Why You Shouldn't Use Microsoft Windows11.

...

LMDE5 - Linux Mint Debian Edition.

LMDE5 -...

Why Should I Not Use Windows10?

Here are a...

How To Use Deep Web "Dark Web" Links 2022 With Tor browser

English

How To Use Deep Web "Dark Web" Links 2022 With Tor browser over the Tor network.

This page contain important information about how to stay anonymous online, using the Tor network and tools to keep you safe when browsing the Dark Web. Besides this you will find information about surveillance states and how they expand their laws to allow suveillance of innocent people, where Sweden seems to surpass most other countries for exception of Russia and India as of the new law that was introduced on July 1st 2022 ( 2022:711 ).

The Deep Web:

The Deep Web is the part of Internet that isn't available in the search engines, like Google or Bing for example. The sites usually apply an robots.txt that doesn't allow indexing by search engines, thus making it difficult to find. However that is just one part of the mystery, that is called the Deep Web. The other part is the sites that uses robots.txt to deny indexing and make use of an authentication solution, like logins with username and password, or in some cases a card reader together with a certificate or just a certificate installed in your web browser. Which basically means a requirement of credentials establishing your identity in order to access the system and its information. Some are legit, some aren't.

Examples for use of Deep Web are banking information, information like photos and documents saved in the cloud ( usually encrypted ) and confidential government data.

However I wouldn't recommend Tor Browser for your banking or tax report needs, use Firefox instead with the appropriate settings and plugins ( not too many ).

The Dark Web:

There are several "Dark" networks available, but the most famous and used is the Tor Network. The Tor network and others like can't be used with your everyday ordinary web browser like Chrome, Chromium, Firefox etc.

The "Dark Web" is not regulated, IP addresses are hidden and some resources require logins or another authentication mechanism like invites by another existing member or by paying a fee ( usually in Bitoin ).

Tor network uses a series of intermediary nodes ( IPs ) that encrypt your data all along the network chain. At the endpoint, your data is decrypted by an exit node so that no one can pinpoint your location or tell which file came from which computer.

Inaccessible by traditional browsers due to its unique registry operator and it's hidden by various network security measures like firewalls and encryption.

The TOR network uses encrypted pages ending in ”.onion”.

IMPORTANT ! Links to .onion sites will be listed at the end of the page, so that you read through the entire article and its content before being reckless and connecting to the Tor network before having some basic knowledge.

ISP's, the collection of your data and what they do with this information:

For example is the U.S: an FTC report, shows you how they sell your personal data. Now you should expect nothing less, no matter what part of the world you live in.

Other examples from Brazil:

Finding out if an IP-adress once was used as a Tor relay:

  • ExoneraTor - reveals if an IP was used as a relay on a given date.

Protect your identity online:

First you need to choose a VPN provider that uses OpenVPN, WireGuard or IKEv2 protocol. "Not PPTP or L2TP" which are both considered insecure. Also make sure it is a "No log" VPN provider.

VPN providers that should be of interest ( for smart people ):

  • NordVPN - Only Ubuntu/ Linux Mint 20.xx ( offers IKEv2/IPsec and OpenVPN protocol ) - AVTest pdf
  • Private Internet Access ( offers OpenVPN, and WireGuard protocol ) For Ubuntu, Linux Mint, Debian 11, LMDE5 etc...
  • SurfShark VPN ( offers OpenVPN, WireGuard and IKEv2 protocol ) For Ubuntu, Linux Mint, Debian 11, LMDE5: AVTest pdf

Countries that has blocked or outlawed the use of VPNs - Tor Browser: Blog post by Proton VPN

Then download and install Tor Browser and I recommend the use of Bridges, to obfuscate the use of the Tor Browser from being detected by sites and your ISP provider, some block the use of Tor.

Also another important thing you should know is "DO NOT install plugins" in Tor Browser, unless you are sure that they don't leak your real IP-adress !

Tor Browser ships with two plugins: NoScript and HTTPS Everywhere.

Updates: Always check the Tor project page when you get a notification of an update ! If it checks out, download and install.

Note: The Tor Browser also works on the open Internet "NOT GOOGLE or Baidu".

Some sites may not function properly without ( javascript ) ! Drupal API based sites for example works with Tor browser. Some Wordpress sites work, others don't. For sites that you need and that do not work with Tor browser, Firefox with a few privacy plugins and security customizations is recommended.

China has outlawed the anonymity services and blocks Tor traffic from crossing "The Great Firewall". How to bypass the firewall if you are a Chinese citizen here. "Private and unlisted obfs4 bridges is your best choice".

