Onionland

From Area51 Archives

Jump to: navigation, search
Author: jeremy_
Date Released: 8/3/2011

Contents


NOTE: This article is being updated due to the recent vulnerability in Tor and the raid of Freedom Hosting. Some links may not work.


Introduction

Onionland is the name for the hidden services aspect of the Tor anonymizing network. This is the most appealing aspect of Tor to many, and can become a big player as more governments try to limit sites on the web. Tor has gained much popularity with Anonymous in the past year and hopefully will encourage more users to give Onionland a shot. In this article, I will explain how Tor works and how to access the hidden services part of Tor.

About Tor

Tor stands for The Onion Router. It started as a project from the EFF using technology that the US Navy developed. Tor is a multi-level anonymizing proxy which uses various routers from across the globe to make traffic almost untraceable. The more users/exit nodes, the more anonymous you are. This tool was developed with free speech in mind and does a great job of enabling access to people to sites that would otherwise be blocked. This system is not bulletproof, however, and there are vulnerabilities.

Problems with Tor

The system itself is beautiful, and does do a good job of helping people access sites they were not able to. You must keep in mind that just because you downloaded a program that anonymizes traffic, it doesn't make you secure instantly. Tor only works for applications that are configured to use Tor. Following the instructions on the Tor website for programs other than Firefox are important. One thing to remember is that any Javascript, external plugins (Flash, Java), or non-secure (https) websites could and will give information about you. When you download files through Tor, be very cautious because they may have been switched by an exit node. Since anyone can be an exit node (including the people you may be hiding from), you want to take extra measures to ensure the legitimacy of the file.

The greatest vulnerability you face with Tor is your own personal habits. If you have a routine and are comfortable in your browsing habits, it's not hard for those who may be watching you to observe these habits. Do you really need to tie your real life identity to your online identity? Do you need to tie your Tor identity to yourself? I hope your answer is no, and if it is not, then you might as well stop reading this because Tor isn't for you. You need to put yourself in the mind set of a criminal- you just committed a crime that the US government would either kill you over, torture you, or both. Using that mind set, you can think harder about clicking a link, or revealing possible personally identifying information.

With all of this being said, these are security steps that are especially important when browsing sites outside of Tor. When browsing sites within Tor, your connection is encrypted and HTTPS isn't necessary, although welcome.

How to Access Onionland

The most recommended way to access Onionland is by downloading the Tor Bundle for your operating system. This includes the Tor client, Vidalia- the Tor GUI, Firefox with Tor-centric plugins, and the Polipo proxy all automatically configured to work out of the box. This is a portable system that can be carried via a flash drive, CD-ROM, or Dropbox account. Other options include Linux Live CD variants, which are listed here:

  • Liberté Linux - A more modern desktop, uses Tor for all outgoing communications, highly secure, Gentoo based.
  • Tails - A very basic desktop, not much software, uses Tor for all outgoing communications, highly secure, erases RAM on shutdown, Debian based.
  • quantOS - Usable desktop, day-to-day usage, questionable security, Linux Mint based.

.onion Domain

Connecting to sites in Tor is different than you may be used to. Onionland sites use the .onion TLD. The .onion domain is a 16-character alpha-semi-numeric hash which is automatically generated based on a public key when a hidden service is configured. You can connect to a .onion site just like you can with a .com- by typing it in the address bar. These sites are accessible from the World Wide Web by adding the .onion hash before tor2web.org using SSL. Example: https://eqt5g4fuenphqinx.tor2web.org

Sites in Onionland

So, now that you've connected tor Tor and have your bearings straight, let's check out some websites. Area51 Archives has it's own Onionland site at http://bl5ffx36c342cu3i.onion. Here's a list of sites and their descriptions.

Searching

  • TORCH - Tor search engine.
  • TorDir - Directory, fast, up to date, offers private messaging amongst users.
  • TorMarks - Directory, very fast, outdated.
  • Core.onion - A starting point site that has a few links. Really basic.
  • DuckDuckGo - DuckDuckGo for Onionland. Sites linked are WWW sites, not in Tor.
  • Sites Deep Web - Random assortment of links. Some may be questionable content.
  • The Hidden Wiki The Hidden Wiki is a popular starting point for Onionland. Be careful what you look for in here.
  • The Hidden Wiki Mirror - Mirror of THW, because THW experiences a lot of down time.
  • Wikileaks - Wikileaks mirror.

Hosting

Communicating

  • TorPM - Private messaging; what most people use instead of email in Tor.
  • Tor Mail - Free, anonymous email accounts. Send and receive email over WWW, but within Tor.
  • TorStatusNet - A Twitter clone for Tor.
  • TorBook - Social networking site for Tor.
  • SimplePM - No user sign ups, randomly generated username at page load.
  • PrivacyBox - A messaging system that is accessible from WWW, TOR, and I2P.
  • TOR Answers - A Yahoo! Answers-like site for Onionland.
  • HackBB - Hacking forum.
  • talk.masked - A random discussion site.

Conclusion

Onionland provides a wealth of knowledge, some very sketchy stuff, and a great opportunity for free speech. The more popular Onionland gets, the better it becomes. So, tell your friends and try it out for yourself. The links provided are no where near all of the sites in Onionland, but that's enough to get you started. One major word of caution is- look out for child porn. It seems that with every anonymous network, there are those who use it for child porn, drugs, and other things. These things are out there and you need to be aware of it, so you don't find yourself on a site you wish you had never visited. Keep to your senses, remember to be secure, and have fun!

Comments

Feel free to comment on this page using the form below.

Personal tools