#FactCheck - "Viral Video Falsely Claimed as Evidence of Attacks in Bangladesh is False & Misleading”

Introduction

Embark on a groundbreaking exploration of the Darkweb Metaverse, a revolutionary fusion of the enigmatic dark web with the immersive realm of the metaverse. Unveiling a decentralised platform championing freedom of speech, the Darkverse promises unparalleled diversity of expression. However, as we delve into this digital frontier, we must tread cautiously, acknowledging the security risks and societal challenges that accompany the metaverse's emergence.

The Dark Metaverse is a unique combination of the mysterious dark web and the immersive digital world known as the metaverse. Imagine a place where users may participate in decentralised social networking, communicate anonymously, and freely express a range of viewpoints. It aims to provide an alternative to traditional online platforms, emphasizing privacy and freedom of speech. Nevertheless, it also brings new kinds of criminality and security issues, so it's important to approach this digital frontier cautiously.

In the vast expanse of the digital cosmos, there exists a realm that remains shrouded in mystery to the casual netizen—the dark web. It is a place where the surface web, the familiar territory of Google searches and social media feeds, constitutes a mere 5 per cent of the information iceberg floating in an ocean of data. Beneath this surface lies the deep web and the dark web, comprising the remaining 95 per cent, a staggering figure that beckons the brave and curious to explore its abysmal depths.

Imagine, a platform that not only ventures into these depths but intertwines them with the emerging concept of the metaverse—a digital realm that defeats the limitations of the physical world. This is the vision of the Darkweb Metaverse, the world’s premier endeavour to harness the enigmatic depths of the dark web and fuse it into the immersive experience of the metaverse.

As per Internet User Statistics 2024, There are over 5.3 billion Internet users in the world, meaning over 65% of the world’s population has access to the Internet. The Internet is used for various services. News, entertainment, and communication to name a few. The citizens of developed countries depend on the World Wide Web for a multitude of daily tasks such as academic research, online shopping, E-banking, accessing news and even ordering food online hence the Internet has become an integral part of our daily lives.

Surface Web

This layer of the internet is used by the general public on a daily basis. The contents of this layer are accessed by standard web browsers namely Google Chrome, and Mozilla Firefox to name a few. The contents of this layer of the internet are indexed by these search engines.

Deep Web

This is the second layer of the internet; its contents are not indexed by search engines. The content that is unavailable on the surface web is considered to be a part of the deep web. The deep web comprises a collection of various types of confidential information. Several Schools, Universities, Institutes, Government Offices and Departments, Multinational Companies (MNCs), and Private Companies store their database information and website-oriented server information such as online profile and accounts usernames or IDs and passwords or log in credentials and companies' premium subscription data and monetary transactional records in the Intra-net which is part of the deep web.

Dark Web

It is the least explored part of the internet which is considered to be a hub of various bizarre activities. The contents of the dark web are not indexed by search engines and specific software is required to access this layer of the internet namely TOR (The Onion Router) browser which cloaks to identify its users making them anonymous. The websites of the dark web are identified from .onion TLD (Top Level Domain). Due to anonymity provided in this layer, various criminal activities take place over there including Drugs trading, Arms trading, and Illegal PayPal account details to websites offering child pornography.

The Darkverse 

The Darkweb Metaverse is not a mere novelty; it is a revolutionary step forward, a decentralised social networking platform that stands in stark contrast to centralised counterparts like YouTube or Twitter. Here, the spectre of censorship is banished, and the freedom of speech reigns supreme. 

The architectonic prowess behind the Darkweb Metaverse is formidable. The development team is a coalition of former infrastructure maestros from Theta Network and virtuosos of metaverse design, bolstered by backend engineers from Gensokishi Metaverse. At the helm is a CEO whose tenure at the apex of large Japanese companies has endowed him with a profound understanding of the landscape, setting a solid foundation for the platform's future triumphs.

Financially, the dark web has been a flourishing underworld, with revenues ranging from $1.5 billion to $3.1 billion between 2020 and 2022. Darkverse, with its emphasis on user-friendliness and safety, is poised to capture a significant portion of this user base. The platform serves as a truly decentralised amalgamation of the Dark Web, Metaverse, and Social Networking Services (SNS), with a mission to provide an unassailable bastion for freedom of speech and expression.

The Darkweb Metaverse is not merely a sanctuary for anonymity and privacy; it is a crucible for the diversity of expression. In a world where centralised platforms can muzzle voices, Darkverse stands as a bulwark against such suppression, fostering a community where a kaleidoscope of opinions and information thrives. The ease of use is unparalleled—a one-time portal that obviates the need for third-party software to access the dark web, protecting users from the myriad risks that typically accompany such ventures.

