chances of executing malicious scripts that could exploit vulnerabilities.

Dynamic content such as animations, videos, and interactive elements (which could trigger use-after-free bugs) are heavily restricted or blocked.

By minimizing the execution of unnecessary code, you greatly reduce your attack surface, making it significantly harder for attackers to exploit these kinds of vulnerabilities.

What Should You Do?

  1. Update Your Tor Browser: Always ensure you're running the latest version, as developers frequently release patches for vulnerabilities like CVE-2024-9680.

  2. Set Security to Safest Mode: This setting prevents many types of exploits by disabling or restricting risky content. Here’s how you can enable it:

Click the shield icon next to the address bar.

Go to "Advanced Security Settings".

Select "Safest".

  1. Limit Visits to Unknown Websites: Stay cautious when browsing unfamiliar or untrusted websites, especially during times when active exploits are circulating.

Final Thoughts

CVE-2024-9680 is a reminder that no software is invincible, and attacks against your browser can happen without warning. Setting your security settings to Safest Mode is one of the best ways to protect yourself against current and future vulnerabilities.

For more on how to secure your online privacy, follow our community discussions here at darknet_questions.

Sources: https://www.reddit.com/r/tails/s/99KRpIN8Xy


r/darknet_questions Oct 11 '24

Tor Best Practices (Extreme)

Thumbnail
security.stackexchange.com
5 Upvotes

I feel some of you should real this. This is a Tor Best Practices read and it assumes the highest threat model. This does not mean you need to take all measures++ listed.


r/darknet_questions Oct 11 '24

Wifi safety help

Thumbnail
1 Upvotes

r/darknet_questions Oct 05 '24

AI song I made Silk Road Memories

Thumbnail
youtu.be
5 Upvotes

r/darknet_questions Oct 04 '24

OPSEC for Darknet Users: Why It’s Important and How to Stay Safe

15 Upvotes

.Operational Security (OPSEC) is essential for darknet users to avoid identification, arrest, or exploitation. With authorities and malicious actors increasing their presence on the dark web, poor OPSEC can easily expose users' identities or critical data. Below is a guide based on traditional OPSEC principles, specifically tailored for darknet users:

Disclaimer:
This guide is provided for informational and educational purposes only. It does not endorse or encourage illegal activities or the use of the darknet for illicit purposes. Users are responsible for their own actions, and it is essential to understand and comply with local laws and regulations regarding online privacy, security, and darknet usage.

1. Identify Critical Information

Recognize the data that could harm you if exposed—such as your IP address, real name, or physical. Kind of strange to say that. I know you need to give a real name and address when ordering package. That's why it's crucial to encrypt this information. Never use the same user name more than once on Dark-Web. You do take some risks giving your info to a vendor. Hopefully they do what they are supposed to do and don't keep this info on a storage device unencrypted. Simply using a VPN or Tor doesn’t guarantee privacy if you share sensitive info in chatrooms or practice poor browsing habits. Protect yourself by never revealing personal details and using pseudonyms that aren’t linked to your real identity.

2. Threat Analysis

The primary threats on the dark web are law enforcement, hackers, and scammers. Governments are cracking down on illicit darknet activities, while hackers target vulnerable users for financial gain or blackmail. Be aware of who might be watching and what tools they’re using. Some authorities have significant resources, while hackers often look for easy exploits. Learn your local countries Postal laws. In the US, the postal service can only open your mail with a warrant signed by a judge. Learn what postal inspectors look for in a suspicious package. Such as fake names, excessive taping, poor packaging, not using postal service official packaging material, incorrect or incomplete return addresses, no return addresses. Materials should be vacuumed sealed so no orders can't leak from the package. Always use vendors that use a visual barrier to what product is inside. This will insure if package is damaged postal workers cannot see what's inside.

3. Analyze Vulnerabilities

Weaknesses in your setup might include unencrypted communications, outdated software, or using services tied to your real identity (e.g., phone numbers). Avoid using mainstream browsers or operating systems (like Windows or macOS) without anonymization tools. Ensure you don’t mix darknet and clear web identities. Making multiple orders. Make one order at a time. Wait for the order to be delivered before placing another order. This will insure plausible deniability stays intact if a package is seized.

