secretsofthedark

Who is the Fake Diploma Forum Spammer? (dyellihhi001)

On my previous blog, I had written several times about a bot that posts spam all across the internet, especially on forum sites. The YouTuber Barely Sociable had done a video about this bot/person in 2019: The Fake Diploma Forum Spammer – Internet Oddities.

While spam is obviously not uncommon, particularly in email form and on social media sites, the strange thing about this bot is that it seems skilled at getting past captchas and other forms of verification. Here are a few of the sites on which the bot has posted:

Reddit: dyellihhi001

Retrohealth: fake diploma posts

Wiscobrews: fake diploma posts

As Barely Sociable points out in his video, many of the bot's forum posts are related to fake diplomas, and are written in Korean. According to some sources, fake diplomas are a particularly lucrative type of crime in South Korea, where there is a lot of pressure to attend a prestigious university.

Oddly enough, I had first seen the bot's posts prior to the video, on a site called WritersCafe.org, which is a site for publishing poetry, stories, and articles. On this particular site, the bot would create fake writer profiles (accounts), and then post its spam links as “stories” or “poems.” While the site's administrators attempted to close some of the accounts, the bot creates them at such a rapid rate that it's difficult for a human to keep up with it. Some of the usernames that the bot generates are variations on the name “dyellihhi001” or something similar, which appears to be random, almost like a keysmash.

Some of the other email addresses that the bot has generated are dyellogfhf001@hotmail.com, dyellogfhf002@outlook.com, and dyelltgtgt004@outlook.com, so they may even be created sequentially. A Scribd upload has a txt document with some or all of these email addresses; this document was reposted on pastebin as well: The Forum Spammer Txt Document. Most of the diploma-related posts also have a WeChat ID in the description, which is “501058216,” and usually reference the name “Andy.” It's possible that “Andy” is one of the people responsible for sending out these bot posts.

As Barely Sociable also mentioned in the video, there's a possibility that some or all of these posts are being done with bots made by BotmasterLabs, such as XRumer or XEvil. These bots are specifically designed to recognize more than 8400 captchas, hence their ability to post on forums even when anti-spam measures are taken. In fact, there is even a YouTube video with a tutorial on how the bot works: XRumer 12.0.9: how to get about 100.000 profiles on forums and blogs! This gives a good explanation as to how it has been able to post on so many different websites in such a short amount of time, as well as how it gets around many websites' security measures. If it is unsuccessful in posting to one website, it merely moves onto the next one on the list.

On Tor, some site administrators have been able to defeat similar bots by making more complex captchas that the bots aren't able to read, and thus greatly reducing the amount of spam – though sometimes frustrating human users when they can't read the captchas.

In addition to fake diplomas, the organization(s) using this bot for spam posts also appear to be behind other businesses, such as escort services, casinos, and possibly hookup sites as well. This doesn't seem that surprising in retrospect, however. In all likelihood, if these sites are all run by the same group, then it seems that they have their fingers in several different areas of illegal or dubious businesses. For instance, on the forum 2VEE, the bot has posted hundreds of times with links to the casinos and escort sites.

The mysterious parts are: who is behind all of these spam posts? Is it one person, or an organization? Beyond that, is the same bot still sending out spam posts at this very moment, or have website administrators found a way to curb the spam onslaught? If anyone has further information about this, it would be interesting to hear.

Byoblu YouTube Channel Shut Down!

On my previous blog, I had interviewed the admin of a group called Isolate ByoBlu, whom I had met via the federated social network Mastodon. The same person contacted me recently and told me that Byoblu's YouTube channel was recently shut down!

For those unfamiliar with the context, ByoBlu is a far-right news source based in Italy; it is somewhat analogous to Breitbart News for Italian speakers. As one might expect, ByoBlu's founder is also associated with a far-right movement; his name is Claudio Messora. Messora is a blogger and media personality connected to the Five Star Movement of Italy.

Given that this has been one of the goals of Isolate ByoBlu, this is certainly a great victory. The group takes its name from a similar group called Isolate Gab, which had been geared toward defederating the social network Gab. Mastodon and other social networks like it, such as Misskey, Pleroma, PeerTube, Funkwhale, and PixelFed, are federated, i.e. hosted on interconnected servers, and Gab was originally federated with these other social networks.