Moreover, the platform's ability to verify the authenticity of information is a game-changer. In an era laced with misinformation, especially surrounding contentious issues like war, Darkverse offers a sign of truth where the source of information can be scrutinised for its accuracy.

Integrating Technologies 

The metaverse will be an immersive iteration of the internet, decked with interactive features of emerging technologies such as artificial intelligence, virtual and augmented reality, 3D graphics, 5G, holograms, NFTs, blockchain and haptic sensors. Each building block, while innovative, carries its own set of risks—vulnerabilities and design flaws that could pose a serious threat to the integrated meta world.

The dark web's very nature of interaction through avatars makes it a perfect candidate for a metaverse iteration. Here, in this anonymous world, commercial and personal engagements occur without the desire to unveil real identities. The metaverse's DNA is well-suited to the dark web, presenting a formidable security challenge as it is likely to evolve more rapidly than its real-world counterpart.

While Meta (formerly Facebook) is a prominent entity developing the metaverse, other key players include NVIDIA, Epic Games, Microsoft, Apple, Decentraland, Roblox Corporation, Unity Software, Snapchat, and Amazon. These companies are integral to constructing the vast network of real-time 3D virtual worlds where users maintain their identities and payment histories.

Yet, with innovation comes risk. The metaverse will necessitate police stations, not as a dystopian oversight but as a means to address the inherent challenges of a new digital society. In India, for instance, the integration of law enforcement within the metaverse could revolutionize the public's interaction with the police, potentially increasing the reporting of crimes.

The Perils within the Darkverse

The metaverse will also be a fertile ground for crimes of a new dimension—identity theft, digital asset hijacking, and the influence of metaverse interactions on real-world decisions. With a significant portion of social media profiles potentially being fraudulent, the metaverse amplifies these challenges, necessitating robust identity access management.

The integration of NFTs into the metaverse ecosystem is not without its security concerns, as token breaches and hacks remain a persistent threat. The metaverse's parallel economy will test the developers' ability to engender trust, a Herculean task that will challenge the boundaries of national economies.

Moreover, the metaverse will be a crucible for social engineering-based attacks, where the real-time and immersive nature of interactions could make individuals particularly vulnerable to deception and manipulation. The potential for early-stage fraud, such as the hyping and selling of virtual assets at unrealistic prices, is a stark reality.

The metaverse also presents numerous risks, particularly for children and adolescents who may struggle to distinguish  between virtual and real worlds. The implications of such immersive experiences are intense, with the potential to influence behaviour in hazardous ways.

Security risks extend to the technologies supporting the metaverse, such as virtual and augmented reality. The exploitation of biometric data, the bridging of virtual and real worlds, and the tendency for polarisation and societal isolation are all issues requiring immediate attention.

A Way Forward

As we stand on the cusp of this new digital frontier, it is evident that the metaverse, despite its reliance on blockchain, is not immune to the privacy and security breaches that have plagued conventional IT infrastructure. Data security, Identity theft, network security, and ransomware attacks are just a few of the challenges on the way.

In this quest into the unknown, the Darkweb Metaverse radiates with the promise of freedom and the thrill of discovery. Yet, as we navigate these shadowy depths, we must remain vigilant, for the very technologies that empower us also rear the seeds of our grim vulnerabilities. The metaverse is not just a new chapter in the story of the internet—it is a whole narrative, one that we must write with caution and care.

References 

• https://spores.medium.com/the-worlds-first-platform-to-deploy-the-dark-web-in-the-metaverse-releap-ido-on-spores-launchpad-a36387b184de 
• https://www.makeuseof.com/how-hackers-sell-trade-data-in-metaverse/
• https://www.demandsage.com/internet-user-statistics/#:~:text=There%20are%20over%205.3%20billion,has%20access%20to%20the%20Internet.

‍

Introduction

Cert-In (Indian Computer Emergency Response Team) has recently issued the “Guidelines on Information Security Practices” for Government Entities for Safe & Trusted Internet. The guideline has come at a critical time when the Draft Digital India Bill is about to be released, which is aimed at revamping the legal aspects of Indian cyberspace. These guidelines lay down the policy framework and the requirements for critical infrastructure for all government organisations and institutions to improve the overall cyber security of the nation.

What is Cert-In?

A Computer Emergency Response Team (CERT) is a group of information security experts responsible for the protection against, detection of and response to an organisation’s cybersecurity incidents. A CERT may focus on resolving data breaches and denial-of-service attacks and providing alerts and incident handling guidelines. CERTs also conduct ongoing public awareness campaigns and engage in research aimed at improving security systems. The Ministry of Electronics and Information Technology (MeitY) oversees CERT-In. It regularly releases alerts to help individuals and companies safeguard their data, information, and ICT (Information and Communications Technology) infrastructure.

