top of page

Darknet, dark web, clear web or deep web?

Updated: Mar 15

Photo by Markus Spiske on Unsplash
Photo by Markus Spiske on Unsplash

Some of these terms, often wrongly associated, are thought to refer to a part of the Internet accessible only to insiders engaged in criminal activities. For others, they reflect an increasingly questionable anonymity that goes beyond laws and borders. Often the subject of articles in the media with varying degrees of accuracy or folklore, there is however a notable difference between each of these words which we will outline.

A few definitions

1- Darknets

It is important to spell the word darknet in the plural as it does not refer to one network but to several networks. There are several of them, some more accessible than others, the best known being Tor followed by I2P and Freenet. The latter are virtual networks that are superimposed on the Internet infrastructure (known as an overlay network) and are therefore not physical networks in their own right. Their mechanisms make it possible to conceal the real position of the user by implementing various methods in order to anonymise the traffic from its origin.

2-Dark web

The dark web is a neologism that has appeared in recent years to designate a part of the web that is not accessible through standard channels. This term generally targets hidden sites that can only be reached through darknets and are mainly used for illicit activities (cybercrime, fraud, swindling, data resale, etc.), closed exchange communities (warez, among others), political expressions or technical resources. On the other hand, the term clear web is used to designate the part that is accessible through traditional channels.

3- Clear web

Also called the surface web. These are sites that can be reached directly and web pages that search engines index and that are accessible to everyone. A simple search can easily find a site. These sites are not meant to be hidden and are meant to be visible to as many people as possible.

4- Deep web

The deep web refers to sites that are not indexed by search engines, i.e. those that cannot be found via a search on Google, Bing or Qwant. An example of this is a mailbox that can be accessed via the classic search engine and contains the login page, but does not contain the user's authenticated content. Some sites also have mechanisms for not including the content.

A growing popularity

The term darknet began to emerge among the general public in the early 2010s, driven by the media.

The main interest today in using darknets is the anonymity they can offer. One of the advantages is to protect against the mass data collection that the web giants are doing and from which they generate a good part of their profits. In some repressive regimes, anonymisation also protects against potential reprisals. These networks are therefore de rigueur. Moreover, in an age when debates about privacy, mass surveillance and targeting are all the rage, the use of darknets can be welcome.

The common popular opinion (mainly conveyed by the media) when talking about darknets is the reference to cybercrime. However, it has been discovered that these networks have existed for several decades and the term darknet was first used in the early 1970s during the era of ARPANET (the forerunner of the Internet), which referred to isolated networks that were closed for security reasons. Darknets are indeed used today by cybercriminals, but they did not wait for them to be used for their activities.

Today, many public social platforms, through closed and private groups, are also used by cybercriminals: Twitter, Discord, Signal, Telegram...

Platforms available on the clear web specialising in the resale of databases and pirated access of all kinds are also accessible without necessarily going through hidden networks. If we add to this other tools allowing a questionable anonymity (VPN, IRC channels, usenet, P2P...), the choice is relatively wide. Darknets are therefore just another service to be added to the whole range of services already available.

Case study: Onion routing with Tor

1- Functioning

It becomes clear that darknets are favoured mainly for anonymity. Indeed, if we focus on the best-known darknet, Tor, its technical architecture allows a user to hide his or her location information by routing all requests through a pre-constructed route. Access to this darknet is through the Firefox-based browser of the same name, Tor Browser.

At the time of connection, the list of available nodes (the relays used to pass traffic) is retrieved and a route is calculated with it, including - An entry node: the only one that knows the IP address of the sender. - An intermediate node: only knows the IP address of the ingress node. - An output node: only knows the IP address of the intermediate node. Each packet circulating through the route uses asymmetric encryption in order to hide the information and not to trace it back to the initial sender. The packets are thus encrypted several times so that each node only knows the address of the last relay.

Illustration du fonctionnement de Tor
Illustration du fonctionnement de Tor

This is where the acronym "Tor" for "The Onion Router" comes from. In effect, each layer of encryption added to the routing of the packet is removed (in order to be decrypted) afterwards like peeling an onion. The clear web is also accessible through Tor. Thus, when visiting a website, the server will only have the IP address of the last node in the network. Some sites restrict access, however, as the IP addresses of Tor nodes are public.

2- Hidden services

The other main use of the Tor network is the use of hidden services. These allow a user to publish websites or offer other services by hiding the identity of the server that hosts them. These will be inaccessible by standard methods and will require a Tor connection. The latter will issue a ".onion" address so that people can reach the service. This is where it is more commonly referred to as the dark web. The main difference with classic websites accessible on the clear web is that Tor itself manages the communication protocol with the service and defines an access node on its network in order to hide the user who set it up. Dark web gateways are available ( to name a few) to access ".onion" sites, but they defeat the purpose of the Tor network's anonymisation.


Related blog posts:


Did you enjoy this blog post?

Find more content related to cybersecurity and GDPR regulatory compliance on the CyberSecura blog!


We need your answers!

By completing this survey, you are helping us to better understand your interactions with our site and your potential needs.

Your answers are anonymous, and unless you ask to be contacted again by our teams, no personal information is requested!

Thank you for your responses!


Would you like to be informed of our news and receive our latest blog articles directly in your mailbox? Subscribe to our monthly newsletter!

Would you like to discuss your difficulties, your needs, our offers? Ask to be contacted, free of charge and without obligation, by one of our cybersecurity experts!




Commenting has been turned off.
bottom of page