In early July, users of AlphaBay, one of the largest darknet marketplaces, panicked when their go-to supplier of illegal drugs, weapons, and other illicit items unexpectedly vanished from the internet. As is often the case when darknet marketplaces go down, many were wary that the moderators may have purposefully closed the site and made off with shoppers’ money. Though AlphaBay’s moderators quickly took to Reddit to assure users that they were working to restore the site, the internet panic left many wondering more about the mysterious “dark web” and its contents. What is this hidden side of the internet really about? And can any good be found in the dark? Read on to find out.

Deep Web vs. Dark Web

When you go online to browse social media, read the news, or look up directions, you’re using what’s called the “surface web.” While most of us stick to the surface web for our daily use, the truth is that it’s just a sliver of what’s available on the internet.

The deep web, which experts estimate makes up about 90 percent of the internet’s content, is comprised of all the web pages that aren’t accessible through public search engines. Library search engines, government databases, and your personal email account are all examples of pages on the deep web.

Many internet users confuse the deep web with the dark web, but the dark web is actually a tiny subsection of the deep web. It is comprised of all the hidden content existing on darknets, or encrypted networks that require use of specific software or tools to access. Darknets are specially designed to provide anonymity to users, making user presence on the dark web undetectable.

The dark web is best known to the public as a safe haven for salacious and criminal enterprises–the drug and weapons trades, child pornography, and the sale of stolen personal information, like bank accounts. But there are individuals on the dark web with nobler intentions, like whistleblowing. Wikileaks, for example, is a notorious dark web site that allows whistleblowers to anonymously upload classified information to the site. Civilians may also use darknet software to access social media in countries where sites like Facebook and Twitter are banned, or to spread news in times of censorship and political unrest.

How to Use the Dark Web

The most common way to access the dark web is using a free software called Tor, originally short for “The Onion Router,” which allows users to anonymize their web pages and their presence on the internet.

Tor was originally created by U.S. Naval Research Laboratory employees in the mid 1990s, and receives 60 percent of its funding from the U.S. government. It hides users’ IP addresses (the unique code that attaches your internet activity to your computer) by sending traffic from their computer and server to other, random points, “like anonymous bagmen trading briefcases in a parking garage,” according to Wired.

Users of Tor can access the surface web as normal, but can also browse websites that run Tor themselves–that’s where the hidden side of the internet exists. Tor websites don’t have a normal URL like Facebook.com, but instead consist of a jumble of seemingly random letters followed by “.onion,” like wlupld3ptjvsgwqw.onion for Wikileaks. This means that to access a Tor website, you most often need to know the exact web address.

Tor is working on developing its anonymity capabilities even further, Wired reported in January. Tor Project co-founder Nick Mathewson told the tech magazine that software released later this year will allow users to keep their sites completely secret, even from other Tor users.

“Someone can create a hidden service just for you that only you would know about, and the presence of that particular hidden service would be non-discoverable,” Mathewson told Wired. “As a building block, that would provide a much stronger basis for relatively secure and private systems than we’ve had before.”

Who Uses the Dark Web?

Criminals

The anonymous sale and exchange of illegal substances is responsible for most of the dark web’s notoriety. One of the most famous darknet marketplaces is the Silk Road, which was shut down in 2013, only to re-appear in various iterations. Most sites use bitcoin, rather than PayPal or credit cards, for transactions, since the e-currency allows customers to maintain their anonymity.

In June, Interpol launched a digital forensics course for wildlife crime investigators, to crack down on use of the dark web for the illegal trade of ivory and exotic animals.

Hackers have also been known to sell personal information, like login details for bank accounts or email accounts. In March 2015, thousands of active Uber account usernames and passwords were being sold for as little as $1-$5 on darknet marketplaces AlphaBay and ThinkingForward.

Dozens of hitmen are also available for hire on the dark web, but many sites, like BesaMafia, have been proven to be scams, or set up by law enforcement to catch people plotting murder.

“Normal” People

If you are unfamiliar with the dark web, you may be surprised to learn that many of its users are “Average Joes” (i.e. not internet-based arms dealers), who are interested in maintaining their internet privacy for less malicious reasons.

