While the darknet is comprised of many different hidden networks, the The Onion Router (Tor) is by far the most popular and well recognized. In 2006, when the US Naval Research Laboratories handed over Tor to a group of volunteers at the Tor Project, the network’s purpose was to provide a decentralized, censorship resistant platform for users to communicate and share information.
The Tor platform quickly became a haven for criminal activity, facilitating anonymous communication across underground digital communities and forums, elaborate drug marketplaces, child pornography and human trafficking. Consequently, de-anonymizing onion services hosting criminal content has been a focus of many three-letter acronyms government and law-enforcement agencies around the world. Academic researchers and computer network science experts have received numerous grants and government funding to extensively study de-anonymization attack methodologies and have subsequently published numerous journals on the subject, a number of which are sited here. many journal publications exist.
Over the years, DarkOwl has witnessed successful de-anonymization through various techniques including rendezvous point circuits (a.k.a. the cookie attack), time-correlation attacks, distributed denial of service attacks, which often force a criminal onion service to a LE-controlled guard node, (a.k.a. sniper attack), and circuit fingerprinting attacks.
Editors Note: This timeline is interactive. To navigate, use arrows to move right or left, and pinch to zoom. Click on any event to see more details.
While the Tor platform was built to offer a solution to individuals trying to avoid government surveillance and censorship, Tor has also allowed for dark websites with illegal content to flourish. The availability of private browsing networks such as Tor gave rise to other dark websites, communities, and forums. In recent years, the communities who use these technologies have increasingly overlapped with users of dark web adjacent tools that more closely resemble instant messaging platforms, such as Telegram and Discord. For this reason, DarkOwl does not limit their darknet collections to onion sites, but also aggregates data from other technologies such as ZeroNet, I2P, and transient surface-web paste sites.