Apala Bhowmick, a Ph.D. student at Emory University, tweeted in September 2022 that she would not have been able to attend graduate school if she had not had access to Z-library, a free online shadow library. Her tweet was widely resonant. As a native of India, Bhowmick stressed how most Indian universities don’t have robust institutional resources compared to what can be found in places like the UK, US, and other developed countries.”The only recourse many global South scholars have is turning to platforms like Libgen and Z-library for scholarly literature, alongside reading open-access journals on the internet,” said Bhowmick.
In 2009, Z-library, a free online shadow library that essentially violates copyright laws, started as a mirror of Libgen, a shadow library for academic journal articles and ebooks. Scholars, researchers, and students – most of whom are financially disadvantaged — use the library to obtain free books. As a result, it receives more than 170 million monthly visits, from 165 different nations.
But in November 2022, over 200 Z-library public domains were seized by the Federal Bureau of Investigation for criminal copyright infringement. Users have been forced to use dangerous websites since its ban, posing a serious threat to their privacy and maybe constituting a cybersecurity threat.
Z-library is popular for obvious reasons. Aside from the robust access that allows it to tout itself as “the world’s largest e-book library,” Z-library has a very friendly interface and is easy to navigate. “All other pirated e-book libraries I’ve used have confusing and messy user interfaces,” said Raheemah Olawuyi, an avid Nigerian reader. Prior to the FBI seizure, Z-library also had a dedicated Telegram Bot for easier access to books. The Bot had a chat-based interface where users could swiftly request and download books.
Olawuyi described the closure of Z-library as “depressing” when she first learned about it. She attempted to download a book using the Z-library Bot a few months after it had been shut down, but she was soon reminded by a popup notification that it had been removed due to copyright infringement.
According to Bhowmick, the Z-library shutdown is another pattern of racism and inequity that hinders promising young people from following their academic passions to futures in wealthier countries with more supported academic institutions. “There are scant ways of finding access to scholarly literature in India due to fractured print culture networks and limited incomes,” she said, “It’s almost a deliberate strategy to gate-keep academia from those who are racialized, or marginalized in other ways, especially in vulnerable economies in the world.”
The Z-library shutdown is another pattern of racism and inequity that hinders promising young people from following their academic passions to futures in wealthier countries with more supported academic institutions.
This current ban came after a suspension in March 2021 due to a “Digital Millennium Copyright Act (DMCA)” takedown, issued by Harvard Business Publishing. Harvard had listed infringing publications posted by Z-library, which led to an immediate suspension of the library’s public domains. The domains were reinstated after Z-library removed the publications identified in the complaint. However, the 2022 seizure led to a complete eradication of Z-library’s public domains from the internet.
Many readers blame the shutdown on the massive popularity Z-library had accrued on Book Tiktok, popularly known as “booktok.” The hashtag #Zlibrarybooks has garnered over 25 million views on Tiktok. While Tiktok might have been a major factor in the Z-library seizure, authors have constantly filed complaints to law enforcement agencies about the substantial harm Z-library had been doing to their work.
The Author’s Guild filed a complaint to the US Trade Representative’s office in October 2022 about how Z-library was making it easy to find both recently published works and older ones on the website. The Author’s Guild also claims to have assisted the US Attorney’s office and the FBI in the investigation and Indictment of Z-library. “We are not unsympathetic to the plight of those college and other students who have perhaps felt forced to resort to such illegal pirate websites and other free sources of textbooks to help them manage the extremely high cost of higher education. However, these students’ anger is misdirected. The exorbitant cost of education should not be borne by authors and publishers but by the universities,” the Authors Guild stated in a press release posted in November 2022.
There are many books with limited printings and some of them are not just expensive, but also scarcely available for sale. Alexis Harper, a PhD student at Howard University claims that the closure of Z-library would have a significant negative impact on her ability to complete her dissertation. “One of the primary books I’m using for my dissertation is difficult to find. It was basically out of print,” said Harper “But it’s the type of book that’ll easily be found on Z-library. I somewhat have a limited amount of time to finish my dissertation. Failure to do so means I’d need to go through a process to retake them or prove competency again,” Later, she was able to purchase the book from a Canadian vendor, but it took more than two months for her to get it. “A one to two-month hold-up is a long time in dissertation land,” she said.
However, amidst all the noise, some users have found a way to access Z-library through the dark web using “The onion router” network (Tor) and the “Invisible Internet Project” (I2P). These networks serve as a bridge to the dark web. They work by hiding users’ IP addresses and encrypting their internet activities. This enables seized website domains like Z-library to function without being traced. While these solutions may seem exciting, they raise security concerns for users who are unaware of the potential dangers of the dark web.
THE MURKY DARK WEB
The dark web refers to a segment of the internet that is not identified and indexed by conventional web crawlers such as Google or Bing bot, and has long been associated with illicit and illegal activities. Accessing the dark web is usually done using specific browsers such as I2P and Tor Browser. The dark web can be accessed without Tor, but the Tor network makes it difficult for your activities to be traced back to you. It enables a high degree of anonymity by disguising a user’s location and identity. This allows websites like Z-library to operate after being seized from the regular internet. Essentially, it makes it incredibly hard for the library’s servers to be recognized, traced, or seized.
