Humans are social creatures. So it should come as no surprise that there are almost as many social networks on Tor as there are on the clearnet.

Of course, it depends on what you consider a “social network,” but there are both Facebook-like networks (where you add friends, join groups, etc.), as well as numerous forums (like The HUB, or any of the marketplace forums).

Don’t Judge A Blackbook by its Cove

word-image-115 anonymous - AOFIRS

Credit: El Cafe Paranormal

Blackbook was the first social network I joined when I started to use Tor. Does it look familiar at all? Yeah, it was, more or less, the Facebook of Tor, and used to be located at http://blkbook3fxhcsn3u.onion.

As with Facebook, you would join, create a profile, upload pictures, describe a little bit about yourself, and try to make friends. Here’s the catch: Blackbook was completely uncensored. Such things as nudity, white supremacist messages, self-harm photos, and the like were not off-limits in any way. I expected all this, so I wasn’t very shocked.

Speaking of which, you know how everyone uses their real names on Facebook? Blackbook was the exact opposite. Just about everyone, including me, used pseudonyms (in fact, mine was computer-generated). I also used a fake location, age, and just about everything else.

As you might expect, Blackbook had quite a few “groups” (much like those on Facebook) related to things you might find on Tor: drugs, hacking, carding, cryptography, etc. However, I learned some lessons the hard way; I went into this with my usual sardonic humor, and it came back to bite me in the ass (just a little).

Like Facebook, people would post statuses describing how they were feeling that day, etc. One time I posted a status along the lines of, “Hey everybody! I’m an escaped serial killer with 20 victims! Can I seek shelter here?” The crazy thing was, some people took it seriously. Later, someone sent me a message and said, “Dude, never joke around like that on the dark web. People tend to take stuff at face value.”

As with many of the darknet markets, Blackbook eventually shut down. I wasn’t that disappointed, but I noticed that a number of its former members migrated to other social networks. If you click on its former link, you’re greeted with this message:

word-image-116 anonymous - AOFIRS

In case that’s hard to read, it says “Welcome to the old home of Blackbook. We are working ons [sic] a new more secure website. Check out the 2017 Hidden Wiki draft. [address removed]. Thank you and we hope to be back soon.”

I’m curious as to what the new site will be like, if it goes up. That remains to be seen.

Galaxy and Galaxy2

word-image-117 anonymous - AOFIRS

Those of you who’ve used Tor for several years may remember the original Galaxy social network, an Elgg-based site created in 2013. It was one of the more popular social networks in its time.

That site, too, has since shut down, but a user named Lameth (a friend of the Galaxy creator) designed a successor called Galaxy2 (that has a similar format). I’ve actually become a member of the latter, though I haven’t been active in awhile.

word-image-118 anonymous - AOFIRS

As on Blackbook, you create a username, profile, add pics, describe yourself…all the usual stuff you would do on a social network. Also, like Blackbook, members generally use pseudonyms, and while some may use real photos of themselves, they’re in the minority. More often, the profile photos represent aspects of the user’s personality. For example, if someone’s a hacker, they might use a photo that represents coding.

Galaxy2, like its predecessor, has a feature called The Wire, in which you might hear things like, “All in the game, yo…all in the game.” Wait…wrong Wire. Ahem…actually, The Wire on Galaxy2 is a microblogging platform, similar to Twitter or Tumblr. As on those two, people generally write short snippets, or share photos and videos through it.

I do recall that one of the people I “met” on Galaxy2 was Harry71, of “Harry71’s Onion Spider” fame – this isn’t to say that we got to know one another on a personal level. I also came across several others who had popular sites in Onionland.

The main difference between the Galaxy sites and Blackbook, as I see it, is that it seems to be maintained quite well, and it has a very loyal and dedicated community that comes with time. Also, as stated in the rules above, “public commercial trade” is not allowed, which helps Galaxy2 avoid being eyed by law enforcement.

While some members may do so in private messages, commercial goods and services aren’t sold out in the open.

Overall, my experience on Galaxy2 has been positive, though I’ve more or less stayed under the radar for quite some time.

The Book of Tor

word-image-119 anonymous - AOFIRS

Beyond the two above, there have been several social networks using the name “TorBook,” which, like Blackbook, have intended to be the Facebook of Tor. Also, like Blackbook, TorBook (and its successors) have a similar layout and feel to Facebook, with a news feed, photo sharing, friend requests, etc.

The most recent version of TorBook, TorBook3, is up and running at j2k5m6rtorbook3w.onion. However, I have limited experience with this one, and based on the fact that the first two TorBooks have shut down, it’s possible that this one will as well.