Indian Computer Emergency Response Team (CERT-In) has been established and appointed as national agency in respect of cyber incidents and cyber security incidents in terms of the provisions of section 70B of Information Technology (IT) Act, 2000.

CERT-In requests information from service providers, intermediaries, data centres, and body corporates to coordinate reaction actions and emergency procedures regarding cyber security incidents. It is a focal point for incident reporting and offers round-the-clock security services.  It manages cyber occurrences that are tracked and reported while continuously analysing cyber risks. It strengthens the security barriers for the Indian Internet domain.

Background

India is fast becoming one of the world’s largest connected nations – with over 80 Crore Indians  (Digital Nagriks) presently connected and using the Internet and cyberspace – and with this number is expected to touch 120 Crores in the coming few years. The Digital Nagriks of the country are using the Internet for business, education, finance and various applications and services including Digital Government services. Internet provides growth and innovation and at the same time it has seen rise in cybercrimes, user harm and other challenges to online safety. The policies of the Government are aimed at ensuring an Open, Safe & Trusted and Accountable Internet for its users. Government is fully cognizant and aware of the growing cyber security threats and attacks.

It is the Government of India’s objective to ensure that Digital Nagriks experience a Safe & Trusted Internet. Along with ubiquitous applications of Information & Communication Technologies (ICT) in almost all facets of service delivery and operations, continuously evolving cyber threats have become a concern for the Government. Cyber-attacks can come in the form of malware, ransomware, phishing, data breach etc., that adversely affect an organisation’s information and systems. Cyber threats leading to cyber-attacks or incidents can compromise the confidentiality, integrity, and availability of an organisation’s information and systems and can have far reaching impact on essential services and national interests. To protect against cyber threats, it is important for government entities to implement strong  cybersecurity measures and follow best practices. As ICT infrastructure of the Government entities is one of the preferred targets of the malicious actors, responsibility of implementing good cyber security practices for protecting computers, servers, applications, electronic systems, networks, and data from digital attacks, also remain with the ICT assets’ owner i.e. Government entity.

What are the new Guidelines about?

The Government of India (distribution of business) Rules, 1961’s First Schedule lists a number of Ministries, Departments, Secretariats, and Offices, along with their affiliated and subordinate offices, which are all subject to the rules. They also comprise all governmental organisations, businesses operating in the public sector, and other governmental entities under their administrative control.

“The government has launched a number of steps to guarantee an accessible, trustworthy, and accountable digital environment. With a focus on capabilities, systems, human resources, and awareness, we are extending and speeding our work in the area of cyber security, according to Rajeev Chandrasekhar, Minister of State for Electronics, Information Technology, Skill Development, and Entrepreneurship.

The Recommendations

• Various security domains are covered in the standards, including network security, identity and access management, application security, data security, third-party outsourcing, hardening procedures, security monitoring, incident management, and security audits.
• For instance, the rules advise using only a Standard User (non-administrator) account to use computers and laptops for regular work regarding desktop, laptop, and printer security in the workplace. Users may only be granted administrative access with the CISO’s consent.
• The usage of lengthy passwords containing at least eight characters that combine capital letters, tiny letters, numerals, and special characters; Never save any usernames or passwords in your web browser. Likewise, never save any payment-related data there.
• They include guidelines created by the National Informatics Centre for Chief Information Security Officers (CISOs) and staff members of Central government Ministries/Departments to improve cyber security and cyber hygiene in addition to adhering to industry best practises.

Conclusion

The government has been proactive in the contemporary times to eradicate the menace of cybercrimes and therreats from the Indian cyberspace and hence now we have seen a series of new bills and polices introduced by the Ministry of Electronics and Information Technology, and various other government organisations like Cert-In and TRAI. These policies have been aimed towards being relevant to time and current technologies. The threats from emerging technologies like web 3.0 cannot be ignored and hence with active netizen participation and synergy between government and corporates will lead to a better and improved cyber ecosystem in India.

Introduction

In India, the rights of children with regard to protection of their personal data are enshrined under the Digital Personal Data Protection Act, 2023 which is the newly enacted digital personal data protection law of India. The DPDP Act requires that for the processing of children's personal data, verifiable consent of parents or legal guardians is a necessary requirement. If the consent of parents or legal guardians is not obtained then it constitutes a violation under the DPDP Act. Under section 2(f) of the DPDP act, a “child” means an individual who has not completed the age of eighteen years. 

