The Deep Web
The first distinction to make when defining the “deep web” is the difference between the deep web and the surface web. The surface web consists of all content that can be crawled and indexed; the content a search engine can retrieve. This includes typical news sites, social media pages, etc. The deep web includes any content not indexed or retrievable via search engine. This includes not only the illegal darknet markets but also benign content such as corporate intranet sites.
Many use the terms deep web and dark web/dark net interchangeably, but there is a distinction. The dark net is an overlay network of the Internet in which the content is part of an anonymous encrypted network. In addition to not being retrievable by search engines, the content on these sites has been intentionally hidden and cannot be accessed via standard web browsers such as Chrome or Firefox. The identities and locations of site operators are also concealed. Like the well-known geometry adage that “every square is a rhombus, but not every rhombus is a square,” all sites on dark net are part of the deep web, but not all content on the deep web is part of the dark net.
Sites on dark net are concealed through methods such as Tor’s hidden services. Tor’s hidden services remove the need to provide an IP address to the user by configuring a server that obfuscates the host’s IP. Instead, to access the site, users enter a 16 character code called an “onion address,” most distinctly marked by the .onion domain. These hidden pages are what make up the dark net- the sites that most often are associated with illegal goods trafficking and nefarious activity. One of the most famous darknet markets and one that we are all familiar with is Silk Road – the sitethat law enforcement shut down in 2013.
The dark net’s anonymous browsing capabilities attract its users. It is used by a wide variety of individuals: journalists, whistleblowers, those seeking to avoid government censorship, as well as the infamous illegal goods vendors selling drugs, guns, counterfeit materials, child pornography, etc. While the dark net has a reputation of being a hub of illicit activity, many dark net users are simply privacy advocates who prefer their benign online activity hidden from government surveillance. Thus, content on the dark net ranges from news and information shared by journalists and whistle blowers to anonymous email clients, such as Sigaint, forums and online marketplaces that serve as a meeting place for illegal activity.
Accessing dark net sites requires either a network configuration or specific software, which the user installs onto their desktop. Most darknet users use Tor, a free anonymous software, but other options, such as I2P, FreeNet, RetroShare, GNUnet, Zeronet, Syndie, OneSwarm, and Tribler also exist. Since Tor is the most popular, this guide will explain how to connect using Tor. First, the user downloads the Tor browser bundle and follows the installation instructions. Once Tor is installed and launched, the browser will automatically connect to the Tor network.
Tor implements a three-node model, termed onion routing, to conceal the user’s IP address. The user’s local computer connects to an entry node to access the Tor network. The entry node knows the IP address of the user since it directly communicates with the computer. The entry node then passes an encrypted request to the relay node, which, because it is communicating only with the entry node and not the user’s computer, does not know the original IP address. The relay node then communicates with the exit node, where the request is decrypted and sent to the Internet. The exit node only knows the IP address of the relay node, but not entry node or the user’s computer. Once on the Tor network, the user then has access to dark net sites, provided they have the proper .onion domain addresses. For first time users or dark net newcomers, these addresses can be found on open net forums or index sites, such as Hidden Wiki and also Dark Net news sites such as DarkWebNews.com.