Politicians conducting secret deals, internet stalking victims wishing to keep their location private, and law enforcement officials investigating crimes are a large portion of the dark web’s user population. In a 2016 post on TurboFuture, blogger Dean Walsh noted the absurdity of these various populations interacting with terrorists, cybercriminals, and hackers.

“The fact that so many of the dark web’s users are enemies also leads to a strange dynamic,” Walsh writes. “I was tickled to see website security experts and criminal hackers sharing the same forums to discuss their common interests in computer security whilst hardly recognizing that they are nemeses.”

Activists and Journalists

The anonymity provided by dark web sites can also be a force for justice. Activists have been able to shed light on dire situations while avoiding detection in countries where oppressive regimes prevent civilians from using social media, or otherwise censor content posted on the internet.

Nima Fatemi, an Iranian activist and contributor to the Tor Project, taught friends and family how to use the service during a series of riots and protests in Tehran in 2009. Fatemi told Rolling Stone that Tor allowed him and others to post information about what was actually happening, while state television was “just showing photos of flowers and stuff.” “I found Tor and thought, ‘This is the tool.’ It was peace of mind,” Fatemi told Rolling Stone. “I felt it a duty because so many people outside of Iran had no idea that we were protesting.”

Organizations like the Electronic Frontier Foundation encourage protesters and journalists to use Tor networks to protect their identity. The non-profit news organization ProPublica recently launched a Tor version of its website, which means readers can safely read the publication’s articles undetected. A ProPublica spokesman told Wired that the development will make the website safe for users in locations like China, where heavy government censorship can affect internet content. Facebook also has a Tor version, which it says many of its users access on the regular.

“Wikileaks” Courtesy of Sean MacEntee : License (CC BY 2.0)

Terrorists?

While there is some evidence of ISIS militants and supporters using the dark web and other Tor-protected services to recruit and fund their efforts, researchers at King’s College London found relatively “little militant, extremist presence” on the dark web. Thomas Rid, one of the researchers who co-authored the paper Cryptopolitik and the Darknet, told Quartz that dark web sites are not very useful for quickly and effectively spreading propaganda.

“Hidden services are sometimes slow, and not as stable as you might hope,” Rid said. “So ease of use is not as great as it could be. There are better alternatives.”

Conclusion

When dark web activities make headlines, it’s usually for something nefarious. This criminal side will continue to be newsworthy as the NSA and FBI crack down on illegal darknet marketplaces like the Silk Road, and stolen consumer data on dark web sites. But beyond the child pornography, drug sales, and hitmen for hire, there are activists, journalists, and everyday internet users making use of the dark web. As sites like ProPublica and Facebook turn to Tor for security purposes, the lighter side of the dark web could have its moment in the sun.

Avery Anapol

Avery Anapol is a blogger and freelancer for Law Street Media. She holds a BA in journalism and mass communication from the George Washington University. When she’s not writing, Avery enjoys traveling, reading fiction, cooking, and waking up early. Contact Avery at Staff@LawStreetMedia.com.

The post Unraveling the Dark Web appeared first on Law Street.

In a party line vote, the Republican-controlled House dealt a blow to internet privacy advocates on Wednesday, passing a bill that would roll back Obama-era protections on consumer data. President Donald Trump is expected to sign the bill, according to the White House. Undoing the rules, which were set to take effect at the end of the year, might signal a new path for the Federal Communications Commission, favoring unfettered industry growth over consumer-friendly protections.

Last October, the FCC enacted a new set of rules against internet service providers (ISPs) like AT&T, Verizon, and Comcast, barring them from collecting consumer data such as browsing habits, app history, and location data. Personal information, like a customer’s social security number, was also safeguarded. Though internet companies like Google and Facebook use customers’ data as currency in selling targeted advertisements, the FCC decided ISPs should not be granted the same unregulated access.

Those protections will vanish with the new law, as would the ability for the FCC to draft similar rules in the future. “Today’s vote means that Americans will never be safe online from having their most personal details stealthily scrutinized and sold to the highest bidder,” Jeffrey Chester, executive director of the Center for Digital Democracy told The Washington Post.

