Uncovering the Dark Web: What is it and who uses it?
Published: 27/06/2022

Uncovering the Dark Web: What is it and who uses it?

  • Netacea, Agentless Bot Management

8 minutes read

The dark web is the seedy underbelly of the internet. Unlike the surface web, criminals, spies, freedom fighters, and hacktivists can operate anonymously on the dark web, making it a popular place for illicit activity. Legitimate internet users also use it to protect their privacy in a world where people are increasingly mistrustful of digital giants like Google and Facebook.

But it’s very easy to accidentally view illegal, dangerous, and traumatizing material on the dark web. While only 1.5% of Tor browser users are said to access the dark web, user reports reflect a different picture, where stumbling into illegal marketplaces and sinister activity is commonplace.

What is the dark web?

The internet is made up of three layers:

  • Surface web — this is the publicly accessible portion of the internet, making up just 4%. Most surface layer pages are indexed in search engines, so they can be accessed via Google or by entering a simple, memorable URL.
  • Deep web — the deep web is the largest layer of the internet. It mostly consists of pages that require login access, such as social media accounts and online banking. Deep web pages aren’t indexed in search engines.
  • Dark web — the dark web is hidden from most internet users, unless they have the specific tools and information to access it.

The dark web is made up of a series of darknets. Darknets are online networks that need certain configurations to work correctly. These configurations must be authorized, so you need to know exactly how to access these dark websites before you can see their content.

How the dark web works

Each darknet works independently. They all do different things and can be accessed in different ways. It’s also possible to set up your own darknet to share data with people you know. Peer-to-peer darknets are usually used for file sharing, and more recently trading Bitcoin and other cryptocurrencies.

Commonly used darknets include:

  • Tor
  • Freenet
  • I2P
  • Riffle

Tor is the most famous and widely used darknet. It can be downloaded and used in the same way as many surface web browsers — but it also gives you the configurations needed to access the dark web.

What is Tor?

Tor stands for The Onion Router. It works by adding multiple layers of encryption to your data to prevent other web users from seeing it.

Tor was developed in the mid-90s by the US Naval Research Laboratory, and has since been taken over by the Defense Advanced Research Projects Agency (DARPA). It was designed so intelligence agents and spies could send information back to the US government quickly and securely.

To do this, the Tor browser routes encrypted information through a global network of servers at random. The origin and destination of the information is never revealed, so no one knows who sent it, where it’s going, or what the information is. This keeps the information private until it reaches its intended recipient.

How Tor works

When you access a website on the surface web, much of your data is exposed and accessible by a) the website and b) any lurkers or hackers who are watching your connection. Using a secure HTTP protocol (i.e. accessing a https:// version of the site) can hide some of your data and activity, but a lot of it remains visible. Tor, meanwhile, is designed to keep all your information private.

The Tor network consists of thousands of volunteer servers that act as nodes. These nodes prevent the recipient — and anyone else who may be watching your network — from seeing your information. Only the intended recipient can view the content — but even they can’t see where or who it was sent from.

It works like this:

  1. The sender enters a request for information, e.g. entering a URL
  2. Tor adds several layers of encryption to your request
  3. Your request reaches the first node, which decrypts a single layer of information — this tells the node about the previous node and the next node, but doesn’t reveal information about the sender, destination, or contents
  4. The node sends the request onto the next node
  5. The process is repeated until the request reaches its destination
  6. The recipient reads the contents of the request and returns the information in the same way.

This process makes it difficult for other internet users (including law enforcement agencies) to see who you are or what you’re doing. This is one of the reasons it’s called the dark web — and makes it an attractive, useful tool for criminals.

What is a .onion address?

A Tor browser lets people browse regular surface websites — but it also enables them to access dark web sites. On the Tor darknet, dark web sites have a .onion top-level domain, rather than .com or .org. The URL also typically contains a long alphanumeric string, making it virtually impossible to guess.

A .onion address removes the exit node from the request system, so it’s impossible for the user and the site to know where the other is located. That’s why most highly criminal online activity takes place at .onion sites. This includes black markets and illegal pornography.

.Onion addresses are notoriously difficult to access. The complex URLs must be entered exactly. Sites can be moved to new URLs rapidly and regularly to avoid detection.

Legal and legitimate businesses can also have .onion domains. News sites — including the New York Times and BBC News — have .onion domains, as well as their standard domains. This enables people to access independent news in countries where the media is censored, as censors can’t block darknet sites in the same way as surface web pages.

What is the dark web used for?

The dark web is often used for criminal activity, such as:

  • Buying and selling illegal goods, including drugs, guns, fake passports, credit card details, and forged currency
  • Accessing or distributing illegal adult material and pornography
  • Spreading terrorist ideology and recruiting for criminal causes
  • Launching cyber-attacks on other websites.

But the dark web isn’t just for illegal enterprises. In fact, there are many benefits of using the Tor network, including:

  • Providing access to media and news sites in countries with heavy online censorship
  • Sending private communications for diplomacy and intelligence purposes
  • Whistleblowing to expose wrongdoing within businesses or organizations.

The Tor project has been supported by organizations including the US Bureau of Democracy, Human Rights, and Labor, as well as Google, Human Rights Watch, and the University of Cambridge. So despite its reputation for criminal activity, it’s also backed by many reputable organizations around the world.

Exploring the dark web

Even those who explore the dark web with good intentions can stumble onto dangerous and disturbing material. There are anecdotal reports of everything from deceptive advertisements to assassins for hire to horrific human experiments. And because the activity is anonymous, it’s difficult to monitor and locate those behind it.

Anyone considering using the dark web should exercise extreme caution. Not only are you liable to encounter traumatizing or unlawful material, but it’s also less secure than many people think.

How secure is the dark web?

Even cybersecurity experts can fall victim to scams on the dark web. Marcus Hutchins — a cybersecurity researcher best known for temporarily stopping the WannaCry ransomware attack in 2017 — was an experienced programmer when he was identified and blackmailed into facilitating cybercrime by an unknown person on the dark web. So while the dark web is touted as an anonymous browsing haven, it’s not as secure as you might think.

Not all nodes can be trusted. Malicious nodes can eavesdrop on your communications, or use them to transmit malware across networks. It’s also possible for hackers to break into certain nodes and steal information. Accepting certain cookies on sites also gives the site permission to identify you and save your information, regardless of which browser you’re using.

In addition, anonymity can be compromised if one person owns multiple nodes. If they own enough nodes to decrypt all or most of a request, your information is suddenly far more exposed. A threat actor known only as KAX17 has recently added multiple servers to the Tor network, potentially to achieve this. It’s believed KAX17 at one point owned at least 10% of the nodes in the Tor network.

Exit nodes are also monitored by security companies and law enforcement to protect internet users from malicious entities on the dark web. We can see all Tor traffic coming in and out of the Netacea network, helping us detect suspicious activity and prevent website attacks.

Is the dark web a threat for businesses?

Accessing the dark web is very risky for businesses. Employees accessing the dark web on your network could expose it to many different threats, from malware infections to data theft. Simply browsing illegal sites from a work computer could also implicate your business in criminal activity.

Implementing a strong cybersecurity solution that can identify and manage Tor traffic and other darknet activity should be a priority for any business. Learn more about how Netacea uses bot management technology to keep your business safe online.

Schedule Your Demo

Tired of your website being exploited by malicious malware and bots?

We can help

Subscribe and stay updated

Insightful articles, data-driven research, and more cyber security focussed content to your inbox every week.


By registering, you confirm that you agree to Netacea's privacy policy.