Hidden service directories provide users with a valuable resource for keeping track of darknet site uptime. However, hidden services often become inactive due to a variety of reasons and it can become difficult to keep track of new sites that reemerge. Dark.fail collects and verifies working onion links for cybersecurity research purposes. These links include moderated forums, marketplaces, major news outlets, social media and mail services, cryptocurrency exchanges, VPN services, file sharing, web archives, and law enforcement resources. This is achieved with PGP key encryption and dark.fail’s own ‘OMG’ standard.
Why Use Dark.fail?
Dark.fail allows researchers to access hidden services without compromising their security. It maintains a list of the most prominent darknet sites while implementing its own OMG (Onion Mirror Guidelines) standard with site owners to verify link authenticity and uptime. If a hidden service adheres to the standard, it will supply dark.fail with their PGP public keys, a list of all official mirrors of a site signed with the owner’s PGP key and a PGP signed canary message with the latest Bitcoin block hash, and current date that must be updated every 14 days. This ensures the mirrors listed are both up-to-date and remain uncompromised. So, all mirrors hosting the same content can be gathered and verified within their site. If a PGP-verified mirror for a specific site becomes inactive, dark.fail will detect the address as offline and display the last time it was reachable. News of relevant events within the darknet community is periodically posted at the top of the page, such as law enforcement takedowns or TOR network issues.
After the TOR v3 transition in mid-2020, dark.fail was one of the first hidden service directories to list v3 links. So, users were protected from v2-based attacks, such as enumeration and location-prediction where relays had the power to detail and block services.
The admins of Dark.fail have stated that it relies on donations and is not paid by the sites listed.
Downsides & Limitations of dark.fail
Dark.fail runs on a centralized platform and was subject to domain phishing and DDOS attacks in the past so it is important to always verify the links posted are signed by the same PGP key, under their /mirrors.txt page. For example, when the signed message in https://dark.fail/mirrors.txt is entered into https://dark.fail/pgp, is verified to be originating from the owner of dark.fail.
The admins of Dark.fail may also add or remove links at their own discretion without notice to users.
How To Access dark.fail
In order to access dark.fail over the clear net, you only require a standard web browser. However, it is recommended to install the Tor Browser and use their .onion. The only verified and trusted onion link on their homepage is darkfailenbsdla5mal2mxn2uz66od5vtzd5qozslagrfzachha3f3id.onion
One reply on “Dark.fail: Useful & Verified List of Tor Hidden Services”
I’m not sure I understand how exactly to use the PGP scripts or signatures. When it’s the first page that comes up do I copy from the beginning of signature to the end signature? Then how do I proceed from there? I would appreciate a detailed answer in order to not waste our time or cause red flags. Sincerely Teri