The Best Dark Web Browser for Your Device

darkweb-browsers

When you want to access the dark web, you need to use a browser that knows how to access the content. Browsers like Chrome and Safari are not suitable. If you’re not sure which one to choose, keep reading. We are going to introduce you to several dark web browsers that you should consider. Warning: Always Use a VPN on the Dark Web We spend a lot of time espousing the virtues of a reliable paid VPN provider. A high-quality VPN is one of the best tools at your disposal if you want to keep yourself safe and secure online….

Read the full article: The Best Dark Web Browser for Your Device

When you want to access the dark web, you need to use a browser that knows how to access the content. Browsers like Chrome and Safari are not suitable.

If you’re not sure which one to choose, keep reading. We are going to introduce you to several dark web browsers that you should consider.

Warning: Always Use a VPN on the Dark Web

We spend a lot of time espousing the virtues of a reliable paid VPN provider. A high-quality VPN is one of the best tools at your disposal if you want to keep yourself safe and secure online.

In the context of using the dark web, using a VPN is even more critical. Because of the content that’s available on the dark web, law enforcement agencies around the world are particularly keen to know who is using it and what they are looking at.

Sadly, the myth that the dark web somehow makes you impossible to track is completely untrue—just ask the founder of the Silk Road site, Ross Ulbricht. He is currently serving life in prison.

If you want to ensure your anonymity, you should sign up to a reputable provider like ExpressVPN or CyberGhost. Both VPNs have special deals for MakeUseOf readers! Get three months of ExpressVPN for free using this link, or six months of CyberGhost for free using this link!

1. Tor Browser

Available on: Windows, Mac, Linux, Android

The Tor Browser has been the de facto leader for many years. It is the flagship product of the Tor Project (the company responsible for maintaining the Tor network).

The browser itself is based on Firefox. In addition to the Tor proxy, it also comes with modified versions of NoScript and HTTPS Everywhere built in.

When you use the Tor Browser, all your traffic will automatically travel through the Tor network. And when you end your dark web session, the browser will instantly delete cookies, browsing history, and other data.

You’ll also find yourself using the Tor Browser if you use the TAILS operating system to connect to the dark web. If you would like to learn more about TAILS, check out our article on how to access the dark web safely.

Finally, a word of warning. In 2013, experts realized that Tor was vulnerable from a JavaScript attack due to issues with the implementation of NoScript. Users IP addresses and MAC addresses were leaked (again, use a VPN!).

Download: Tor Browser

2. Invisible Internet Project

Invisible Internet Project options screen

Available on: Windows, Mac, Linux, Android

The Invisible Internet Project (often shortened to I2P) lets you access both the regular web and the dark web. Specifically, you can access I2P’s own darknet, though you can access Tor using the built-in Orchid Outproxy Tor plugin.

When you use the software to log on to the dark web, your data is run through a layered stream; it muddies the information about the user and makes tracking almost impossible.

The app encrypts all the connections (including both public and private keys) that run through it.

Perhaps the most unique aspect of the Invisible Internet Project is its support for decentralized file storage thanks to the Tahoe-LAFS plugin.

(Note: We advise beginners to use Tor instead. I2P is notorious for being difficult to set up, especially if you are new to the dark web world.)

Download: Invisible Internet Project

3. Firefox

firefox setting network.dns.blockDotOnion

Available on: Windows, Mac, Linux, Android, iOS

Yes, we mean the regular version of Mozilla Firefox that’s currently running on millions of machines around the world.

If you want to use Firefox to access darknets and Tor, you will need to make some tweaks to the settings.

  1. Open Firefox.
  2. Type about:config into the address bar and hit Enter.
  3. Locate network.dns.blockDotOnion.
  4. Change the setting to False.
  5. Restart the browser.

Before you use Firefox to visit any darknet sites, make sure you also install the NoScript and HTTPS Everywhere plugins.

Download: Firefox

4. Whonix

Available on: Windows, Mac, Linux

The Whonix browser uses the same source code as Tor, so you know you’re going get a reasonably similar experience in terms of both usability and features.

Despite the similarities, however, there are some crucial differences under-the-hood. Most significantly, the browser prevents user applications from discovering a machine’s IP address thanks to a workstation virtual machine which connects to the internal virtual LAN and which can only communicate with the gateway.

