a worldwide decentralized network of hundreds of computers, whose owners configure them and contribute internet bandwidth to create a series of routing points or nodes. These nodes feature a form of layered encryption, that often gets compared to an onion – hence the collective name The Onion Routing network, or Tor for short.
Onion routing was originally developed in the 1990s by the US Naval Research Laboratory to protect US intelligence communications online. Free Tor software was first made publicly available in 2002, and the not-for-profit Tor project was set up in 2006 to maintain the system. It has received funding over the years from governments, NGOs, foundations and companies, as well as thousands of personal donations.
The surface web or open web
The open web, or surface web, is the “visible” surface layer. If we continue to visualize the entire web like an iceberg, the open web would be the top portion that’s above the water. From a statistical standpoint, this collective of websites and data makes up under 5% of the total internet.
All commonly public-facing websites accessed via traditional browsers like Google Chrome, Internet Explorer, and Firefox are contained here. Websites are usually labeled with registry operators like “.com” and “.org” and can be easily located with popular search engines.
Locating surface web websites is possible because search engines can index the web via visible links (a process called “crawling” due to the search engine traveling the web like a spider).
The deep web
The deep web rests below the surface and accounts for approximately 90% of all websites. This would be the part of an iceberg beneath the water, much larger than the surface web. In fact, this hidden web is so large that it’s impossible to discover exactly how many pages or websites are active at any one time.
Carrying on with the analogy, big search engines could be considered like fishing boats that can only “catch” websites close to the surface. Everything else, from academic journals to private databases and more illicit content, is out of reach. This deep web also includes the portion that we know as the dark web.
While many news outlets use “deep web” and “dark web” interchangeably, much of the deep portion as a whole is perfectly legal and safe. Some of the largest parts of the deep web include:
- Databases: both public and privately protected file collections that are not connected to other areas of the web, only to be searched within the database itself.
- Intranets: internal networks for enterprises, governments, and educational facilities used to communicate and control aspects privately within their organizations.
In case you’re wondering how to access the deep web, chances are you already use it daily. The term “deep web” refers to all web pages that that are unidentifiable by search engines. Deep web sites may be concealed behind passwords or other security walls, while others simply tell search engines to not “crawl” them. Without visible links, these pages are more hidden for various reasons.
On the larger deep web, its “hidden” content is generally cleaner and safer. Everything from blog posts in-review and pending web page redesigns, to the pages you access when you bank online, are part of the deep web. Furthermore, these pose no threat to your computer or safety at large. Most of these pages are kept hidden from the open web to protect user information and privacy, such as:
- Financial accounts like banking and retirement
- Email and social messaging accounts
- Private enterprise databases
- HIPPA sensitive information like medical documentation
- Legal files
Venturing further into the deep web does bring a bit more danger to the light. For some users, portions of the deep web offer the opportunity to bypass local restrictions and access TV or movie services that may not be available in their local areas. Others go somewhat deeper to download pirated music or steal movies that aren’t yet in theaters.
At the dark end of the web, you’ll find the more hazardous content and activity. Tor websites are located at this far end of the deep web, which are deemed the “dark web” and are only accessible by an anonymous browser.
Deep web safety is more relevant to the average internet user than dark web safety, as you could end up in dangerous areas by accident: many portions of the deep web can still be accessed in normal internet browsers. This is how users can travel through enough tangential pathways and end up on a piracy site, a politically radical forum, or viewing disturbingly violent content.
The dark web
The dark web refers to sites that are not indexed and only accessible via specialized web browsers. Significantly smaller than the tiny surface web, the dark web is considered a part of the deep web. Using our ocean and iceberg visual, the dark web would be the bottom tip of the submerged iceberg.
The dark web, however, is a very concealed portion of the deep web that few will ever interact with or even see. In other words, the deep web covers everything under the surface that’s still accessible with the right software, including the dark web.
Breaking down the construction of the dark web reveals a few key layers that make it an anonymous haven:
- No webpage indexing by surface web search engines. Google and other popular search tools cannot discover or display results for pages within the dark web.
- “Virtual traffic tunnels” via a randomized network infrastructure.
- Inaccessible by traditional browsers due to its unique registry operator. Also, it’s further hidden by various network security measures like firewalls and encryption.
The reputation of the dark web has often been linked to criminal intent or illegal content, and “trading” sites where users can purchase illicit goods or services. However, legal parties have made use of this framework as well.