Like ByoBlu, Gab centers around far-right politics such as anti-immigration, racism, and conspiracy theories about subjects like COVID-19 and genetics. It is worth noting that Gab did defederate from the rest of the fediverse.

ByoBlu still operates its own website and has a Facebook page, but the loss of its YouTube channel is a huge blow to its growth as a social network. YouTube has had other controversies connected to groups like ByoBlu, including the fact that its algorithm seemed to unintentionally recruit viewers to far-right groups based on their viewing history.

VPN Providers Compared

Several people here have asked about VPN providers over time, so maybe it’s about time to talk about it. Keep in mind that, contrary to popular belief, you do not need to use a VPN provider with Tor for extra privacy. That’s one of the persistent myths about it. In fact, using a provider like NordVPN may or may not compromise your privacy. Still, if you insist on using one, it's good to know some of the advantages and disadvantages.

While it’s difficult to try each and every VPN provider, as many charge a subscription fee, VPN Ranks has an excellent chart that compares most of the major ones, such as NordVPN, PureVPN, and TorGuard: VPN Comparison Chart. As you can see, some others included are Surfshark, Mullvad, and Private Internet Access.

The chart outlines many of the aspects that people are concerned about with VPN services, such as jurisdiction, traffic logging, and IP leaks. In addition to what’s visible on the above screenshot, the original chart includes the number of countries in which the services are available, speed, encryption, Netflix support, torrenting support, killswitch, number of simultaneous connections, whether or not they accept bitcoin as payment, whether or not they have a free trial option, money back guarantee, and their score from Trustpilot (customer reviews).

For those who don’t know, the Five/Nine/Fourteen Eyes countries are intelligence alliances that share information with one another. The Five Eyes countries are Australia, Canada, New Zealand, the United Kingdom, and the United States. The others are the originals plus other countries that participate: Wikipedia: Five Eyes – Other international cooperatives.

Besides the facts outlined in the article above, some of people’s choices, as with Linux distros or phones, have to do with personal experience.

Mullvad VPN

Touted by many privacy enthusiasts, Mullvad VPN doesn’t log IP addresses, traffic, or DNS requests. One Reddit user, however, complained that they stopped accepting bitcoin cash as a form of payment (though they still accept the standard bitcoin).

Its jurisdiction is in Sweden, which is considered to be one of the better legal jurisdictions as far as privacy.

Private Internet Access

Private Internet Access (PIA) offers a strong VPN service that you can use on up to 10 devices, though it is not free and its privacy policy is somewhat unclear.

You can go to their website and read it for yourself if you like: PIA privacy policy. Still, according to Torrentfreak.com, their no-logging policies have held up in court, which is encouraging and is one of the true tests of a service that advertises privacy and anonymity.

Riseup VPN

Riseup VPN, which is just one feature that Riseup.net offers, is a free VPN service (though based in the USA, which for some might be an automatic disqualification).

Among its benefits are:

No logging of IPs DNS services OpenVPN support Free trial Cryptocurrencies accepted as payment In addition the VPN service, Riseup also has an email service, text editor, and XMPP chat. However, the service is invite-only, so an existing user has to invite new users. Part of the reason for this is to weed out law enforcement and other malicious parties from infiltrating the service.

What Was the Nth Room? (Disturbing Content, NSFW)

Those of you who read here regularly know that red rooms have been an occasional topic of discussion, and also know that horror/mystery YouTubers are much appreciated. YouTuber ReignBot, who covers subjects like this, recently made a video entitled The Nth Room Chatrooms (embedded below), which deals with something very similar.

The title refers to a series of Telegram channels hosted in South Korea, known as the Nth Room(s), that basically fit the red room definition and were every bit as horrible (with the one exception that the victims weren’t being killed on camera, but tortured).

According to articles about the chatrooms, the victims were blackmailed into performing forced sex acts of all kinds, from putting their underwear on their heads, to full-on rape, as quoted in an article on Koreaboo.com. You may wonder why the victims participated in the first place; initially, the operators of the site lured them via dubious job offers on places like Twitter. They were asked to send pictures of themselves, soon followed by sexual abuse videos. If the victims decided they wanted to quit, their pictures and personal information were used against them as collateral.

