Comment by 🛸 bluesman
Re: "Are we making a "dark web"? According to the media, the "…"
@lab6 The Lupa search engine lists thirteen Gemini .onion addresses. I've looked at most and none are "dark" or even remotely "shady". I've also found a number of .onion Gopher sites in my time testing my client. I haven't stumbled on any Nex or Spartan hidden services yet. Except for one capsule, I'm not sure anonymity is the purpose either as the same content is often available in the clear. I imagine most "small web" .onion sites are tech demos. Nothing nefarious. I host one on a PI 3 mostly because it plays into the comedic idea behind the capsule. Visits are few and far between.
Mar 05 · 2 months ago
21 Later Comments ↓
🏍️ Atomic-Germ · Mar 05 at 15:39:
Deep web perhaps but far from dark. Obscurity is just a side effect of being niche. Most people use the web and that's mostly where They watch. They being the same people who try to tell you everything on Tor is evil (note that the CIA and Facebook both have onions). Gemini can help evade censorship, which is about to be extremely important. And being only text, there's nothing but information and information should be sacredly Free.
I suppose technically we maybe. Although 'web' implies http, like Tor. And dark implies not searchable easily. Mainstream press loves drama. Maybe Twilight Net.
👻 darkghost · Mar 05 at 17:10:
We're dark web the same way FTP and email are dark web.
I feel like the "dark web" is mainly through the TOR broswer and onion sites, I still believe the Gemini net, as I like to call it is still the "small web"
🐦 wasolili [...] · Mar 06 at 04:36:
gonna quote myself from the last time this came up:
The defining feature of the dark web is that access is via an anonymization network, so gemspace is mostly not part of the dark web, although there are have been some capsules served via tor/i2p, so those are part of the dark web.
"deep web" is the phrase for content not accessible through public search engines. gemspace as a whole wouldn't qualify for this since there are gemspace crawlers and web search engines inadvertently crawl it via gemini-to-html proxies.
so gemspace as a whole is neither dark nor deep
Just to clarify, Tor is not only HTTP and HTTPS, it can be other services (including Gemini) as well - it's just that the team behind Tor recommend that you only use Tor Browser to access it, which does limit your options a bit as it's a web browser (albeit a privacy-hardened one).
It's possible to get the Tor client as a separate executable, which then basically connects to the Tor network like a VPN. You do have to set your programs up so that it uses your Tor client as a proxy server, but once you've done that, you can use normal Gemini clients like Lagrange to access Gemini capsules on the Tor network.
Of course, any other clients won't be privacy-enhanced like Tor Browser is, but for Gemini, that doesn't really matter, because there aren't really any ways to leak your identity other than by being careless in what you submit (or mixing up your different client certificates). as Gemini clients don't do anything like running JavaScript.
👻 darkghost · Mar 06 at 14:38:
Haiku OS has tor but it must be configured this way because there is no tor browser (as of the last time I checked a few months ago)
I don't mean to rankle with a shameless plug but Alhena has SOCKS5 support and a built-in HTML to GemText converter. This means you can use SOCKS5 to connect to TOR and then browse HTTP, Gemini, Gopher, Spartan and Nex (including .onion hidden services). I don't see how it can be any less privacy-enhanced than Tor browser as there is no JavaScript, etc.
👻 darkghost · Mar 06 at 14:55:
one of my favorite features!
🏍️ Atomic-Germ · Mar 06 at 17:12:
Being *able* to access it that way is no different than using tor for normal web browsing though, it doesn't make it any darker
🐦 wasolili [...] · Mar 06 at 17:51:
it's just that the team behind Tor recommend that you only use Tor Browser to access it
This isn't entirely accurate. They recommend the Tor Browser for web browsing but that is not the same as recommending you only use the Tor Browser for all Tor traffic.
There are caveats to consider when using other software but I don't think the Tor Project's position has ever been that you shouldn't use Tor with non-browsers (aside from specific cases like torrent clients that leaked your IP address). Tails is part of the Tor Project now and routes many applications through Tor, and part of the goal with the Arti rewrite is to provide a library that allows developers to build in Tor support directly into their applications, and there are even some protocol-specific logic for circuit building (e.g. ssh connections (or rather connections over port 22) will result in a circuit built only from "stable" nodes so that the circuit is expected to be able to support long-lived connections).
as Gemini clients don't do anything like running JavaScript.
I don't see how it can be any less privacy-enhanced than Tor browser as there is no JavaScript, etc.
Part of the hardening the Tor Browser does is things specific to web browsers, like anti-fingerprinting and disabling javascript (though javascript hasn't been disabled by default in the Tor Browser for a few years now). But a big part of it is integrating isolation properties so that Tor can perform appropriate stream isolation and circuit sharing (simplified: related traffic should share the same circuit, and unrelated, isolated traffic should not share its circuit)
That's (one of) the big reasons the Tor project recommends not using web browsers other than Tor Browser. Getting circuit sharing/isolation right in the context of web browsing is hard, and not doing it correctly leaves you open to some attack vectors.
