WEBVTT

0
00:01.290 --> 00:07.980
Just to be sure that you've understood the key differences between browsing the surface web, using a traditional

1
00:07.980 --> 00:13.740
browser, browsing the surface web using Tor and browsing the Dark Web

2
00:13.980 --> 00:16.890
let's take another look at the key differences.

3
00:18.050 --> 00:24.890
Let's take the first case when using a traditional browser like Chrome, I access a regular website

4
00:25.130 --> 00:26.510
like Wikipedia.

5
00:26.570 --> 00:26.870
org.

6
00:31.410 --> 00:38.970
In this case, there is no anonymity and privacy, even though the connection is secured by encryption

7
00:39.330 --> 00:42.330
and no one can see the data we are transmitting,

8
00:43.020 --> 00:49.380
both my identity and the Wikipedia server are revealed by our public IP addresses.

9
00:50.010 --> 00:57.530
The fact that I am communicating with Wikipedia is also known by the service provider or anyone

10
00:57.540 --> 01:01.560
between the source and the destination that sniffs the traffic.

11
01:02.280 --> 01:05.060
Let's take a closer look at this example!

12
01:05.790 --> 01:11.460
I want to see the IP address of Wikipedia.org and then find out its location.

13
01:12.090 --> 01:15.990
The easiest way to find its IP address is to ping it.

14
01:16.590 --> 01:21.630
So I'm opening cmd.exe and I'm pinging Wikipedia.

15
01:25.170 --> 01:27.240
And this is its IP address.

16
01:27.720 --> 01:29.770
I'm copying it to the clipboard.

17
01:31.340 --> 01:34.760
Let's find out some details about the IP address.

18
01:35.300 --> 01:42.170
There are lots of online services there to do that and I'll choose a random one like ipfingerprints.

19
01:42.220 --> 01:42.800
com.

20
01:47.680 --> 01:50.240
And I'm pasting the IP address of

21
01:50.260 --> 01:52.210
wikipedia and discover. Perfect!

22
01:58.260 --> 02:05.190
We see the location of the server, which is in the Netherlands, in Amsterdam and they also put it

23
02:05.280 --> 02:05.970
on the map.

24
02:08.870 --> 02:12.180
This is where the Wikipedia's server is located.

25
02:13.420 --> 02:22.330
Let's try a whois IP lookup to see who's the owner of that IP address. And I'll use an online service

26
02:22.780 --> 02:24.610
called UltraTools.com.

27
02:31.660 --> 02:35.090
So using the services provided by it UltraTools.com

28
02:35.530 --> 02:38.560
I'm pasting the IP address of Wikipedia.

29
02:42.990 --> 02:46.460
And we see lots of information about the owner,

30
02:46.860 --> 02:49.020
its address and so on.

31
02:52.810 --> 02:55.060
Now, let's move to the client.

32
02:56.320 --> 03:03.940
My location and any other information about me can be collected by the destination server or even by

33
03:03.940 --> 03:04.690
a third party.

34
03:05.200 --> 03:08.770
We've discussed how it's done in the Web tracking lecture.

35
03:10.410 --> 03:12.910
So I'm opening tracemyip.org.

36
03:20.270 --> 03:27.800
And you see my public IP address, the location and the lots of other information like the operating

37
03:27.800 --> 03:33.500
system, the browser, the screen resolution and so on.

38
03:34.400 --> 03:38.720
Now let's take the second case. Using the Tor browser

39
03:38.810 --> 03:42.860
I'm visiting the same website, that resides on the surface Web.

40
03:43.820 --> 03:48.190
This is the Tor browser and I'm visiting Wikipedia.org

41
03:53.450 --> 03:55.960
And we see the same website as before.

42
03:56.390 --> 04:02.630
The main difference is that I'm not connected directly to Wikipedia Web server using my real

43
04:02.630 --> 04:03.290
identity,

44
04:03.530 --> 04:11.570
but through the Tor network, using some extra layers of encryption that hide my real identity and location.

45
04:13.560 --> 04:14.930
Let's check the or circuit!

46
04:16.900 --> 04:25.060
I'm connected to Wikipedia Web server through 3 Tor relays located on different parts of the globe.

47
04:25.660 --> 04:27.130
These are the relays,

48
04:28.430 --> 04:32.000
the Torah relays, known as onion routers.

49
04:32.780 --> 04:35.690
What is the information that is being revealed?