Privacy advocates argue repealing the protections will grant ISPs access to customer data in a bid to boost profits. Instead of simply providing a channel for internet access, ISPs are now wading into territory dominated by billion-dollar mammoths like Google and Facebook: targeted advertising.

So while the protections would not have barred those companies from accessing user data to sell to advertising agencies and marketers, privacy advocates argue ISPs have access to a wider range of data than search engines and other websites, and thus should be more restricted. Some also worry that net neutrality–the policy that internet providers treat the web as a level playing field–could be next on the chopping block.

But opponents of the rules, and champions of the new path the FCC seems to be following, say that the rules would have stifled innovation. Industry advocates say the rules defined privacy too broadly (browsing and app history should not be private, they argue), and provided an unfair advantage to other data-collectors like Google, as the rules only targeted ISPs.

“There is no lawful, factual or sound policy basis to justify a discriminatory approach that treats ISPs differently from some of the largest companies in the Internet ecosystem that engage in similar practices,” The Internet & Television Association, an industry trade group, said last October when the rules were passed.

Ajit Pai, the newly-appointed FCC chairman, said the Federal Trade Commission, a consumer protection agency, will work together with the FCC to “ensure that consumers’ online privacy is protected through a consistent and comprehensive framework.” He said “jurisdiction over broadband providers’ privacy practices” would be returned to the FTC. But Pai added the FCC could still bring privacy-related lawsuits against ISPs.

Rep. Mike Doyle (D-PA), who voted against the bill, said in a House committee hearing on Monday that he worries that in the absence of regulations, ISPs will abuse their data-collecting power. “One would hope — because consumers want their privacy protected — that they would be good actors, and they would ask permission and do these nice things,” said Doyle. “But there’s no law now that says they have to, and there’s no cop on the beat saying, ‘Hey, we caught you doing something.’”

Alec Siegel

Alec Siegel is a staff writer at Law Street Media. When he’s not working at Law Street he’s either cooking a mediocre tofu dish or enjoying a run in the woods. His passions include: gooey chocolate chips, black coffee, mountains, the Animal Kingdom in general, and John Lennon. Baklava is his achilles heel. Contact Alec at ASiegel@LawStreetMedia.com.

The post Congress Passes Bill to Roll Back Internet Privacy Protections appeared first on Law Street.

Since the top European court made a ruling in May requiring Google to field requests from members of the public to erase links associated with their names, the web search giant has removed about 230,000 URLs, according to its own data.

The European Union’s Court of Justice ruling said that Google would have to delete “inadequate, irrelevant or no longer relevant” links from its searches on its European domains, such as google.co.uk and google.fr. Removing such links doesn’t mean they’ll never appear in a Google search again; just that they’ll be omitted when they’re associated with the name of the person requesting the removal.

The rationale behind the so-called “right to be forgotten” decision is to allow members of the public to reclaim their online profiles if they’re damaged by negative content on the web. It’s up to Google whether the links should be removed. For example, Google cites an example of an Italian woman who asked that an article about her husband’s murder be dissociated with the search for her name. In another example, a German individual asked that an article about the person’s rape be removed. The links were removed in those cases, but an Italian man’s multiple requests to remove links to 20 articles about his arrest for financial crimes were denied.

This is an apparent win for private European citizens who want to be in control of their public profiles, but European Union officials last month began to push for Google to expand the program beyond just European domains. A statement from the Article 29 Data Protection Working Party said that “decisions must be implemented in such a way that they guarantee the effective and complete protection of data subjects’ rights and that EU law cannot be circumvented.” This means that Google would have to field requests for link removals on its .com domain for Europeans to be fully protected.

That has yet to happen, but if it does, it could also affect a lot of people outside Europe, based on how it is carried out. Americans could request that Google take down embarrassing, damaging, and irrelevant links. But establishing the right to be forgotten in the U.S. could be more difficult because some would argue it interferes with American freedom of speech. In a case unrelated to the European issue, a judge ruled last month in the Superior Court of California in San Francisco that Google is protected in terms of the order in which it presents its search results. The plaintiff, Louis Martin, was alleging that Google was biased in excluding his website, coastnews.com, from search results.