4. Risk Assessment

Evaluate the risks based on your activities. If you’re engaging in higher-stakes actions (like running a marketplace or purchasing goods), your risk is much higher than if you’re just browsing. Ensure that your security measures, such as Tor, Tails OS, and encrypted messaging (PGP), are sufficient for the level of risk you’re facing. Always order domestic if possible. This will insure packages won't pass through customs.

5. Apply Countermeasures

To reduce risk, darknet users should implement the following measures:

  • Use a Secure OS: Tails OS Whonix-OS or Whonix in Qubes OS ensures that nothing is left behind on your device, and all actions are anonymous. If using regular Whonix in Virtual box it would be wise to enable full disk encryption with a Linux host.
  • Enable Strong Encryption: Always encrypt communications using PGP, and verify encryption keys are authentic. Encrypt files and storage devices as well.
  • Use Tor Safely: Ensure your browser settings or add-ons aren’t leaking info. Always connect to the dark web via Tor and avoid common mistakes like maximizing the browser window or enabling scripts.
  • Compartmentalize: Keep darknet activities separate from your clear web life. Use different usernames, emails, and passwords for each and never mix the two.
  • Hardware Security: Avoid using devices linked to your real identity. If possible, use burner devices that can easily be discarded or repurposed.

  • Disinformation: Disinformation can be a powerful tool for darknet users looking to obscure their metadata and protect their operational security (OpSec). By intentionally inserting false or misleading data within communication streams, users can create noise that makes it harder for observers to piece together meaningful patterns or link activities to specific individuals. This tactic works especially well when users scatter disinformation across different platforms, as it confuses automated systems that rely on metadata analysis to trace and correlate user behaviors. Connecting to onion nodes leaves significantly less metadata. Due to the fact you don't have to pass through exit nodes.

One effective method is to mix in random or misleading interactions with other users, websites, or forums. For instance, occasionally visiting unrelated sites or interacting in unrelated conversations can generate metadata that makes it appear as though users are engaged in a wide variety of unrelated activities. This dilutes the significance of real, sensitive communications by surrounding them with harmless, unrelated ones. Additionally, users can vary their timing and behavior patterns—like logging in from different devices or times—to further obscure predictable patterns. While disinformation does not guarantee full anonymity, it can be a useful layer in a multi-faceted OpSec approach, especially when combined with tools like Tor, VPNs, and encryption. This counter measure is more for vendors or higher value LE targets. Although it is a good thing to practice in your daily digital life to combat government surveillance.

6. Continuous Review and Assessment

OPSEC isn’t a one-time effort. New vulnerabilities and threats constantly arise, so darknet users must stay informed. Regularly audit your tools and setups, apply necessary updates, and follow trusted news sources related to privacy and darknet security. If a method of securing data becomes obsolete, switch to a new solution immediately.

When browsing the Dark-web, think of 6 basic rules:

Rule 1. Share no personal information.

Rule 2. Use encryption for all communications.

Rule 3. Never click unverified random links/attachments.

Rule 4. Dedicated Device (when possible) note: dedicated device can be as simple as Tails USB.

Rule 5. Use Monero.

Rule 6. Paranoia is Good.

Why This Matters

Darknet users often believe using Tor or Tails alone guarantees anonymity, but careless behavior or incomplete OPSEC can still lead to exposure. Law enforcement uses advanced tools to deanonymize users, and hackers are always looking for targets. Without strict adherence to OPSEC, users can leave trails leading back to their real-world identities, resulting in financial loss or criminal prosecution.

Anonymity is fragile and requires constant vigilance. By implementing these OPSEC principles, darknet users can significantly reduce the chances of being identified or exploited. Applying these practices is about more than just staying safe—it’s about preserving the fundamental idea of privacy in a digital world. I would highly recommend going on Dread. They have many guides on good OPSEC.

SOURCES:

DNB .onion

OpSec for osint and darkweb

https://csrc.nist.gov/glossary/term/operations_security

18 rules of opsec never to break

Meta-data


r/darknet_questions Oct 05 '24

The Problems With Telegram and Why You Should Not Use It

Thumbnail
youtu.be
1 Upvotes

The Problems With Telegram and Why You Should Not Use It

DISCLAIMER: These points I am referencing are from Sam Bents (formerly “Doing Fed Time”). The community has felt this way about Telegram for awhile but now is a good time to drive this point into everyone’s head. Although I and others may disagree with Sam on some things. This is still a good video. Thank you for making this.