Section 9 under the DPDP Act, 2023

With reference to the collection of children's data section 9 of the DPDP Act, 2023 provides that for children below 18 years of age, consent from Parents/Legal Guardians is required. The Data Fiduciary shall, before processing any personal data of a child or a person with a disability who has a lawful guardian, obtain verifiable consent from the parent or the lawful guardian. Section 9 aims to create a safer online environment for children by limiting the exploitation of their data for commercial purposes or otherwise. By virtue of this section, the parents and guardians will have more control over their children's data and privacy and they are empowered to make choices as to how they manage their children's online activities and the permissions they grant to various online services. 

Section 9 sub-section (3) specifies that a Data Fiduciary shall not undertake tracking or behavioural monitoring of children or targeted advertising directed at children. However, section 9 sub-section (5) further provides room for exemption from this prohibition by empowering the Central Government which may notify exemption to specific data fiduciaries or data processors from the behavioural tracking or target advertising prohibition under the future DPDP Rules which are yet to be announced or released. 

Impact on social media platforms

Social media companies are raising concerns about Section 9 of the DPDP Act and upcoming Rules for the DPDP Act. Section 9 prohibits behavioural tracking or targeted advertising directed at children on digital platforms. By prohibiting intermediaries from tracking a ‘child's internet activities’ and ‘targeted advertising’ - this law aims to preserve children's privacy. However, social media corporations contended that this limitation adversely affects the efficacy of safety measures intended to safeguard young users, highlighting the necessity of monitoring specific user signals, including from minors, to guarantee the efficacy of safety measures designed for them.

Social media companies assert that tracking teenagers' behaviour is essential for safeguarding them from predators and harmful interactions. They believe that a complete ban on behavioural tracking is counterproductive to the government's objectives of protecting children. The scope to grant exemption leaves the door open for further advocacy on this issue. Hence it necessitates coordination with the concerned ministry and relevant stakeholders to find a balanced approach that maintains both privacy and safety for young users.

Furthermore, the impact on social media platforms also extends to the user experience and the operational costs required to implement the functioning of the changes created by regulations. This also involves significant changes to their algorithms and data-handling processes. Implementing robust age verification systems to identify young users and protect their data will also be a technically challenging step for the various scales of platforms. Ensuring that children’s data is not used for targeted advertising or behavioural monitoring also requires sophisticated data management systems. The blanket ban on targeted advertising and behavioural tracking may also affect the personalisation of content for young users, which may reduce their engagement with the platform.

For globally operating platforms, aligning their practices with the DPDP Act in India while also complying with data protection laws in other countries (such as GDPR in Europe or COPPA in the US) can be complex and resource-intensive. Platforms might choose to implement uniform global policies for simplicity, which could impact their operations in regions not governed by similar laws. On the same page, competitive dynamics such as market shifts where smaller or niche platforms that cater specifically to children and comply with these regulations may gain a competitive edge. There may be a drive towards developing new, compliant ways of monetizing user interactions that do not rely on behavioural tracking.

CyberPeace Policy Recommendations

A balanced strategy should be taken into account which gives weightage to the contentions of social media companies as well as to the protection of children's personal information. Instead of a blanket ban, platforms can be obliged to follow and encourage openness in advertising practices, ensuring that children are not exposed to any misleading or manipulative marketing techniques. Self-regulation techniques can be implemented to support ethical behaviour, responsibility, and the safety of young users’ online personal information through the platform’s practices. Additionally, verifiable consent should be examined and put forward in a manner which is practical and the platforms have a say in designing the said verification. Ultimately, this should be dealt with in a manner that behavioural tracking and targeted advertising are not affecting the children's well-being, safety and data protection in any way. 

Final Words

Under section 9 of the DPDP Act, the prohibition of behavioural tracking and targeted advertising in case of processing children's personal data - will compel social media platforms to overhaul their data collection and advertising practices, ensuring compliance with stricter privacy regulations. The legislative intent behind this provision is to enhance and strengthen the protection of children's digital personal data security and privacy. As children are particularly vulnerable to digital threats due to their still-evolving maturity and cognitive capacities, the protection of their privacy stands as a priority. The innocence of children is a major cause for concern when it comes to digital access because children simply do not possess the discernment and caution required to be able to navigate the Internet safely. Furthermore, a balanced approach needs to be adopted which maintains both ‘privacy’ and ‘safety’ for young users.

References

• https://www.meity.gov.in/writereaddata/files/Digital%20Personal%20Data%20Protection%20Act%202023.pdf 
• https://www.firstpost.com/tech/as-govt-of-india-starts-preparing-rules-for-dpdp-act-social-media-platforms-worried-13789134.html#google_vignette
• https://www.business-standard.com/industry/news/social-media-platforms-worry-new-data-law-could-affect-child-safety-ads-124070400673_1.html

‍