Pros vs. Cons…

While the idea of using social media on Tor with a fake identity might be fun, it carries its fair share of risks.

Like certain markets and forums on Tor, most of the social networks require you to enable Javascript in your browser – otherwise the sites won’t function. Unfortunately, once you start whitelisting sites in Tor, this can create a distinct browser fingerprint, which is one of the things Tor was designed to reduce as much as possible.

Also, once you start running scripts, you run the risk of making yourself vulnerable to Java/Javascript exploits (to name a few) that would normally be blocked by the NoScript extension. If the point of Tor is anonymity, then becoming involved in Facebook-ish social networks kind of defeats the purpose.

The other possible risk is that these social networks (like some of the financial services) can be scams, in and of themselves. How, you ask?

Let’s take Blackbook as an example. Like many of the markets such as AlphaBay and Dream Market, Blackbook advertised services such as carding and drug sales. Regrettably, there was no reliable way to know what was a scam and what wasn’t, and my tendency was to just assume that any sort of paid service was a scam (which was why I didn’t buy anything on these sites).

While I may not have been scammed, I think it’s fair to assume that at least a few others did at some point.

That being said, risky or not, choosing to use these social networks is up to you. If you’re willing to take the risk, then go ahead.

Just keep in mind: with regard to the dark web, if it sounds too good to be true, it definitely is.

Author:  CIPHAS


Published in Social

It’s one of the Internet’s oft-mentioned ‘creepy’ moments. A user is served a banner ad in their browser promoting products on a site they visited hours, days or months in the past. It’s as if the ads are following them around from site to site. Most people know that the issue of ad stalking – termed ‘remarketing’ or ‘retargeting’ - has something to do with cookies but that’s barely the half of it.

The underlying tracking for all this is provided by the search engine provider, be that Google, Microsoft or Yahoo, or one of a number of programmatiic ad platforms most people have never heard of. The ad system notices which sites people are visiting, choosing an opportune moment to ‘re-market’ products from a site they visited at some point based on how receptive it thinks they will be. The promoted site has paid for this privilege of course. Unless that cookie is cleared, the user will every now and then be served the same ad for days or weeks on end.


Is this creepy? Only if you don’t understand what is really going on when you use the Internet. As far as advertisers are concerned, if the user has a negative feeling about it then the remarketing has probably not worked.

If it was only advertisers, privacy would be challenging enough but almost every popular free service, including search engines, social media, cloud storage and webmail, now gathers intrusive amounts of personal data as a fundamental part of its business model. User data is simply too valuable to advertisers and profilers not to. The service is free precisely because the user has 'become the product' whose habits and behaviour can be sold on to third parties. Broadband providers, meanwhile, are increasingly required by governments to store the Internet usage history of subscribers for reasons justified by national security and policing.

The cost of privacy - dynamic pricing

Disturbingly, this personal tracking can also cost surfers money through a marketing techique called 'dynamic pricing' whereby websites mysteriously offer two users a dfferent bill for an identical product or service. How this is done is never clear but everything from the browser used, the search engine in question the time of day, the buying history of the user or the profile of data suggesting their affluence may come into play. Even the number of searches could raise the price.

This seems to be most common when buying commodity services such as flights, hotel rooms and car rental, all of which are sold through a network of middlemen providers who get to decide the rules without having to tell anyone what these are. Privacy in this context becomes about being treated fairly, something Internet providers don't always seem keen to do.

ISP anonymity – beware VPNs

Achieving privacy requires finding a way to minimise the oversight of ISPs as well as the profiling built into browsers., search engines and websites. It is also important to watch out for DNS nameservers used to resolve IP addresses because these are increasingly used as data capture systems.

At any one of these stages, data unique to each user is being logged. This is especially true when using search engines while logged into services such as Google or Facebook. You might not mind that a particular search is logged by the search provider but most people don’t realise how this is connected directly to personal data such as IP address, browser and computer ID not to mention name and email address for those services. Put bluntly, the fact that an individual searched for health, job or legal advice is stored indefinitely as part of their personal online profile whether they like it or not.

In theory, the traditional way of shielding Internet use from ISPs can be achieved using a VPN provider. Techworld recently covered free VPNs available to UK users in a standalone feature so we won’t repeat its recommendations here but it is critical that the user doesn’t make naïve assumptions about this technology. A VPN creates an encrypted tunnel from the user’s device and the service provider’s servers which means that any websites visited after that become invisible to the user’s primary ISP. In turn the user’s IP address is also hidden from those websites. Notice, however, that the VPN provider can still see which sites are being visited and will also know the user’s ISP IP.

