The onion sites of darknet and the directory of popular onion services

The Darknet: Tor not only provides anonymous access to traditional offerings on the web, but also provides anonymous, censored and hard-to-locate Tor Onion Services or Tor Sites. These services are only accessible via Tor Router.

A cryptic address with the top-level domain .onion also serves as a hash value for a system of keys, which ensures that the user is actually connected to the desired service. The complete anonymisation of data traffic ensures that the operators of the offers remain technically anonymous and difficult to determine.

There are several variants for Tor Onion Services:

  • Onion Services v2 use cryptographic features that are partially deprecated. It is used SHA1, DH key exchange and public key cryptography based on RSA with 1024 bit long keys. The Tor addresses are 16 characters long: vwakviie2ienjx6t.Tor Important note: Services v2 are DEPRECATED and will no longer be supported with Tor Daemon version 0.4.6 and TorBrowser from Oct. 2021.
  • Onion Services v3 has been available since Jan. V3 uses current cryptographic functions (SHA3, ECDHE with ed25519 and Public Key cryptography with curve25519). These Tor addresses are much longer with 56 characters: 4acth47i6kxnvkewtm6q7ib2s3ufpo5sqbsnzjpbi7utijcltosqemad
  • Stealth Onion Services require an additional key to establish the connection. The information in the Hidden Service Directories about possible access points to these Tor Services is encrypted so that malicious third parties cannot spy on or attack these Tor Services. If you want to connect to these Onion Sites, you need an additional key to decipher the information about the access points.

Authorized users receive the key to decrypt ingesputis information from the operator via an independent, secure channel. The operator can generate up to 50 different keys for different people. Authorized users can enter this key in the Tor Daemon configuration file "torrc":

HidServAuth Alternatively, you can enter the key in the TorBrowser when you call a Stealth Toraddress and save it permanently:

Tor Service as an alternative to the normal web address

There are several websites that are also accessible anonymously and unobserved as tor onion service. If you use Tor, you should prefer these hidden services to the normal web addresses, as there is no danger from Bad Tor Exit Nodes.

Further tor Sites by can be found at or xao2lxsmia2edq2n5zxg6uahx6xox2t7bfjw6b5vdzsxi7ezmqob6qid.onion.

Tor Onion Services for Email Communication

For unobserved e-mail communication, there are the following services that can only be used as tor onion services:

  • Mail2Tor (free, gateway to normal web is available)
  • TorBox (free hidden-only email service)
  • (free, gateway to normal web is available)

Note: Some Tor Hidden email providers provide a gateway to the normal web to exchange emails with users from the normal Internet. However, these gateways offer only a poor TLS configuration, the transport encryption to the mail servers of the normal e-mail providers is consistently very poor. Therefore, I would only use Tor Hidden Mail Provider for communication with tor addresses and for contact with normal e-mail addresses a secure provider from the normal network.

Debian GNU/Linux Hidden Software Repository

For Debian GNU/Linux there are the repositories as Tor Hidden Service. There is also the Apt Transport Gate, which allows you to use the Hidden Service with the normal software management tools. In order to manage the software of the system anonymously and unobserved by third parties, first install the package "apt-transport-tor": > sudo apt-get install apt-transport-tor Then edit the file "/etc/apt/sources.list" and replace the repositories for the package sources according to the following pattern:deb tor+http://vwakviie2ienjx6t.onion/debian jessie
deb tor+http://vwakviie2ienjx6t.onion/debian jessie-updates main
deb tor+http://sgvtcaew4bxjd7ln.onion/debian-security jessie/updates main

#deb tor+http://vwakviie2ienjx6t.onion/debian jessie-backports main In the future, all software management tools (aptitude, Synaptic, KPackekit, ...) will use the Tor Hidden Service to install and update the software.

In addition to Debian, of course, also offers the repository for all supported distributions as an tor Site. To update the tor daemon regularly, you can use the following repository: deb tor+http:://sdscoq7snqtznauu.onion/ main is to be replaced by the code name of the distribution, which can be determined with the following command:> lsb_release -c
Codename: yakkety


Otherwise, I know hardly anything that I would like to recommend. My "collection" of other Tor Hidden Services currently includes:

  • 34x Offers that offer child pornographic dirt for download (partly exclusively and partly in addition to other content). The BKA has a slightly more extensive list of 545 pages (as of 2012).
  • 3x offers on the topic "Rent a Killer". A contract killing apparently only costs 20,000 dollars (if these offers are genuine).
  • An offer for fake identification documents (due to the screenshots of the examples on the website edited with Photoshop or similar, I consider the offer itself to be a fake).
  • Multiple trading platforms for drugs. (The FBI knew 400 platforms on the subject.)
  • Some yawning boring discussion forums with 2-3 posts per month.
  • Some index pages with lists for available hidden services such as the legendary "Hidden Wiki" or the newer "TorDirectory". In these index lists you will find en masse references to offers with names like "TorPedo", "PedoVideoUpload", "PedoImages" . According to ANONYMOUS, 70% of visitors to the "Hidden Wiki" should visit the Adult Section, where this dirt is linked.

In the paper Cryptopolitik and the Darknet (2016), the authors D. Moore and T. Rid empirically dealt with the Tor sites. Of the 2723 Onion Sites visited, 1547 Onion Sites targeted criminal and illegal activities.
(The paper provides an interesting summary of the history of the Darknet.) 

Fake Onion Sites

There is no trust or reputation model for Tor Onion Sites. It is unknown who runs a Tor Hidden Services and it is therefore very easy to set up honeypots. The cryptic addresses are difficult to verifiable. The problem of anonymity and reputation is described in more detail in the "Thinking" chapter.

Juha Nurmi (operator of the Hidden Service search engine has already issued two alerts (June 2015 and January 2016) with 300 Fake Onion sites that look deceptively similar to the original Onion sites. These fake sites conduct the traffic of the original sites, modify the data in a low-key manner or snoop on login credentials.

Search engines with hidden service addresses such as DuckDuckGo (tor) and were also affected, as the

The fake site looks deceptively similar to the original, but visitors are directed to other fake onion sites with the search results.
In some cases, the Toraddresses of the fake sites are very similar to the originals:

  • REAL: http://torlinkbgs6aabns.onion
    FAKE: http://torlinksb7apugxr.onion

Conclusion: You should only trust the cryptic hidden service addresses if you get them from a trusted source. The results lists of a search engine for Onion Sites are only limited lyreliable, since the operators of the Fake Onion Sites naturally use SEO techniques to be placed in front of the originals.

Comments 0

Leave a comment

Cancel reply

Login to leave a comment