The developers claim that their technology is so robust that even malware with root privileges would not be able to discover the machine’s true IP address.

It’s also important to realize that Whonix is not a standalone browser. It is part of the wider Whonix operating system; the entire OS runs inside a virtual machine. It comes with all the major productivity apps like a word processor and an email client.

Download: Whonix

5. Subgraph OS

subgraph apps list

Available on: All desktop computers

As the name suggests, Subgraph OS is another complete operating system—just like Whonix and TAILS. The browser and wider operating system were both praised by the famous whistle-blower, Edward Snowden, for their privacy features.

Once again, the browser users the Tor Browser’s code for its foundation. The app uses multiple layers to protect your security. The layers include kernel hardening, meta-proxy encryption, filesystem encryption, package Security, and binary integrity.

Subgraph OS also deploys container isolation. It includes customized messenger and email apps.

All these features have seen Subgraph OS grow in popularity over the last couple of years. Though there is no official data, it is anecdotally the second most popular dark web browser behind Tor.

Download: Subgraph OS

Learn More About the Dark Web

The Tor bundle is the most popular browser for the darknet. It opened the gates to this mysterious inner world and is still going strong. But don’t forget the peace of mind a VPN service will give you.

The dark web is still a confusing and mysterious place. Aside from needing to use an unfamiliar browser, you’ll also quickly discover that search engines like Google don’t work.

But don’t worry, there are alternative ways to find the content you’re looking for. If you would like to learn more, check out our articles on the best dark web websites that you will not find on Google and the best search engines to browse the dark web.

Read the full article: The Best Dark Web Browser for Your Device

The Experian Dark Web Scan: Do You Need It and Can You Trust It?

dark-web-scan

Chances are that you’ve seen advertisements for services offering a dark web scan lately. They’ve even made their way to regular TV commercials, with Experian’s dark web scan being one of the most popular. With data breaches becoming more common, it seems like a good idea to protect your security in this way. However, you could end up paying for pretty much nothing. Let’s take a look at Experian’s dark web scan and see what it actually does. What Is the Dark Web? We’ve talked about the dark web before, so we’ll summarize here if you’re not familiar. The dark…

Read the full article: The Experian Dark Web Scan: Do You Need It and Can You Trust It?

dark-web-scan

Chances are that you’ve seen advertisements for services offering a dark web scan lately. They’ve even made their way to regular TV commercials, with Experian’s dark web scan being one of the most popular.

With data breaches becoming more common, it seems like a good idea to protect your security in this way. However, you could end up paying for pretty much nothing. Let’s take a look at Experian’s dark web scan and see what it actually does.

What Is the Dark Web?

We’ve talked about the dark web before, so we’ll summarize here if you’re not familiar.

The dark web is the name given to hidden websites that you can’t access without special software. Pages you can access via searching on Google or visiting directly only make up a part of the internet. To access sites on the dark web, you need to use a special browser (typically Tor) and know each site’s specific address.

Because the dark web (rightfully) has a reputation for illegal activity, it makes sense that you’d want to know if your information was being traded on it. So what does Experian offer?

Walking Through Experian’s Dark Web Scan

The Experian Dark Web Scan page promises to scan the dark web for your Social Security number, email, and phone number. It’s offered once for free, with no credit card information required. We walked through it to see what it actually entails.

Experian Dark Web Scan Info Page

To sign up, Experian asks for your name, current address, phone number, and email address. It also pre-checks a box to sign you up for marketing emails from Experian, which you probably don’t want.

After you enter this, Experian asks for the last four digits of your Social Security number to verify your identity. In theory, this protects you from someone illegally accessing your credit information. You’ll also need to provide your birthday and create an account username and password.

Once you submit your request for the scan, you’ll have to answer some questions about your recent credit activity to further confirm who you are. Then you’ll have to create a security question and PIN—make sure to answer the security question wisely.

Experian Credit Questions

Experian will check your credit score, which will not affect your credit. You’ll then see a prompt to start your Dark Web Triple Scan. Experian says it is “scanning the dark web globally” while it does this.

