2016/05/26 22:48:35

Presentation from Inside Dark Web

On May 12, 2016, I was the ending keynote speaker at the first Inside the Dark Web conference. It was held at a beautiful location in Battery Park at the southern tip of Manhattan. It's a talk about how I've been crawling .onion and .i2p sites for 2 years out of curiosity of what could be in these spaces.

My presentation is available here: Exploring the dark web - Lewman. I was a last minute addition due to my return trip to Egypt being changed. I didn't appear in any of the official conference materials, but there I was giving the talk. The video and transcript are below.

Transcript

1-Andrew Lewman, Inside the Dark Web

My hobby has been exploring the dark web. It started off a few years ago, 2009… Well 2003 I started volunteering for Tor. It was a very early post on slashdot where Roger Dingledine posted, “Hey, there’s a tarball.” I was like, “Well, that’s useless. Great, written source code. 99.99% of the world can’t do anything with it.” So I compiled it and sent it back to him and he ran it. And I was like, “Hmm. Talk about blind trust.”

So then Roger’s response to that was, “Hey, let’s have dinner.” So we had dinner and he’s like, “Hey, how would you like to compile all the software for all of Tor?” And I said, “Well, I have a day job, but sure.” So I had a BeBox. Any of you remember BeOS? So I had one of those, I compiled Tor for it and and that was also useless because 99.9% of the world doesn’t run BeOS. And so I got a Mac and I got a Windows machine and I had a bunch of weird UNIX machines and I started compiling Tor for all these platforms. If you downloaded TOR dot exe or TOR browser from about 2004 on, you used my artisan and cuddled, handcrafted, hugged binaries that I released about every couple of weeks, given Tor’s release cycle.

Anyway, so the title of the talk today, Exploring the Dark Web: Mostly for fun, sometimes for profit. As Paul mentioned, back in 2006 when Tor was trying to figure out should it go for-profit or non-profit, I sat down with Roger and talked to him about, well, you know, the goal is to release source code, the goal is to do good in the world, then you should be a non-profit because that’s how people in the world think. If you’re for-profit everyone will wonder, what are you doing, why are you giving this code, who is the target?
In 2009, the State Department through a partner gave Tor a million and a half dollars – and when you get a million and a half dollars to two MIT masters students, guess what they do with it? They do research and they produce white papers. And the State Department said, “No, no, no. We paid you a lot of money to actually produce stuff that people in the world want to use this. And they said, “Great. There’s a tarball.”

I was the secretary and treasurer of the Tor project, which is a 501c3 non-profit. I had a conversation with the program manager at the time whose name is Sarah, she’s now gone off to counterterrorism stuff, and she said, ‘Please, please, please quit your job.” I said, “Well, I work for a public company. They make a lot of money. You can’t afford me.” She said, “Okay. Well we’ll try and find you some more funding.” So they did and I did.

The first thing you run into when you ran Tor at that time was it’s slow. It’s still slow, compared to the native web right now. But 2004 to 2009 it was painfully slow. You would wait 5 to 10 minutes for a page to come back, and then you want to click on something else and you didn’t have an hour to kill to browse two pages. So the first thing I did was I abused my employer who had a bunch of build machines and we performance-profiled Tor to find out why it was slow, what it was doing, down to code level.

Since then, Tor has gotten much faster, mostly because the number of relays has increased – the number of exit relays in particular has increased. It doesn’t matter how many relays there are. For 99% of browsers in Tor it matters the exit relays. If you can’t get out of the network it doesn’t matter how fast you get to the end, you’re still bottlenecked at the end. Even with 7000 relays or so relays a day, there are still about 1000 exit relays, you’ve got a lot of traffic out.
I run some of those. A number of organizations run those. Some of the organizations – well most of the organizations or most people record the Tor exit traffic. They may not tell you that. They don’t want to publish it. People have published their exit traffic in the past and they’ve been bullied into not publishing ever again. And now ethics boards at universities don’t allow publishing of the data because the users could not opt in. How a user opts in on an anonymous network to be part of a study is a whole other question.

