Dark Web 101

Author: Kathryn Carnell

In partnership with Breezeline

We know less about the deep ocean than space, according to the National Oceanic and Atmospheric Administration. On the internet's surface—well-cataloged by search engines—are the digital "surface waters" we're all familiar with. But just like in the physical ocean, beneath placid surface waters is a hidden, secret ecosystem.

Understanding the Layers of the Internet

Before we dive into the dark web, it's essential to understand the three distinct layers of the internet:

The Surface Web

The surface web (also called the "open web" or "clear web") makes up approximately 4-5% of the total internet. This is everything indexed by search engines like Google, Bing, and DuckDuckGo—websites, blogs, news articles, and publicly accessible content. When you search for something on Google and click a result, you're navigating the surface web.

The Deep Web

The deep web comprises approximately 90-95% of the internet and consists of content that isn't indexed by standard search engines. This includes:

• Your email inbox (after you log in)
• Online banking portals
• Private databases and intranets
• Subscription-based content (Netflix, academic journals)
• Medical records and legal documents
• Social media accounts behind privacy settings

When you log into your email, you navigate from an indexed page (the public login) to a non-indexed page (your inbox). The deep web is mostly legitimate, everyday content that simply isn't meant for public search results.

The Dark Web

The dark web is a small subset of the deep web that is intentionally hidden and requires specialized software to access. Because it's encrypted and requires special tools, it attracts both legitimate privacy-seeking users and those engaged in illegal activity.

The History of Onion Routing

To understand the dark web, you need to understand its foundational technology: onion routing.

Origins at the Naval Research Laboratory

Onion routing was developed in 1995 by researchers at the U.S. Naval Research Laboratory who were trying to use the internet as privately and securely as possible for intelligence communications. The core principle involves sending connections through multiple encrypted servers, obscuring the message source at each step.

The Birth of TOR

In the early 2000s, MIT graduate Roger Dingledine, along with Nick Mathewson and Paul Syverson (one of the original naval researchers), developed "TOR"—The Onion Router. The project was released as open-source software, relying on a decentralized network of volunteer-operated servers to help make the internet free and more equitable.

The Electronic Frontier Foundation (EFF) provided early funding and support for the TOR Project, recognizing its importance for digital privacy and free speech.

How Onion Routing Works

Onion routing applies multiple layers of encryption to internet traffic—like layers of an onion. Here's the process:

1. Your connection is encrypted multiple times
2. The data passes through a series of volunteer-operated nodes (entry, middle, exit)
3. Each node can only decrypt one layer of encryption
4. No single node knows both the origin and destination of the traffic
5. The final node delivers the traffic to its destination

Even the proprietors of dark web sites don't know where their visitors are coming from, and visitors don't know where the sites are physically hosted.

Dark Web Hidden Services

Websites on the TOR network are called "hidden services" or "onion services" and use the .onion domain extension. These sites:

• Are only accessible through the TOR browser
• Use the TOR hidden service protocol (not public DNS) for resolution
• Preserve anonymity for both the site operator and visitors
• Often have long, complex URLs generated from cryptographic keys

Legitimate Uses of the Dark Web

While the dark web has a reputation for criminal activity, it serves many legitimate purposes:

• Journalists and whistleblowers: Securely communicating with sources and sharing sensitive information
• Activists and dissidents: Organizing and communicating in countries with repressive governments
• Privacy advocates: Protecting personal communications from surveillance
• Researchers: Studying cybercrime and threat intelligence
• Law enforcement: Conducting investigations into criminal networks

Organizations like the New York Times, BBC, and Facebook operate .onion versions of their websites to provide access to users in censored regions.

Criminal Activity on the Dark Web

Unfortunately, the anonymity that protects legitimate users also attracts criminals. Common illicit activities include:

The Silk Road

One of the most notorious criminal undertakings was "The Silk Road"—the dark web's infamous illegal goods marketplace. Operating from 2011 to 2013, it facilitated the sale of drugs, counterfeit documents, and other contraband using Bitcoin for anonymous payments. In 2015, alleged founder Ross Ulbricht was sentenced to life in prison without the possibility of parole.

Other Criminal Markets

The dark web hosts various illegal marketplaces and services:

• Drug trafficking
• Stolen data and credentials for sale
• Counterfeit documents and currency
• Hacking services and malware
• Fraudulent services

Human Trafficking

Human traffickers regularly use the dark web to find victims and conduct operations, which is why protecting your personal information with multi-factor authentication and strong passwords is crucial. Your data, if stolen, could end up being sold on these hidden marketplaces.

Cybersecurity Implications

For security professionals, the dark web is an important area of study:

• Threat intelligence: Monitoring dark web forums reveals emerging threats, new malware, and attack techniques
• Data breach detection: Organizations monitor for their stolen data appearing for sale
• Vulnerability research: Understanding how criminals exploit weaknesses
• Attack attribution: Gathering intelligence on threat actors

Daily TOR usage has surged past 3 million people, meaning more eyes—both legitimate and malicious—are on hidden sites than ever before.

Accessing the Dark Web Safely

Unless you really need to use TOR for legitimate purposes, you should not access the dark web. The risks far outweigh the curiosity for most people. However, if you must access it for research, journalism, or other legitimate purposes, follow these safety guidelines:

Essential Safety Measures

1. Use a dedicated device: Use a clean device solely for dark web access, with no personal information, accounts, or identifying data
2. Use a virtual machine: Run TOR inside a virtual machine (like VirtualBox with Whonix or Tails OS) to simulate a second, isolated computer
3. Consider a VPN: Use a reputable VPN on your host machine for an additional security layer (though this is debated in privacy circles)
4. Delete the virtual machine: Destroy the virtual machine after each session to remove any potential malware or tracking
5. Never share personal information: Don't use real names, emails, or any identifying information
6. Disable JavaScript: Set TOR browser to the highest security level
7. Don't download files: Files from the dark web may contain malware

What Not to Do

• Never access the dark web from your work computer
• Never make purchases or transactions
• Never click on links from unknown sources
• Never engage with illegal content or services
• Never assume you are completely anonymous

Protecting Yourself

Even if you never access the dark web, your data might end up there through data breaches. Protect yourself by:

• Using strong, unique passwords for every account
• Enabling multi-factor authentication everywhere possible
• Monitoring your accounts for suspicious activity
• Using a password manager
• Being cautious about sharing personal information online
• Regularly checking if your email appears in data breaches (haveibeenpwned.com)

Conclusion

Even the best safety protocols are preventative, not a guarantee. The vast majority of us will never need to visit the dark web—and don't need to. Understanding what it is and how it works, however, helps us better protect ourselves in an increasingly connected world.

Resources:

• TOR Project History
• Electronic Frontier Foundation

About the Author: Kathryn Carnell is a professional who transitioned into the cybersecurity industry from education. Her unique background gives her insight into making complex security topics accessible to broader audiences.