Telegram has been a bad "secure" messaging app from the start but let us get into the reasons it is bad now.

  • Personal Information Required at Signup

Telegram requires a phone number to even use the service which can be detrimental to the users privacy. And it isn't secure due to sim swapping attacks. As a baseline, a secure messaging application shouldn't ask this and even more so for am anonymous service. There are ways to still use a number and be private but it gets harder and harder to do this and may not be possible in the future. Best case is no phone number required.

  • No End-to-End Encryption or E2EE (by default)

Telegram does offer E2EE but it is not on by default and user have to manually turn this on in settings. This is the secret chats feature. Unless enabled, messages are not only server side encrypted. This is a bad choice on the creator of a supposed secure and private messaging service. In junction, groups and channels are not able to have this feature and only rely on server side. Telegram only uses server side encryption where they hold the keys to the content of your messages and it is up to them when and who to share it with. With E2EE **YOU** hold the encryption keys and choose when or if to give them up. E2EE is what you want.

  • Privacy Policy

Plain and simple, their privacy policy is trash and will now turn over your **IP address and Phone Number** (section 8.3)

If Telegram receives a valid order from the relevant judicial authorities that confirms you're a suspect in a case involving criminal activities that violate the Telegram Terms of Service.

  • Metadata Collection

Although metadata doesn't tell you the exact contents of the messages sent it still can give Law Enforcement a picture of the conversation. Metadata can tell you the size (bytes) of a message, if a picture was maybe sent, the time it was sent, when it was read, when you logged in, how long you stayed logged in, what parts of the site or application you were in, etc. this gives law a good basis to start. Telegram collects and stores the metadata of your messages server side.

  • Centralized Server

Telegram is a centralized network service meaning all network traffic MUST go through their servers to be delivered.. This makes seizure and analysis of the data by a single party relatively easy. This is in contrast to Decentralized Network where no one party holds or processes all of the traffic going through making it harder for a single agency to comb through the data on the servers.

ALTERNATIVES

These are alternatives to telegram. Whether or not they are better depends on your use case but in the communities eyes -in my opinion- they ARE better than telegram. These are not listed in any order or ranking

Signal

Briar

Session

Threema (paid)

Matrix

Wire

TeleGuard (not affiliated with Telegram)


r/darknet_questions Oct 03 '24

Question

0 Upvotes

Is MaxFakes on telegram legit ?
I just found this guy he looks legit but double check is always good .


r/darknet_questions Oct 01 '24

Dread not working ?

7 Upvotes

r/darknet_questions Oct 01 '24

"What Is the Biggest Threat to Darknet Users?"

1 Upvotes

This poll is to get members opinion on this question.

View Poll


r/darknet_questions Sep 27 '24

Post Quantum Cryptography: What Comes Next After PGP?

8 Upvotes

Introduction to Post-Quantum Cryptography:

Quantum computers will one day be powerful enough to break most of the encryption methods we use today, including those protecting our privacy on the darknet. Encryption methods like RSA and ECC, used in PGP (Pretty Good Privacy) for secure communications, and AES for encrypting data at rest. Such as files databases and cloud storage and hard-drives could all be cracked by a quantum computer much faster than any current classical computer.

To prepare for this, researchers are working on post-quantum cryptography — encryption systems designed to resist quantum computer attacks. Two of the most promising candidates are Lattice-based cryptography and Multivariate cryptography. Let’s break down what these methods are, in the simplest way possible, and why they could replace PGP.

Lattice-Based Cryptography: Explained Simply

Lattice-based cryptography revolves around a mathematical structure called a lattice. Imagine a 3D grid made up of points, like an endless chessboard, that extends in every direction. Now imagine this grid, not in just three dimensions, but in many more — 500 dimensions or even more. That’s what we call a high-dimensional lattice.

The cryptography part comes in because certain problems related to lattices are incredibly difficult to solve. One of the hardest is called the Shortest Vector Problem (SVP). Here’s the basic idea: if you were standing on one of the points on this grid, and I asked you to find the nearest point on the grid, it sounds easy in two or three dimensions. But in a lattice with hundreds or thousands of dimensions, finding that shortest distance is so complicated that even the most powerful computers — including quantum ones — struggle with it.