My first commit, Roger gave me a commit bit on December 25th, 2004. At six in the morning according to git commit logs, my first commit went through. So guess what I was doing Christmas day 2004? I was trying to fix bugs in Tor. Since then I’ve done a bunch of press interviews, been all over the place.

I’ve moved on beyond Tor. There are a number of dark webs out there. Which one you look at matters to what you are trying to find. Tor just has been in the news a lot mostly because of Silk Road. If you look at the graph of Tor searches and Onion browsing searches on Google, as soon as the Silk Road became popular all these people started going to find out; what is this Tor thing? How do I get to Silk Road? Holy crap, I can buy a joint on the internet and not from a sketchy teenager down the street!

There are a ton of other dark webs. There’s Perfect Dark, which is a big Japanese language, mostly anime sharing network. It’s not used much beyond that. It hasn’t had enough research to see how secure or not it is. There’s Freenet which actually was vastly more popular that Tor from the early 2000s. Freenet’s file sharing. It takes your bits and then blows them up into a million computers so you’ve got plausible deniability of what’s on your devices. At the same time it’s all encrypted and you can recover it to get your file back. There’s of course Tor. There’s I2P which is garlic routing. And it goes on.

There’s Retroshare, GNUnet, ZeroNet, Syndie, OneSwarm and Tribler – are the big sort of overlay networks that are used in the world. Each one sort of has their own community and how they use them. How you want to investigate… If you need to investigate crime or whatever, then you need to go figure out which network their using. A lot of times the problem law enforcement has is that there are so many technologies out there to use. The criminals only have to master one, law enforcement has to master all of them. Now it’s clear how law enforcement’s failing to master all of them because new ones keep coming up, just like botnets, just like ransomware. Someone creates a library, sells the library, and then 20 more versions come out and they’re all slightly different than the original.
So you have to go try and figure out what’s going on and who’s doing what, and then look into it and try to understand. The ‘try to understand’ part takes time, which is really frustrating having worked with investigations. Is that if something’s going to happen day to day and time – I’m thinking of the person who emailed a bunch of universities, said he planned to bomb Carnegie Mellon University and was going to detonate them all at the following times. You’re not going to find that time to go find the person, figure out who it is. They all came through Tor. They came through Guerilla Mail and others, which these Tor linked to Guerilla Mail. So the time law enforcement goes, “Hey, there’s Guerilla Mail. Here’s Tor. Oh, crap. It’s a Tor address.” And then go figure out who has the motive, who has the thing, what the speech patterns are, and meanwhile the clock is ticking to when these bombs may or may not go off. Luckily there were no bombs. It was just a disgruntled person. But you don’t actually know that at the start.

There’s also the case of the Harvard student by the name Kim. He used Guerilla Mail to do Tor. What we discovered in that was that he used Tor to get to Guerilla Mail to set up a bomb threat to evacuate just before his final exam, because he didn’t study. And what happened was that there was so little Tor usage on Harvard University’s network they just went interviewed everyone who was on Tor at the time that the threat was sent. It’s like a handful of people, and he confessed. Because when you have two FBI agents come right at you, along with Harvard University police, a bunch of other people if you’re a real criminal you pass it off, you say, “Oh, whatever. I use Tor to browse porn.” He said, “Yes, I did.” And that made it pretty clear who did it.

What I have here that you can’t see is the cool graph based on Google’s Zeitgeist about who’s querying for what over time. Freenet is about three times that of Tor until around 2010, or the Silk Road. And then Silk Road flipped it so that Tor became more popular than Freenet. All the other ones I mentioned, Retroshare, GNUnet, ZeroNet and all that stuff, that’s barely ever messaged. They’re a little blurb on the bottom.

What’s also interesting is which regions use which dark webs. Who do you think is the top country for Tor usage by Google queries?

PARTICIPANT: US. China.

LEWMAN: Bangladesh. Why Bangladesh? I have no idea. But this is what everyone’s looked at. Norway is number two, Italy is number three, Germany is number four, then comes Syria at number five, then Pakistan, and then Poland. Why, I don’t know.

