For many of us in law enforcement, when the terms “dark web” or “dark net” are mentioned, we immediately associate them with the Tor (The Onion Router) browser. Unequivocally the most stable and the most utilized “dark net” in the world, Tor rightfully deserves to be the go-to when talking about using the dark web. Many investigations that we encounter will have a nexus to a suspect using Tor, but it is important to understand that the dark web does not solely consist of the Tor network.
Confused? The dark web is defined as a conglomerate of dark nets, different compartmentalized “dark” networks. While the Tor browser offers the best dark web browsing experience, the user is only able to access Tor sites, colloquially known as “onion sites” or “hidden services,” as well as sites on the “surface web” (the internet you use now) through the Tor network outproxy. The layperson’s definition: Tor can browse the regular internet and onion sites, but not the entire dark web. There is no single browser, or software, that can span the entirety of the dark web as we know it, because each individual dark net is insulated from the others. It is imperative for us in law enforcement to be abreast of the alternate dark nets, otherwise known as “alt nets,” when it comes to defining what the dark web is.
There is no single browser that can span the entirety of the dark web, because each individual dark net is insulated from the others.
I2P: Invisible Internet Project (geti2p.net)
Arguably the second-largest dark net by size and usership (estimated at upwards of 30,000 a day), the Invisible Internet Project, dubbed “I2P,” celebrated its 20th anniversary in 2021. Sites hosted on I2P, known as “eepsites,” end with “.i2p” domains. Compared to Tor, many dark web enthusiasts argue I2P is a true dark net, since you cannot access the surface web by default configuration. The browsing experience in I2P requires configuration by the end user, making it less “download-and-go” compared to Tor. Traffic is tunneled via the I2P network versus “onion routed.”
In my opinion, relative to other dark nets, Freenet is more abstruse. As stated on its website, “Freenet is free software which lets you anonymously share files, browse and publish ‘freesites’ (web sites accessible only through Freenet) and chat on forums, without fear of censorship. Freenet is decentralised to make it less vulnerable to attack, and if used in ‘darknet’ mode, where users only connect to their friends, is very difficult to detect.” When compared to Tor or the I2P network, Freenet’s framework relies heavily on peer-to-peer versus dedicated servers. From my personal experience, most users of Freenet utilize it for the decentralized sharing of files as opposed to the hosting of sites. If we were to solely compare the metrics of data storage and file sharing to the other dark nets, Freenet would eclipse Tor and I2P. Freenet went live in 2000, and boasts 22 years of stability and usership. This is a great video on YouTube that breaks down the intricacies and fundamentals of Freenet (credit: Aaron Jones): https://youtu.be/zu9gM3_gIfM.
I am sure many of you have heard the words “cryptocurrency” and “blockchain” before. While ZeroNet is not a de facto dark net, since the network foundation is on the pseudonymous Bitcoin blockchain, ZeroNet can utilize the Tor network infrastructure to provide anonymity to its users. Sites hosted on ZeroNet are called “ZeroSites,” and ZeroNet offers services like “ZeroChat” and “ZeroMail.” It was programmed in 2015, and in my opinion it is important to understand, as it can be viewed as the precursor to what we know as Web3.
Deriving its name from the Norse god of trickery, Lokinet is a convergence of onion routing (Tor) and blockchain technology. Instead of being programmed on the Bitcoin blockchain like ZeroNet, Lokinet is programmed on the Oxen cryptocurrency blockchain, promoting its own routing as “Oxen Service Node Network” and hosting “Oxen Name Service.” Its website says, “Lokinet is also more versatile than Tor — Tor operates on the transport layer and is only able to carry TCP traffic, while Lokinet operates on the network layer, meaning it can onion-route any IP-based protocol: TCP, UDP, ICMP, etc. This means Lokinet can be used for much more than just web browsing — it can also handle things like media streaming and video conferencing.” Lokinet has been live since 2018, but currently the number of users remains unknown. Sites on Lokinet have the domain of “.loki” and purchases on it can only be made via the Oxen cryptocurrency. Similar to ZeroNet, Lokinet can be viewed as a precursor to what we know as Web3. For further reading on Oxen, go to https://docs.oxen.io/about-the-oxen-blockchain/overview.
Founded by Protocol Labs, and debated as being launched in either 2015 or 2016, the InterPlanetary File System (IPFS for short) is again the convergence of blockchain technology and the web browsing experience. If I were to provide an oversimplification, think of the aforementioned Freenet meeting blockchain technology for decentralized, peer-to-peer file sharing. Utilizing the framework of the Ethereum blockchain, IPFS promotes what is known as the “distributed web,” also known as (you guessed it!) Web3. At their core, decentralized or distributed web services are not governed by a single entity. This is different than Tor and I2P, where the Tor Project and Invisible Internet Project maintain the governance of their respective dark nets.
The final dark net, or rather alt net, to address is GNUnet. Originating in 2001, GNUnet has evolved significantly over the past 21 years, but to many it remains obscure. Promoting itself as the anthesis to the previous blockchain centric networks (Lokinet, IPFS, ZeroNet), GNUnet proclaims, “GNUnet is a self-organizing network and it is free software as in freedom. GNUnet puts you in control of your data. You determine which data to share with whom, and you’re not pressured to accept compromises. It gives users freedoms to securely access information (‘run’ the network), to study all aspects of the network’s operation (‘access the code’), to distribute information (‘copy’), as well as the freedom to deploy new applications (‘modify’).” GNUnet requires a Linux operating system, and as such it does not have much popularity outside of a user base with a computer skillset. While the likelihood of encountering somebody using GNUnet remains very low, it is still important to understand that it exists.
It would be negligent of me to not consider that for some readers, how these dark nets work is very abstract. Buzzwords like “blockchain,” “web3” and “cryptocurrency” may have caught your attention because you have heard them before, but you don’t understand how they are all relative to the dark web. This sentiment is not lost on me, but what I will espouse is that you don’t need to understand the programming of how these dark nets work to be able to investigate them. To be familiar with the dark nets existing in the first place is a very important step.
Keven Hendricks can be reached at firstname.lastname@example.org to assist with any questions on cases that may have a nexus to the dark web.