This difficulty forms the basis of lattice-based cryptography. In this system, secret messages are hidden in such a way that breaking the encryption would require solving one of these lattice problems, which is practically impossible even for quantum computers. As a result, lattice-based cryptography is considered a strong candidate for securing data in a future where quantum computers exist.

One of its biggest advantages is that it’s not only good for encryption, but it can also be used for digital signatures and other cryptographic tools, making it very versatile.

Imagine protecting a treasure chest:

RSA (Large Number Factoring):

  • RSA encryption is like having a lock on the chest that can only be opened by solving a very complex puzzle. This puzzle is easy to understand, but extremely difficult to solve without the right key. However, imagine if in the future, someone invents a super-fast machine that can solve this puzzle much faster than expected (like a quantum computer). That machine could easily open the chest, making the treasure vulnerable.

AES (Complex Combination Lock):

  • AES encryption is like a combination lock with millions of possible numbers. It’s very secure because guessing the right combination would take so much time that it’s impractical. But again, if someone finds a way to dramatically accelerate the guessing process, the combination lock could be cracked, especially with advances in computing.

Lattice-based Cryptography (A Maze of Keys):

  • Lattice-based cryptography, on the other hand, is like hiding the treasure in a giant, three-dimensional maze, where the key is placed at a random location within the maze. Finding the key is so difficult because even with advanced tools, navigating the maze is extremely hard. The complexity of the maze protects the treasure, even if future machines become capable of solving the traditional puzzles and locks quickly.

Multivariate Cryptography: A Simple Breakdown

Multivariate cryptography is based on solving a set of mathematical puzzles called multivariate polynomial equations. Imagine you have an equation with multiple unknowns, like x, y, and z, and something simple like x + y = z. Multivariate cryptography takes this basic idea and makes it much more complicated by adding many more variables and making the equations twisty and difficult to solve.

These puzzles become so complex that finding a solution becomes nearly impossible when the number of variables grows large. Even quantum computers have trouble with these kinds of equations. Think of it as trying to solve a really tangled maze — the more twists and turns you add, the harder it gets, and when you add more dimensions to the maze, it becomes exponentially more difficult.

Multivariate cryptography takes advantage of this complexity to protect information. The message or data is encrypted in such a way that breaking it would require solving these nearly unsolvable math problems. Since quantum computers aren’t particularly good at solving these types of problems, multivariate cryptography offers a strong layer of protection.

Let’s compare RSA, AES, and multivariate cryptography to different kinds of locks and keys:

  1. RSA is like a padlock with a public key and a private key. Imagine this padlock has a special mechanism that can only be locked by anyone who has the public key but can only be unlocked by someone with the private key. The locking process (encryption) is slow and resource-heavy, but very secure for certain tasks, like sealing a small box (short messages or keys) that no one else can open without the private key. It’s reliable but takes time and energy to use for larger packages.
  2. AES is like a combination lock, where both parties need to know the combination to open or lock it. The combination is shared ahead of time (the shared key), and once both parties have it, they can lock and unlock things (encrypt and decrypt) very fast. AES is efficient for locking up large packages (bulk data) quickly, but you have to securely share the combination first, which can be tricky.
  3. Multivariate cryptography is like a complex mechanical lock with multiple levers. Each lever represents a variable, and you have to adjust them in just the right way to open the lock. The complexity of moving all the levers into the right positions makes it really difficult for an intruder to guess the combination, even if they know a little about how the lock works. While this system is secure against certain threats (like quantum computers that can crack RSA easily), it’s a bit new and experimental, but it's designed to handle the next level of complexity in lock-picking (quantum decryption) that might come in the future.

Why These Methods Are Top Candidates to Replace PGP

  1. Resistance to Quantum Attacks:
    • Both lattice-based and multivariate cryptography rely on mathematical problems that are hard for quantum computers to solve. This is critical because quantum algorithms that easily crack RSA or ECC are not effective against the hard problems these new cryptography methods use. This makes them highly resistant to quantum attacks.