PARTICIPANT: Because they mine databases.

LEWMAN: Yes. They also mine databases much more. The top countries for I2P are Russia and the Ukraine, and everything else is like Arab, within largely Arab. Freenet is almost all Germany. There’s almost no usage or queries or anything about Freenet and anything else besides Germany. Retroshare is heavily French and German, but actually when you look at it in more detail it’s more like the Alsace-Lorraine region, which is sort of at the border of France and Germany. And GNUnet is mostly France and Germany because the people that developed it are German.

So in 2014 I started crawling .onion sites. Just fired up Apache Solr, fired different scripts, and just sucked everything I could find into a database. Since 2014 I’ve crawled 114,000 roughly unique .onion domains.

Why did I start doing this in 2014? Because I went to a conference at the European Monitoring Centre for Drugs and Drug Addiction and it was about a symposium on drugs on the internet. And there were a number of researchers there. The number one complaint they all had was that they can’t reliably crawl Tor or I2P websites. Partially it’s because hidden service is just unreliable. They go up, they go down, the technology is slow and crawl is not that patient. Two because they didn’t fully understand what they were doing. They were trying to take like a standard crawler and just point it at a .onion and hope it worked, and for the most part it doesn’t – as anyone knows who crawls the dark web forums now. And then trying to crawl things like Tribler and OneSwarm which are bit torrent based became even more of a challenge. So I helped them… In those couple of days I helped them set up a crawler and pointed at forums on it and just let it go.

The other thing we did was we took the hidden wiki. There are about 27 hidden wikis that are out there and we took "The Hidden Wiki", because that’s what everyone said it was, seeded the list of domain names and just let it start going. In about six months we found about 15,000 new hidden services that were linked in forums or linked through affiliate networks where they show for one day or two days or whatever. It’s one .onion linking to another so you get a really cool graph, which you won’t see, which says, “Here’s the source site, here’s these other sites it talks to, here’s all the other sites they talk to.” Just a standard link diagram of who talks to who, how often they talk, and where it went from there.

So what do you think is the first problem you run into when you start crawling a bunch of .onion sites – besides the fact that they’re wholly unreliable? You find a lot of child abuse material. Shockingly fast. Shockingly unencrypted. Shockingly unprotected by credentials. There’s no login stuff for this. You start running into it - or you will.

I’m not going to show you child porn but it’s a picture of a girl holding a My Little Pony. It’s one of the ways enforcement does go after child abusers. There’s the image of the kid. You can also block out the image of the kid because everything else in the image matters more. What are they wearing? What is the background? What are they holding? How are they doing? And we actually collected so much of this stuff, I went to go talk to DHS and said, “Oh, so how do you anonymously…” Well how do you tell DHS, “By the way, I’ve collected a bunch of child porn by accident but I don’t actually collect any child porn, I don’t hold it whatsoever because that would be illegal.”

Thankfully our DHS agents who are part of the Child Exploitation and Obscenity Section of the DOJ and they had some lawyers work with me. I learned the definition of child abuse materials and child porn is different than one would think it is, and the laws regarding it are incredibly strict. And even some – most law enforcement agents, I think it’s I3 team, whatever section it is, don’t have the ability to view that. And they were happy to take it off my hands. It’s on the server. So I run the child porn crawls on their systems, not mine. It was under their jurisdiction.

2-Andrew Lewman, Inside the Dark Web

So I started going back to the European Monitoring Center and helping them crawl drug markets and figure out what are all these drugs on the internet. There is just a book published by EMCDDA which I have a chapter and I helped advise on the whole book about the internet and drug markets because crypto markets, as they call them, are becoming the new way to get drugs out. We also worked with a number of national police forces to figure out where these crypto markets go in the stack of organized crime. Transnational organized crime is not organized, but it’s organized in the fact that somebody gets together, someone has to be the supplier, someone has to be the distributor, someone has to do marketing, someone has to do the advertising, someone has to do affiliates. Think of any kind of business, the drug gangs work in the exact same way.