Two reporters from the newspaper Kookmin Ilbo eventually infiltrated the chatrooms and witnessed some of the horrific crimes, which was how they came to be known to the general public. As one reporter described:

Most of the victims seemed to be in middle school. The girls are barking like dogs. I saw the girls naked and lying on the floor of the men’s washroom with my own eyes.

The article also mentions that there was a photo of one of the administrators of the site, “Baksa,” commanding one of the victims, who had the words “Baksa” and “slave” carved into their body. The (non-consensual) scarification was a method of telling viewers that the “slaves” were under his control.

A Wikipedia article about the Nth room case explains some of its complexities. A Telegram user going by the name of “God God” created the original groups, named after their ordinal numerals (1st, 2nd, etc.), and thus the “Nth room” nickname. A second user, by the nickname of “Watchman,” advertised links to these groups in another Telegram group called “Gotham room.”

In July of 2019, a Telegram user nicknamed “Doctor” created another Telegram room on which he distributed sexually exploitive pornography, which was accessible to users via a cryptocurrency payment (likely bitcoin). Doctor threatened women by discovering their personal information, followed by uploading their pictures and videos. When news reports first came out about the story, Doctor even figured out the personal information of the reporter and made it public. Eventually, it came to light that Doctor’s real identity was a 24-year-old named Cho Joo-bin, according to the South China Morning Post.

In a second Koreaboo article, one of the victims of the Nth room case spoke out about what happened. She explained that the perpetrators lured victims, like herself, with the promise of money. They targeted young girls who were in desperate financial situations, which seems common in cases like this.

As it relates to the red room phenomenon, the concept is very similar: torture victims on video for a paying audience. The main difference in this case is that the abuse did not take place over Tor. This is not to say that everything that happens on Telegram is nefarious (just as on Tor), but like Tor, due to the app’s encryption and anonymity capabilities, it sometimes lends itself to criminal activity.

It makes one wonder, however, if there are other such cases taking place on Telegram, or on other such apps like Signal or Tox. No verified stories have come out about such things as of yet, but the possibility exists.

I2P: Personal Experiences

Following Tor, at some point, I became interested in other anonymity networks as well. One of the first ones that I’d heard of at this time was I2P, although from a technical standpoint, it’s one of the most complex. Unlike Tor, it didn’t have its own dedicated browser, although any browser can be configured to use I2P. You can download the software at geti2p.net.

At that time, I was still using Windows shudder, and though I2P has a Windows version, it seems like it’s oriented toward more advanced users. What I know now (and this seems awfully simple) is that you just have to adjust your proxy settings to be able to access it from most browsers. For instance, in Firefox, it’s under about:preferences#general, and then “Connection Settings.” You then click “Manual proxy configuration” and set HTTP Proxy to 127.0.0.1, Port 4444.

In any case, once I had had this set correctly, the “I2P Router Console” popped up, which looked similar to this:

Besides the proxy settings part, this is where it became somewhat confusing as well, because as opposed to Tor, it felt as though there were many directions in which you could go. There was the “Addressbook,” in which you could add different hidden services (“eepsites”), “Configure Bandwidth,” “Configure UI,” etc. At the very least, the Router Console does feature “Hidden Services of Interest,” which are some general eepsites that are suggested for newcomers, like the I2P Wiki and anoncoin.i2p (which has a clearnet mirror at anoncoin.net).

Eventually, I started to get the hang of all this and just started looking around, as on Tor. I looked at most of the hidden services that were listed on the router console above, and also started to familiarize myself with some of the settings. There’s actually an excellent subreddit for I2P at /r/i2p as well, for those of you who want to join a community of others involved with this. One of the places in which I found some other eepsites, at the time anyway, was Nekhbet.com: I2P Links, but I have no idea if most of these are still online, because the site is from several years ago. The list features eepsites in a number of different categories, including multimedia, filehosting, and forums.