Surfing the Dark web using Internet café Wi-Fi or other Free Wi-Fi hotspots:

  1. Check for CCTV in the area and its surroundings, where you plan to use your notebook.
  2. Check for cameras inside the coffe shop or restaurant.
  3. Never connect to a hotspot without using a secure VPN.

Internet search engines that work with Tor Browser:

DuckDuckGo ( Recommended for privacy ) , BING by Microsoft, YAHOO. These are regular search engines for the Open Internet.

Secret surveillance of Tor users by federal agencies, criminals and hackers:

It is strongly recommended "NOT" to enter the "Dark Web" without the use of a secure VPN ( setup without a DNS leak ), because of the exit nodes. The exit nodes can be run by federal government agencies or criminals. You don't know who runs the exit nodes, since it is anonymous.

While it is claimed that most exit nodes are secure and run by private citizens, I wouldn't recommend you buy into that rubbish. It is more likely that you are being surveillanced, than not. KEEP THAT IN MIND !

Examples: The FBI is tracking Tor users with spyware. ( In this particular case - not a problem ), however it might be used in other ways and for other purposes.

It all depends on if the exit traffic is unencrypted or not and if it contains identifying information or not. Also you should know that Javascript plays an important role in revealling your real identity.

The Tor network uses three hops and the nodes are either normal nodes ( which can be used on hop 2 ) or, gateway nodes or exit nodes ( which can be used on hop 2 or 3 ). So the exit node will be at the second hop in most cases "assumed".

Honeypot traps on the "Dark Web":

A honeypot is a security mechanism that creates a virtual trap used to lure in hackers and other criminals. It is an intentionally compromised computer system that allows hackers to exploit vulnerabilities or in some cases to study the visitors of a Dark Web site to find out their intentions and real identity.

A real life example is how a hacker created three websites running Debian on a VMWare virtual machine, targeting Tor users interested in or seeking counterfeiting services, illegal drug products, and pedophiles. He soon decided to focus his attention on pedophiles and was able to identify some people using Windows as you can see in this article.

How he did it: "At first, only login data and network packet captures were used to deduce the user’s identity. Later, link traps were introduced before finally introducing a “security scanner” as a requirement to gain the highest level of membership."

This means you download and run "unknown" software, that can and most likely will comprimise your system and personal details.

"The exit node IP address does not uniquely identify a visitor but rather, provides the endpoint used in the tor circuit."

However reading the hackers article, it is disturbing to see how much pedophiles are active on the Dark Web.

This example shows how honeypots can be setup and used for different purposes and not just by agencys like the FBI.

Other examples are:

In August 1, 2013 some users discovered Freedom Hosting sites were serving a hidden iFrame, which could be another website within the website you are visiting. After analyzing this, it was discovered a Windows program hidden in a variable "Magneto" CVE-2013-1690 sent MAC-addresses and Windows hosts names to a place in Virginia, US. Back then TOR browser did not have an auto-update feature, which is has now.

However, the Malware planted by the FBI included innocent victims as well, so what can you do, but protect yourself with knowledge and apply it to your systems. Hell, even the so call good guys are hacking us....WTF...

VPN should always be standard in using the "Dark Web":

You should not register on a website that doesn't use a SSL certificate or use a non-ssl site unless you have a VPN installed and it is configured properly. Looking at the obvious fact that your ISP, whether in the U.S or not records every move you make online and can read the data if your traffic is un-encrypted and visits a non-ssl website.

They then move on to selling your data to advertising agencies and your government, this should atleast make you stoṕ and think.

Some VPN-providers offers extra "protection" like a proxy, however the traffic through a proxy is not encrypted, but masks your IP. You should, ask your VPN provider if what they offer a proxy.

You should also look at: No-log claims have held up in court or not and if they have lots of servers worldwide and if the VPN was at some point hacked.

Aggressive IPv6 blocking:

Make sure the VPN provider also automatically enables aggressive IPv6 blocking to prevent any DNS leaks. This could give away your real "IP address".

Here is why Private Internet Access by default blocks IPv6.

Although if you are connecting over the Tor network using bridges, you will sometimes see that you are connected using IPv6 protocol. Internet Protocol version 6 is the most recent version of the Internet Protocol.

  • Native support for end-to-end encryption: This was a feature that was added much later to IPv4, but comes as a standard for IPv6.
  • Secure neighbor discovery: The improved protocol (SEND) for neighbor discovery in IPv6 confirms the identity of the other party during host discovery, using a cryptographic method.
  • Larger address space

A very informative article by Scott Hogg regarding the IPv6 protocol.

Google statistics on the implementation and usage of IPv6.

