We at DeepWatch monitor illegal activities in the deep web. Our clients may from time to time examine the identified evidence themselves. This article helps them in the process.

So, you’ve heard of the “dark web” or “darknet”, a hidden internet infamous for hosting illegal activities. You may wonder what it actually looks like. Or your organization recently got hit by data breach and you want to look into it yourself.

You’ve probably also heard the dark web is a dangerous place, one that only an intelligence officer can get in and out of without losing a finger or two.

Is it true?

As it turns out, interacting with the dark web can be a relatively safe process even if you are not a security expert. To enter the dark web safely, we recommend this “super onion” setup as a reasonable approach to prevent bad guys from 1) Knowing who you are, 2) Attacking your computer, and 3) Stealing your data:

Why we call it a Super Onion? Because it’s composed of multiple layers with Tor Browser at its core.

Be daunted by this epic onion not. In this article, we will explain how to build it layer by layer. It’s easier than you might think.

Prerequisites: You are computer savvy. You understand no security solution is 100% safe. You aren’t going to do any illegal stuff — our method is not designed for escaping law enforcement.

Make sure to follow each and every step. Do not skip them or change their order. Your system could become vulnerable otherwise.

Let’s go.

Step 1/3: Secure your operating system. Create a surfer account

Update your operating system (OS) and applications. Windows users: Free tools that automatically manage software updates come in handy. Turn on firewalls. See instructions for Windows, Mac OS X, and Ubuntu. Turn on full-disk encryption. See instructions for Windows, Mac OS X, and Ubuntu. This is to prevent file system data from leaking into the virtual machine (VM) which will be introduced shortly. Use strong passwords for all OS accounts. Disable auto-login. Create a non-administrative account on your OS. Let’s call it a “surfer account”. It will be used exclusively for dark web surfing. Make sure to never visit your own websites, type out your name, or do anything that may reveal your identity on this account.

A new surfer account created on Windows

Step 2/3: Set up VPN

Virtual private networks (VPN) hide your real internet address in the event an attacker gains control of your VM. Items 1 to 5 below can be done using public wifi for better privacy protection.

Note: Skip items 2 and 4 and sign up with your real email and credit card if you prefer convenience and believe the VPN is unlikely to be hacked.

Switch to another OS account if you are in the surfer account. Create an anonymous Gmail address like “unreal123456@gmail.com.” Other credible free email providers work, too. Do not enter real information during signup. If a phone number is required, pick one at this site or one of these alternatives and receive SMS verifications online. Sign up for ExpressVPN using your newly created mail address. ExpressVPN costs $12.95/mo and $8.32/mo for an annual subscription. We are not affiliated with ExpressVPN and recommend it for its speed and solid user experience. See the last section for other VPN options. To purchase anonymously, sign up at privacy.com for free using the new email address, generate a credit card number, and enter it along with an arbitrary cardholder name and address onto ExpressVPN’s checkout page. A downside is that privacy.com needs your bank account number. If you are truly paranoid, a more involved option is to pay by Bitcoin: You would visit a Bitcoin ATM and withdraw bitcoins with cash — usually for a fee of 6% in average. Log off your current account and log into the surfer account. Download and install the VPN client. Before connecting to the VPN, select an exit location outside of your own country:

Select an exit location in ExpressVPN

Step 3/3: Install Tor Browser in a VM

Tor Browser is the browser for the not-so-bright web. You will run it in a VM. It provides a necessary layer of protection in the event your Tor Browser is compromised.

Log into your surfer account. Connect to the VPN. Download and install VirtualBox. Download and install Debian Linux as a VM. Refer to the instructions here. Remember to choose a strong root password. Check out the last section of this article if you prefer Ubuntu instead. Go to VirtualBox Menu > Machine > Settings. Next, disable hardware acceleration, serial ports, and shared folders if any of them is enabled. You may need to power off the VM before you can make the change. Adjust the date and time of the Debian VM to match the current local time of the VPN’s exit location. This can be done by clicking the time on the top of the screen. It is for the Tor Browser to work properly. Inside the Debian VM, open Firefox, download the Tor Browser from torproject.org. Unzip it, run the file Browser/start-tor-browser in the unzipped folder, and then click the “Connect” button. Select the onion icon in the top-left corner, then select “Security Settings…”, and set security level to “High.”

Tor Browser in a Debian VM

And voilà, it’s ready to go! Visit dark web sites by entering “.onion” URLs in the Tor Browser. See “Useful Resources” below to find URLs that strike your fancy.

Are you all set? Not yet.

Please read on for some very important messages:

DOs and DONTs for your safety

Do launch the Super Onion from the outer layers and work your way inward. For example, connect to the VPN only in the surfer account; power on the VM only after the VPN is fully connected.

Do terminate your Super Onion in the reverse order: Power off the VM first, then cut off the VPN, then log out the surfer account:

Correct way to start and stop the Super Onion

Do NOT perform other activities using the surfer account aside from running the VPN and VM. Enter absolutely no personal information in the surfer account and particularly in the VM.

Do NOT share files between the VM and the host system. If you have to, use a USB drive, format it, transfer files, and reformat it right after. Unless you’re a security expert, never open files retrieved from the dark web.

Do NOT pause the VM or switch between the surfer and other accounts. Always power off the VM and log out all accounts completely.

For the obviously paranoid: Duct tape your webcam.

Finally, remember that you are never 100% safe.

This is the end of what you must know

Thank you for reading thus far! Leave notes anywhere in this post for questions or comments.

We at DeepWatch monitor cyber threats on the dark web. Get your business protected today at GoDeepWatch.com.