Why are some VPNs free? Good question but one answer is that they can perform precisely the same sort of profiling of user behaviour that the ISP does but for commercial rather than legal reasons. In effect, the user has simply swapped the spying of one company, the ISP, for another, the VPN.

Post Snowden, a growing number advertise themselves as ‘no logging’ providers, but how far the user is willing to go in this respect needs thought. Wanting to dodge tracking and profiling is one thing, trying to avoid intelligence services quite another because it assumes that there are no weaknesses in the VPN software or even the underlying encryption that have not been publically exposed. With that caveat:

Best 7 online privacy tools 2016 – VPNs


IPVanish is a well-regarded US-based service offering an unusually wide range of software clients, including for Windows, Mac and Ubuntu Linux, as well as mobile apps for Android, iOS and Windows Phone. There is also a setup routine for DD-WRT and Tomato for those who use open source router firmware. Promoted on the back of speed (useful when in a coffee shop) and global reach as well as security. On that topic, requires no personal data other than for payment and states that “IPVanish does not collect or log any traffic or use of its Virtual Private Network service.”

Costs $10 (about £6.50) per month or $78 (£52), and even accepts payment in Bitcoins.


Another multi-platform VPN, Romanian-based Cyberghost goes to some lengths to advertise its security features, its main USP. These include multi-protocol support (OpenVPN, IPSec, L2TP and PPTP), DNS leak prevention, IP sharing (essentially subnetting multiple users on one virtual IP) and IPv6 protection. Provisions around 50 servers for UK users. Also says it doesn’t store user data.

Pricing is based on the number of devices protected. Premium covers one device and costs £3.99 per month while Premium Plus costs £6.99 per month for up to five devices.

Best 7 online privacy tools 2016 – Privacy browsers

All browsers claim to be ‘privacy browsers’ if the services around them are used in specific ways, for example in incognito or privacy mode. As wonderful as Google’s Chrome or Microsoft’s Edge/IE might be their primary purpose, we’d bed to differ. The companies that offer them simply have too much to gain from a world in which users are tagged, tracked and profiled no matter what their makers say. To Google’s credit the company doesn’t really hide this fact and does a reasonable job of explaining its privacy settings.


Firefox by contrast is by some distance the best of the browser makers simply because it is does not depend on the user tracking that helps to fund others. But this becomes moot the minute you log into third-party services, which is why most of the privacy action in the browser space now centres around add-ons.

We recently updated our look at the other privacy browsers on the market, including services such as Tor, but failing that users can resort to add-ons.

Disconnect Private browsing

Disconnect is a slightly confusing suite of privacy add-ons offering private browsing and visibility (control over tracking cookies, including branded social sites), private search, essentially a VPN dedicated to the anonymous use of search engines. The former worked fine on Firefox while the latter required Chrome. There’s also a Premium desktop version that bundles these features and more into a single service for up to three devices for an annual fee

Disconnect is essentially the VPN idea presented in a different way with browser add-ons for those not wanting to go that far. The service says it neither collects not stores personal data beyond that required for payment and does not disclose any of this unless legally required to do so.

The add-ons are free while Premium costs $50 per annum. Mac/iOS users are offered a separate service, Privacy Pro, for the same price.

Best 7 online privacy tools 2016 – Privacy search engines

It might seem a bit pointless to worry about a privacy search engine given that this is an inherent quality of the VPN services already discussed but a couple are worth looking out for. The advantage of this approach is that it is free and incredibly simple. Users simply start using a different search engine and aren’t required to buy or install anything.


The best know example of this is DuckDuckGo, which was embedded inside Mozilla’s Firefox in November 2014. What we like about DuckDuckGo is protects searches by stopping ‘search leakage’ by default. This means visited sites will not know what other terms a user searched for and will not be sent a user’s IP address or browser user agent. It also offers an encrypted version that connects to the encrypted versions of major websites, preserving some privacy between the user and the site.

DuckDuckGo also offers a neat password-protected ‘cloud save’ setting that makes it possible to create search policies and synch these across devices using the search engine.

Oscobo UK search

Launched in late 2015, Oscobo competes head-on with DuckDuckGo but in truth is almost identical bar the fact that it returns UK-specific search results by default (DuckDuckGo requires a manual setting). As with DuckDuckGo, the search results are based around Yahoo and Bing although the US outfit also has some of its own spidering. Beyond that, Oscobo does not record IP address or any other user data. According to its founders, no trace of searches made from a computer are left behind. Where does it make its money? As with any search engine, from sponsored search returns.

