Dark Web and Its Impact in Online Anonymity and Privacy: A Critical Analysis and Review

The Internet as the whole is a network of multiple computer networks and their massive infrastructure. The web is made up of accessible websites through search engines such as Google, Firefox, etc. and it is known as the Surface Web. The Internet is segmented further in the Deep Web—the content that it is not indexed and cannot access by traditional search engines. Dark Web considers a segment of the Deep Web. It accesses through TOR. Actors within Dark Web websites are anonymous and hidden. Anonymity, privacy and the possibility of non-detection are three factors that are provided by special browser such as TOR and I2P. In this paper, we are going to discuss and provide results about the influence of the Dark Web in different spheres of society. It is given the number of daily anonymous users of the Dark Web (using TOR) in Kosovo as well as in the whole world for a period of time. The influence of hidden services websites is shown and results are gathered from Ahimia and Onion City Dark Web’s search engines. The anonymity is not completely verified on the Dark Web. TOR dedicates to it and has intended to provide anonymous activities. Here are given results about reporting the number of users and in which place(s) they are. The calculation is based on IP addresses according to country codes from where comes the access to them and report numbers in aggregate form. In this way, indirect are represented the Dark Web users. The number of users in anonymous networks on the Dark Web is another key element that is resulted. In such networks, users are calculated through the client requests of directories (by TOR metrics) and the relay list is updated. Indirectly, the number of users is calculated for the anonymous networks.


Introduction
Many people think that the Internet and web are synonyms. In fact, they are two different terms with common elements. The Internet includes multiple networks and their massive infrastructure. It enables the connection of a million computers by creating a network in which any computer can communicate with other computers as long as they are connected to the Internet [1]. The web (a medium) provides access to information. In terms of conceptualization, the web is a content made up of accessible web sites through search engines such as Google, Firefox, etc. This content is known as "Surface Web" (Figure 1) [2] [3] [4] [5].
Another part of the Internet is the Deep Web (Figure 1), which is referred a class of its content where for different technical reasons, it is not indexed by search engines and we cannot access via traditional search engines. It includes information on the private networks and intranets (agencies, universities, companies, commercial databases, etc.), sites with queries content or searching forms. Deep Web is segmented further as the Dark Web ( Figure 1). Its content is intentionally hidden and cannot be accessed by standard web browsers [2] [4].
The sites' publishers on the Dark Web are anonymous and hidden. Users are accessed on the Dark Web to share data with little risk and to be undetected (anonymous). The access of users anonymously is essential for the Dark Web, which recently it is supported by the encryption tunneling for monitoring protection. The Dark Web content is supported by the Onion Routing (TOR). It is anonymous network and access by the TOR browser. The TOR project was launched in 2002 by the US Naval Research laboratory to enable online anonymous Figure 1. The Internet layers [2].

Related Work
There are an increasing number of research papers and projects related to the Dark Web. In terms of the related works, the importance and the essentiality of the project have been the focus of improving the surveillance regarding the state [6]. way. The research also helps in depicting the appropriate facts regarding the research which was conducted by the researcher.
In another work of Barnett et al., [8] the role of the spiders (defined as the software programs that are used to transverse the World Wide Web information) and the easy accessibility that can be achieved by the process of handling the registration and thereby the exact and the desired information about the various types can be easily collected, is studied.
The social network analysis (SNA) is a topic of interest in [9] and is being and their unique properties [10]. Detailed coding schemes have been developed to evaluate the extremist websites and terrorist contents.
The sentiment and affect analysis allow determining violent and radical sites that impose significant threats [11].
Terrorism informatics is referred to as the application of advanced information fusion, analysis techniques and methodologies to acquire process, integrate, manage and analyze the diversity of the information related to terrorism for international/national security applications. The technique is derived from the disciplines such as informatics, mathematics, science, statistics, social sciences, public policy, and linguistics. The research shows terrorism involves a huge amount of information from different sources, languages, data types, information fusion and analysis, such as text mining, data mining, language translation, data integration, video and image processing helps to detect and prevent terrorism [12].
The identification of fraud and theft are relevant at both the national and international level, since criminals may escape by using false identities, and the smugglers can also enter the country by holding fake visas or passports [13]. Internet fraud, network hacking, intrusion, illegal trading, hate crimes, virus spreading, cyber pornography, cyber privacy, theft of the confidential information and cyber terrorism, narcotics trafficking and terrorism have no boundaries and are a security concern globally.