When it comes to dark web safety, the deep web dangers are very different from dark web dangers. Illegal cyber activity cannot necessarily be stumbled upon easily but tends to be much more extreme and threatening if you do seek it out. Before we unpack the dark web’s threats, let’s explore how and why users access these sites.
How to access the dark web
The dark web was once the province of hackers, law enforcement officers, and cybercriminals. However, new technology like encryption and the anonymization browser software, Tor, now makes it possible for anyone to dive dark if they’re interested.
Tor (“The Onion Routing” project) network browser provides users access to visit websites with the “. onion” registry operator. This browser is a service originally developed in the latter part of the 1990s by the United States Naval Research Laboratory.
Understanding that the nature of the internet meant a lack of privacy, an early version of Tor was created to hide spy communications. Eventually, the framework was repurposed and has since been made public in the form of the browser we know today. Anyone can download it free of charge.
Think of Tor as a web browser like Google Chrome or Firefox. Notably, instead of taking the most direct route between your computer and the deep parts of the web, the Tor browser uses a random path of encrypted servers known as “nodes.” This allows users to connect to the deep web without fear of their actions being tracked or their browser history being exposed.
Sites on the deep web also use Tor (or similar software such as I2P, the “Invisible Internet Project”) to remain anonymous, meaning you won’t be able to find out who’s running them or where they’re being hosted.
Is it illegal to go on the dark web?
Simply put, no it is not illegal to access the dark web. In fact, some uses are perfectly legal and support the value of the “dark web.” On the dark web, users can seek out three clear benefits from its use:
- User anonymity
- Virtually untraceable services and sites
- Ability to take illegal actions for both users and providers
As such, the dark web has attracted many parties who would otherwise be endangered by revealing their identities online. Abuse and persecution victims, whistleblowers, and political dissidents have been frequent users of these hidden sites. But of course, these benefits can be easily extended to those that want to act outside of the constraints of laws in other explicitly illegal ways.
When viewed through this lens, the dark web’s legality is based on how you as a user engage with it. You might fall to the wayside of legal lines for many reasons that are important for the protection of freedom. Others may act in ways that are illegal for the protection and safety of others. Let’s unpack both of these concepts in terms of the “dark web browser” and the websites themselves.
Is Tor illegal to use?
On the software end, the use of Tor and other anonymized browsers is not strictly illegal. In fact, these supposed “dark web” browsers are not tethered exclusively to this portion of the internet. Many users now leverage Tor to browse both the public Internet and the deeper parts of the web privately.
The privacy offered by the Tor browser is important in the current digital age. Corporations and governing bodies alike currently participate in unauthorized surveillance of online activity. Some simply don’t want government agencies or even Internet Service Providers (ISPs) to know what they’re looking at online, while others have little choice. Users in countries with strict access and user laws are often prevented from accessing even public sites unless they use Tor clients and virtual private networks (VPNs).
However, you can still take illegal actions within Tor that could incriminate you regardless of the browser’s legality. You could easily use Tor in an attempt to pirate copyrighted content from the deep web, share illegal pornography, or engage in cyber terrorism. Using a legal browser will not make your actions fall to the right side of the law.
Are sites on the dark web illegal to use and visit?
On the network end, the dark web is a bit more of a grey area. The use of the dark web usually means that you are attempting to engage in activity that you could not otherwise carry out in the public eye.
For government critics and other outspoken advocates, they may fear backlash if their real identities were discovered. For those who have endured harm at the hands of others, they may not want their attackers to discover their conversations about the event. If an activity is deemed illegal by the governing bodies you fall under, then it would be illegal.
That said, anonymity comes with a dark side since criminals and malicious hackers also prefer to operate in the shadows. For example, cyberattacks and trafficking are activities that the participants know will be incriminating. They take these actions to the dark web to hide for this reason.
Ultimately, simply browsing these spaces is not illegal but can be an issue for you. While it is not illegal as a whole, unsavory activity does live in many parts of the dark web. It can expose you to unnecessary risks if you are not careful or an advanced, computer savvy user aware of its threats. So, what is the dark web used for when it’s used for illegal activity?
Types of threats on the dark web
If you’re considering using the dark web for basic privacy purposes you might still question, “Is dark web dangerous to use?” Unfortunately, it very much can be a dangerous place to be. Below are some common threats you may face during your browsing experiences:
Malicious software
Malicious software — i.e. malware — is fully alive all across the dark web. It is often offered in some portals to give threat actors the tools for cyberattacks. However, it also lingers all across the dark web to infect unsuspecting users just like it does on the rest of the web.