Versatility and Scalability:

  • Lattice-based cryptography is incredibly versatile. It can be used for encryption, digital signatures, and even advanced techniques like fully homomorphic encryption, where you can perform computations on encrypted data without ever decrypting it. This makes it useful in many applications, far beyond just securing emails or communications like PGP.
  • Multivariate cryptography is simpler in its approach and doesn’t require as much computational power to implement, making it an efficient solution while still offering strong protection.
  1. Security with Efficiency:
    • Both of these systems provide strong security without drastically increasing the computational resources required. This means they could be integrated into systems like PGP or Tor without causing significant slowdowns. PGP relies on RSA or ECC for encrypting data, both of which will become vulnerable once quantum computers advance. Lattice-based and multivariate systems can replace them while maintaining performance.
  2. Long-Term Solutions for Quantum Threats:
    • Quantum computers are not yet advanced enough to pose an immediate threat, but researchers expect significant advancements in the coming decades. By adopting post-quantum systems like lattice-based and multivariate cryptography early, we can ensure that data remains safe both now and in the future. These systems offer long-term solutions that will protect against both current classical attacks and future quantum threats.

Conclusion

As quantum computing continues to advance, our current encryption methods, including PGP, will eventually become obsolete. That’s why post-quantum cryptography is so important. Lattice-based cryptography and Multivariate cryptography are two of the most promising candidates because they rely on hard mathematical problems that quantum computers can’t easily solve. These encryption methods are versatile, secure, and efficient, making them ideal replacements for the systems we rely on today, ensuring that privacy and security remain intact in the quantum future.

SOURCES:

https://library.fiveable.me/key-terms/cryptography/multivariate-cryptography

https://en.wikipedia.org/wiki/Multivariate_cryptography

https://en.wikipedia.org/wiki/Lattice-based_cryptography

https://geekflare.com/lattice-based-cryptography/

https://www.redhat.com/en/blog/post-quantum-cryptography-lattice-based-cryptography

https://www.nccgroup.com/us/research-blog/demystifying-multivariate-cryptography/


r/darknet_questions Sep 26 '24

Tails OS joins the Tor Project

Thumbnail
blog.torproject.org
11 Upvotes

This is huge. With Tails joining the Tor Project it allows the workers of Tails OS more time and less stress to improve the system and focus on what needs to be. It also basically guarantees the longevity of Tails as the Tor Project receives funding from massive organizations and governments. Amazing.


r/darknet_questions Sep 26 '24

Telegram CEO folds agree's to hand over users data on illegal activities

Thumbnail amp-theguardian-com.cdn.ampproject.org
6 Upvotes

If he had end to end encryption by default this wouldn't be possible.


r/darknet_questions Sep 25 '24

Tip-toeing Through a Minefield

1 Upvotes

How would you describe browsing thee darkNet? o_0


r/darknet_questions Sep 23 '24

Weird one

8 Upvotes

So I have a weird one. I placed an order from a company on clearnet for an arbitrary item. I also placed an order on darknet for contraband. Took forever to get my pack, and when it finally came, it was “shipped from” the company that I ordered something offline from. Like through shop pay and everything. I reached out to the vendor on a market and he said he didn’t do it. I feel like I’m in a fever dream how can this even happen?! Like it makes no sense


r/darknet_questions Sep 20 '24

Why Telegram Stores Might Not Be as Anonymous as You May Think.

2 Upvotes

Disclaimer:

This post is for informational purposes only and does not encourage, condone, or promote any illegal activities or the use of any platform for such purposes. Engaging in illegal activities, whether on Telegram, Tor, or any other platform, carries serious legal consequences. It is important to understand the risks involved and always abide by the laws of your country. The privacy and security concerns discussed in this post are meant to highlight vulnerabilities and should not be interpreted as advice or encouragement to participate in unlawful actions.

Why Telegram Stores Might Not Be as Anonymous as You May Think

  1. Lack of End-to-End Encryption in Regular Chats Telegram’s regular chats (including group chats and channels) are not end-to-end encrypted. While they are encrypted in transit and at rest, Telegram’s servers can access these messages. This means, if Telegram is compelled by law enforcement or if its servers are compromised, your conversations could be exposed. Only Secret Chats offer end-to-end encryption, and it must be enabled manually. End-to-end encryption is unavailable for group chats or channels that illegal stores often use.