Techniques, Attributes, Accessing and Communication in the Dark Web
Anonymity [14] in the Dark Web derives from the Greek word "anonymia" that refers hiding of the personal identity from others. When we make any action on the web, our footprints deposited as data on the Internet. If the Internet Protocol address cannot be tracked, then we can say that anonymity is guaranteed. TOR This makes it to conceal user information and avoid any possibility of monitoring activities. Dark Web also has negative effects by allowing criminals to commit cybercrime and conceal their traces [15].
It is considered to be an adequate channel for governments to exchange secret documents, for journalists as a bypass for censorship and for dissidents as a possibility "to escape" from authoritarian regimes. The onion technique 1 enables anonymous communications through a network of computers. Messages are sent encrypted (using the asymmetric encryption) then they are sent through some nodes of networks known as onion routers. When the message is sent to the onion routers, each onion router deletes the encryption layer in the same way as remove the onion peeling to not discover the routing instructions, so a message is sent to the other router and this process is repeated until it is sent to a specific destination ( Figure 2

Online Privacy in the Dark Web
TOR is used to enable private, anonymous and secure communications and activities for specific purposes [2] [14]. In the following are given some examples that they are related to above mentioned elements:

Dark Web in the Government, Military and Intelligence
Because of the anonymity provided by Tor and other software such as I2P, the Dark Web can be a playground for nefarious actors online. As noted, however, there are a number of areas in which the study and use of the Dark Web may provide benefits. This is true not only for citizens and businesses seeking online privacy, but also for certain government sectors-namely the law enforcement, military, and intelligence communities.
Anonymity on the Dark Web can be used to shield military command and control systems in the field for identification and hacking by adversaries. The military may use the Dark Web to study the environment in which it is operating as well as to discover activities that present an operational risk to troops. For instance, evidence suggests that the Islamic State (IS) and supporting groups seek to use the Dark Web's anonymity for activities beyond information sharing, recruitment, and propaganda dissemination, using Bitcoin to raise money for their operations. In its battle against IS, the Department of Defense (DOD) can monitor these activities and employ a variety of tactics to foil terrorist plots [19].
TOR software can be used by the military to conduct a clandestine or covert computer network operation such as taking down a website or a denial of service attack, or to intercept and inhibit enemy communications. Another use could be with trafficking in prostitution ads on popular websites" [21]. This is intended to help law enforcement target their human trafficking investigations [21]. they "spend a lot of time looking for people who don't want to be found" [22].
Reportedly, an investigation into the NSA's XKeyscore program-one of the programs revealed by Edward Snowden's disclosure of classified information-demonstrated that any user attempting to download TOR was automatically fingerprinted electronically, allowing the agency to conceivably identify users who believe themselves to be untraceable [23].
While specific IC activities associated with the Deep Web and Dark Web may be classified, at least one program associated with Intelligence Advanced Research Projects Activity (IARPA) may be related to searching data stored on the Deep Web [24]. Reportedly, conventional tools such as signature-based detection don't allow researchers to anticipate cyber threats; as such, officials are responding to rather than anticipating and mitigating these attacks [25]. The Cyber-attack Automated Unconventional Sensor Environment (CAUSE) program seeks to develop and test "new automated methods that forecast and detect cyber-attacks significantly earlier than existing methods." [26]. It could use factors such as actor behavior models and black market sales to help forecast and detect cyber events [26].

Payment on the Dark Web
Bitcoin is the currency often used in transactions on the Dark Web [27]. It is a decentralized digital currency that uses anonymous, peer-to-peer transactions [28]. Individuals generally obtain bitcoins by accepting them as payment, ex-  [29].
When a bitcoin is used in a financial transaction, the transaction is recorded in a public ledger, called the block chain. The information recorded in the block chain is the bitcoin addresses of the sender and recipient. An address does not uniquely identify any particular bitcoin; rather, the address merely identifies a particular transaction [30].
Users' addresses are associated with and stored in a wallet [31]. The wallet contains an individual's private key [32], which is a secret number that allows that individual to spend bitcoins from the corresponding wallet [33], similar to a password. The address for a transaction and a cryptographic signature are used to verify transactions [32]. The wallet and private key are not recorded in the public ledger; this is where bitcoin usage has heightened privacy. Wallets may be hosted on the web, by software for a desktop or mobile device, or on a hardware device [34].