I don't think there is currently a gemini client which supports stream isolation. An ideal torified gemini client would isolate any connection that uses a given client certificate into one circuit specific for that client cert (to prevent accidentally connecting to the same capsule with two different certs using the same circuit, allowing the capsule operator to conclude both certificates are operated by the same user, and to mitigate the risk of choosing a malicious circuit when visiting multiple capsules)).
Other considerations would be whether or not to share circuits when a capsule is visited via a link from another capsule
For Gemini this doesn't really matter because nobody is using Gemini in a way where the drawbacks to not having circuit sharing/isolation matters, but I've been considering implementing it for a Gemini client anyway because it's fun stuff to think about
The problem with the Web is fingerprinting. Without Tor I am unique in NYC. With Tor I am unique on any city block, but in exactly the same way every other Tor user.
Still sucks but a little less
gemini isn't dark, or it is 'dark' just as gopher is dark, xmpp, or irc.
anything othen than http. i would say email is 'dark' too but since most people access it from web (why?) then it is sort of web.
but in reality everything can be accessed via web, but it doesn't mean it should.
mail is better accessed from dedicated email clients.
so in that case for regular user email is dark?
yeah and then are fidonet or usenet dark?
just because they are unknown to illiterate public?
if you're illiterate any writing is dark for you.
is chinese dark bcs many americans dont know it?
is armenian dark because many dont know about its existence?
As a part-Armenian: unless you are in LA or Yerevan no one knows from Armenians
@stack, going full off topic here, sorry, just a day ago we watched new film by wes andersen, the phoenician scheme. apparently the film is about armenian family and main character, benicio del toro plays galoust gulbenkian.
— https://www.incluvie.com/articles/the-phoenician-scheme-a-man-of-no-identity
— https://ծմակուտ.հայ/content/30870114/2025/
on tor browser: i remember a time when tor browser was based on firefox 17. i didn't use it, i just used firefox with enabled tor proxy sometimes. but my friend who was using official tor browser was wondering, it's now firefox 21, then 22, then 23, why doesn't tor team update the firefox version of the tor browser?
then there were news that some important criminals that if i remember correctly, dealt with child pornography, were captured by using a bug in tor browser. some kind of js would denounce the server the ip address of the computer tor browser was running on.
after the criminals were captured, tor browser version was updated to i think firefox 24.
i coudn't help but think tor team was asked to delay the update for that case because of a known to agencies bug.
😎 flipperzero · Mar 08 at 07:07:
I agree with most of the “deep web” jargon commenters save for one caveat - attaching “web” to it all is so… blasé, and frankly gives the “web” more credit than is owed for many innovations made very much previous to http’s iteration (gopher, xanadu, hypercard, NLS (1968)). I opt for, instead of the ‘web’ suffix, ‘net’ appropriately in place. I know i know what some out there think, as if this detail is somehow semantic, but I assure you it is not: the web, aka world wide web, IS http. They’re synonymous. Net refers to -general- network framework across platform. As such, I opt for deep net, or small net.
👻 darkghost · Mar 08 at 11:32:
Small net, yes. AlterNet? Sure. Dark net? Only in dark mode.
🐦 wasolili [...] · Mar 08 at 19:37:
@norayr I think you're thinking of the Freedom Hosting takedown. Freedom Hosting was a free web hosting service for hidden services over a decade ago. A lot hidden services at the time used it, including some that hosted illegal things like child abuse, which was supposed to be against Freedom Hosting's rules but the guy who ran it turned a blind eye to it and ignored it when people reported it to him. When law enforcement seized Freedom Hosting after investigating one of those hidden services, they pushed a javascript exploit to many (maybe every) service Freedom Hosting hosted.
i coudn't help but think tor team was asked to delay the update for that case because of a known to agencies bug.
You're misinformed here. The attack targeted out-of-date Tor Browser users. The issue was in Firefox prior to Firefox 17.0.7esr (released June 25th). The Tor Browser Bundle was updated to Firefox 17.0.7esr the next day, June 26. The exploit was executed in August, so the only people who were vulnerable were people who hadn't updated their Tor Browser Bundle in over a month.
— https://blog.torproject.org/tor-security-advisory-old-tor-browser-bundles-vulnerable/
i remember a time when tor browser was based on firefox 17. i didn't use it, i just used firefox with enabled tor proxy sometimes. but my friend who was using official tor browser was wondering, it's now firefox 21, then 22, then 23, why doesn't tor team update the firefox version of the tor browser?
They use the extended support release (esr) versions, which was Firefox 17 until Firefox 24 came out. Those are the releases that get long-term support (including security updates) that are intended to be used by projects like Tor.
@wasolili, thank you for such comprehensive reply and information!
Original Post
Are we making a "dark web"? According to the media, the "dark web" is some place where all the terrorists and paedophiles hang out. I don't see any sign of that here. But, less sensationally, the dark web is that set of servers that aren't visible on regular web searches, and need specialist encryption techniques to access. So is Gemini space a "dark web", at least in that latter sense? And, if so, why isn't it (so far as I know) full of terrorists and paedophiles? Just wondering.