You can block IPv6 in Debian 11 or LMDE5, without doing so in your router or asking your ISP.

Do you need to change your MAC-address?

I recommend you "spoof" your MAC-adress, using Macchanger for Linux.

In theory: if you download a software component to interface with a website. ActiveX & WMI could pass on that information or JAVA ( Since JDK 1.6, Java developers are able to access network card details via the NetworkInterface class.)

Games like World of Warcraft, can access sensitive system information and send it to the developers website.

Another possibility would be that they have certain scripts on their servers and forces your browser to download and install them, like a plugin for example.

A website however ( "the website server" ) can only see MAC addresses if they are based on the same network/Ethernet IP address as you are.

This means that your ISP can't see your computers MAC-adress, only the routers.

Still it is a good idea to spoof your MAC-adress anyway.

More on this topic here:

Now that we have gone through this, let us move on.

Things you should never do while using the Tor Browser:

  1. Do not connect to the same server simultaneously, in ex. Tor Browser for ( Dark Web ) and Firefox for ( Open Internet ) at the same time. If you loose the Internet connection, your identity could be revealed.
  2. Never Log in on social media accounts with a 2-Step verification using your smartphone phonenumber. You can be tracked down, even if the number is registered to someone else. The telecom operator can use the IMEI number for this purpose.
  3. Don’t post or use any personal information while using the Tor network: like your birthday, credit card number, name, address or an email that can be traced to you. Never register on websites that do not use an SSL certificate, even if you are using an anonymous email.
  4. Don’t send unencrypted data over the TOR network. For example: Emails from your PC without PGP encryption. Use one of the recommended Web based email operators like: ProtonMail ( also offers an .onion site ),
  5. Using Windows with Tor network could potentially be a topic of serious concern.
  6. Never forget to delete cookies and local website data.
  7. Don't use Google ( However this is no longer an issue, since Google automatically blocks Tor Browser with Captchas that never end ).
  8. Don't use HTTP websites while using the Tor Browser. Remember exit nodes can log your data if the website you visit doesn't use SSL.
  9. Don't use it for torrenting ( An IP address can be found by using torrents over Tor. )

You should check your anonymity online:

I recommend the following sites for this:

  1. TheSafety.us - "By far the best I have come across so far".
  2. IPLeak.net - "A very good resource for checking DNS leaks".

If there are no leaks etc, you are good to go, but I recommend you read the entire article !

The risk of downloading Malware onto your computer or smartphone:

Is just as risky as when you are surfing the open Internet. Downloading unknown files, without an always updated Antivirus solution installed is not a good idea. Also Android smartphones are even more vulnerable to attacks, than iPhones and computers using Linux.

The preferred systems for any type of Malware are:

  1. Windows - Computer OS
  2. Browser attacks
  3. Android
  4. iPhone

Which Spyware is preferred by governments:

  • Pegasus ( An Israeli "NSO Group" software that infects iPhone smartphones without interaction and computers ). Reported targets of the spyware are journalists, politicians, government officials, chief executives and human rights activists. It was discovered back in August 2016. For obvious reasons, even a missed call on WhatsApp, might hack you smartphone iOS or Android on what is a technique called a zero-click attack—a type of cyberattack that doesn’t need the user or device to interact with the spyware to infiltrate its phone. Something you can’t anticipate or protect yourself from, but what about a PC or more specific a Linux
    PC?

    You should know that the company behind this Pegasus Spyware also made Amazon’s AWS cloud infrastructure as a part of their system.
    NSO says it has 60 customers in 40 countries, all of them intelligence agencies, law enforcement bodies and militaries.

    French President Emmanuel Macron's phone was listed as a potential target for surveillance by Morocco as an example.
     

  • Candiru - Today "SAITO TECH" is a Tel Aviv-based technology company offering surveillance and cyberespionage technology to governmental clients. Candiru offers cyberespionage tools that can be used to infiltrate computers, servers, mobile devices and cloud accounts. Its specialty appears to be infiltration of computers, particularly those running the Windows OS. One of their main products is: DevilsTongue a sophisticated multifunctional malicious strain coded in C and C++. The spyware is delivered with the help of vulnerabilities present in Windows and Google Chrome. Read more at FortiGuard.
     
  • Hermit - By Tykelabs and RCS Labs ( an Italian company ), record calls and remotely access messages, call logs, contacts, photos, and other sensitive data. The company have been targeting people in Libya, Costa Rica, Nicaragua, Pakistan, Malaysia, Iraq and Mali, as well as in Greece, Macedonia, Portugal and Italy. The software is typically delivered by a text message linking to an app the user will need to download and a bit of social engineering. "In some cases, the actors worked with the target’s ISP to disable the target’s mobile data connectivity," Google notes. The company seems to be in hiding now...

