The Surface Web, AKA Clearnet vs. Darknet
The digital realm is split into two distinct segments concerning anonymity: Clearnet and Darknet. Their primary distinction lies in traceability. Clearnet operates with mutual awareness between sources and destinations; during any exchange, the origin is aware of the destination’s address, and vice versa. This is the commonly used Internet, where accessing sites like www.google.com or www.amazon.com involves your browser identifying their precise IP addresses, making them traceable. Concurrently, these sites can trace your IP address.
For instance, entering www.google.com into your browser initiates a process where the operating system translates this hostname to its IP address, currently identified as 126.96.36.199. Through geo-location and WHOIS lookups, one can ascertain that this IP is located in Mountain View, California, USA, and is registered to Google LLC ISP.
In the same vein, Google can identify the IP address of any connecting client. With TCP/IP protocols underpinning the web, both the server and client are aware of each other’s IP addresses during any TCP or UDP communication. This mutual knowledge allows both parties to ascertain the geographical location and ISP of the other.
Typically, clients use private IP addresses (for example, 192.168.0.5) that are non-routable on the Internet. These connections pass through a NAT (Network Address Translation) process at a gateway. The gateway’s public IP address remains visible and traceable, whether it’s managed by an organization or a local ISP. However, it’s important to note that NAT’s role isn’t to provide anonymity but to allow multiple private systems to share a public IP address.
Clients seeking anonymity while surfing the web often turn to a VPN (Virtual Private Network) service. A VPN enables the client, such as a web browser, to avoid a direct connection with the target server (for instance, google.com). Instead, it forms an encrypted end-to-end tunnel with a VPN server, which could be located anywhere globally. The connection to the intended server then happens via this VPN. In this scenario, the target server interacts with the VPN server and only identifies the IP address of the VPN, perceiving it as the client. The real client’s identity remains concealed.
A VPN’s primary function is to cloak the client’s identity during internet browsing. However, it doesn’t render websites anonymous. In the Clearnet environment, website traceability is a given. Our focus shifts to creating an anonymous website, one that users can visit without discerning its actual IP address or geographical location.
The Onion Router: TOR
Tor, an acronym for The Onion Router, ranks among the most prevalent Darknets currently in use. It facilitates anonymous interactions among users, assuring confidentiality, privacy, and freedom. Confidentiality emerges from the application of robust cryptographic methods like SSL/TLS. Privacy is achieved through the anonymity ensured by routing messages across several relays. In this relay chain, each router has knowledge only of its immediate predecessor and successor, not the entire chain. Freedom is inherent in Tor, permitting users to exchange and access information freely, without constraints.
The provided diagram illustrates a common instance of a Tor client visiting a publicly available website. When using the Tor browser, the initial point of contact is with an Entry Guard, a Tor relay unaware of its position as the chain’s first relay. The Entry Guard remains oblivious to whether it connects to another relay or directly to a client. This Entry Guard then establishes a link with a Middle Relay, which in turn connects to another Middle Relay. Culminating the sequence is the Exit Relay, which forms the connection to the public website. In this relay sequence, each node is only aware of its immediate predecessor and successor, remaining ignorant of the full chain. The public website, recognising a connection via Tor, cannot identify any system beyond the Exit Relay. Thus, to the public website, it appears that the Exit Relay initiates the connection. An accompanying image displays a list of Tor Relays encountered when accessing the Google website (clearnet) through the Tor browser.
The process of establishing a connection via Tor begins with the Entry Guard (188.8.131.52) located in Germany. From there, it moves to a Middle Relay (184.108.40.206) in the Czech Republic and concludes with the Exit Relay (220.127.116.11) in Romania before reaching Google’s server.
Tor employs a method known as onion routing to ensure user anonymity. In essence, when a message is sent to a distant server through the Tor browser, it is wrapped in several layers of encryption. As the message travels through the Tor network, each relay decrypts only one layer. The final relay in the chain, the Exit Relay, removes the last encryption layer and forwards the message to its intended server. This multi-layered encryption process lends onion routing its name.