Results of Experian’s Dark Web Scan

After a few seconds, I got the results of my scan. According to Experian, my email address was compromised, but my Social Security number and phone number were clear.

Experian Security Report

The two websites that it listed as compromised for my email were Patreon and bitl.y. As it turns out, I’ve known about both of these breaches for years, so this didn’t reveal any new info to me. We’ll discuss this more in a moment.

At the bottom of the report, Experian lists that it didn’t scan “other personal information.” This includes your driver’s license, medical ID, bank accounts, and similar. It wants to sell you the $10/month Experian IdentityWorks paid service to do this.

Experian Paid Account Upgrade

After clicking around my new Experian account for a bit, I didn’t see anything particularly notable. Nearly everything requires upgrading to a paid account, which seems to be why Experian requires you to create an account to run this scan.

Is the Experian Dark Web Scan Worth It?

After walking through Experian’s offering, I feel confident in saying that it was pretty much worthless. The only information that it found was years-old breaches from major websites that have nothing to do with the dark web, which I already knew about and took action.

Experian’s “recommended actions” all revolve around you paying the company for more services. It wants you to sign up for more monitoring and even pay to access your credit score (which you can do elsewhere for free).

But this is a waste of money.

What You Should Do Instead

Don’t pay Experian for what you can do for free.

Check for Account Breaches

Thanks to the website haveibeenpwned, operated by security expert Troy Hunt, I already knew when my credentials were leaked by Patreon and bit.ly. Simply enter your email address and you’ll see all the breaches that affected you.

haveibeenpwned

From there, you can take action to secure your accounts by changing your passwords, setting up two-factor authentication, and similar. Click the Notify me tab at the top of the page and you’ll even receive an email when a future breach of your information happens.

For better security, we recommend using a password manager and generating unique passwords for each site. That way, if one password is exposed, hackers can’t use it to break into multiple accounts.

Don’t forget about other ways to check if your online accounts were hacked, too.

Freeze Your Credit

Experian wants you to subscribe so you can enable a “credit lock”, but you can already do 99% of what that lock offers by freezing your credit report. This used to cost a fee, but since late 2018, it’s free to freeze and thaw your credit in all 50 states.

When you freeze your credit, nobody can access it unless you use your unique PIN to temporarily unfreeze it. This makes it much harder for someone to steal your identity, as they can’t open new lines of credit in your name.

It’s a small hassle to unfreeze your credit when you do need it, like when applying for a loan, but it’s worth the added security.

You’ll need to freeze your credit with each of the three major agencies individually. Visit these pages to get started:

Why Dark Web Monitoring Is Useless

We’ve looked at what Experian’s dark web scan offers compared to alternatives, but what’s more important is what it doesn’t offer. Dark web scanning supposedly looks all over the dark web for your personal info, but this is impossible by the very nature of the dark web.

Nobody knows how many sites are on the dark web because they don’t link to each other like the standard web. Experian says that its scan “looks back to 2006 and searches over 600,000 web pages” for your information. However, we can safely assume that the dark web holds many millions of pages. Further, exchanges of sensitive information are private and wouldn’t be accessible to the public in searches like this.

Because of this, it’s clear that Experian and other dark web scanners do not scan the entire dark web for your information. This is impossible, and any service claiming to do so is lying. In all likelihood, these services instead scan giant dumps of leaked data (like haveibeenpwned does) to report if your information was leaked.

And while free services don’t scan for your Social Security number, chances are that it’s probably already leaked at some point. Remember the awful Equifax data breach in September 2017, which put the sensitive info of some 200 million people out into the wild for anyone to access? These breaches happen too often, and have probably leaked your private data already.

The best you can do is freeze your credit and proactively watch for signs of fraud. Paying Experian money to do scans you can do for free isn’t going to help much. Remember that in my trial, it didn’t actually find anything from the dark web. And if it did find a compromised Social Security number, it would recommend a credit freeze anyway.

Dark Web Scans: Forget the Hype

Frankly, seeing a credit agency like Experian start pushing its dark web scan in the wake of the Equifax data breach is frustrating.

These companies, that nobody has voluntarily chosen to work with, hold an immense amount of vital data on people. Then when one leaks this information due to gross negligence, another responds by selling you a product to “protect your identity” that you wouldn’t need if they hadn’t leaked info in the first place.