Confession: I was a bit late to the world of torrenting, but it’s something I’m into now, and I2P is one of the best anonymity networks for torrenting. On my current machine, I have a Bittorrent client called Transmission, which does the job as well, but on I2P, one of the most popular clients is called I2PSnark. I2PSnark is a fork of a Bittorrent client called Snark, so they work similarly. As a matter of fact, I2P comes with this service built in, so you don’t even have to install it separately. I’ve only used it a few times to download music and such, but it seems to work just fine.

I learned to use I2PSnark via several other tutorials that I found, so you may find these helpful too: Untraceable: How to Seed Torrents Anonymously Using I2PSnark and Bittorrent over I2P (from the official documentation). I’m aware that new DMCA laws now make it possible to serve prison time for filesharing, but realistically, there are people who have done it quite a bit more than I have.

After becoming more experienced with I2P, I eventually started using the Android version as well. Like the PC, Mac, and Linux bundles, it has a router console, but on the Android version, to stop and start your connection, you long press a button, as below:

This is an older screenshot; on the version that I’m using right now, it says “Network: IPv4: Firewalled; IPv6: OK.” As you can see in the screenshot, it also tells you how many active peers are known on the network. Under the menu that says “Addresses,” you can find other I2P eepsites; in fact, this is one way that I found quite a few more than on any other search.

At present, on Linux, I’m using the Debian version, so read more about it on the official page. For a time, I had also used an unofficial I2P Browser, which was a Firefox fork tweaked for I2P. In appearance, it looked similar to the Tor Browser, but didn’t have an outproxy to the clearnet (this can be set up if you wish). Anyhow, there are a lot more features on I2P, which I might discuss in future posts. What didn’t I cover here that you would like to see more of?

Deleted by WordPress!

Well, it finally happened. WordPress suspended the original Secrets of the Dark blog in violation of their terms of service, which is odd, because I had been writing about the dark web and related things for around five years.

I suspect that someone complained about a specific post, which may have been the impetus for them suspending it, but I'm not sure. They didn't specify in the notification what the cause was for them shutting it down.

Fortunately, many of the older posts are at least on the Wayback Machine, so I may repost some of them here or just write new ones. In addition, I may move here permanently, or I've also been writing on Substack, which is an option as well. Substack seems to be a platform for more formal articles, of course.

In any case, there are lots of options! I plan on building everything back up from scratch, and will not be defeated.

Dos and Don'ts of the Tor Browser

A friend of mine asked recently about dos and don’ts of using the Tor Browser, and there are quite a few; in fact, I may not know all of them offhand, which is why it’s good to read the official Tor Browser manual and other documentation made by the Tor Project.

That being said, there are some definite things that you should and shouldn’t do with the Tor Browser:

Do use the official Tor Browser from the Tor Project: The only Tor Browsers you should use are ones made by the official Tor Project, including ones for different platforms. Currently, the official ones work with Windows, OS X, Linux, and Android.

tor

Do use .onion services if they’re available: Some clearnet sites also have Tor hidden services (.onion sites) as mirrors. If you have the option to use either, the onion service, if configured correctly, is likely to have better anonymity.

Do use different passwords and usernames on Tor: Depending on what your threat model is, on Tor, it’s better to use different passwords and/or usernames than what you’d use on the clearnet. Use your password manager or something like Diceware to generate new passwords for Tor sites.

Don’t install plugins or add-ons: Tempting as it might be to install plugins like password managers and other plugins that you’re accustomed to on other browsers, with Tor, these can be harmful rather than helpful. Because Tor’s purpose is anonymity and security, installing add-ons differentiates you from other Tor users. Using the example of password managers, you can use a manager like KeePass, which can store your passwords offline, and copy the passwords into the sites on Tor.

As user SuperSluether put it on StackExchange:

Look, using plug-ins in the Tor Browser is the same as using your default browser. Any protection from Tor is lost because the plugins COMPLETELY IGNORE THE PROXY SETTINGS.

If you want to use plugins, don’t use Tor. Trying to use both at the same time is most wasted effort. The only difference between doing this and using your normal browser is the fact that your normal browser already has the plugins installed.