The crypto markets mostly fall into the advertising. The people that are lower ranking individuals. They are technical enough to set up a .onion site or a .i2p or whatever. There’s a lot of stuff they do inside gaming – and someone mentioned virtual gaming and currency before – there’s a lot of stuff that goes on inside there too, and that’s usually where you find is the lower ranking people get stuck with doing like street sales, which should be news to nobody.

What’s been happening though is that… There’s a screenshot of Agora, which is one of the markets that stayed online. They’ve moved from just drugs to identity credentials, counterfeits, electronics forgeries, jewelry, services for hire, a whole bunch of other stuff. Wherever something is illegal, one of these markets will sell it to your jurisdiction. A surprising number of them are now starting going to go language specific, which sort of belies who runs it, who their target market is. If it’s just Mandarin, if you’re Cantonese or something your target market is like Hong Kong and surrounds, so your supply, your organization is Hong Kong and surrounds. Which gives out a lot of information.

The Swiss… Switzerland has three different languages. The drug markets that target the Swiss French, versus Swiss German, versus the Swiss Italian sort of gives who’s likely running it and where they’re geolocated at and helps you hunt down stuff.

Passports are becoming the big thing since many passport agencies don’t have the security you think they would and/or all those terminals in the airport where they have you put your passport in for international flights, skimming is not just for credit cards. Your passport can be skimmed too and used to get a hold of information that they can go get and find and clone.

Since then I’ve worked with a number of police organizations to help take down some hidden sites that were serving up some horribly bad stuff. I won’t traumatize you with the content on there, but it brings child abuse and trafficking to a whole new level. It’s not so much the quantity, it’s the quality of what’s on there. Its that this is new stuff no one’s seen before. New kids. New people. Kids that have been brought up solely to be abused online, is what’s showing up. And all the money right now is on counter-terrorism but there’s plenty of money going towards child abuse because it’s become such a growing problem. So there’s the whole law enforcement side in all this.

What also happened is there is entrepreneurs, we’ll call them, who are moving from the open web – they’re easily being able to be tracked from their IP address to their financial information to their credit card information. The financial chain is the easiest way to hunt down any criminal, especially the unsophisticated ones who think they’re internet gods but don’t actually understand how the financial world works.

And revenge porn has become a thing. There is one site that made a lot of press called Pink Meth, which has since been taken down, because the Pink Meth site, much like Facebook and the DuckDuckGo site, the Pink Meth site was just another domain address pointing at the public Pink Meth dot com. So it was pretty easy to tell who hosted that, who was doing.

The way I got involved in it is one of the victims called up and blamed me for creating the technology that let her whole – all the pictures she’d shared with her boyfriend go up online and then get spread all over the world. And she had the… Her first response when people started contacting her was really angry and she started just insulting people, which just spread it further because the people who were trolling and attacking her now had a viable and angry target, and it just sort of made them entitled to keep going with it.
The real world effects of this have been a number of people who are affected by revenge porn are now committing suicide. These are mothers, these are fathers, these are teenagers. Predominantly women. And it’s unfortunate happening with the tie between the dark web and the real world is…

The dark web, most people felt that Silk Road, you know, what’s the matter? They’re just selling drugs to people will go buy drugs anyway. It’s a bunch of drug addicts. It’s totally harmless. It’s some libertarian dream. But as it moves beyond just the dark web to actually affecting people’s lives, this is where law enforcement gets involved. This is where people start to really questioning the main usage of the technology as negative. When you shut down the technology or it leads you to something to stop all the badness.

The revenge porn was just the start. The other slides is to correctly describe, but the affects are mostly psychological. It ties into that violence and victims of trafficking who have been just horribly psychologically abused, even though they know nothing about what the dark web is. And the real world consequences are trying to help the victims who have no control over what’s happening beyond what’s – stop sharing pictures. Many times they didn’t share the pictures. They broke up with an old boyfriend or something happened or a boss and they put the pictures online. And one part of it is well the quick answer most victims get is; well, don’t show the pictures at all, don’t take the pictures. But that sort of defeats the whole point of building a relationship with someone, especially if you’re in a long term intimate relationship, you’re going to have pictures of all sorts of stuff that you don’t think are worth anything until maybe after you break up, the jerk you break up with will then go post everything online to get back at you.