There’s no reason to pay for these dark scan services. Use the tools recommended above to take your identity protection into your own hands.

And after all this serious talk, it’s time to have some fun. Check out the coolest dark web websites you can visit now.

Read the full article: The Experian Dark Web Scan: Do You Need It and Can You Trust It?

How to Access the Dark Web Safely and Anonymously

access-dark-web-

So, you want to get on the dark web? Don’t worry; we’re not judging. There are lots of perfectly legitimate reasons you might want to access all that shady content. Joking aside, if you want to know how to access the dark web in a safe and anonymous way, keep reading. There are some crucial steps you need to take when you want to get on the dark web. 1. Always Use a VPN to Access the Dark Web We’re not going to dwell on what the dark web is or how it works. Suffice to say that too many…

Read the full article: How to Access the Dark Web Safely and Anonymously

So, you want to get on the dark web? Don’t worry; we’re not judging. There are lots of perfectly legitimate reasons you might want to access all that shady content.

Joking aside, if you want to know how to access the dark web in a safe and anonymous way, keep reading. There are some crucial steps you need to take when you want to get on the dark web.

1. Always Use a VPN to Access the Dark Web

We’re not going to dwell on what the dark web is or how it works. Suffice to say that too many users think they are safe from the prying eyes of ISPs and governments just because of the way dark net uses onion routing technology.

That’s not true. Even if you use the Tor browser, your traffic can still be traced back to you by anyone with enough time and know-how (for example, the FBI!).

And remember, the Tor browser fell victim to an IP leak in April 2018. Nicknamed “TorMoil,” the flaw allowed a user’s operating system to connect to a remote host, bypassing the Tor Browser entirely. MacOS and Linux users were most at risk.

Ergo, you should also use a VPN when connecting to the dark web. It will encrypt your web traffic, ensuring its hidden from snoopers even if there’s a similar repeat of last year’s issues.

We recommend using ExpressVPN or CyberGhost.

2. Download the Tor Browser from the Official Website

TOR browser official download page

Tor might have had its security problems in the past, but it’s still the safest and most popular way to get on the dark web.

Because of its market-leading position and the nature of the content which you can access when using it, it should come as no surprise to learn that there are a lot of actors out there who want to spoof the app and make you download a compromised version instead.

Therefore, you should never download the Tor browser from any source other than the official website. You can find it at torproject.org. The browser is free to download and use.

You also need to make sure you keep your browser up-to-date at all times. Failure to do so could leave you vulnerable to security issues.

Check out our list of tips for using Tor safely if you’d like more information.

3. Take Security Precautions

The dark web is a popular hangout for hackers, cybercriminals, malware creators, and other unsavory types that you really don’t want anywhere near your machine.

Sadly, the nature of the dark web means you’ll probably encounter them at some point. Ideally, you need to make yourself as small a target as possible by reducing the number of attack vectors they can use.

Therefore, before you open the Tor browser, you should close all the other apps on your machine, stop unnecessary services from running, and cover your webcam with a piece of paper.

4. Install TAILS

The Amnesiac Incognito Live System (TAILS) is a unique Debian-based version of Linux that leaves no trace of any user activity—nor the operating system itself—on your computer.

The operating system is free to use and live boots from a USB stick or DVD.

TAILS cannot save cookies or file to your hard-drive without directly asking it to do so. You also won’t run the risk of browsers dumping “page out” data onto your disk (most browsers do so for speed and efficiency.)

Furthermore, TAILS comes with the Tor Browser pre-installed; you won’t need to worry about extra steps once you’re up and running.

All web traffic on a TAILS machine is automatically routed through Tor. If the operating system detects any non-anonymous connections, it will automatically block them.

And yes, TAILS also has built-in productivity tools like a word processor and email client, meaning you can do more than merely browse the web while it is running.

You can download tails from tails.boum.org.

5. Know Where You’re Going

When you access the dark web, you won’t have the luxury of Google neatly indexing search results for you to browse. As a result, it can be hard to find what you’re looking for; you could easily stumble into someplace you really don’t want to be.

