You know when you search online and you get like millions of results back from Google.
Yeah, absolutely, it feels like that's everything right, the whole Internet. It really does. But that's actually just scratching.
The surface, just the tip of the iceberg.
Kind of exactly the analogy we need today. We're going to talk about what's underneath the deep web and the dark net.
Okay, and they're not the same thing, which I think confuses a lot of people.
Definitely, that's key. The surface web, that's the Google stuff, the tip the deep web is the huge part submerged underwater, and the dark net that's like the very bottom, intentionally hidden.
Got it. So our mission today, based on what you've looked into, is to kind of demystify this without getting lost in super technical stuff.
Precisely, we'll break down what they are, how you might access them, what they're used for, the good and the bad, and you know the risks involved.
Okay, let's dive in then below the water line. If Google and being only see the surface, what's making up this massive deep web? You said like ninety six percent.
Yeah, estimates are around ninety six percent. It's enormous, but it's not necessarily sinister. A lot of it is pretty mundane, actually mundane, Like what well think about databases? Your source mentioned the Denver property tax system. You can look up records, but Google isn't indexing every single property individually for a general search.
Oh okay, that makes sense.
Or your online bank account, your email, inbox, subscription, journals, cloud storage like dropbox, internal company networks. You log into.
The stuff behind a log inner is specific query exactly.
You usually just need the right web address, maybe a password. No special secret software is typically needed for the deep web itself.
Right, not like you need a special browser just to check your email. So the darknet, Yeah, that's where it gets different, the really hidden part.
That's the shifts. The darknet is part of the deep web technically, but it's the portion that's deliberately concealed and built for anonymity.
And that does need special tools.
Absolutely. You can't just stumble onto it. The main tool people use is the tour browser door.
Right. One of your sources called it diving gear. Is that the only way in It's.
The most common by far. There are other darknets like itop free net, zero net. They have different focuses, maybe secure file sharing or decentralized sites, but Tour is the big one most people mean when they say darknet.
Tour stands for the onion router, right, it sounds layered, it is.
That's the whole principle. It uses onion routing.
How does that work? How does it make you anonymous? Okay?
So instead of your computer talking directly to the website, Tour bounces your connection through a chain of volunteer run servers or relays across the world like a detour, sort of multiple detours, and your data is wrapped in layers of encryption like an onion. Each server only decrypts one layer enough to know where to send it next.
So no single server knows the whole path exactly.
The first node knows you connected, but not the final destination. The last node, the exit node, knows the destination website, but not your original IP address. It makes tracing back to you incredibly difficult.
Okay, that's clever. So if someone you know wanted to access this very carefully, how do they get Tour?
Crucially, only download it from the official Tour project website tourproject dot org, not from anywhere else, absolutely not. There are fake versions out there loaded with malware. It's available for Windows, Mac, Linux, and Android. Android sometimes needs an extra app called Orbot, especially for the.
Alpha browser official source only. Yeah, got it? And once you have it, are you just browsing like normal? Well?
You can use tour to browse the regular surface web more privately. But darknet sites themselves have special addresses. They end in.
Onion dot onion not dot com.
Hey, and those dot onion addresses only work inside the Tour network. Your regular browser won't understand them.
Okay, specific addresses for a specific network. Now, safety, your sources were really clear on this. It sounds risky. What are the main precautions?
Extreme caution is non negotiable. First, many recommend using a VPN.
As well a VPN and tour.
Yeah, for an extra layer, you can do tour over VPN connect VPN first, then tour your ispc's VPN traffic, not Tour traffic or VPN over tour connect Tour first, then VPN That hides your real IP from the VPN and might protect from bad exit nodes. But the Tour project itself has some reservations about that setup. Still, either is generally seen as better than just tour alone. If you're worried about your ISP knowing you're using it an.
Extra digital bodyguard? Okay, what else?
Verify dot onion URLs. Since HTTPS and standard security certificates aren't common, you need to check addresses from multiple trusted places. Don't trust anyone you interact with. Never ever share personal info. Don't upload pictures or files definitey.
Don't download anything either.
I guess absolutely not huge malware risk. Even. Be careful with image previews and search results. Sometimes illegal content can get catched just from a thumbnail. And just don't buy anything it's likely a scam. Legal and crypto payments are usually final, no refunds.
It's like a good rule. Anything else technical.
