The dark web sounds foreboding. Why else would the police in Brazil, Germany, and the United States need to raid dark web eshops like the the “Wall Street Market” (WSM), charging the operators with a long grocery list of crimes ranging stolen data, drugs, and malware? These events do occur on the dark web, but they are just part of the story.
The internet is a huge and sometimes disorganized place, almost like a huge flea market or bazaar. With billions of sites and addresses, it is amazing that we can search – and find – anything.
There are three basic levels within this complex thing we call the World Wide Web – open, deep, and dark. Each have their place – and their drawbacks.
Let’s be open about this
The open or surface web is what you access daily through Bing or Google. Before you even turn on the device, search engines have crawled through the web, looking for information, evaluating the sources, and listing the options.
Just think of this as the general reading room in your local library. The books are there, they are precisely organized by theme and title, and you are free and able to look everywhere. By accessing the normal internet, your device is accessing central servers which will then display the website. if you have questions you can go look through the card file or talk to a librarian.
Browsers such as Google, Bing, GoDuckGo are acting as librarians, sorting and cataloging the materials so they can be easily searched and also following your own moves with their trackers. Most corporate and public sites work hard to ensure that the web crawlers can easily find them. Knowing where the materials are – and who is searching for them – makes it possible for Google to sell advertisements – An amount that makes up well over 80 percent of the company’s revenue. Still, this open and catalogued content is still estimated to make only about 5% of the total internet.
Going deeper into the web
The term “Deep Web” doesn’t mean anything nefarious, it simply refers to the unindexed web databases and other content that search engines can’t crawl through and catalog – things like registration-required web forums or even your Gmail account. It includes the information about you that data brokers like LocalBlox might be storing in a public – but unlisted – Amazon server.
Just think of the deep web as an archive, containing an unsorted pile of websites and resources which are largely inaccessible. Deep sites include company intranets and governmental websites (i.e. the website of the European Union) where you can search for special topics or forms. On such pages, you can use their own internal search function not a search engine like Bing or Yahoo or another external search engines. The deep web also includes most academic content handled directly by universities. Just think of this like searching for a library book using the facilities’ own index files – you might have to be in the library to search there. This deep web is estimated to make up about 95% of the entire web.
Step off into the Dark Web
The dark web – despite the media attention – is a small part of the deep web which is only accessible through a special TOR network. Tor stands for: The Onion Router” a reference to how it works; sending encrypted traffic through layers of relays around the globe as it hides content, the sender, and their location. Not only is it more secure, it also is more private as it effectively shuts out online trackers. While it is not flawless in protecting user privacy, it works well enough to give users much more privacy in where they go, the content accessed, and concealing their own identity. The multiple relays helps keep some distance and anonymity between the person visiting the website, the website itself, and any entity trying to eavesdrop on the communication between the two.
Tor is both a type of connection – with the extended relays – and a browser. There are other variants out there including I2P, GNU.net and Freenet. With your device running a TOR browser, you can go to TOR specific sites – with an .onion suffix — or also visit the usual sites on the open web.
Yes, there are a number of TOR only sites for illicit drugs or materials. It allows surfers to stay anonymous and go to “members only” forums where they can use untraceable cryptocurrencies for their purchases. But, that’s not all of it. There are also popular services are offering their services here at facebookcorewwwi.onion and the German mail provider Mailbox.org is offering its services as well.
Privacy in a nutshell
“With the open, deep, and dark web, there is a difference in who can track you”, points out Alexander Vukcevic, head of the Avira Protection Labs.
“With a usual open web search,the search engine knows where you are, the number of your device, your IP address, and the theme of the search.
“On the deep web, you can assume that activities are monitored at the gateway. The major difference from the open web is that it is system admin — not the search engine — that can follow your activities.
“For the deep web, while some activities can be monitored, you are able to hide your personal data before entering. While you might want to search annonymously, some sites – NYTimes and even those illegal markets – can insist you register so you can be identified. Some open web sites will block you from entering with the TOR browser.”
It’s small, dark, and messy there
Searching on the dark web can be irritation – visually and operationally. Before finding a treasure of odd substances or private information, you are likely to hit a number of dead ends. According to Internet Live Stats about 75% of these websites are inactive. Once you find them, these sites are a bit rough, like 1990s chic. Unlike the open or surface web, these sites aren’t really worried about being found by a web crawler. While there are Google-like equivalents trying to categorize the dark web, their results are spotty. Part of this is the incentive. Those on TOR aren’t worried about cleaning up their website with the latest SEO tricks to boost their relative ranking on the Google and Bing charts.