Results and Discussion
Results are derived based on research questions (RQ) mainly focused on TOR metrics information and different reliable Dark Web privacy (anonymity) reports and information. Through of them are given arguments about anonymity and privacy for different cases. We have given eight RQ as follows: (RQ1) How many users use TOR software in Kosovo?
Based on data that we have generated from the TOR metrics, we find that the   The daily users of TOR software in Kosovo based on the TOR metrics is available at: https://metrics.torproject.org/userstats-relay-country.html?start=2018-01-01&end=2018-12-01&country=xk&events=off (RQ4) Can anonymity be verified in the Dark Web and can we say that it is the anonymous content?
We cannot say that anonymity is completely verified on the Dark Web. TOR has purposed to enable anonymous activities, but researchers and security experts are continually working to develop tools through which they can identify individuals or hidden services and de-anonymize them. There are many cases (examples) about anonymity, but to elaborate this research question are considered two of them: 1) The Federal Bureau of Investigation (FBI) took in control the Freedom Hosting 5 in 2013, even why many years ago, it had infected that with a malware designed to identify visitors. FBI, since 2002, has used "a computer and internet protocol address verifier" [2] that was a malware in the Freedom Hosting web hosting service, though of which it had identified and verified suspects and their location using a proxy server or anonymous services such as TOR.
2) Hackers who are part of Anonymous, in 2017 have reactivated and controlled the Freedom Hosting II, the web hosting service on the Dark Web and the predecessor of the Freedom Hosting. They claimed that over 50% of the Freedom Hosting content was related to sensitive content. Users who placed these data on the Freedom Hosting could easily be identified. Security experts have concluded that the Freedom Hosting II hosted 1500 -2000 hidden services (near 15% -20% of them were rated as active sites) [2].
(RQ5) How the number of users is retrieved from the directory requests through TOR and in what way does their calculation become?
There are mechanisms in the TOR that make assumptions that clients make on average ten requests per day. A TOR client, if it is connected to the Internet 24/7, can make approximately fifteen requests per day, but not all clients stay connected to the Internet 24/7, so it takes into consideration average ten requests per client. The total number of directories' requests that come from users divide by ten and it is found the number of users. Another way to calculate users is the assumption that each request represents a client who is on the Internet for 1/10 of a day (or 2 hours and 24 minutes).
(RQ6) How do we know from which countries are the Dark Web users and in what way does their reporting become?
The directories disassemble IP addresses according to country codes from where comes the access to them and report numbers in aggregate form. These numbers indirectly represent the Dark Web users. Since reporting is made in such form, it is considered a reason why TOR ships related to GeoIP database.
(RQ7) How can censorship events be identified/calculated through TOR?
There is an anomaly-based censorship detection system 6 that calculates the number of users over a series of days and predicts how many users may be in the next few days. If the current number of users estimated to the above system is Journal of Computer and Communications high, it can be concluded that there are possible censorship events, otherwise no.
For more details about this issue please refer to the relevant report 7 .
(RQ8) How can users be numbered in an anonymous network in the Dark Web (according to the TOR Metrics)?
According to the TOR metrics 8 , the number of users is not directly calculated, but the requests of directories are numbered frequently for the clients and in this case the relay list is updated. Therefore, based on the above elements, indirectly counts the number of users in an anonymous network.

Conclusions
The Dark Web networks such as TOR have provided many possibilities for malicious actors to exchange legal and illegal "goods" anonymously. Dark Web is a growing asset, especially in terms of the illicit services and activities. Security mechanisms should be vigilant to these problems and take measures to eliminate them. The evolving technology with encryption (security) and anonymity (like the Dark Web and its special software) has put law enforcement and policymakers in challenge to effectively struggle harmful actors who are operating in the cyberspace.
In this paper, it is discussed for the impact of the Dark Web, respectively privacy and anonymity of it and through the results, it is shown the anonymous users daily number of this Internet segment for the Kosovo region as well as whole world and how much the impact of hidden services websites on the Dark Web is. The results of this part are gathered from Ahimia and Onion City search engines (for the Dark Web). We have concluded that anonymity is not completely verifiable on the Dark Web even through TOR is dedicated to this network segment which it has purposed to provide anonymous activities. Here is also retrieved the reporting aspect of users from which country they are. In this case, the directories disassemble IP addresses according to country codes from where comes the access to them and report numbers in aggregate form. These numbers indirectly represent the Dark Web users. The number of users in anonymous networks of the Dark Web is not directly calculated. This calculation is made through the TOR metrics where the client requests of directories are calculated an in this case the relay list is updated. Indirectly, the number of users in the anonymous network is calculated as a case is given through results in this paper.