Combating spam websites from Tor

Published on April 27, 2020 by

Certain actors spam Tor by creating many duplicate websites under different .onion domains and then linking them to each other. The cost of doing that is pretty low, considering that all you need is creating a new public key pair (the onion domain is the hash of the public key). In theory anyone can create an infinite number of onion domains.

Sadly, bad actors are using this spam technique also for promoting websites with child exploitation content. The motivation behind creating many onion domains for essentially the same website (sometimes with rotating the content slightly for each copy) is likely to increase coverage by Tor search engines.

Since those spam websites provide 0 value and often host illegal content, we have decided to completely delete them from our search index. We are also reporting child exploitation content to organizations that work together with law enforcement. There are also technical considerations why we want to refrain from indexing spam content: Our crawlers should be busy with indexing actual onion websites and storage and system resources should not be wasted for content that has no value.

Detecting Spam Onion Domains

The spam websites are typically SEO optimized – after all that is why the spam technique is used in the first place. This means that they have descriptive meta tags in the HTML data, as well as domain names that may indicate the type of content.

Therefore, our algorithms take the following into consideration to fingerprint websites to classify as spam:

  • HTML tag <title>
  • HTML tag <meta name=”description”>
  • HTML tag <meta name=”keywords”>
  • Subdomain name
  • Text of outgoing links (<a> tags)
  • “alt” attribute of <img> tags (= alt text of pictures)

Statistics

Our algorithms have removed:

  • 209,081 unique onion domains (this number includes sub-domains)
  • About 500 GB of archived text pages
  • About 34 million archived text pages and related index files
  • 28% of our overall Tor index

Related articles

Newsletter 2021-04-16

Published on April 16, 2021 by

Intelligence X supports Peernet – Founder’s Statement I am excited to announce Peernet, a decentralized network that allows sharing of data freely without censorship and restrictions. Here is the pitch deck: https://peernet.org/dl/Peernet%20Deck.pdf Peernet is making quick progress from its inception as I am finalizing the whitepaper and developing the core library. I would like to


Newsletter 2021-02-20

Published on February 20, 2021 by

February 2021: Launch of the European Internet Archive The European Internet Archive just launched! 🎉🥳 ➡ https://archive.eu/ 225 TLDs added to the list of web crawling We have added 225 top-level domains (TLDs) to the list of web crawling. Find the full list and how we are categorizing them in this blog post. Our dataset


New Category “Bot Logs”

Published on February 10, 2021 by

We have added the new category “Bot Logs”. It contains data collected by and leaked from viruses such as Azorult. Such data is often sold on marketplaces such as the Genesis Market. We decided to index such data into this new category to help filtering out relevant results. You can find this new category in


Search the blog: