It’s harder to be tracked on Tor or I2P than it is on the normal Web, but you have to be extremely careful. The Tor and I2P protocols themselves are quite secure, but a chain is only as strong as its weakest link. Even if the government can’t see where you’re going, they may still see that you’re using Tor or I2P to get there—or at least that you’re not behaving like a normal citizen whose traffic is completely in the clear and viewable. That makes you look suspicious already. Seeing Tor or I2P traffic can be enough to set off alarm bells deep in the National Security Agency or FBI. And as you might guess, this Deep Web is crawling with feds. In 2011, the feds turned LulzSec hacker Sabu within a few hours and had him spend the next months collecting evidence on his cohorts, which I suspect provided some of the inspiration for the Gavin Orsay plot.
If you’re just trying to gain more privacy, these tools are certainly an asset. The feds may put a flag on you but will be less able to get access to the content of your activity. On the other hand, if you use Darknet to negotiate any sort of offline transaction (drugs, murder, whatever), you cease being anonymous the minute you make any sort of offline contact. And despite the distribution of anonymizing tools like the Tor Browser, you have to be meticulous in securing every link in the chain. One mistake is all it takes, and the head of Darknet drug marketplace Silk Road made many. Only a well-informed security whiz is likely not to leave enough of a trail to be found. Otherwise, you're just playing the odds.
Sometimes playing the odds works: Edward Snowden didn't get caught stealing massive numbers of internal NSA files in part because NSA security was stunningly incompetent. But you want to minimize risk whenever possible. In House of Cards, Orsay takes over Goodwin’s computer with a flashy disintegrating screen, then delivers him a custom iPad where the hacker speaks to him via distorted voice through an animated Hieronymus Bosch avatar. Orsay then has Goodwin steal a co-worker’s phone to get the two-factor passcode for the Washington Herald intranet—only to reveal that it was just a test! It makes for showy drama, but 1) it’s as subtle as a brick wall, and 2) the hacker would want to minimize the amount of tech the reporter has to engage with, lest the reporter screw it up. (Reporters aren’t the most tech-savvy group.) When anti–revenge porn activist Charlotte Laws was being stalked and harassed by the operators of revenge porn sites, the high-minded hacker group Anonymous, who loathe bullies and trolls almost as much as they loathe oppressive regimes, contacted her by Twitter and then by phone and relied on the assumption that the people going after her were not geniuses (which they weren’t—the ringleader was soon arrested).
On the other hand, even comprehensive risk management may not be enough. The FBI commandeered an entire Tor provider notorious for hosting child pornography and added a clever bit of malware to it that identified Tor users to them. Anonymous also polices Darknet, and its Operation Darknet has gone after child pornography distributors as well. Anonymous and the feds do agree on one thing: Child pornography is evil.
(You may wonder: Am I active on Darknet? Yes, I go on Darknet constantly and do all sorts of illegal dealings, and then I write a tech column about it to throw people off the track.)
So how believable is the whole House of Cards storyline? There are no egregious technical howlers, thanks to the technical advice of Internet activist Gregg Housh, whose participation can be seen part of a trend toward better technical accuracy since the days of Sneakers and Independence Day (in which the remarkably hackable alien computer features a giant status dialog that reads “UPLOADING VIRUS”). The Fifth Estate had more detail, but on purely technical terms, House of Cards holds up pretty well. As for the actual storyline, let me put it this way: It's just as believable as House of Cards’ politics.
You may be left with one last question: “Wow, this Tor/I2P thing sounds really cool. How do I get on it?” No problem. Please send me your name, address, and Social Security number, and I’ll get right back to you just as soon as I make some very important business calls to my associates at Flowers By Irene and No Such Agency.