“Cybercriminals or malicious actors could potentially create fake or malicious onion addresses that mimic legitimate ones in an attempt to deceive users and carry out illegal activities,” said Amir Waqas, founder of Hackread, a news platform that covers Infosec, cybercrime, and hacking news. “This is known as phishing, where attackers create fake websites or links that appear to be legitimate in order to trick users into revealing personal information, login credentials, or engaging in other malicious activities.”
Phishing attacks associated with onion links are particularly dangerous because they can be difficult to detect and trace due to the anonymity provided by the Tor network. Several social media content and YouTube videos have been posted tutoring users on how to use Z-library on Tor. While some of the Z-library onion links in the description of these social media posts may be legitimate, some may pose cyber threats. For example, when a user clicks a malicious onion link and enters personal data like their Google account and password, the attacker can use this information to commit identity theft or gain access to other sensitive information.
RISKS AND PRECAUTIONS
Readers have been desperate for Z-library alternatives. And for many, finding a way to access it on the dark web was a breakthrough. And some, such as Elder Ryan, a HongKong based Cryptographer & Developer, believe that the ways we generate and access data and information should be free from the control of any government, organization, or company. “This is why I love the Tor network. Individuals can truly possess sovereign power equal to that of governments,” he said. “Although the Tor network is not safe for ordinary users, as they are vulnerable to phishing attacks and fraud.”
YouTube videos and other social media posts about accessing Z-library on Tor have accrued thousands of views. These posts often skip over the potential risks associated with using these networks, leaving users unbothered about the cyber attacks they could be subjected to. Experts say this is another form of exploitation. According to Waqas, “YouTube is being exploited for malicious activities. From how-to videos on making phishing pages and malware development to malicious links in its comment and description sections; the site has been abused worldwide.” In a cyber-threat report by Leonid Bezvershenko & Georgy Kucherin, malicious Tor installer links were identified in the description of a video posted by a popular Chinese YouTube channel.
The video had two links in its description. The first directed users to the original Tor Browser website, while the other led them to a malicious Tor installer. Individuals who clicked the malicious links received digital implants that gather data that can be used to identify the victims’ browsing histories, social media account IDs, and Wi-Fi networks. Putting the links on a prominent YouTube channel made the malicious Tor installer appear more legitimate to prospective targets.
Malware and spyware can be installed on a user’s device by clicking an onion link or downloading files on Tor. “While Tor is designed to provide anonymity and privacy, it does not guarantee protection against all types of malicious activities,” Waqas said. Cybercriminals may create fake websites on the Tor network that appear legitimate but actually contain malicious codes that can infect a user’s device when accessed or downloaded. Conventional browsers such as Chrome, Firefox, and Safari are secure by default. They have built-in malware protection features that protect users from cyber threats such as data breaches and phishing attacks. On the other hand, dark web browsers such as Tor and 12P are more anonymity-focused and do not protect users against all forms of cyber threats.
According to Waqas, malware can be designed to steal sensitive information, such as login credentials, financial and personal data, or to gain unauthorized access to a user’s device. Users may inadvertently download and execute these malware files, which can compromise their devices and personal data. He said, “Malware can be built to run silently in the background without displaying any noticeable symptoms or alerts.” This allows cybercriminals to collect data and conduct malicious activities without the user’s knowledge.
Ryan recommends that users should always use fake information when surfing the dark web.“Be skeptical of everything you encounter on the Tor network,” he said. “There are many phishing websites that are either fraudulent or designed to trick you into revealing your real information or credit card details. Do not trust them.”
Z-library has remained accessible through the dark web, but as of Feb. 11, 2023, Z-library announced that the site is back on the regular internet through a new domain name. They are now providing personal subdomains for users, which are protected by their passwords and cannot be accessed by other users. While this doesn’t mitigate subsequent seizures, It is an attempt to keep their domains active for a longer period. Z-library also implores users to continue to use the Tor network or I2P if the new domain is inaccessible to them. “Using a VPN can help mask your IP address and provide an additional layer of anonymity when accessing the dark web through Tor or I2P,” said Waqas, “choose a reputable and trustworthy VPN service.” He also advises users to avoid sharing any personal, sensitive, or identifying information on the dark web, as it can compromise their privacy and security.
Z-library is determined to keep the website available to the public, but with the US government on its back, the domains remain subject to subsequent seizure. “Websites on the regular internet are always easy to seize and sooner or later the new ones could be gone as well. All it will require is a subpoena from the court to get it done,” said Waqas.
Olawuyi expresses her excitement about Z-library’s return, stating that it’s one of the best resources available. Having access to Z-library again made her realize how impactful it was to her reading culture. Regarding the possibility of another shutdown, she says she would not be so shocked since she had to explore other options after the initial shutdown. But in the meantime, she’s spending her days in the virtual stacks.
Aisha Bello is a freelance writer and journalist covering technology, environmental sustainability, and youth culture.