What Is the Dark Web?
The internet is commonly divided into three layers: the surface web (indexed by search engines), the deep web (not indexed but accessible via direct URL - Like email inboxes, banking portals, and paywalled content), and the dark web (requires special software to access, primarily Tor, and is intentionally hidden from standard indexing). The dark web is not inherently illegal, but its anonymity properties attract both legitimate privacy use cases and criminal activity. For context on the privacy tools involved, see the Tor vs VPN comparison.
Surface Web vs Deep Web vs Dark Web
| Layer | Accessible Via | Indexed by Search Engines? | Size (estimated) | Examples |
|---|---|---|---|---|
| Surface Web | Any browser | Yes | ~5% of total internet | Wikipedia, news sites, e-commerce |
| Deep Web | Any browser (with URL/login) | No | ~90–95% of total internet | Email, cloud storage, banking, medical records |
| Dark Web | Tor Browser, I2P, Freenet | No | ~0.01% of total internet | .onion sites, privacy forums, whistleblower platforms |
How Tor Onion Routing Works
Tor (The Onion Router) routes your traffic through at least three volunteer-operated relay nodes (entry, middle, and exit). Each relay decrypts only one layer of encryption, learning only the previous and next node - Never both the origin and the destination. The destination server (or .onion service) sees only the exit node's IP, not yours. This multi-hop architecture provides strong anonymity at the cost of speed.
Legitimate Uses of the Dark Web
- Journalists and activists in authoritarian countries use .onion sites to communicate and publish content without government surveillance.
- Whistleblowing platforms (SecureDrop) allow sources to submit documents to media organisations anonymously.
- Privacy-focused versions of mainstream services: The New York Times, BBC, and Facebook all operate official .onion mirrors.
- Security researchers use the dark web to monitor threat intelligence and track criminal marketplaces.
- Tor is also used by everyday users in countries with heavy internet censorship (China, Iran, Russia) to access the open web.
How to Stay Safe
If you access the dark web for legitimate purposes, use only the official Tor Browser (not modified versions), keep JavaScript disabled, never log into personal accounts, and never download files. Using a VPN before connecting to Tor (VPN-over-Tor) hides Tor usage from your ISP, though it does not increase anonymity at the destination. Also be aware that browser fingerprinting can still identify you if you modify the default Tor Browser settings.
What .onion Addresses Are and How They Work
Dark web sites use .onion addresses - Long strings of characters (56 for the current v3 format) that are not registered in DNS at all. The address is derived from the service's cryptographic public key, which has two elegant consequences: the name proves the site's identity mathematically (no certificate authority required), and the site can be hosted anywhere without revealing an IP address, because client and server meet at a rendezvous relay inside the Tor network rather than connecting directly. Neither side ever learns the other's real address.
Why criminal markets still get taken down
If onion services hide IPs so well, how do police seize marketplaces? Almost never by breaking the cryptography. Takedowns rely on operational mistakes - A server briefly misconfigured to answer on its real IP, an administrator reusing a username or email from their pre-criminal life, financial trails through cryptocurrency exchanges, undercover work, and seized servers exposing user data. The lesson generalises: anonymity systems fail at the human layer far more often than at the protocol layer.
The Dark Web Economy Around Your Data
For most people, the dark web's practical relevance is not visiting it - It is that stolen data ends up traded there. Credential dumps from breaches, "fullz" (complete identity packages), card numbers, and access to compromised machines are the staple commodities. This is why breach-monitoring services exist: they index the same dumps and warn you when your email appears in one. You can check whether your email features in known breaches without going anywhere near an onion site - And if it does, changing the affected passwords and enabling two-factor authentication matters far more than worrying about where the data is traded.
What This Means for You
Three sober conclusions. First, the dark web is a tool, not a place of inherent crime - The same architecture that shelters markets also shelters dissidents and sources, which is why mainstream news organisations operate onion mirrors. Second, you almost certainly do not need it: for everyday privacy goals like hiding your IP from websites or your browsing from a hotspot operator, a simpler tool does the job with far less friction. Third, your realistic exposure to the dark web is passive - Your leaked credentials, not your visits - So the protective actions are unglamorous: unique passwords, breach monitoring, and two-factor authentication everywhere that matters.
Frequently Asked Questions
Is it illegal to access the dark web?
In most countries, no - Downloading Tor Browser and visiting onion sites is legal, and Tor itself is partly funded by governments for exactly its legitimate uses. Illegal activity remains illegal wherever it happens. A minority of countries block or criminalise anonymity tools generally, so local law matters.
Can I be tracked on the dark web?
The network hides your IP well, but tracking does not need your IP: logging into a personal account, enabling JavaScript exploits, downloading files that phone home, or keeping identifiable writing habits can all unmask you. Tor provides strong network-layer anonymity that careless application-layer behaviour defeats.
How do I find out if my data is on the dark web?
You do not need to search it yourself - Breach-monitoring services index stolen databases and let you query your own email address safely. If you get a hit, change that password everywhere it was reused, enable two-factor authentication, and watch the affected accounts; the data cannot be recalled.