Best 7 online privacy tools 2016 – DNS nameservers

Sister title Computerworld UK recently covered the issue of alternative DNS nameservers, including Norton ConnecSafe, OpenDNS, Comodo Secure DNS, DNS.Watch, VeriSign and, of course, Google. The attraction of these is overwhelmingly performance and sometimes deeper levels of domain security. We highly recommend them compared to ISP DNS equivalents on that basis.

However, as with any DNS nameserver, there are also privacy concerns because the growing number of free services are really being driven by data gathering. The only way to bypass nameservers completely is to use a VPN provider’s infrastructure. The point of even mentioning them is that using an alternative might be faster than the ISP but come at the expense of less privacy.


Available on and, DNS.Watch is unique in offering an alternative DNS service without the website logging found on almost every rival. We quote the firm: “We're not interested in shady deals with your data. You own it. We're not a big corporation and don't have to participate in shady deals. We're not running any ad network or anything else where your DNS queries could be of interest for us.”

Best 7 online privacy tools 2016 – Privacy utilities

Abine Blur

Blur is an all-in-one desktop and mobile privacy tool that offers a range of privacy features with some adblocking thrown in for good measure. Available in free and Premium versions ($39 a year) on Firefox and Chrome only, principle features include:

- Masked cards: a way of entering a real credit card into the Blur database which then pays merchants without revealing those details. Using this feature requires a Premium subscription ($39 per annum) and incurs additional credit card processing fees each time the card is charged with credit.

- Passwords: similar in operation to password managers such as LastPass and Dashlane without some of the layers of security and sophistication that come with those platforms. When signing up for or encountering a new site Blur offers to save or create a new strong password.

Masked email addresses are another feature, identical in principle to the aliases that can be used with webmail systems such as Gmail.  Bur’s management of these is a bit more involved and we’d question whether it’s worth it to be honest were it not for the single advantage of completely hiding the destination address, including the domain. Some will value this masking as well as the ease of turning addresses on and off and creating new ones. On a Premium subscription it is also possible to set up more than one destination address.

- Adblocking: with the browser extension installed, Blur will block ad tracking systems without the conflict of interest are inherent in the Acceptable Ads program used by AdBlock Plus and a number of others.  We didn’t test this feature across many sites but it can be easily turned on and off from the toolbar.

- Two-factor authentication: Given the amount of data users are storing in Blur, using two-factor authentication (2FA) is an absolute must. This can be set up using a mobile app such as Google Authenticator, Authy or FreeOTP.

- Backup and Sync:  Another premium feature, this will synch account data across multiple devices in an encrypted state.

- Masked phone: probably only useful in the US where intrusive telemarketing is a problem, this gives users a second phone number to hand to marketers.  Only works in named countries including the UK. Only on Premium.

Overall, Blur represents a lot of features in one desktop/mobile browser extension. Limitations? Not terribly well explained in places and getting the best out of it requires a Premium subscription. Although the tools are well integrated and thought out most of them can be found for less (e.g. LastPass) or free (e.g. adblocking) elsewhere.  The features that can’t are masked phone and masked card numbers/addresses.

Author:  John E Dunn


Published in Internet Privacy

We’re frequently told Brits don’t care a fig-leaf for online privacy. But one London-based startup is about to test that theory — it’s just launched an anonymous search engine, called Oscobo, initially serving up search results specifically for the U.K. market. (Although the intention is to scale the model to other European markets in time too.)

The founders are starting with the U.K. because they reckon Brits do care about not being snooped on online — certainly once they are made aware of how much tracking is being done in the background by dominant search engines like Google. And if offered an easy to use alternative, which is where they’re hoping Oscobo will come in.

Think of it as a DuckDuckGo that serves up U.K.-specific results by default…


One of the two co-founders, Fred Cornell, used to work at Yahoo, so has seen the evolution of the search and online ad industry up close. “I worked for Yahoo for over 12 years and I really like Yahoo but I saw first hand how the industry tracks users, uses personal data, keeps pushing harder to make even more money from harvesting more of the data,” he tells TechCrunch.

“Search engines, ad exchanges, advertisers, publishers, data traders, everyone’s at it. And I became uncomfortable with the whole scene and decided I wanted to provide an alternative and a better deal for users who are concerned with online privacy.”

Go back more than a decade and Cornell argues there used to be a fair ‘social contract’ in place between the web user and the online advertisers and publishers. But in recent years he says that balance — i.e. of looking at an ad and getting to view some free content — has become hugely skewed, with far more personal data being harvested than can be justified. (And of course he’s not the only one saying as much.)

