Encryption is the cornerstone of the Dark Web. Most of the Dark Web exists on the Tor Hidden Services network. Tor - the onion router - uses multiple layers of complex encryption and random routing to protect your identity. Even the surface web is making an overall shift to encryption as the default. Modern browser like Google Chrome will now give a dire warning if you access encrypted surface websites.
However, just because the substrate of the Dark Web is made from tough encryption technology doesn't mean everything you send to a Dark Web destination will be protected. Believe it or not, email is a very important form of communication on the Dark Web and the basic technology behind email is very insecure indeed.
Email on the Dark Web
If you're on the Dark Web, how can you communicate privately with someone else? You don't want to use a centralized communication system such as a forum or website messaging tool. That data is going to be available to some sort of third-party. Which means you really shouldn't share any information that could be a problem if a third-party gets their hands on it.
Anonymous, secure email addresses solve this problem for the most part. The problem is that while the email provider's encryption will most likely protect your messages from interception, they can still read whatever you send. That's where a technology known as PGP comes into play. Allowing you to take control of any email text you send to a destination on the Dark Web.
What is PGP?
PGP is short for Pretty Good Privacy, but don't let the name fool you. It's actually an incredibly powerful encryption technology that has been protecting all sorts of sensitive communication.
Journalists in particular love to use it to communicate with sources. You'll see them refer to PGP in places like Twitter handles, allowing anyone to contact them securely and verify messages from them are real.
It was first released all the way back in 1991 and developed by Symantec. Since then it has developed better security, patches any security holes and generally kept up with the privacy needs of the modern internet.
PGP is special mainly because it finely balances the strength if its encryption algorithm with the speed and ease of encryption. In other words. it's not the strongest encryption out there, but it's strong enough to keep just about everyone out.
How PGP Works
PGP is an example of an asymmetric encryption system. This means that each person has two encryption keys - private and public.
You can use their public key, which is usually published somewhere, to encrypt any information you wish to send them. Only their private key can unlock the information.
This is why private keys have to be protected at all cost. If someone comes into possession of your private key, they can unlock every message that has ever been sent to you.
PGP can also be used as a form of authentication. This basically works the other way around from the process described above. You encrypt your digital signature with your private key and the fact that your public key can be used to decrypt it proves that you are the one that sent the message.
PGP and the Dark Web
In many ways, PGP fits the spirit of the Dark Web pretty well. It's not just a point and click solution. It takes a bit of nerdy knowledge to use PGP properly. Encrypting or signing a message using PGP makes you feel like a real hacker and that's not meant as a disparagement.
Yes, there are now quite a few end-to-end encryptions messaging providers that offer just about the same thing as PGP. They generate encryption keys locally and handle all the various handshakes and authentication. However, the company itself doesn't know what your key is and as such can't read your messages.
So products like Whatsapp, Signal and Telegram offer what should be the ultimate privacy triumph. For most people, this is (and should be) enough. It's security far beyond the reasonable expectations one might have. These secure apps are the bane of organizations such as the FBI. Simply because they don't have the money or resources to decrypt even a single message.
Yet for the paranoid and hacker elite of the Dark Web, this is not enough. PGP encryption means baring the nuts and bolts of the encryption process. Only when they have witnessed every detail of the sausage being made do they feel some level of assurance.
Before you even think of using PGP, you should know that there's a current vulnerability that's quite serious. It's called Efail and has had a devastating effect on the trust people have in PGP. When the problem was discovered the general recommendation was that everyone should stop using PGP until it was fixed. Wired went out on a limb and declared PGP is dead.
Since then the most important PGP tools have been patched. However, you would be reasonable in doubting the wisdom of going straight back to PGP again. Many outlets have recommended moving to platforms such as Signal, but the open nature of PGP still makes it appealing for Dark Web use.
The good news is that you can read our PGP guide right here on TechNadu. Once you've done it a few times you'll realize it's actually pretty easy!
Have you used PGP to send your own clandestine messages? Do you know of a better alternative? Let us know in the comments. If you think this article is great, please share it with your friends. Don’t forget that you can follow us on Facebook and Twitter. Thanks for reading!