In fact, it’d be easier to set up a local Tor proxy, and tell your default browser to use that. Since plugins ignore the proxy, you’ll get the exact same effect as on the Tor Browser.

Don’t torrent over Tor: Tor notoriously is bad for torrenting, for two reasons: breaking your anonymity and also slowing down the network for everyone else. In fact, Tor addresses this directly in their FAQ:

Torrent file-sharing applications have been observed to ignore proxy settings and make direct connections even when they are told to use Tor. Even if your torrent application connects only through Tor, you will often send out your real IP address in the tracker GET request, because that’s how torrents work. Not only do you deanonymize your torrent traffic and your other simultaneous Tor web traffic this way, you also slow down the entire Tor network for everyone else.

Other anonymity networks, like I2P, Freenet, and ZeroNet, are better suited to things like torrenting. For instance, I2P can be used with I2P-Snark.

Don’t use “unofficial” Tor browsers: There are a number of “imitation” Tor browsers on places like the Google Play store (which, if you’re already anti-Google, you probably don’t use anyway). For instance, there’s an app called Onion Search Browser, which, in theory, allows you to access onion sites, but contains ads and is terrible with anonymity. Any of these other “Tor browsers” are likely to be awful, even if they are able to access onion sites.

Be careful about enabling JavaScript and other site features: While some sites won’t function without JavaScript and other features, be aware that allowing them on some sites and not others can enabling tracking as well. The current version of the Tor Browser has three security levels: standard, safer, and safest. Under “standard,” all Tor Browser and website features are enabled. Under “safer,” some website features that can be dangerous are disabled: JavaScript is disabled on all non-HTTPS sites; some fonts and math symbols are disabled; audio and video (HTML5 media) are click-to-play. On “safest,” only website features required for static sites and basic services are enabled, so images, media, and scripts are blocked. Also, JavaScript is disabled on all sites, while some fonts, icons, and math symbols are disabled as well. Audio and video (i.e. HTML5 media) are set as click-to-play.

Don’t use a VPN provider with Tor: There are still a lot of articles and videos that claim you need to use a VPN provider with Tor, which is essentially a myth started by VPN providers. Doing so can actually compromise your anonymity, because you’re then relying on the VPN provider for privacy. If the VPN company is compromised in any way, then so is your data. This isn’t to say that VPNs don’t have other uses, but using the two together is pointless. If you’re concerned about hiding your Tor usage from your ISP, then using a Tor bridge can get around this problem: Relay Search.

.Onion sites: As on the clearnet, there are some .onion sites with malicious intent. Sites listed on directories like the Hidden Wiki, especially financially-related ones, tend to be scams. Use your good judgment. While this doesn’t correlate with the browser itself, these types of sites are aimed at those who are new to Tor and hope to take your money. Such sites have stolen people’s bitcoins, PGP keys, passwords, and other personal information.

Internet Mysteries: Padma G McCord

As I’ve mentioned several times here before, I’m a fan of certain horror YouTubers, including Nexpo. Nexpo’s latest video (done in conjunction with SomeOrdinaryGamers) concerns a woman named Padma G McCord, who seems to have thousands (or perhaps even millions) of websites all across the internet with little to no obvious purpose. [EDIT: The Nexpo video was removed, but Top5s covered the topic as well.]

In a way, this struck me as reminiscent of the “South32” and “Captain Kutchie” mysteries, as both of those involved someone having thousands of different websites as well. Maybe there’s a connection there, if only a loose one. In other words, in the case of South32, the culprit is an infamous domain squatter, and it makes sense that he would have a multitude of websites pertaining to his cause (however strange).

If you Google “Padma G McCord,” or some variation of that, you get some interesting (if not creepy) results. I searched for her name on various search engines, including Google, DuckDuckGo, and searx, and these were a few of the sites that came up:

https://padmagmccord.org https://padmamccord.com https://filmsmoviedirectorpadmamccord.blogspot.com/ https://padmamccordnewhomes.blogspot.com/ https://godjesuschristpadmagmccord.blogspot.com/2014/12/padma-g-surya-queen-esther.html https://padmamccordhomes.blogspot.com/ https://about.me/padma_mccord https://padmamccord.wordpress.com/ https://www.pinterest.com/Padmagmccord/ http://www.digitaljournal.com/pr/2469343

Not creeped out yet? Take a look at these screenshots:

These are only a few of the many examples (again, not unlike the Captain Kutchie phenomenon). Correct me if I’m wrong, but it looks as though her face has been Photoshopped onto someone else’s in many of these photos. Plus, most of the websites have a lot of obvious “keyword stuffing,” using words like “Padma g mccord,” “wedding,” “marriage,” “real estate,” “investments,” and “business.”