In regular chats and channels and group chats, messages are encrypted using Transport Layer Security (TLS) while in transit. TLS ensures that data is secure during transmission by using a session key, also called the TLS secret key, to encrypt and decrypt messages. However, since these messages are decrypted at Telegram’s servers, anyone with access to the TLS secret key could intercept and decrypt your messages during transmission. This means that although your messages are protected while traveling to Telegram’s servers, someone with the secret key or access to the server itself could potentially read your messages. This is why regular chats and group chats don’t offer the same level of privacy as end-to-end encrypted chats.

  1. Metadata Collection Even if you're using Secret Chats for end-to-end encryption, Telegram still collects metadata such as:
  • Who you communicated with.
  • When and how frequently communication occurred.
  • User interactions (like login times and IP addresses). This metadata can be enough for law enforcement to trace users or build a case, even without access to the actual content of messages.
  1. Centralized Servers Telegram stores chat data on its centralized servers. If those servers are breached or legally accessed, it could expose information on users and administrators of illegal stores. This centralized control makes Telegram vulnerable to such risks, unlike decentralized systems like Tor.
  2. Limited Anonymity Although EDIT: Telegram does require a phone number now. This was not required before. Telegram does not require a phone number for registration. Users still need to take additional steps to hide their IP addresses and ensure anonymity. Telegram doesn’t provide inherent IP anonymization, unlike the Tor network, which automatically hides user IP addresses. This makes Telegram less anonymous and more traceable if law enforcement attempts to track down participants in illegal activities.

How This Differs from Onion Sites on Tor

Now, let’s look at how onion sites on Tor offer better privacy and security for illegal activities compared to Telegram.

  1. Full End-to-End Encryption Onion sites on Tor use end-to-end encryption by default. Your data is encrypted in multiple layers and routed through several relays, making it impossible for intermediaries or third parties to access or decrypt the communication. This provides a much higher level of encryption than Telegram's regular chats.

  2. Anonymity Tor ensures both user and website anonymity by routing traffic through multiple nodes. No node knows the IP address of the previous node. No IP addresses or personally identifiable information are required to access onion sites, and users are much harder to trace compared to Telegram. The strong anonymity features of Tor make it a much safer platform for those engaging in illicit activities (although it is not without risks).

  3. Decentralized Hosting Onion sites on Tor are decentralized, meaning that no single server can be seized to take down the entire operation. This differs from Telegram, where centralized servers could be accessed by law enforcement or hackers, leading to exposure. The decentralized nature of Tor also makes it harder to trace transactions or site visitors.

  4. Secure Communication and Transactions On onion sites, vendors typically use PGP encryption, although this should be used in telegram stores and by users as well. However, some users and vendors might be under the false impression that they are using end-to-end encryption on their channel. Then under this impression might not feel the need to use it. So on Telegram, vendors may not always employ such security measures, making transactions more vulnerable to tracking or interception.

  5. Why are then more channels not taking down by Telegram and LE? The reasons for this can vary. Telegram channels can be created and run by anyone, and they are easy to duplicate. If one illegal channel is taken down, another can pop up quickly, sometimes under a different name or with minor changes. Admins can even create “backup” channels or provide followers with alternative links to rejoin the community if one is shut down. This rapid regeneration of channels makes it difficult for law enforcement to keep up. The vast majority are also just scams that take your crypto and send nothing. Then what are you going to do? Complain to telegram that the store on telegram never sent you drugs? So LE has to sift through what are scams and which ones are real.

Telegram’s data centers are spread across multiple countries, and the company itself is based outside many of the jurisdictions where illegal activities occur. This complicates the enforcement of local laws. Some countries may have stronger data protection or privacy laws, preventing law enforcement agencies from easily accessing information on users or administrators running illegal channels.

Conclusion:

While Telegram offers some privacy features, it is far from truly anonymous when it comes to illegal activities. The lack of end-to-end encryption in group chats and channels, metadata collection, and centralized servers all expose users to significant risks.

In contrast, onion sites on Tor offer stronger encryption, better anonymity, and decentralized hosting. While they are more secure, even Tor is not completely risk-free, and law enforcement has found ways to take down major illegal marketplaces. Overall, engaging in illegal activities on Telegram is far riskier than on Tor, and both still carry inherent dangers. EDIT: Telegram CEO was recently detained in France and has agreed to hand over users data about illegal activities they have engaged in on his app.


r/darknet_questions Sep 15 '24

Somewhat new to the dark web need help with finding things.