As such, we recommend using one of the many directory sites to decide upon the pages you want to visit before you even open Tor.

There are lots of great resources on the web that can help to point you in the right direction, not least our own guide to the best dark websites you won’t find on Google.

The dark web itself also has plenty of dark web site directories. One of the best places to start for both newbies and experienced users is The Hidden Wiki. You can access it by pasting the following link into the Tor browser:

http://zqktlwi4fecvo6ri.onion/wiki/index.php/Main_Page.

You should also check out our article on how to find active onion sites—we’ve listed some of the best dark web directories out there.

6. Use Cryptocurrency for All Your Transactions

If you want to purchase something from one of the many dark web marketplaces, under no circumstances should you use anything other than cryptocurrency. Indeed, you’ll find most sellers will not accept regular credit card payments.

Of course, the temptation is to use Bitcoin—it’s the world’s most common cryptocurrency, and many people think it is entirely anonymous. In practice, that’s not true. Issues such as address reuse, connected nodes, tracking cookies, and blockchain analytics mean it’s very possible for someone to link your personal details to a transaction.

You could use a “Bitcoin mixer” to anonymize your tokens, but they’re expensive and require you to place trust in an otherwise untraceable third-party.

Instead, you should use a privacy-focused coin. The two most common are Monero and Zcash. We’ve published a complete guide to Monero on our sister site, BlocksDecoded.

7. Close Everything

When you’ve finished browsing the dark web, don’t be lazy. Make sure you shut all your browser windows and other content that may be connected.

If you’ve used TAILS, quit the operating system and reboot back into your usual interface. If you’ve used Windows or macOS, it’s a good idea to restart your machine.

More Dark Web Tips

If you carefully follow the seven tips we have provided, you will be well on the way to accessing the dark web in a safe, secure, and anonymous way.

If you would like to learn more about the dark web, check out our visual guide to the deep and dark web.

Read the full article: How to Access the Dark Web Safely and Anonymously

US Citizen Voter Records Hacked and Now for Sale on the Dark Web

cwa-informed-voter

So much is going on every month in the world of cybersecurity, online privacy, and data protection. It’s difficult to keep up! Our monthly security digest will help you keep tabs on the most important security and privacy news every month. Here’s what happened in October. 1. Millions of US Voter Records for Sale on Dark Web The dark web always has “interesting” goodies up for sale. In October 2018, security researchers at Anomali and Intel 471 found 35 million US voter records up for sale. The records, from 19 US states, include full names, phone numbers, physical addresses, voting…

Read the full article: US Citizen Voter Records Hacked and Now for Sale on the Dark Web

cwa-informed-voter

So much is going on every month in the world of cybersecurity, online privacy, and data protection. It’s difficult to keep up!

Our monthly security digest will help you keep tabs on the most important security and privacy news every month. Here’s what happened in October.

1. Millions of US Voter Records for Sale on Dark Web

The dark web always has “interesting” goodies up for sale. In October 2018, security researchers at Anomali and Intel 471 found 35 million US voter records up for sale. The records, from 19 US states, include full names, phone numbers, physical addresses, voting histories, and other voter-specific information.

State voter registration lists aren’t entirely secret to begin with. Political campaigns, academics, and journalists can request voter registration information, so long as the records are not for commercial use or republished online.

However, in this instance, Anomali note that “When these lists are combined with other breached data containing sensitive information, e.g., social security number and driver’s license, on underground forums it provides malicious actors with key data points for creating a target profile of the US electorate.”

Particularly interesting is the claim from the seller that they “receive weekly updates of voter registration data across the states and that they receive information via contacts within the state governments.” The revelation suggests that the information is targeted, rather than the result of a leak.

Unfortunately, this isn’t the first leak of US voter record information. Back in 2015, the records of some 191 million US voters hit the internet. The database was exposed for several days and contained similar data to October’s leak.

The affected states are: Georgia, Idaho, Iowa, Kansas, Kentucky, Louisiana, Minnesota, Mississippi, Montana, New Mexico, Oregon, South Carolina, South Dakota, Tennessee, Texas, Utah, West Virginia, Wisconsin, and Wyoming.