The most effective way to combat this has been legal. There’s a Cyber Civil Rights Initiative which is going after people hosting this stuff. Anybody who is a part of the dark web hosting and stuff. But actually many of the dark web people, when you eventually find a way to contact the person, whether it’s… It’s obviously never directly through the forum or whatever, many of them will take down revenge porn and child abuse. The ahmia search engine that Paul mentioned earlier, and Tor web, if you contact them and said, “The following sites are only serving up this, this or this,” they’ll strip it out the directory so you can’t search it, can’t find it anymore. Even criminals seems to have… Not to say that all of them on Tor are criminals – but the actual criminal hosting places even seem to have a moral thing of, if it involves absolute harm or gets in the way of their business then they will stop hosting it.

So, I’d worked with victims of domestic violence and stalking and revenge porn since about 2011. I didn’t realize what the effects were until it happened to me. So in 2014 there’s a blog post, you can look it up on Tor website. It’s my May 2014 trip report. I posted up a bunch of stuff. Sweden is pro, very pro-feminist, and I put up a bunch of just really basically what’s happening at the conference, on an internet forum. And it was a very weird comment showed up on Tor blog. It was the first comment. The first comment - and this is here. Well I guess you can’t see it. The first comment is, I’ll read it to you, “Ironic it takes an Arabic man, good looks not withstanding ‘wink wink’, to stand up for women on the internet at a conference about white men in the news.”
The ‘white men in the news’ I assume is because most of the comments were about Julian Assange and the WikiLeaks at the time and his Collateral Murder video, I was the one who wrote the thing. I’m not Arabic – I guess I’m darker skinned so I look Arabic. But then there’s more comments and then someone – I won’t read this, but someone really pissed off at WikiLeaks wrote a comment and it went from there, and I became the target of both the anti-WikiLeaks crowd and of pro-WikiLeaks crowd, and the pro-feminist crowd, and the anti-feminist crowd. All because of a trip report about Stockholm Internet forum in 2014.

The first instinct… So I talked to my friends in law enforcement and said, “Hey, check this out.” And they were like, “Yeah, dude. You know what to do about it. You created your own problem. You created Tor so we can try to figure out what it is but good luck.”

So the other thing which you can’t see is my Twitter direct messages. I joined Twitter, and I have a bunch of direct messages from apparently the person who posted the email, the ‘Arabic man’ thing and the anti-WikiLeaks and the pro-WikiLeaks people flood me with DMs about all sorts of stuff. And I started getting phone calls, then I started getting more threatening emails. I started getting mail at my house. Someone attempted to dox me but doxxed the wrong Andrew Lewman, which is amazing because there’s only three of us on the internet. One is in high school, one is an insurance salesman and then there’s me. I know this story because I met them because they all came to me and said, “Dude, what the hell did you do to us?”

[laughter]

And those are fun conversations you don’t want to have on the phone. “Hi. Great to meet you. I’m sorry I fucked up your life.”

And then when I started looking into the IP addresses, working with Twitter and the security and trying with law enforcement to figure out where this stuff is coming from, some of it came from Tor, some of it came from these other networks. And I started trying to figure out, well how secure is I2P actually? There’s a web proxy idea; how secure is that? How secure is… You know, there’s DeepSight. Same with Tribler. Somehow someone figured out how to get to Twitter through Tribler, and start trying to figure out how all this stuff is.

It turns out they’re not very secure. I2P is based on Java, and that’s a choice they made a long time ago. Java is riddled with holes. Most JVMs and most machines are riddled with holes. The jetty they use inside I2P is old and outdated and has some well known bugs. So there’s easy ways, if you’re willing to be in the gray area, to go after these sites.