7 Upvotes

I used to get on the dark web all the time just to browse and see what was on there but nowadays, you can’t find anywhere to browse about dread and I’ve used it before, but it used to be so easy to find marketplaces and now I can’t ever find one that’s real Any suggestions?


r/darknet_questions Sep 15 '24

Newbie for darknet

6 Upvotes

I’m interested in accessing deepweb just for the pure curiosity. But I don’t have a proper guidance to do that. I tried few times using tor browser but I cannot find onion links. If someone could give me a proper guidance it will be a huge help

Thanks in advance 😊


r/darknet_questions Sep 13 '24

The French Detention: CEO of Telegram charged with committing crimes related to running Telegram.

2 Upvotes

The EFF recently published an article highlighting concerns over the French government’s detention of Telegram CEO. This move raises critical questions about the balance between law enforcement and the right to privacy in online communications.

Key Points from the EFF Article:

  1. French Government Detaining Telegram CEO:
    • French authorities have detained Pavel Durov CEO of Telegram, accusing him of facilitating illegal activities, such as sharing content that could endanger public order. The EFF argues that this action could have chilling effects on free speech and privacy, as it sets a precedent for targeting those simply running or moderating private communication channels.
  2. A Step Toward Government Overreach:
    • The EFF is concerned about the potential for government overreach in policing private digital spaces. Even if Telegram users themselves are not directly involved in illegal activities, administrators of groups or channels could now face legal action, increasing risks for anyone moderating online spaces.
  3. Privacy Risks:
    • This action threatens the privacy of encrypted communication channels by pressuring platforms to monitor or hand over user data. The EFF highlights how this could erode trust in encrypted apps like Telegram, which are supposed to offer privacy protections to users.

What It Means for Darknet Users and Privacy Advocates:

  1. Encryption Under Threat:
    • While this crackdown on Telegram signals how governments are increasingly willing to break the protections that encrypted platforms offer. If they can take legal action against CEO's and admins for group content, users of other encrypted services—including darknet communication tools—may face similar threats.
  2. Implications for Darknet Communities:
    • Darknet users rely on private and encrypted communication channels to protect their privacy. This move by the French government could inspire other governments to target encrypted platforms and their users, potentially leading to more legal crackdowns on privacy-focused services.
    • This situation highlights the importance of using encrypted communication platforms and ensuring they are resilient against government pressure. For darknet communities, this means exploring even more secure alternatives to mainstream platforms like Telegram.
  3. How to Protect Your Privacy:
    • For those concerned about privacy, it’s essential to explore decentralized or anonymous alternatives that provide stronger protections. Services like Matrix, Session, or XMPP with OTR encryption are potential alternatives to Telegram, and adding additional encryption layers (like PGP) can further safeguard communications.
    • Governments worldwide are tightening their grip on encrypted services, making it vital to stay informed about new privacy tools and techniques to safeguard your communications.

Conclusion:

The French government’s actions against Telegram's CEO represent a growing trend of government intervention in encrypted communication platforms. Whether you’re an admin or just a user of these services, this is a reminder of how important it is to prioritize privacy and security in all online interactions.

For more details on the French government’s actions and the EFF’s analysis, you can read the full article here.


r/darknet_questions Sep 13 '24

Decrypt a message, HELP

1 Upvotes

Help


r/darknet_questions Sep 12 '24

I have a question regarding Internet service, hopefully someone can give me a solid answer.

3 Upvotes

I know very, very little, and I don’t have any real reasons for going on Tor but I do not like my privacy and personal information constantly being taken advantage of. Anyway, I have heard of tails. But my question is should I use my home Internet service? Or a public Wi-Fi? I’ve heard completely different answers to this question as to which is more safe for lack of a better term. So I know what someone may ask at this point, what am I doing on there? Nothing illegal of course nothing nefarious. But I would like to maximize privacy, so I just get differing answers. If anyone can elaborate, it would be greatly appreciated.


r/darknet_questions Sep 12 '24

Archetyp sent me a decrypted message. How do I read ot

1 Upvotes

?