Regardless of the media attention, the dark net is tiny when compared to both the open and the deep web, estimated to total around 50,000 sites.
Should I visit the Dark Web?
For most of us, the short answer is that there’s no reason to: unless you’re really paranoid about your privacy or you’re doing something that really needs anonymity, such as reporting on repressive regimes or crime syndicates or trying to bypass state censorship, there’s no real reason to venture onto the Dark Web at all – not least because it slows down your browsing.
There’s a fascinating thread on Reddit (not remotely safe for work) where Dark Web users share their stories, and some of the tales are enough to make you tape over your webcam and disable your router just in case. Think of it as the dodgy bit of town where sensible people don’t go after dark.
If that’s just made you more interested, the key to the Dark Web is Tor. You can download it from Torproject.org.
What is Tor?
Tor stands for Thin Onion Routing, and in 2013 UK MP Julian Smith described it as “the black internet where child pornography, drug trafficking and arms trading take place”. He’s not wrong: Tor is where the now-defunct Silk Road drugs marketplace could be found, it’s where Black Market Reloaded traded drugs and weapons, and it’s where the US National Security Agency says “very naughty people” hang out. It’s not the only network on the Dark Web – for example, you may have heard of the Freenet anti-censorship network – but it’s by far the most popular.
According to an investigation by Deep Web watchers Vocativ, European terrorists who wanted guns used to “tap into a 20-year-old market that took root and flourished at the end of the Balkan wars. Now with the rise of the dark net, that market has been digitized and deals on illegal guns are only a few minutes away.” Many of those deals are from people in the US: Vocativ found 281 listings of guns and ammunition on the Dark Web, the majority of which were shipping from America.
It’s not that Tor is evil; it’s just that the same tools that protect political dissidents are pretty good at protecting criminals too. That wasn’t intentional. Tor was initially developed by the US Navy, and its goal was to protect internet users from spying. It does that by bouncing users’ and sites’ traffic through multiple relays to disguise their location. Other than “very naughty people”, it’s used by political activists and dissidents, journalists, people who don’t trust websites’ use of their personal data and the odd member of the tin foil hat brigade.
If the Dark Web is so secret, how does anybody find anything?
That’s a very good question, and for many people the answer is Reddit. Subreddits such as DarkNetMarketsNoobs exist to guide newcomers around the Dark Web, while on the open web certain Wikis are a kind of Yahoo! for destinations on the Tor network – albeit a Yahoo! where many of the links are likely to land you in prison, which is why we aren’t naming or linking to them.
You’ll see that the sites have the .onion extension: that means you need a Tor browser to open them. You’ll also see that the majority of sites you can find are marketplaces, because those sites want to attract as many customers as possible. That means they’re the tip of the Dark Web iceberg, as many sites are secret and only available to people with the right credentials and/or contacts.
Can I protect my privacy without going onto the Dark Web?
Yes. While Tor is a powerful tool for protecting your privacy it isn’t the only one. Encrypting files and anything else important with an open source encryption method (so you can be sure there aren’t any back doors in there) is one of the strongest privacy protectors, while privacy-focused browsers such as Epic and Ice Dragon remove the most common features used to track users such as IP address tracking.
If you just want to stop ad networks tracking you, plugins such as Ghostery can block trackers and other potential privacy invaders while secure VPNs can anonymise your browsing. But don’t forget the basics, either: if you’re dealing with documents that could make you the next Edward Snowden, use an “air gap” – that is, a device that isn’t connected to anything else at all. Your data can’t be intercepted if you aren’t on the network.
Your data could be everywhere
You, or data about you, could already be at all three levels of the internet – and this should concern you.
For the open web, just type your name into Google and see what comes up. Whether this is a Linkedin profile, Facebook, social media, or any community involvement – chances are that you already have some presence on the open web.
Your data is almost certainly in the deep internet – and you only hope that it stays there. This would include doctor records on the hospital intranet or even school records. Your data is being stored, and you can only hope that the companies are keeping it according to GDPR standards and have not been hacked.
The cloud has also fueled growth of the deep internet. If a company puts its files on an Amazon web server, it has placed you on the deep web. This is not a privacy issue – until they configure the account incorrectly and leave in open to hackers or researchers. Then you just hope you are informed via GDPR procedures and that the data has not been copied and added to a database for sale … on the dark web.
Alexander Vukcevic, Director Protection Labs and QA at Avira