To use the big… You won’t probably see this but DARPA put up a thing that here’s the big iceberg with the DARPA all over it. So they created a project called Memex to be the deep web search engine. The number one rule of Memex is that you can talk about Memex. The number two rule of Memex is you cannot operationalize any of the tools they create. So as someone no longer of the Memex project, I can operationalize their tools. They have hybrid spiders, they have forum spiders, they have a whole lot of cool things people have written to try to do link analysis and all this. And I use it against myself to try to figure out who’s posting what where and why are these idiots harassing me.

And I ran into a bunch of interesting people, mainly the Thorn foundation. The Thorn foundation does a lot of anti-sex trafficking and child sexual exploitation work. They were looking for help in trying to figure out how to use big data to actually find and identify the kids showing up. The vast majority of where they show up on is the clearweb. There is so much stuff out there. I think to your point, the billion or so websites on the clear web, law enforcement can’t keep with that. Google can’t keep up with it. You can still Google child abuse images in Google images and they’ll show up. Only if you flag it Google will take it down, or if an AI detects, hey this looks like a naked kid, take it down. So the vast majority of it, it’s all out there. It’s just a matter of harvesting it and putting it together and looking at where these people are.

By doing what I’ve done I ran into them because I actually run into a forum where they were talking about harvesting this stuff, and I was like, “Hey, this is what I have just from my own experience.” So the good of that is that we’re now working together to try to stop… Try to identify that stuff and make the tools a lot better because right now you get a lot of noise. You get a picture of people’s elbows who look funny. You get all sorts of… Anything looks skin colored shows up as potentially child abuse. And you can’t find it… You can’t filter through that human fast enough.

Most of this comes out of just curiosity. I just start exploring the dark web, I start looking at these technologies. I load them up. I run some I2P servers. I run some Tor relays, I run a Tribler node. I run a bunch of these things. And a lot of it is just to learn how do they work, what do they do, who is using it, and what can you do with it.

3-Andrew Lewman, Inside the Dark Web

Crime is like a water balloon. You squeeze a water balloon the water will go somewhere else. That’s what’s happened to crime. Crime is slowly being squeezed off the clearweb so where does it go? It’s not going to go away, it’s just going to go to the dark web. And you need the tools and technologies to understand the dark web to stop the bad uses of it so that you can have some successful technology going forward.

[applause: 0:00:22]

PARTICIPANT: So, I don’t pretend to speak for DARPA, but my best understanding of the policies that are set up for the Memex program. So they had this… They actually wanted to do work but they were gathering data about the live internet. And so my understanding is that they were allowed to do this on the understanding that it was only for research purposes. It’s not true that you can’t operationalize the tools, you just can’t use the data sets from there. They won’t pass those data sets over to people. But the tools are, you know, for transition and my understanding is that they do work with various agencies, and those agencies are actually using the tools that have been developed as part of Memex.

LEWMAN: Right. And the data sets that come out of that are used by the agencies then go back to Memex.

PARTICIPANT: They have to then go develop their own data sets but they use it using the tools that Memex produced. They just can’t have access to the research data sets. So it’s…

LEWMAN: Yup.

PARTICIPANT: So I read up… Maybe six months to a year ago I got the opportunity to meet Brewster who created the Internet Archive. Do you think there’s any place for a tool like that, or is it a matter of time before there’s an internet archive? Is it useful to have some place like that on the dark web?

LEWMAN: It’s useful in that… Well, immediately I jump to evidence collection, when you go to try to explain to a judge or – I was an actual witness in a case – they want to see what does that look like before you modified it? What does this stuff look like, and how was as it existed at the time is really important as hard evidence. I also think that if one of the dark webs takes off, whether it’s Tor or whatever it is, you’re going to want to… Some historian is going to want to see the early parts of what were the original sites created? Just like we look at that 1995 version of websites. They look hilarious now, 20 years later, but the same thing will happen if one of these dark webs take off. You’ll want to see who used it, what did they use it for? And it’s important from a historical perspective of where did you come from to where you are now.