2. Google Chose Not to Inform Users of Breach

One of the news stories from October was the death knell for Google’s social media platform, Google+. Google+ never managed to compete with Facebook or Twitter; even after Google forced millions of users to create accounts to post comments to YouTube.

The final nail in the coffin proved not to be the astoundingly short user interaction time with the platform. No. It was the revelation that the private data of Google+ users was left exposed for years—and Google did absolutely nothing about it.

The leak contained data for nearly 500,000 users. Google confirmed the leak includes names, email addresses, dates of birth, gender, occupation, places lived, relationship status, and profile pictures.

While this combination isn’t the end of the world, it’s still enough to attempt to create targeted phishing emails or force entry into other sites using password reset mechanisms.

The biggest news to come from the leak isn’t the exposure of private data, but rather that Google chose not to take the leak public. A memo leaked to the Wall Street Journal suggests that “Internal lawyers advised that Google wasn’t legally required to disclose the incident to the public.”

It is a bad look for Google, that’s for sure. What else are Google potentially hiding or covering up because the revelation would harm its business practices?

3. Torii Modular Botnet Is More Advanced Than Mirai

The phenomenally powerful Mirai botnet hit the headlines after staging consecutive record-breaking DDoS attacks. But a new modular botnet named Torii (because the initial researcher found his honeypot attacked from 52 Tor exit nodes) has built upon the foundations of Mirai, and taken attacks one step further.

But while Torii derives from Mirai, it would be wrong to say they are the same.

Torii stands out for a few reasons. One, unlike other Mirai derivatives, it doesn’t “do the usual stuff a botnet does like DDoS, attacking all the devices connected to the internet, or, of course, mining cryptocurrencies.” The Avast blog entry continues: “Instead, it comes with a rich set of features for exfiltration of (sensitive) information, modular architecture capable of fetching and executing other commands and executables and all of it via multiple layers of encrypted communication.”

Like other modular malware variants, Torii works in several stages. Once installed on a system, it checks the system architecture before dialing home to a command and control server for an appropriate payload. Architecture-specific payloads include ARM, x86, x64, MIPS, PowerPC, and more.

The secret to its success is undoubtedly its versatility. By attacking a huge range of platforms, shutting Torii down is incredibly difficult.

4. Cathay Pacific Suffers Huge Data Breach

Cathay Pacific has suffered a data breach exposing the private data of over 9.4 million customers.

The hack contains the information of 860,000 passport numbers, 245,000 Hong Kong ID card numbers, 403 expired credit card numbers, and 27 credit card numbers without a CCV verification code.

Other stolen data includes passenger names, nationalities, date of birth, email address, home address, and phone numbers, as well as other airline specific information.

Cathay Pacific Chief Executive Officer Rupert Hogg apologized to the airline’s customers, saying, “We are very sorry for any concern this data security event may cause our passengers. We acted immediately to contain the event, commence a thorough investigation with the assistance of a leading cybersecurity firm, and to further strengthen our IT security measures.”

The Cathay Pacific hack, however, firmly puts British Airway’s September data leak into perspective. BA immediately alerted customers to the hack and didn’t lose any passport numbers. The Cathay Pacific hack took place between March and May of this year. However, customers are only just finding out about the severity of the breach now.

If you’re just finding out, here’s how to check if anyone is trying to hack your online accounts.

5. 4-Year Old Libssh Vulnerability Discovered

Secure Shell implementation libssh has a four-year-old vulnerability affecting thousands of websites and servers around the globe. The vulnerability was introduced in the libssh version 0.6 update, released way back in 2014. It is unclear as to exactly how many sites are affected, but the internet-connected device search engine, Shodan, shows more than 6,000 results.

Rob Graham, CEO of Errata Security, says the vulnerability “is a big deal to us but not necessarily a big deal to the readers. It’s fascinating that such a trusted component as SSH now becomes your downfall.”

Positively, the major sites that use libssh appear unaffected. Perhaps the largest site is GitHub. However, GitHub security officials tweeted that they use a customized version of libssh for GitHub and GitHub Enterprise, so are unaffected by the vulnerability. Furthermore, it is important to note that this vulnerability does not affect OpenSSH or the similarly named libssh2.

Current advice is to patch any libssh devices immediately to version 0.7.6 or 0.8.4.

