Certain actors spam Tor by creating many duplicate websites under different .onion domains and then linking them to each other. The cost of doing that is pretty low, considering that all you need is creating a new public key pair (the onion domain is the hash of the public key). In theory anyone can create an infinite number of onion domains.
Sadly, bad actors are using this spam technique also for promoting websites with child exploitation content. The motivation behind creating many onion domains for essentially the same website (sometimes with rotating the content slightly for each copy) is likely to increase coverage by Tor search engines.
Since those spam websites provide 0 value and often host illegal content, we have decided to completely delete them from our search index. We are also reporting child exploitation content to organizations that work together with law enforcement. There are also technical considerations why we want to refrain from indexing spam content: Our crawlers should be busy with indexing actual onion websites and storage and system resources should not be wasted for content that has no value.
Detecting Spam Onion Domains
The spam websites are typically SEO optimized – after all that is why the spam technique is used in the first place. This means that they have descriptive meta tags in the HTML data, as well as domain names that may indicate the type of content.
Therefore, our algorithms take the following into consideration to fingerprint websites to classify as spam:
Our algorithms have removed:
At Intelligence X we categorize data sources into buckets. Buckets can be used as filters and to broadly identify the source of individual search results. For example, the bucket “Darknet Tor” indicates the result origins from some a Tor hidden service (.onion domain) and was collected by our Tor crawler. Buckets have human readable names
We just added support for an additional 152 top-level domains (TLDs), increasing the support to 511 TLDs in total. Support means that you can search for those domains across intelx.io and APIs, and internally that our backend supports processing them. While you can start searching for them immediately, it will take some time until our
Earlier today at 11:24 The Guardian Journalist Shaun Walker posted the security procedure and the security token used to pass makeshift checkpoints in Ukraine related to the Russian Ukrainian war: This is a reminder to journalists – and the public – to take OPSEC (operations security) seriously and not endanger people on the ground. Posting