Towards the beginning of this series we covered Tor. Today we are covering Tails (The Amnesic Incognito Live System), a live operating system that can be run from USB stick, DVD, or SD card. It runs Tor and can be used to maintain maximum privacy since it routes all traffic through Tor.
What you’ll need:
Once you have a USB stick download and install Tails.
After you have installed Tails you want to plug it into your computer and reboot. Be sure to go into your BIOS and make USB your first boot device. Or (if applicable) hit the key to select boot order at startup.
When you have booted into Tails you will have the option to set an Administrative password by clicking Yes. This will allow you to install additional software and make system changes. For most users needs this will not be needed.
If you wish to save files encrypted to the USB drive you will need to enable persistence.
There is a lot of hype around about the Darknet being a seedy place full of drug dealers and pedophiles. To be honest there is that sort of thing going on. But this is not an episode of Mr. Robot so we’ll not sensationalize it.
So what is the Darknet?
What most people refer to as the “Darknet” is really a network of servers and clients used for Tor. Which is what is called “onion routing”. When you are on the regular Internet you open your browser and type in a URL like this site (jascha.me). That domain name is then translated by DNS (Domain Naming System) into an IP (Internet Protocol) address (188.8.131.52). This is where the server is that hosts this site. So it is a direct connection from your computer to this site.
With Onion Routing there are a worldwide network of servers that are called Tor Exits. So if you are using Tor you type in the URL you wish to visit (jascha.me) then via an encrypted tunnel it is randomly sent through Tor relays and comes out at a random Tor Exit. The exit being a means of allowing traffic out of the Tor network and back to the regular Internet.
But to understand the Darknet you have to also understand Tor Hidden Services. These are servers that run exclusively in many cases on the Tor network. Using the .onion extension to be accessed as a normal DNS name might be like duckduckgo.com.
The most famous Darknet site is probably The Silk Road, which was like an eBay for anything illicit. Along with also helping to give the technologies behind it a black eye in the media. But in reality Tor and Onion Routing was started by the US Navy and is (or has been) sponsored by NSC, DARPA, and many others.
An example of a site also available as a hidden service is DuckDuckGo search.
duckduckgo.com > 3g2upl4pq6kufc4m.onion
Many journalists and people who live under repressive regimes use Tor to freely access information. So you too can use it for this reason. By using Tor you protect your anonymity to a great degree.
So how do I get this Tor thing?
The easiest way to get Tor on your computer is to use the Tor Browser.
Once you install and start Tor Browser it will check for updates then you can browse the Internet. Keep in mind that is you enable scripts for some sites that will leak information about you. Also note that by routing you all over the world the speed will be a bit slower than your regular connection (non-Tor’d).
Donate to the Tor Project!
Note: There are other P2P privacy networks similar to Tor we’ll be covering later in this series.
Many people seem to think that hosting a Tor hidden service is a complex or daunting task. But with Docker you can do it easily and reliably. In this example we will setup a dedicated hidden service (a hidden site in this instance).
First we’ll assume you have docker running on the computer you want to host the hidden service.
In this example we’ll make a directory to contain the configs for the hidden service so we will have the same .onion address. You may want to not mount this in order to get a new address every time you start the container depending on your use case. But here we’ll store it so we can maintain the same address over restarts.
We’ll also start Nginx to host the example site.
First start the Nginx container:
docker run -d --name hsnginx -v /home/username/hiddenservice/www/:/usr/share/nginx/html:ro -d nginx
Here you are telling Docker to run as a daemon with HTML files located in www directory of hiddenservice directory of username. Here we name it hsnginx to use with linking the hidden service container itself.
Now start the hidden service container:
docker run -ti --link hsnginx -v /home/username/hiddenservice/config/:/var/lib/tor/hidden_service/ -d goldy/tor-hidden-service
This starts Tor and serving the hidden service provided by linking to hsnginx. To see the .onion name of your service look in /home/username/hiddenservice/config/ for the hostname file under hsnginx.
You now have a hidden service running Nginx. You can also use Apache or WordPress or any other initial container.
DISCLAIMER: I have only tested this on an Ubuntu Linux server and can not guarantee that your hidden service running in this manner will or will not leak information that might help to identify who is hosting it. Please do your own due diligence if wanting to use Docker to host a hidden service that needs complete anonymity. If you were to use Docker containers to host your hidden service you would most likely also want to add a restart policy to the run command. Use at your own risk.