European countries some 22 member countries are using Spyware against its citizens and some like Sweden actually made it legal:

  • Belgium - The Belgian Police ( Pegasus )
  • Bulgaria - pdf ( Pegasus )
  • Cyprus - pdf ( Pegasus )
  • Denmark "BBC - "Denmark's secret service helped the US spy on European politicians from 2012 to 2014." aka "Operation Dunhammer".
  • Finland
  • Germany - pdf ( Pegasus ) and Bundestrojaner ( Malware )
  • Greece - pdf ( Predator )
     
  • Hungary - pdf ( Pegasus ) The government of Viktor Orbán authorized the use of Pegasus by Hungarian intelligence and law enforcement services to target the government's political opponents.
     
  • Netherlands - AIVD ( Pegasus )
  • Poland - pdf ( Pegasus ) - Has admitted to buying it !
  • Spain - pdf ( Pegasus and Candiru ) On May 5, 2022, the Spanish Defense Minister admitted to surveillance of 20 people involved in the Catalan independence movement.
     
  • Sweden - The Police force is allowed to plant Spyware on suspects computer and smartphone devices. This new law entered into effect on April 1, 2020. It has been used in 60 "known" cases during 2020 and 145 cases during 2021. At the same time, eavesdropping of mobile phones and other electronic communications decreased, from 1,704 persons in 2020 to 1,384 persons in 2021.
    Articles: ZDNET, Swedish government,
    also worth reading "Four Of Swedens ISP's Pull The Plug After Eu Decision About Data Storage", Sweden Plans To Increase The Surveillance Of Its Citizens, Law (2020:62) about secret data reading and 2022:711 which is an update that took effect on July 1st-2022 and it includes the right to perform surveillance on foreigners and anyone who hasn't committed a crime.

    Outside EU:

  • Azerbaijan
  • Bahrain
  • Djibouti - CIA purchased Pegaus for Djibouti government in 2018.
  • Dubai
  • El Salvador
  • India
  • Jordan - Jordanian human rights activists, lawyers and journalists were hacked between August 2019 and December 2021.
     
  • Israel - In January 2022, it was reported that Pegasus was unlawfully used by the Israeli Police to monitor citizens as well as foreign nationals who were accidentally or intentionally infected by the software.
     
  • Kazakhstan
     
  • Mexico - Used to target journalists and others. Mexico was the first country to purchase Pegasus. Mexican drug cartels also uses this spyware.
  • Morocco
     
  • Panama - President of Panama Ricardo Martinelli personally sought to obtain cyberespionage tools after his election in 2009. In 2012, NSO systems were installed in Panama City.
     
  • Rwanda
  • Saudi Arabia
     
  • Thailand - Activists, academics, lawyers and NGO workers have been targeted between October 2020 and November 2021, by the Thailand government using the Pegasus Spyware.The attacks entailed the use of two zero-click exploits — KISMET and FORCEDENTRY — to compromise the victims' phones and deploy Pegasus. Read more at Citizen Lab.
     
  • Togo - Pegasus software was used to spy on six critics of the government.
     
  • Uganda - It has been reported that Muhoozi Kainerugaba brokered a deal to use Pegasus in Uganda, paying between $10 and $20 million in 2019. The software was later used to hack the phones of 11 US diplomats and employees of the US embassy in Uganda some time during 2021.
     
  • UAE - In April 2022, Citizen Lab released a report stating that in UK 10 Downing Street staff had been targeted by Pegasus, and the United Arab Emirates was suspected of originating the attacks in 2020 and 2021.

Smartphone apps hacked or planted by FBI or other Police:

Anom - A planted app made by the FBI and used by criminals. The operation was named "The Trojan Shield" and for three years, the FBI collected data. This data has resulted in several arrests worldwide. In total 16 European countries had access to the data for 18months. The operation was headed by the FBI and Europol along with Dutch and Swedish police.

EncroChat - EncroChat for Android phones offered its users the ability to send encrypted messages, make encrypted call (EncroTalk) and write encrypted notes (EncroNotes). However, the encrypted traffic passed through a server located in France.

UK, French and Dutch police was able to breach the security of the server in 2019 and upload Malware.Thus giving them access to all calls, encrypted messages and even the PIN codes entered by its users. It is speculated that the devices themselves were also infected by the uploaded Malware. Worth noting is that a proportion of the 60,000 EncroChat userbase were ordinary users, NOT criminals.