While the San Francisco story is in a way the backward version of the European story–a citizen is trying to get a link to be visible rather than be taken down–it could set the precedent that Google is free to present whatever results its algorithms decide are relevant, regardless of privacy.

Zaid Shoorbajee

Zaid Shoorbajee is a an undergraduate student at The George Washington University majoring in journalism and economics. He is from the Washington, D.C. area and likes reading and writing about international affairs, politics, business and technology (especially when they intersect). Contact Zaid at staff@LawStreetMedia.com.

The post The Right to be Forgotten on Google: Will it Come to the U.S.? appeared first on Law Street.

Data Brokers are selling personal information including lists of rape victims, alcoholics, and people with erectile dysfunction disorder. After reading that statement you should not only feel outraged, but should also be thinking: is this legal?

The data brokering business has been under investigation for its secretive and sometimes overreaching activities. This issue was really highlighted in December 2013 after a year long investigation by the Senate. World Privacy Forum, Executive Director Pam Dixon first revealed some of these intrusive lists and outlined the concerns that should be made clear to consumers, when she testified in Congress. She argued that the release of such data could put people in danger. For example, a list of “rape victims” can be placed in the hands of a sexual predator or a profile of a senior citizen facing issues with dementia could make them vulnerable to scam artists. Dixon further explained that while some data broker companies provide an opt out policy, most of them do not. Furthering this issue is that most people do not even know that they are on these lists compiled by data brokers. 

Now I understand that this whole thing sounds very illegal and very sketchy. While yes, it is sketchy, it is unfortunately also legal. Scott Howe, CEO of Acxiom, one of the giants of the data brokering business, explains  that data brokering as an act of collecting data about people. These data profiles are then offered to businesses who can create relevant advertising. This seems harmless, right? That is only because this is a very skewed definition. In reality, data brokering has become a $156 billion industry that capitalizes on packaging all of our most personal information to sell it to advertisers including our movements both online and off.

Acxiom, holds profiles on over 200 million Americans. This is scary on so many different levels; one, because most of us do not even know that these profiles are being created and two, because of the information that make up these profiles. Think anything is safe? It really is not. Let’s check off the aspects of daily life that make up your personal profile, which is most likely filed somewhere in a broker’s filing cabinet. Medications? Check, if you have an illness, data brokers can sell the information to an advertisement company to capitalize on your particular condition. Alcoholism, depression, sexual orientation? Check, check, and check– along with most other personal information that you would hope to remain private. It would surprise many of us as to how willing retailers are to sell this information to data brokers.

The catch to the whole thing is that it is basically legal. Data brokers are legally required to maintain the privacy of customers data if it is used for employment, credit, insurance, or housing but that is it. At least we can be thankful that medical information is protected by our doctors who legally cannot sell it. Well, while doctors cannot share your medical information, data brokers have access to the purchase history of over the counter drugs as well as other medical products.

Now that I’ve horrified all of you into never using the Internet again or a credit card to make another purchase for that matter, let us look at what is being done to improve the situation.

Well, I will say that not much has been done in this past year to reform the data broker business. However, a conversation has started about the dark side of this industry, which is admittedly better than nothing. The Federal Trade Commission has called for more transparency within data brokering. While this is a good start, overall the government needs to take more action on regulating the dissemination of information. The government should work to prevent unsafe or harmful lists from circulation. If their actions are meant to benefit consumers by personalizing advertising, then please, let them educate consumers on the actions that they are taking. Believe me, we would all like to know.

Furthermore, opt out procedures should be widespread and clear. If we do not want our personal information compiled into a profile of our medical purchases or food orders, then we should have the right to say no. We may not be able to completely stop data brokers from doing their job, but we can at least prevent the spread of incorrect information or try to regulate the lists that are circulating with the help of government action and an opt out policy.

[Forbes] [CBS News] [CNN]

—

Taylor Garre

Taylor Garre is a student at Fordham University and formerly an intern at Law Street Media. Contact Taylor at staff@LawStreetMedia.com.

The post Data For Sale: Brokers Selling Info on Rape Victims and Alcoholics appeared first on Law Street.