Skip to Main Content

The darknet — truly the dark side of the internet?

Many associate the darknet with the digital black market for everything that can only be obtained illegally: Drugs, weapons, viruses and malware, contract killers, poison, credit card numbers, all kinds of sensitive data, and so on. The darknet is situated on the dark side of the internet — after all, it’s also a synonym for anonymous surfing and thus the basis for illegal activities. But is that really the case, or do the machinations of criminals who abuse the darknet for their own purposes only represent part of the truth?

Read on for all you need to know about the darknet in a nutshell. Find out what it is used for and what you need to watch out for.

What is the darknet and how does it work?

The darknet is an isolated network, a hidden part of the internet so to speak, which you cannot access using a regular browser.

Because participants in the darknet communicate with each other in a peer-to-peer overlay network via manually encrypted connections, they use what are known as hidden services. These are computers — or peers — that provide their functionality within the Tor network which was specially developed for the darknet. The individual peers of this network can function as simple web servers or as complex services with many modules. In any case, they logically sit on top of the World Wide Web as an overlay network and are supported by its infrastructure.

All darknet traffic is encrypted, making it invisible to search engines or authorities, including IP addresses that could otherwise be used to track your activities.

What is the difference between the deep web and the darknet?

When you go on the internet, you use a layer on the surface of the World Wide Web, which is also called the clear web or surface web.

In addition, there are many web pages that you cannot find via search engines — but you can access them at any time with a regular browser as long as you know the relevant internet address. These include intranet sites and corporate networks, databases of universities and research institutions, and internal pages of government agencies. These pages belong to the deep web.

The darknet is also on the level of the deep web — but with one crucial difference: You can’t reach the pages from the darknet through regular browsers, even if you know an address. The darknet can only be accessed via the Tor network.

The origins of the darknet

The need for secret agreements and under-the-table deals is just as relevant now as it probably was in ancient times.

But let’s fast-forward to today’s world: Students at Stanford University and the Massachusetts Institute of Technology used the ARPANET way back in the1970s to coordinate the sale of cannabis — with the actual handling of the money done in person.

The origins of the darknet in its current form lie in the early 2000s. In September 2002, the United States Naval Research Laboratory developed an initial version of the Tor browser as peer-to-peer software that obfuscated users’ IP addresses to maintain their anonymity. This early form was still reminiscent of the rudimentary internet of the early1990s and was used primarily by computer geeks — and even back then by a hard core of criminals.

This changed when Silk Road went online in February 2011 — a platform that was even openly advertised by the operator as the “Amazon for drugs”. Of course, this brazen online operation did not go unnoticed, which is why the authorities quickly discovered and shut down this trading platform — whereupon the operators soon took off again with a new version and immediately drew other competitors to the scene. After all, there was and still is enormous potential in illegal trading, with one or the other documented major financial or fraud scandal doing nothing to change this.

However, you shouldn’t lose sight of the fact that the opportunities to exchange information securely and anonymously via the Tor network and the darknet can be of existential importance for civilians, especially in war-torn regions or countries where freedom of expression is curtailed.

Tor encrypts data multiple times

The name Tor — an abbreviation of The Onion Router — says it all: To ensure anonymity, Tor always encrypts the data to be transmitted with each request multiple times, using a principle that’s akin to an onion skin. Each data request is first forwarded via randomly selected computers (nodes) before it finds its way into the network via an end node, the exit node.

Each computer involved in data transportation decrypts one layer. What makes it so special is that should someone actually spy on the data flow, the incoming data packet will look completely different from what the node forwards. This way, all tracks are covered and tracing is almost impossible.

Who uses the darknet?

Many companies, institutions, and organizations have their own presence on the Tor network — even book clubs.

According to a German company specializing in market and consumer data, Statista, in January 2022 an estimated 2.4 million people worldwide used the Tor network daily to anonymize connection data. This seems relatively low considering that there were 4.9 billion internet users worldwide in 2021.

According to another study from 2020 published in the Proceedings of the National Academy of Sciences, it’s safe to say that the vast majority of darknet users have no dark intentions. According to this study, on average only 6.7 percent of users of the anonymous Tor network globally visit potentially illegal sites on the darknet.

Where does the information about the darknet come from?

At the clear or surface web level, extensive data is collected on a daily basis. This makes it easy to obtain detailed information on usage figures and user behavior.

If you’re on the darknet, the situation is different. Sure, you can generally tell how many users have downloaded the Tor browser, but that’s when you hit a dead end.

There are some scientific studies for which the respective research institutions themselves act as site operators on the darknet. Through this, they make contact with other operators as well as users and conduct quasi-qualitative research. This means that, for example, with the help of content-based questioning, they arrive at results that can only be regarded as estimates.

The dark side of the darknet

Due to its structure and the way it works, hackers and cybercriminals can use the many opportunities offered by the darknet to pursue their criminal activities almost undisturbed.

However, “regular citizens” are not automatically surfing in a lawless space when they use Tor as a browser to access the darknet. What’s decisive is what exactly they are up to there. For some content, simply visiting the website is punishable by law.

The darknet as a trading platform for cybercrime

Cybercrime in particular poses a serious threat, and the trading ground of choice is of course the darknet — although the “merchandise” and the motivation of hackers are quite different:

  • Hackers primarily seeking personal gain may offer anything of interest, from credit card details to ransomware specifications that cause lasting damage.
  • The reason behind the sale of employee passwords or other trade secrets, for example, may be the motivation to cause lasting damage to large corporations.
  • By contrast, “hacktivists” usually pursue a political or social cause and want to draw attention to unethical production conditions, etc., using a range of methods.
  • And, you should never underestimate the fact that we’ve entered the age of cyberwarfare. Spying on another country’s cyberinfrastructure information is considered very lucrative, and there may be particular politically-oriented motivations behind offering it.

One product that is traded in hacker circles and on the darknet for vast sums of money is what is known as a zero-day exploit, which is why we’ll take a closer look at that now.

A zero-day vulnerability is either an unknown or unpatched security flaw in a corporate network, research institution, government network, or even in software or operating systems, to give just a few examples. Zero-day refers to a user learning of a previously undiscovered vulnerability in the system and having “zero days” to fix it. A zero-day attack happens when hackers are able to exploit the vulnerability before it can be fixed.

Zero-day exploits are the methods or scripts that hackers use to exploit vulnerabilities in a system or network. Hackers, however, have no (un)sporting ambition to simply go around seeking out these security flaws. Rather, the aim is usually to exploit the vulnerabilities for economic or other enterprising reasons — often without an authority, organization, or manufacturer even knowing that this threatening vulnerability exists.

Protect your devices from cyberattacks

Regardless of which programs and operating system you have installed on your device, you simply can’t dismiss the case for comprehensive security protection given the history of and future threat of cyberattacks. Here are a few top tips to protect yourself:

  • Keep your apps and drivers on your laptop or PC and on your mobile devices (smartphone, tablet) as up-to-date as possible, and always run publishers’ recommended updates. It’s really easy to do with Avira Software Updater without continually receiving annoying update notifications.
  • Only use programs from publishers you can trust.
  • Use a browser safety add-on to increase your security when surfing.
  • Install a good antivirus software solution. With Avira Antivirus you get award-winning protection for Windows, Mac, Android, and iOS even with the free version of the app.
Avira Antivirus
Get award-winning protection for Windows, Mac, Android, and iOS with Avira Antivirus.

This post is also available in: GermanFrenchItalian

Avira, a company with over 100 million customers and more than 500 employees, is a worldwide leading supplier of self-developed security solutions for professional and private use. With more than 25 years of experience, the company is a pioneer in its field.