The dark web doesn’t carry as many of the social contracts that website providers follow to protect users on the rest of the web. As such, users can find themselves regularly exposed to some types of malware like:
- Keyloggers
- Botnet malware
- Ransomware
- Phishing malware
If you choose to pursue exploring any sites on the dark web, you put yourself at risk of being singled out and targeted for hacks and more. Most malware infections can be caught by your endpoint security programs.
The threats of online browsing can extend into the unplugged world if your computer or network connection can be exploited. Anonymity is powerful with Tor and the framework of the dark web, but it is not infallible. Any online activity can carry breadcrumbs to your identity if someone digs far enough.
Government monitoring
With many Tor-based sites being overtaken by police authorities across the globe, there is a clear danger of becoming government target for simply visiting a dark website.
Illegal drug marketplaces like the Silk Road have been hijacked for police surveillance in the past. By utilizing custom software to infiltrate and analyze activity, this has allowed law officials to discover user identities of patrons and bystanders alike. Even if you never make a purchase, you could be watched and incriminate yourself for other activities later in life.
Infiltrations can put you at risk of monitoring for other types of activity as well. Evading government restrictions to explore new political ideologies can be an imprisonable offense in some countries. China uses what is known as the “Great Firewall” limit access to popular sites for this exact reason. The risk of being a visitor to this content could lead to being placed on a watchlist or immediate targeting for a jail sentence.
Scams
Some alleged services like the professional “hitmen” may just be scams designed to profit from willing customers. Reports have suggested the dark web offers many illegal services, from paid assassinations to trafficking for sex and weapons.
Some of these are well-known, established threats that circulate in this nook of the web. However, others may be taking advantage of the dark web’s reputation to trick users out of large sums of money. Also, some users on the dark web may attempt phishing scams to steal your identity or personal information for extortion.
End user protection against exploitation by the dark web
Regardless of being a business, parent, or any other user of the web, you’ll want to take precautions to keep your information and private life off the dark web.
Identity theft monitoring is critical if you want to keep your private information from being misused. All types of personal data can be distributed online for a profit. Passwords, physical addresses, bank account numbers, and social security numbers circulate in the dark web all the time. You may already be aware that malicious actors can use these to harm your credit, engage in financial theft, and breach of your other online accounts. Leaks of personal data can also lead to damage to your reputation via social fraud.
Antimalware and antivirus protections are equally crucial to prevent malicious actors from exploiting you. The dark web is filled with information theft from malware-infected users. Attackers can use tools like keyloggers to gather your data, and they can infiltrate your system on any part of the web. Endpoint security programs like Kaspersky Security Cloud are comprehensive to cover both identity monitoring and antivirus defenses.
How to access the dark web safely
If you have a legitimate or viable need to access the dark web, you’ll want to make sure you stay safe if you decide to use it.
7 Tips for safe access to the dark web
- Trust your intuition. To avoid being scammed, you’ll want to protect yourself with smart behavior on the web. Not everyone is who they seem. Staying safe requires that you watch who you talk to and where you visit. You should always take action to remove yourself from a situation if something doesn’t feel right.
- Detach your online persona from real life. Your username, email address, “real name,” password, and even your credit card should never be used anywhere else in your life. Create brand-new throwaway accounts and identifiers for yourself if necessary. Acquire prepaid, unidentifiable debit cards before making any purchases. Do not use anything that could be used to identify you — whether online or in real life.
- Employ active monitoring of identify and financial theft. Many online security services now offer identity protection for your safety. Be sure to take advantage of these tools if they are made available to you.
- Explicitly avoid dark web file downloads. Fear of malware infection is significantly higher in the lawless territory that is the dark web. Real-time file scanning from an antivirus program can help you check any incoming files in case you do opt to download.
- Disable ActiveX and Java in any available network settings. These frameworks are notorious for being probed and exploited by malicious parties. Since you are traveling through a network filled with said threats, you’ll want to avoid this risk.
- Use a secondary non-admin local user account for all daily activities. The native account on most computers will have full administrative permissions by default. Most malware must take advantage of this to execute its functions. As such, you can slow or halt the progress of exploitation by limiting the account in-use to strict privileges.
- Always restrict access to your Tor-enableddevice. Protect your children or other family members so they aren’t at risk of stumbling across something no one should ever see. Visit the Deep Web if you’re interested, but don’t let kids anywhere near it.
Source: https://www.kaspersky.com/resource-center/threats/deep-web