OnionScan Checks for Falsely Advertised Anonymous Sites on Dark Web
July 6, 2016
Dark Web sites are not exempt from false advertising about their anonymity. A recently published article from Vice’s Motherboard shares a A Tool to Check If Your Dark Web Site Is Really Anonymous. The program is called OnionScan and it determines issues on sites that may unmask servers or reveal their owners. An example of this is that could potentially be metadata, such as photo location information, hidden in images on the site. Sarah Jamie Lewis, an independent security researcher who developed OnionScan, told Motherboard:
The first version of OnionScan will be released this weekend, Lewis said. “While doing some research earlier this year I kept coming across the same issues in hidden services—exposed Apache status pages, images not stripped of exif data, pages revealing information about the tools used to build it with, etc. The goal is [to] provide an easy way of testing these things to drive up the security bar,” Lewis added. It works “pretty much the same as any web security scanner, just tailored for deanonymization vectors,” she continued.”
It is interesting that it appears this tool has been designed to protect users from the mistakes made by website administrators who do not set up their sites properly. We suppose it’s only a matter of time before we start seeing researchers publish the number of truly secure and anonymous Dark Web sites versus those with outstanding issues.
Megan Feil, July 6, 2016