50
04:37.370 --> 04:44.990
My service provider can snif the traffic because it goes through its network and finds out that

51
04:44.990 --> 04:48.310
I'm using Tor; the Tor and relays are public.

52
04:48.440 --> 04:54.260
If I don't want it to know that I'm using Tor, then I can configure about Tor browser to use a bridge,

53
04:54.500 --> 04:56.600
which is in fact the secret Tor relay.

54
04:57.170 --> 05:00.050
Just go to settings - options

55
05:01.320 --> 05:01.670
and Tor.

56
05:07.250 --> 05:14.480
The first relay, which is known as the Guard relay,  only knows that I'm communicating with some

57
05:14.630 --> 05:15.470
other party.

58
05:15.950 --> 05:22.910
It doesn't know that I'm communicating with Wikipedia or how many other Tor relays are until the destination.

59
05:23.210 --> 05:26.920
It only knows that it has to forward the packets to the middle

60
05:26.920 --> 05:27.180
relay

61
05:27.650 --> 05:30.490
located in France. Then the middle

62
05:30.570 --> 05:31.590
relay knows

63
05:31.630 --> 05:35.990
that another tor relay sends it the data that 


64
05:36.080 --> 05:39.550
in turn it must forward to another relay, 

65
05:39.770 --> 05:46.580
in this example the exit relay. It doesn’t know neither my identity nor Wikipedia’s.

66
05:47.270 --> 05:55.370
And finally the exit relay knows that someone, that anonymously communicates with wikipedia and 

67
05:55.460 --> 06:01.370
forwards the packets to the web server. The exit relay doesn’t know my identity,


68
06:01.580 --> 06:02.330
it knows 

69
06:02.420 --> 06:05.850
only the identity of its direct neighbors.

70
06:06.800 --> 06:11.900
If I use the same online service to track my ip address I see another identity: 

71
06:12.620 --> 06:14.600
so tracemyip

72
06:15.030 --> 06:15.590
.org

73
06:16.610 --> 06:17.690
This is my identity.

74
06:20.570 --> 06:25.230
That's what a destination server can see about the client, about me.

75
06:26.510 --> 06:31.700
Note that each website uses its own unique secret.

76
06:32.060 --> 06:33.730
So this is another website

77
06:34.100 --> 06:36.050
and has another circuit.

78
06:36.460 --> 06:40.670
The exit relay is now located in France, in Paris.

79
06:42.500 --> 06:48.390
Back to the Wikipedia example note that the identity of Wikipedia is not protected.

80
06:48.920 --> 06:56.120
Its service provider knows that someone communicates with it and an authority knows the location of

81
06:56.120 --> 06:59.030
Wikipedia and is able to shut it down.

82
06:59.580 --> 07:00.610
Wikipedia runs

83
07:01.010 --> 07:02.060
on the surface web.

84
07:02.980 --> 07:09.700
Now, let's move on to the last case when I'm connecting to a hidden service, also known as an onion

85
07:09.700 --> 07:12.040
service or a Tor hidden service.

86
07:13.770 --> 07:17.340
Let's take any website on the dark Web like this one.

87
07:17.970 --> 07:20.160
This is a secure e-mail provider.

88
07:23.150 --> 07:24.230
Or this one.

89
07:25.820 --> 07:28.890
These are only two websites on the Dark Web.

90
07:31.680 --> 07:38.910
Now, both the client and the server are located inside the Tor network and are anonymous.

91
07:39.930 --> 07:43.310
By the way, the part before the .onion, 

92
07:43.650 --> 07:47.790
is a 16 character named derived from the services public key.

93
07:50.190 --> 07:53.930
No one knows that I am communicating with this website,

94
07:54.030 --> 07:57.060
the website the location, owner or address.

95
07:57.570 --> 07:58.560
It's all hidden.

96
07:59.940 --> 08:06.180
And if you click on the url bar to see the Tor circuit, you will find out that there are 6

97
08:06.230 --> 08:10.230
Tor relays between me and the hidden service.

98
08:11.520 --> 08:17.430
The connection is done through some Tor production points and the "rendezvous point" , without knowing

99
08:17.720 --> 08:25.470
the other's party identity. No authority is able to shut down the hidden service because its existence


100
08:25.560 --> 08:26.310
is hidden.

101
08:26.760 --> 08:34.050
There are lots of technical details about how this rendezvous protocol works and I'll attach are a source

102
08:34.050 --> 08:35.010
to this lecture,

103
08:35.250 --> 08:37.080
if you want to dive deeper into it.