For many people, the term “dark web” refers to criminal activity on Internet. There are many definitions for what comprises the dark web. To help eliminate some of this confusion we can establish a working definition for the dark web as:

“Web content that has been intentionally obscured and may only be accessed through the introduction of an overlay network technology, and therefore is not indexed by a public search engine.”

“Deep web” sites also cannot be accessed by a public search engine. These are websites that sit behind a login, or cannot be indexed for some other reason. The dark web is a sub set of the deep web, and is accessed through networks referred to as overlay networks. Today the two most popular overlay networks are Tor and I2P, which both permit the publication of hidden websites only accessible via these technologies. The hidden websites may be published while keeping the originators identity hidden and the administrative access to the sites private.

The challenge in understanding the dark web lies in understanding why people use it instead of the surface and deep webs, and what is contained within it. The following list is not all-inclusive, however it represents many reasons people use overlay network technologies:

  • Privacy
  • Anonymity
  • Censorship circumvention
  • Surveillance deterrence
  • Prevention of families and their children being tracked
  • Browsing
  • Instant Messaging
  • Sensitive communication
  • Journalism
  • Freedom of speech
  • Whistleblowing
  • Military
  • Lawful Observation by Law Enforcement
  • Commerce

There are many legitimate reasons why someone would publish a website accessible through overlay networks such as Tor and I2P. Take Facebook, for example. It’s a perfectly legitimate website available through the Tor network to those who seek anonymity and privacy while partaking in social media.

However, just as there are many legitimate reasons for using Tor and I2P, the qualities of anonymity and privacy afforded by these networks are also attractive to those with more questionable intentions.

In the following screenshot, a vendor within a dark market is marketing and selling a particular type of marijuana. Many things make this advertisement interesting – most notably it’s existence on the Internet. However, some things stand out in the advertisement that security researchers and law enforcement find very intriguing. For example the purveyors have decided to no longer accept bitcoin for their goods, due to fears of the dark market being shut down which would result in losing bitcoin “stuck” in escrow. This is notable, as they have allegedly concluded 408 sales since November 10, 2015.

While what is found on the dark web can be alarming, even more can be found within the surface and deep web. Criminality exists everywhere online. However, there are goods and services, which can only be found on dark web sites. Despite the fact that there are many benign uses for dark web technology, the privacy and anonymity afforded by them remain useful tools to those with a criminal objective. Through and improved and better informed understanding of these technologies security researchers and law enforcement can help to minimize criminal activity found on the dark web.