dark web
What Is the Dark Web? A Technical Introduction
Encrypted overlay networks — mainly Tor — that search engines don't index. Not a cartoon crime den; understanding the definition is step one for safe use.
Technically, it's a collection of sites and services on encrypted overlay networks — primarily Tor — that no surface-web crawler indexes. That's the definition. The Hollywood version — a neon-lit bazaar where assassins lurk — is mostly fiction. The reality is more useful.
This guide explains what the dark web actually is, how it differs from the rest of the internet, who uses it, and what threat models it realistically protects against.
The Dark Web Defined — Not the Hollywood Version
The dark web is not a place you stumble into. It requires intentional access: you need specialized software, usually Tor Browser, to connect. Once connected, you can reach .onion addresses — domains that exist only inside the Tor network and route traffic through a series of encrypted relays.
Three properties define a dark web service:
- Not publicly indexed — search engines can't crawl it.
- Accessed via overlay routing — Tor, I2P, or Freenet handle transport, not the standard internet.
- Address obscurity — the server's real IP is hidden from users; the user's IP is hidden from the server.
That combination of properties is intentional. It's not a bug in the internet; it's a design decision made by engineers at the U.S. Naval Research Laboratory in the mid-1990s. Tor's onion-routing protocol was published in 1996 and released to the public in 2002. The dark web didn't appear from nowhere — the U.S. government funded it to protect intelligence communications.
The Electronic Frontier Foundation and the Tor Project now maintain Tor as a privacy tool for anyone who needs it, worldwide.
Surface, Deep, and Dark — A Layered Model
Here is a compact comparison.
| Layer | What it is | Accessible by | Example |
|---|---|---|---|
| Surface web | Publicly indexed, crawlable pages | Any browser | Wikipedia, news sites, this site |
| Deep web | Not indexed, but on normal infrastructure | Browser + credentials | Your email inbox, bank dashboard, company intranets |
| Dark web | Overlay network; not indexed; hidden routing | Tor Browser (or I2P/Freenet) | .onion sites, Tor-only forums |
The deep web is enormous — estimates put it at 90–95% of total internet content. That's not sinister; it's just your inbox, your HR portal, private databases. The dark web is a small subset of the deep web. Most estimates put it at a few thousand active .onion sites at any time, though that number shifts constantly.
For a closer look at how these layers differ, read our deep web vs dark web comparison.
Why the Dark Web Exists — Three Legitimate Use Cases
Every technology gets used for things its creators didn't intend. The dark web's legitimate uses are broad enough that dismissing it as a criminal tool misses most of the picture.
1. Censorship circumvention. In countries where the government blocks news sites, social media, or political speech, the Tor network gives residents access to the uncensored internet. As of 2024, Tor reports roughly 2 million daily users — a significant portion from Iran, Russia, and China, where VPN use is restricted or illegal.
2. Source protection for journalists. News organizations including The New York Times and The Guardian operate SecureDrop instances — whistleblower submission systems that run as .onion services. If a source submits documents over SecureDrop, neither the publication nor a third-party observer can link the submission to the source's identity.
3. Privacy from surveillance capitalism. For people who don't want their browsing profiled and sold, the Tor network strips the behavioral fingerprints that ad networks rely on. It's not perfect, but it raises the floor.
Who Actually Uses the Dark Web?
The short answer: mostly ordinary people with a specific privacy need, and a smaller slice of security researchers, journalists, activists, and — yes — criminals.
The criminal use gets outsized attention because it produces dramatic headlines. But the actual population of dark web users skews toward privacy-conscious individuals, researchers, and people in censored countries. We cover this in detail in who uses the dark web.
The criminal minority does exist — drug markets, stolen credentials, fraud tools. We don't ignore that. But the presence of crime doesn't make the technology criminal, any more than the telephone becomes a criminal tool because people use it to commit fraud.
How the Dark Web Is Accessed — Tor, I2P, and Freenet
Tor is the dominant network. It works by wrapping your traffic in three layers of encryption and routing it through three volunteer-run relays. Each relay peels one layer. The exit node sees your destination but not your origin. The entry node sees your origin but not your destination. No single node sees both.
The result: your traffic can't be traced back to you by watching the network — provided you follow OPSEC practices and don't de-anonymize yourself through behavior (logging into personal accounts, using the same usernames, running JavaScript-heavy sites).