6. Hackers Target Fortnite Players With V-Bucks Scams

Fortnite is one of, if not the most popular video game in the world right now. The off-the-wall free-to-play battle royale-style game attracts over 70 million monthly players—and hackers have taken note. (Parents, your kids are playing Fortnite!)

Research from ZeroFOX suggests that hackers are targeting Fortnite’s in-game currency, V-Bucks. Players use V-Bucks to purchase cosmetic items for their in-game avatar. Despite the game being free, estimates suggest Fortnite is earning over $300 million per month for developers Epic Games.

Hackers run scam-sites advertising “Free Fortnite V-Bucks Generators” to trick unsuspecting victims into revealing their personal information, such as in-game credentials, credit card data, and home addresses.

“Games with a microeconomy, especially Fortnite, are prime targets for attackers to leverage their security attacks, scams and spam against,” said Zack Allen, director of threat operations at ZeroFOX. “These economies are a great way to make money without attracting too much attention to yourself because of the lack of regulation and the nuances of the economy (try describing a ‘V-Buck’ to any local law enforcement officer, you most likely will get a blank stare).”

It isn’t the first time Fortnite has come under security-scrutiny. In April 2018, Epic Games announced they wouldn’t use the Google Play Store for the Fortnite Android version. Refusing to use the Google Play Store means players lose out on the security offered by Google. You can check out how to safely install Fornite on Android right here.

October 2018 Security News Roundup

Those are seven of the top security stories from October 2018. But a lot more happened; we just don’t have space to list it all in detail. Here are five more interesting security stories that popped up last month:

  • IBM acquired Red Hat in a deal worth over $30 billion.
  • The Pentagon was hit with a security breach exposing 30,000 employees.
  • Ethical hackers uncovered 150 vulnerabilities in the US Marine Corps Enterprise Network.
  • Facebook is searching for a cybersecurity company acquisition to boost security and data protection.
  • Kaspersky Labs found the NSA DarkPulsar exploit in attacks against Russian, Iranian, and Egyptian nuclear targets.

Cybersecurity is a constantly evolving whirlwind of information. Keeping on top of the malware, data protection, privacy issues, and data breaches is a full-time job—that’s why we round up the most important news for you each month.

Check back at the beginning of next month for your November 2018 security roundup. In the meantime, check out exactly how artificial intelligence will fight modern hackers.

Read the full article: US Citizen Voter Records Hacked and Now for Sale on the Dark Web

How to Find Active Onion Sites (And Why You Might Want To)

dark-web-sites

The Tor network hosts onion sites. The Tor network is a series of interconnected nodes that allow private and anonymous internet use. Tor stands for “The Onion Router,” while sites hosted on the service carry the “.onion” top level domain suffix. You cannot access Tor services or onion sites using your regular browser. They’re part of the invisible part of the internet known as the deep web. Or, more precisely, they’re part of the Tor darknet. Darknets are the bits you hear about in the news; an allegedly lawless area of the internet where anything goes. But if you cannot…

Read the full article: How to Find Active Onion Sites (And Why You Might Want To)

dark-web-sites

The Tor network hosts onion sites. The Tor network is a series of interconnected nodes that allow private and anonymous internet use. Tor stands for “The Onion Router,” while sites hosted on the service carry the “.onion” top level domain suffix.

You cannot access Tor services or onion sites using your regular browser. They’re part of the invisible part of the internet known as the deep web. Or, more precisely, they’re part of the Tor darknet. Darknets are the bits you hear about in the news; an allegedly lawless area of the internet where anything goes.

But if you cannot access onion sites using your regular browser, how do you do it? And moreover, why would you want to?

How Do You Access an Onion Site?

You can only access a .onion site through Tor. To access the Tor network, you need the Tor browser. The Tor browser is modified Mozilla Firefox browser with numerous integrated scripts and add-ons to protect your privacy while browsing onion sites.

The Tor browser is preconfigured to connect to the network, and the developers strongly advise not messing around with the browser settings unless you know what you are doing. Adding to that, the “know what you’re doing” is different to a regular browser, in that altering the Tor browser settings can expose your private browsing data to external sources.