She also has a plethora of YouTube videos, revolving around similar content. A Reddit user by the name of u/ostel, who says he works in SEO, had an interesting perspective on this:

She has at least 40 unique domains to her name. These include padmamccord.wordpress.com, padmagmccordbrianmccordjeevanmccord.blogspot.com, and of course padmamccord.com. Some of these are registered with GoDaddy and other domain owners indicating that she pays considerable amounts of money for these domains to remain active.

Across her websites, she has millions (yes, MILLIONS) of backlinks – if you’re not familiar, that means another website is linking to her various websites. Some of these are scam sites with links she likely bought (a faux-BBC news site has an article that either she wrote or she paid for: http://www.bbcnews.svise.com/padma-mccord-president-of-padma-mccord-enterprises-llc-has-been-named-as-one-of-the-most-exciting-business-woman-in-houston/), but you can also see that she comments and links to her own website on various unrelated articles e.g. https://blog.scopelist.com/six-best-rangefinders-keep-hooked/. This indicates to me that either she or someone she is employing is undertaking a massive effort to create a metric ton of backlinks, obfuscating some previous links.

You can find the full post here: Padma McCord: A perspective from someone who works in SEO – it’s on Nexpo’s subreddit. u/ostel points out that one of the pages that ranks very high for McCord’s name is a book on Google Books entitled The Handbook of Sexuality in Close Relationships. While the book is unrelated to her, some of the people listed in the “references” section have both the names “Padma” and “McCord,” which would explain why it tends to rank high in the search results.

At his suggestion, I looked at the site https://semrush.com, which is for analytics and SEO stats, and saw that the Google Books link indeed ranks very high in search results for her name.

Following the release of Nexpo’s and SomeOrdinaryGamers’ videos on this topic, it’s worth noting that McCord started taking down some of her numerous websites. Perhaps being featured on some prominent YouTube channels wasn’t her intention with all this.

While I don’t have a definitive answer as to what’s going on here, it seems as though the SEO answer is pretty accurate. McCord probably wants to bury search results that associate her with something that is, in her mind, negative, like sexuality, and instead play up her business accomplishments, marriage, and family. Ironically, the fact that she’s made a plethora of websites about herself, complete with creepy images and little to no substance, it seems that she’s done the exact opposite.

What are your thoughts on this, readers? Do you have any theories of your own? As always, I’m happy to hear them.

Is the Shadow Web a Reality? (Updated)

Short answer?  Yes, I believe that something like it exists, but I don't think you can get there from the so-called “Shadow Web” site.

There was a site, at one point, that called itself “The Hidden Gateway to the Shadow Web,” and it looked exactly like this:

I had never actually paid my way through to the supposed sites, but as the story goes, there was some extremely sick content on there.  Oddly enough, this very same site had a link to a creepypasta entitled A warning to those thinking of accessing the shadow web has increased its “urban legend” status.

My gut feeling is that the creepypasta was made up, but having seen some very sick and disgusting pages on the dark web myself, I was willing to believe that there were worse things in existence.

Photo courtesy of darknoise.co.za

Currently, there's yet another series of sites up on the Tor network that also refer to themselves as “The Gateway to the Shadow Web,” but I'm starting to become even more skeptical of these.

The new ones look like this:

I'm still suspicious, because the site above appears at least seven different URLs on Tor, which leads me to believe that it's some kind of trap by law enforcement, or merely a scam.  Anything where they want you to download special software, or something like that, is something I would not want to get involved in.

It would be extremely difficult to do something like this over the Tor network, because its speed is akin to that of dialup networks (like the old internet of the '90s).  On the other hand, if you were accessing the dark web through some other method, it would, in theory, be possible.