“Over the last — particularly the last five, six years, with the rise of ad exchanges and data harvesting — I think that that social contract is in breach… more personal data is being collected than is actually needed and the user has very little say in this,” he says, adding: “People are starting to become concerned about what happens with their personal data, how is it being used and so on.”

He points to huge growth in the privacy search segment, outstripping the overall rate of growth in search (a $62.5 billion global market last year), as another encouraging factor. Last summer, for instance, DuckDuckGo said it had grown 600 per cent over the past two years in the wake of the Snowden revelations about government mass surveillance programs.

Also on the rise in recent years: ad blocking — a technology increasingly associated with the privacy/anti-tracking movement, not just with pure-play ad-blocking. Last year Apple also threw its weight behind the online privacy cause very publicly. And where Cupertino walks others are bound to follow.

“We think that this is right on time to do something like this,” says Cornell.

“We’ve been following DuckDuckGo in the States and we’ve realized that via education they’ve managed to grow the traffic… They have really validated this marketplace,” adds co-founder Rob Perin, who used to work at BlackBerry. “The U.K. marketplace is a very ethical marketplace, I think people do believe very much in their rights.”

Oscobo is licensing its search index from Bing/Yahoo so does not have any semantic search tech of its own. Unlike European rival Hulbee, a Swiss tech company, which last year launched its own pro-privacy consumer search engine in Europe — and raised a bunch of money — another sign of growing interest in non-profiling consumer search.

Licensing its search index from companies that have already spent billions on competing with Google does at least mean Oscobo is sidestepping the problem of trying to compete head on with Google’s tech. On the advertiser side, they also have a deal in place with Yahoo’s ad marketplace — doubtless leveraging Cornell’s industry connections there.

So what’s the business model? How is Oscobo planning to make money if it’s not being evil tracking and data mining its users a la the Google goliath?

Its model is simple paid search, based on bare-bones search data (i.e. whatever string a user is searching for) and their location — given the product is serving the U.K. market this is assumed to be the U.K., but whatever search string they input may further flesh out a more specific location.

“We think it’s a bit of a myth that you need to track users, store IPs and profile them and cookie them to make money for paid search. What the advertiser is paying for is the intent behind someone typing in a keyword… So we still think that there’s a lot of money to be made in paid search without having to keep IPs and profile users and keep track of them wherever they go, offline or online or with mobile phones and so on,” says Perin. “We essentially throw the IP address away straight away, we don’t even log it. We don’t drop any cookies.”

How much money? Oscobo says the privacy segment of the search market was worth about 0.1% in 2014 but reckons it will grow to between 0.5 to 0.7% this year (a projected growth rate of 200% to 300% year-on-year). Which may not sound like much but the overall search market is forecast to be worth $71.8 billion this year so you can see why they’re keen to cut themselves a very small slice of that.

“We’ve got a proven business model. This generates revenue — it’s a very simple model. It’s advertiser driven. So we’re not here to grow the community and milk it later. We should be financially viable from day one,” says Cornell.

“Google have other objectives [than search]. We are forfeiting [user profiling] data to prove a pure and open service where the social contract is you come to our site, the first two links you get will be sponsored ads. If you choose to click on them it’s fair enough there’s an agreement there. If you don’t we don’t look to see where you go afterwards and when you turn on your mobile phone.”

“In terms of targeting there is a very well defined marketplace for U.K. ads for Yahoo and Bing, and that’s for the U.K., the marketplace we tap into, and then we target the keyword,” adds Perin.

The startup is privately funded at this point, including by the co-founders. Depending on how quickly they intend to scale — by launching horizontal pro-privacy products for other European markets — they say they might seek to raise additional funding.

“This year we have a roadmap. We will be rolling out into other countries. We will be providing country-specific search in those countries. For the time being we’re focusing our attention on the U.K., and as it does expand of course we’ll be open to investors,” says Cornell. “Our challenge in Europe different to DuckDuckGo is they have one big market in the U.S. America’s always lucky to have that. We go cross culture. So we’d have to have this conversation in German and Italian and Spanish and whatever.”

Published in Search Engine


World's leading professional association of Internet Research Specialists - We deliver Knowledge, Education, Training, and Certification in the field of Professional Online Research. The AOFIRS is considered a major contributor in improving Web Search Skills and recognizes Online Research work as a full-time occupation for those that use the Internet as their primary source of information.

Get Exclusive Research Tips in Your Inbox

Receive Great tips via email, enter your email to Subscribe.