Head to the Tor Project site and download the Tor browser. Head to the download location, find the Tor Browser folder and select Start Tor Browser. The browser immediately checks for updates. If there is an update, apply it.

start tor browser shortcut folder

There are other browsers that focus on privacy and anonymity. Also, is Tor what you need, or would a basic VPN do the job?

A Quick Warning About Onion Sites

Onion sites, and darknets in general, can host some horrifying content. A large amount of it is fictional, but there is no doubt you can end up viewing potentially damaging and compromising material if you are not careful. Most of the truly awful bits are locked away behind paywalls, proxies within proxies, and addresses you won’t find printed anywhere.

There are those who would criticize websites for writing about such things—and Tor for enabling them. Tor’s Abuse FAQ provides a good defense, noting that:

“Criminals can already do bad things. Since they’re willing to break laws, they already have lots of options available that provide better privacy than Tor provides.”

Law enforcement already knows these areas of the Web exist—if not on Tor, they’d exist elsewhere. As the FAQ also notes, “Traditional police techniques can still be very effective against Tor.”

Read every description before you click any links!

How to Find Active Onion Sites

Google Search indexes the entire internet, one page at a time. Web crawlers (also known as a spider) are internet bots that systematically trawl through internet pages and index the content. Indexed content is found using a search engine.

The Tor darknet has similar indexing, though you won’t find those sites through Google. No, you need a special Tor search engine instead. Alternatively, there are numerous sites that curate lists of onion sites, such as The Hidden Wiki, and others that list indexed onion sites, such as the Onion Link List.

You must copy and paste the following links into the Tor browser, rather than your regular internet browser.

1. The Hidden Wiki

the hidden wiki tor 2018

The Hidden Wiki is a general jumping off point for new darknet visitors. The linked address is correct for 2018. Older mirror versions of The Hidden Wiki exist but feature several outdated sites as well as broken links.

The Hidden Wiki contains links for cryptocurrency wallet services, secure messaging services, domain hosting services, darknet marketplaces, the darknet versions of popular social networks, various chans (like 4chan, but on Tor), and much more. It also has a long list of non-English language sites, too.

2. Deep Web Links – Dark Web Links

Another site using the “Hidden Wiki” name, but it isn’t the “official” site. It is, however, a very long list of onion sites. Unfortunately, it is difficult to verify how many of these sites are still up and running. Also, there’s a huge number of sites on this list I wouldn’t want to verify either, but it does have a description as to what each site is.

3. TORCH

torch tor search engine

Torch is a well-known Tor search engine. However, it doesn’t work as a regular search engine. For instance, using TORCH to search for “Facebook” doesn’t return the Facebook onion site. Rather, it returns a long list of references to a Russian hacking forum. If you use Google to search for Facebook, you end up on the social media site.

4. Not Evil

tor search not evil

If TORCH doesn’t help you find what you want, try Not Evil. Not Evil works more like a regular internet search and is the successor to TorSearch (another Tor search engine) and the Evil Wiki (another listing site).

For instance, a search for “Facebook” returns the official Facebook onion site. A search for “Proton” returns the official Proton Mail onion site, and so on.

5. Daniel’s Onion Link List Raspberry Pi Directory

daniel onion link list tor directory

Daniel’s Onion Link List is a Tor directory hosted on Raspberry Pi. Cool, right? (Raspberry Pi’s have so many awesome uses!) The Onion Link List is an index directory that gives you a brief site description, the last seen and last tested dates, as well as when the onion site first hit the Tor network.

Now, Daniel’s Onion Link List does include every type of site, so carefully read descriptions before hitting links. Handily, the directory also slaps a “SCAM” label on any sites that will attempt to steal your information.

Be Safe When Browsing Tor and Onion Sites

Most darknet users will tell you the same thing: do not believe everything you hear. A huge amount of myth and infamy surrounds the Tor darknet. For the most part, it isn’t true. And if it is true, you don’t want to know about it, see it, and especially not click any link that takes you near it. Whatever “it” may be.

Tor hosts some interesting and actually useful sites, too. But if you have no idea what you are doing, check out our unofficial user’s guide to Tor.

Read the full article: How to Find Active Onion Sites (And Why You Might Want To)