I2P (Invisible Internet Project) and Freenet work differently. I2P focuses on internal services — it's better for distributed applications than browsing the clearnet. Freenet is a censorship-resistant file-sharing network. Both have smaller user bases than Tor.
We recommend starting with Tor Browser setup before exploring other networks. Get Tor right first.
For a technical explanation of how packets actually travel, read how onion routing works.
Threat Model — What Does the Dark Web Protect Against?
This is the right question. Tor's design protects against traffic analysis: a third party watching your internet connection can't determine which site you're visiting. It protects against server-side logging of your IP: the site you visit doesn't know where you are.
What Tor does not protect against:
- Your own behavior. If you log into a clearnet account over Tor, that account's operators can still link your activity to your identity.
- Endpoint compromise. If your device has malware, Tor doesn't help. The malware reports home regardless of your routing.
- Timing correlation attacks. A powerful adversary who can watch traffic at both ends of the Tor circuit can potentially correlate entry and exit timing. This is an active research area.
- A misconfigured browser. Tor Browser is hardened specifically to prevent browser fingerprinting. Using Firefox with a Tor proxy defeats many protections.
Threat model summary: Tor is excellent against passive surveillance and commercial tracking. It's a meaningful but imperfect barrier against a determined state-level adversary. For the highest-risk threat models, pair Tor with an amnesic OS like Tails and a thought-through threat modeling process.
Common Misconceptions
The dark web has more myths than facts attached to it in most media coverage. We debunk the major ones — including the "10× bigger than the surface web" claim and the hitman-site folklore — in dark web myths.
A quick preview:
- The dark web is not 10× the size of the surface web. That number is fabricated.
- Browsing the dark web is not illegal in most countries. What you do there may be.
- You can't get hacked just by visiting a
.onionURL, assuming you use Tor Browser with JavaScript disabled.
Is Using the Dark Web Legal?
In most countries, accessing the Tor network and visiting .onion sites is legal. The act of browsing is not criminalized. What matters is what you do: buying illegal goods, accessing CSAM, participating in fraud — those are illegal on any network.
We cover the legal landscape in detail, including a country-by-country table, in is the dark web illegal. Read it before you assume your jurisdiction is straightforward.
Check our legal disclaimer for the limits of what we can advise.
How to Access the Dark Web Safely
The mechanics are simple: download Tor Browser from torproject.org, verify the cryptographic signature, set the security level to Safest, and browse. The full setup, including the steps you'll skip if you're impatient and regret later, is in how to access the dark web safely.
The summary version:
- Use Tor Browser — not a VPN alone, not a proxy, not Firefox-with-Tor.
- Verify the download signature before installing.
- Set security level to Safest (disables JavaScript).
- Don't log into clearnet accounts.
- Don't share identifying information.
Frequently Asked Questions
Is the dark web the same as the deep web?
No. The deep web is any online content not indexed by search engines — your email, your bank account, private databases. The dark web is a specific subset of the deep web that runs on overlay networks like Tor. All dark web content is deep web content, but the vast majority of the deep web is ordinary, legal, non-anonymous content.
Do I need a VPN to use the dark web?
Tor doesn't require a VPN, and adding one can actually hurt your anonymity if misconfigured. A VPN moves trust from your ISP to the VPN provider — it doesn't eliminate it. For most threat models, Tor alone is more effective than VPN-over-Tor or Tor-over-VPN. We cover the specifics in the Tor cluster.
Can law enforcement trace Tor users?
Tor has been broken in specific cases — usually through endpoint compromise (malware on the target's device), traffic correlation attacks by large adversaries, or operational mistakes by the user (logging into real accounts, reusing usernames). The math behind Tor's routing is sound. Operational mistakes are the common point of failure.
What's on the dark web besides illegal stuff?
Quite a lot. Privacy-focused email providers, news sites with Tor mirrors (BBC, New York Times, ProPublica), SecureDrop instances for journalists, forums for security researchers, privacy tools, and communities of people who value anonymity. The illegal markets exist, but they're not the whole picture.
How big is the dark web?
Much smaller than popular accounts suggest. As of 2023, researchers estimated a few thousand active .onion services at any given time, most of which are spam, abandoned, or experimental. The total volume of dark web traffic is a fraction of surface-web traffic.