How to "try to" protect your Android smartphone:

I would say update your smartphone to the latest version, but we all know that you are lucky if the manufacturer gives you two updates after you purchase the phone. Check your version and then have a look here.

Recommended article: Android devices 50 times more infected with malware compared to iOS.

So the best you can do is to install a VPN for Android ( I recommend you choose a well known ) and NOT A FREE VPN for this purpose.

Jailbreaking:
Basically what this means is that you are enabling your device to be able to install apps from sources not found in the Google Play Store.

For Android Nougat and earlier versions:

  • In "Settings" tap to open Security.
  • Toggle on the Unknown Sources option and verify the changes with OK.

For Android Oreo and newer:

No need to enter "Settings". Anything not downloaded through the Google Play Store will prompt you with a confirmation dialog. Click to enable installation from an Unknown Source.

Rooting your device:

Not all models of an Android smartphone can be rooted.

Rooting is how you get complete access to everything in the Android operating system and it allows you to uninstall apps that came pre-installed, like Google, Facebook etc.

For example, I was able to root my Samsung, but not my other phone. There are software, that uses Zeroday exploits to root the device and there are custom ROMs for your smartphone.

If rooting is successful, I strongly recommend cleaning history, emails, YouTube videos etc and then removing all "Google" apps from your smartphone.

GPS-Spoofing:

Yes, there is such a thing and it used to be very expensive. It is not anymore and there are Android apps that support this. This prevents people or government agencys from tracking your every move, without the help of Google.

More on this, coming soon...I still need to test that it works with the Telephone company operators, but when connected to an Internet connection, it works.

Next you will want to install: Malwarebytes Anti-Malware for Android.

Now once this is done, you should first update the app database and do a full scan of your device.

Easy install of Tor Browser for Android from Google Play and make sure you use Bridges obfs4 ( recommended ).

Or I recommend you download from the official Tor Project site.

You might want to have a look at the apps from the Guardian Project.

Tor Browser "OS" alternatives:

  1. Tails - For extra anonymity you might want to use Tails OS which uses Tor’s services for providing anonymity, but also adds extra security layers. It runs from a USB drive, DVD or a SD card. Support for VPN here " A must read".
     
  2. SUBGRAPH - Alpha release and unlike Tails, Subgraph OS can be run as a permanent OS.

Now if you made it this far reading the article, here are some good resources. Note that some links on these sites offer ( illegal ) things, some that may serve as a wakeup call for you Windows users. You will soon realize that everything from banking accounts ( Bank Of America, PayPal accounts and more are for sale ).

Important: These links are for educational purposes only.

If you do something illegal, that is your problem. Linuxexperten.com is not affiliated with any sites on this list nor encourage or condone illegal activities of any kind.

Dark Web Links Wikis 2022:

Dark Web News:

Brazilian sites:

Messageboards:

BitCoin:

Free Email:

Filesharing sites:

Free and anonymous file-sharing:

Hacker as service sites:

Sites "Not" listed in the "Dark Web Search engines":

Insider Trading:

Leaked Databases:

Is your Instagram account safe, or your LinkedIn? Search using username or email.

Radio:

Red Rooms ( Understand the horror of it ):

There are no actual evidence of their existence so far, but that don't mean that these sickening things doesn't exist somewhere well hidden. Their name is thought to have originated from the 1983 horror film Videodrome, where torture is shown live on TV in a red-painted room.

This is where very sick people can pay to watch live streamed videos, of rape, torture, murder or worse.

An article from: The Sun - What is a red room and Red Room Deep Web Complete Guide.

If you encounter any Red Rooms on The DarkWeb, I suggest you report it to the FBI or whatever agency your country uses.

Search engines for .onion sites:

Search engines:

Whistleblower submission system:

This page will be updated with more information and links....

Library categories: 
 

Buy Us A Coffee

Here is the link if you want to support us with a small donation.
This may help you and others gain better information and help us with the cost of the server.

Games For Linux

Windows has always been the preferred platform for gaming, but after STEAM's interest in Linux more game developers are making their games natively available for Linux.

Disclaimer

All information on this website is published in good faith and for general educational purposes and for use in safe testing environments only. While linuxexperten.com strives to make the information on this site as accurate as possible, linuxexperten.com does not warrant its completeness, reliability and accuracy.

We are not responsible for any losses or damages associated with the use of our website. While we strive to provide only links to useful websites, we have no control over the content of these sites and links to other sites do not constitute a recommendation for all content contained on these websites.

 

Site Information

This is a professional review site that receives compensation from the companies whose products reviewed. Each service or product are thoroughly tested and given high marks if considered to be the very best. Independently owned and the opinions expressed here are no one elses.

 

Limited Time Offers