So What's the Answer, Damn It?!

Here's one of the reasons I'm not completely discrediting the “shadow web” idea.  I did talk to one reputable Quora author (whom I won't named here) who said that not only does something like it exist, it was the sickest thing she had ever seen.  Actually, she didn't specifically call it “the shadow web”; she just said it was another part of the deep web that was harder to access.

She said that she “invested in a non-American SSH Tunnel that I trusted and started digging even deeper.  I had read stories on the surface web relating to these things, and I do not care what absolutely anybody has to say about it.  I know that these sites are not a joke and for somebody to minimize the very real existence of these sites and their victims is not only abhorrently disrespectful but flat out ignorant.”   On top of that, she said that it was her reason for getting off of the dark web completely.

Here's my take on it:

I think something like this could exist (though I have no proof).  It may be technologically difficult, but if you were to have enough security protocols in place, I think it could be accomplished.

There are IRC chat rooms that you can access through the Tor network, where people are into some very sick and disturbing things (IMHO, at least).  So, if you contacted someone in one of these chat rooms who had knowledge of such things, they could probably point you in the direction of a site like this.

The caveat, of course, is that if it were the real thing, not only would it be illegal, but it would probably cost you a very high amount of money.  If a group was organizing such a thing, it wouldn't make sense to offer it for free.

I did come across a similar site on the Tor network, which supposedly offered films of women getting raped, as well as videos of real deaths (they just weren't live streams).  It was more along the lines of something like Faces of Death, which was a shock film, but the filmmakers hadn't actually killed the victims.  Not that I spent very long on this site, but they basically offered samples of the videos for free, and then you had to pay quite a bit of money to subscribe.  (I've talked about the site in another post).

I imagine the same would be true of the so-called “shadow web,” that is, if something like it existed.  I'm trying to be rational about this, believe me!!

So there's my two cents.  Take it or leave it.

Invidious: Open Source YouTube (with Dark Web Access!) #invidious #foss

Given that YouTube is owned by Google and Google controls the world (more or less), you might be tempted to look for some alternatives at some point.

There are two that I happen to know of, one of which I covered on the other blog. The first is NewPipe, which I was using for quite some time until the app started to have issues and wouldn't show videos anymore. It may be that I didn't have the latest stable release, however.

The second, as the title says, is Invidious, which has both clearnet and onion links! I thought I'd quote part of the description on AlternativeTo.net, since it covers some of the major features:

## Official Onion Sites: * kgg2m7yk5aybusll.onion * axqzx4s6s54s32yentfqojs3x5i7faxza6xo3ehd4bzzsg2ii4fv2iid.onion

Features:

  • Audio-only mode (and no need to keep window open on mobile)
  • Open-source (AGPLv3 licensed)
  • No ads
  • No need to create a Google account to save subscriptions
  • Lightweight (homepage is ~4 KB compressed)
  • Tools for managing subscriptions:
  • Only show unseen videos
  • Only show latest (or latest unseen) video from each channel
  • Delivers notifications from all subscribed channels
  • Automatically redirect homepage to feed
  • Import subscriptions from YouTube

  • Dark mode

  • Embed support

  • Set default player options (speed, quality, autoplay, loop)

  • Does not require JS to play videos

  • Support for Reddit comments in place of YT comments

  • Import/Export subscriptions, watch history, preferences

  • Does not use any of the official YouTube APIs

  • Developer API

I especially like that it's available over Tor, although it seems that you do have to enable JavaScript for it to work properly (if that's something you're opposed to, then this site may not be ideal).

So far, I haven't come across any video sharing sites that don't require JavaScript, so you're out of luck in that department.

Here's a good screenshot of its onion site:

As I said above, it's open source as well, so here's its GitHub repository if you want to check that out: omarroth/invidious: Invidious is an alternative front-end to YouTube

You may want to compare YouTube, NewPipe, and Invidious side by side to see which one you're the most comfortable with.

One other feature that I like on both NewPipe and Invidious is that they make it simple to download videos as well, which YouTube doesn't (not surprisingly).

Play around with these and let me know which is your favorite!