How to run your code on the dark web (and why you should)

By Luke Crouch

Elevator Pitch

Tor is an anonymous network and browser. Millions use Tor every day. Is your code ready for them? This talk introduces Tor, provides an overview of how it works and the adversaries and attacks its designed to stop, and shows that coding for Tor is practical, and improves your code for everyone.

Description

Coding for Tor makes your code better for everyone. And, thinking about Tor’s implications on web code is an approachable way for developers to learn some fairly advanced privacy & security concepts & threat models.

This talk introduces the Tor browser and progresses thru high-level overviews of much of Tor’s privacy & security tech (e.g., The Onion Router, HTTPS etc.) and the adversaries and attacks they are designed to stop.

Along the way, it explains the practical techniques to optimize web code for Tor (with HTTP, HTML, CSS, and JavaScript code examples), and shows that Tor-compatible coding practices benefit all of your users.

After showing how to optimize your code for Tor, it then shows how to run your code as a Tor hidden service on the dark web. It briefly describes SecureDrop - a valuable dark web CMS platform for whistle-blowers.

It ends with a message that more coders should make their products work for privacy-conscious users, some of whom may be part of targeted populations.

Notes

I introduce the Tor browser. I progress thru high-level overviews of much of Tor’s privacy & security tech (e.g., The Onion Router, HTTPS etc.) and the adversaries and attacks they are designed to stop.

Along the way, I explain the practical techniques to optimize web code for Tor (with HTTP, HTML, CSS, and JavaScript code examples), and show that Tor-compatible coding practices benefit all of your users.

After showing how to optimize your code for Tor, I show how to run your code as a Tor hidden service on the dark web. I briefly describe SecureDrop - a valuable dark web CMS platform for whistle-blowers.

I end with a message that more coders should make their products work for privacy-conscious users, some of whom may be part of targeted populations.