PARTICIPANT: So is there something like that already existing?

LEWMAN: I don’t think there’s any of that existing. I have some of it just because that’s what I’ve done for just crawling, but it’s not intended to be as a work archive even.

PARTICIPANT: So how do you protect yourself as you’re crawling to not have things that cam…

PARTICIPANT: How do you not get arrested?

LEWMAN: Well, I made friends. I made some friends with law enforcement. What people have seen them mostly interested in is a list of sites. If something looks like – if it comes back with a keyword some of the Memex tools are actually classified for it, this is like child abuse. Stop crawling it, I shunt it over to DHS servers and DHS will encrypt it because they can. I can’t.

PARTICIPANT: So you’ll stop at a point.

LEWMAN: Yup. And an automated tool is still a question of I open myself to vulnerability but, yeah an automated tool is doing the classification and it’s not actually downloading and storing it, it’s just going through the content and if it turns this looks like child abuse, versus drugs, versus phishing, versus hit man or something. All that child… I don’t want to take a risk of looking at it. I’ll send it to DHS, and DHS will feed them through the list and crawl it.

PARTICIPANT: So there is still a… You’re not validating whether it is something. You’re pushing it into another…

LEWMAN: Right. Somebody else who can legally touch it just because it’s so toxic.

PARTICIPANT: That’s the gray area that I’m trying to understand. That this is the touching part.

MODERATOR: I think… Last question.

PARTICIPANT: So do you think that dark web usage will blow up more than half a percentage, will ever be 15, 20, 30% of how people access the internet when they go online? And if so, what’s going to lead to that?

LEWMAN: I think that yes the darknets will blow up. I don’t think any of the tools right now are the ones that are going to do it. Think back to 1995 you had to install your own tcp/ip stack to be able to do this stuff, and it was just too painful for 99%. That’s why AOL or CompuServe existed. Is that it was just way too complex for people to use and to do. It’s way too complex to set it up and host it. I2P has made it easy to host your own content with the click of a button, but you still have to install this thing and then you get to the text page and 99% of the world looks at it and goes, “I’ll just publish whatever I want.”
I think that someone will come along and make it vastly easier to use and that’s when it becomes much more popular. We started seeing that with Ricochet, Onion share. That they’re really easy. Create the .onion and host your content on it.

When somebody figures out an enterprise way to do that or a really easy point-and-click way to do that, that’s when I think it will start to become much more popular. Right now it’s sort of a toy. The most technology advanced people play with it. And I’m not going to place bets on which on the overlay networks is the winner. Maybe a new one will come out that’s vastly easy to use, and everyone just uses it.

Tribler has taken bit torrent to a whole new level where it’s completely peerless and you can stream videos. So that if you’ve never heard of Popcorn Time. Popcorn Time is a bit torrent app that was completely peerless but it was literally… It stole the content, the interface from Netflix, for your Netflix user experience research, so it would just copy it and you could stream off of like a thousand computers onto your computer. So you never had to download anything. It was dead easy. It had like a hockey stick of user acceptance, to be super-easy to use. Except they hosted it on popcorntime dot com, and obviously that’s the target and you shut that down and then people can’t find it and then usage goes away.

MODERATOR: Interesting. Andrew, you’ve done some great work in some dark places to get this together. Thank you very much.

LEWMAN: Thank you.

Video

The video is broken into three parts.

One of three:

[youtube https://www.youtube.com/watch?v=WLf-2E7new8]

Two of three:

[youtube https://www.youtube.com/watch?v=RplKwMHmL6E]

Three of three:

[youtube https://www.youtube.com/watch?v=w7iTi2Q08WQ]

Transcript

1-Andrew Lewman, Inside the Dark Web

2-Andrew Lewman, Inside the Dark Web

3-Andrew Lewman, Inside the Dark Web

Video

You should also read:

British passports being ‘sold on dark web’ for £750

The ghost in the machine: Darknet evolves as portal into hacker’s targets

Tracking Darknet: A Window into Attackers’ Motives, Methods and Targets, RSA 2017