The dark web refers to the last and the bottom-most layer of the web, which is not indexed by search engines; hence, its contents remain hidden from normal browsers and users.
Access to the dark web requires individuals to use special browsers such as Tor that provide users with anonymity and keep their data safe. Because of the anonymity allowed to dark web users, criminals use the dark web to perform a wide range of illegal activities. This section outlines the fundamentals of the dark web and discusses the characteristics of the Tor network.
With respect to the accessibility of content, the web is divided into the following three layers:
1. Surface Web As the topmost layer, the surface web stores content that can be accessed as well as indexed by search engines such as Google, Yahoo, and Bing. Public websites such as Wikipedia, eBay, Facebook and YouTube can be easily accessed from the surface web. The surface web comprises only 4% of the entire web.
2. Deep Web This layer of the web cannot be accessed by normal users because its contents are not indexed by search engines. The contents of the deep web can be accessed only by a user with due authorization. Information contained in the deep web can include military data, confidential data of organizations, legal dossiers, financial records, medical records, records of governmental departments and subscription information
3. Dark Web This is the third and the deepest layer of the web. It is used to carry out unlawful and antisocial activities. The dark web is not indexed by search engines and allows complete anonymity to its users through encryption. Cyber criminals use the dark web to perform nefarious activities such as drug trafficking, anti-social campaigns, and the use of cryptocurrency for illegal transactions. Accessing dark web involves the use of a specialized browser. The Tor browser is one of the browsers used to access the contents of the dark web.
The Tor network has three relays: an entry/guard relay, a middle relay, and an exit relay. These relays are also called nodes or routers and allow network traffic to pass through them.
1. Entry/Guard Relay This relay provides an entry point to the Tor network. When attempting to connect via the entry relay, the IP address of the client can be read. The entry relay/guard node transmits the client’s data to the middle node.
2. Middle Relay The middle relay is used for the transmission of data in an encrypted format. It receives the client’s data from the entry relay and passes it to the exit relay.
3. Exit Relay As the final relay of the Tor circuit, the exit relay receives the client’s data from the middle relay and sends the data to the destination website’s server. The exit relay’s IP address is directly visible to the destination. Hence, in the event of transmission of malicious traffic, the exit relay is suspected to be the culprit, as it is perceived to be the origin of such malicious traffic. Hence, the exit relay faces the most exposure to legal issues, take-down notices, complaints, etc., even when it is not the origin of malicious traffic.
Note: All the above relays of the Tor network are listed in the public list of Tor relays.
Working of the Tor Browser
The Tor browser is based on Mozilla’s Firefox web browser. This browser functions based on the technique of “onion routing,” in which user data is encrypted with multiple layers that are akin to the layers in an onion; subsequently, the data is sent through the several relays of the Tor network. When user data with multi-layered encryption passes through the different relays of the Tor network, one layer of the encryption over the data is decrypted at each successive relay. When the data reach the last relay in the Tor network, i.e., the exit relay, the final layer of the encryption is removed, after which the data reach the destination server.
The destination server perceives the last relay of the Tor network, that is, the exit relay, as the origin of the data. Therefore, in the Tor network, it is extremely difficult to identify the origin of data through any surveillance system. Thus, the Tor browser keeps user data and information about websites and servers safe and anonymous.
The Tor browser provides access to .onion websites available on the dark web. Tor’s hidden service protocol allows users to host websites anonymously with .BIT domains and these websites can only be accessed by users on the Tor network.
Tor Bridge Node
The Tor relay nodes are publicly available in the directory list, but the bridge node is different from relay nodes. Bridge nodes are nodes that are not published or listed in the public directory of Tor nodes.
Several entry and exit nodes of the Tor network are publicly listed and accessible on the Internet; consequently, they can be blocked by organizations/governments, if they wish to prohibit the usage of Tor. In many authoritarian countries, governments, Internet Service Providers (ISPs), and corporate organizations ban the use of the Tor network. In such scenarios, where the usage of the Tor network is restricted, bridge nodes help circumvent the restrictions and allow users to access the Tor network.
The usage of bridge nodes makes it difficult for governments, organizations, and ISPs to censor the usage of the Tor network.
How Bridge Nodes Help Circumvent Restrictions on the Tor Network
Bridge nodes exist as proxies in the Tor network, and not all of them are publicly listed in the Tor directory of nodes; several bridge nodes are concealed/hidden. Hence, ISPs, organizations, and governments cannot detect their IP addresses or block them. Even if ISPs and organizations detect some of the bridge nodes and censor them, users can simply switch over to other bridge nodes.
A Tor user transmits traffic to the bridge node, which transmits it to a guard node as selected by the user. Communication with a remote server occurs normally; however, an extra node of transmission is involved, i.e., the bridge node. The use of concealed bridge nodes as proxies help users circumvent the restrictions placed on the Tor network.