You might consider disabling JavaScript in the Tour browser's security settings for extra protection, and just be aware. Your internet provider can often tell you're connecting to the Tour network, even if they don't know what you're doing. In some places like the US, that alone could raise flags.
That's a heavy list of warnings. It pants a pretty dark picture. But it's not all illegal stuff, is it? Your sources mentioned legitimate uses.
Too, No, definitely not all bad. The anonymity is critical for some people. Think about dissidents or activists and oppressive regimes, journalists protecting sources, whistleblowers like.
During the Arab Spring, or someone like Edward.
Snowden, exactly, people who need to communicate or access information without being tracked by authorities who might harm them. It lets people bypass censorship.
So it's a tool for free speech and safety and dangerous situations.
It really can be. Even big organizations see value in them. The New York Times has a done insight for secure tips. Facebook has one, so people in censored countries can still access it.
Facebook on the darknet. That's surprising.
Yeah, specifically for access where the main site is blocked. It shows the utility of the network beyond the illicit stuff.
Are there other sort of less intense positive examples.
Sure your sources mention things like the chess for playing anonymous chess. Someone documented exploring tunnels under a university on a site called it Tunnels. Maybe just quirky Anonymous sharing. Secure email providers like proton mail have a presence, though they're on the regular web. Two. Some newspapers are setting up Onion versions. Even some tech journalists have personal sites mirrored there.
Okay, so it's a mixed bag, But let's face it, the reputation comes from the illegal side. What kind of nasty stuff is actually for sale there?
Well, it's pretty much what you'd, unfortunately expect. Drugs are common, everything from marijuana to dangerous poisons like Risin still in. Financial data is huge, credit card numbers, bank logins.
So from data breaches we hear about often.
Yes, also weapons, explosives, fake passports, ID cards, even counterfeit university degrees. There are mentions of deal killers or hitman services, though it's really uncertain how real those are. Could just be scams let's hope they're scams, agreed, And lots of malware crimeware kits that let people with low skills launch attacks. One source even mentioned uranium or being listed once, which is disturbing.
Uranium seriously wow? Okay? And how does it specifically help cybercrime happen.
It's like a digital back alley and marketplace combined. Criminals can chat securely, plan attacks, buy and sell hacking tools, or even rent out services rin services like what DTOs for hire pay someone to knock a website offline, renting botnets networks of infected computers to send spam or launch attacks. Ransomware as a service, where developers provide the malware and infrastructure and affiliates just need to infect victims.
So lowers the bar for entry into cybercrime.
Assively, you don't need to be a master hacker yourself. Plus, there are anonymous hosting and email services. Criminals use forums to trade stolen data or vulnerability info. Search engines like Candle or torch specifically for finding onion sights, including illicit ones, and the risk of malware is constant, even from things pretending to be helpful like fake tour browsers.
It really sounds like an enabler for a lot of digital crime. How does this impact cybersecurity for regular businesses.
And people, It's a huge factor. The darknit provides the hidden infrastructure. It's where attacks are often planned, tools are traded, and data is sold. This constant churn of threats means security teams have to be vigilant. The commoditization of attack tools means more attacks, potentially less sophisticated, but still damaging ones. And the anonymity makes attribution and takedowns really hard for law enforcement.
Which I guess is why security pros are looking there for threat intelligence.
Exactly. They monitor the deep and dark web to get ahead of threats. They're looking for chatter about attacking specific companies, leaked company data, stolen employee credentials being sold, new malware emerging.
Trying to spot trouble before it hits right.
If your company's data shows up for sale, you know you've had a breach. If people are discussing exploiting a flaw and software you use, you can patch it faster. It's about early warnings.
Makes sense, okay. One last technical bit you mentioned earlier, the differences between tour itop and free net. Can you quickly recap those? Sure?
They all provide anonymity, but have slightly different designs and goals. Tour is the biggest, mainly an anonymous proxy for browsing the web and accessing dot onion sites. It routes traffic through a network. Itop is more of a network within itself, like a separate anonymous Internet layer, focused on peer to peer communication side i twop. Free net is older, focused specifically on censorship resistant anonymous publishing and putting content up
and making it hard to take down. It's less for general browsing, more for distributing files or hosting sites anonymously, so.
Different tools for slightly different anonymous jobs.
Pretty much. Yeah, tour is the most versatile for general use.
Probably. Okay, So we've gone pretty deep here, surface web, deep web, darknet, distinct layers, different access, different uses. Yeah, a lot more complex than just the bad Internet.
Absolutely, the deep web is mostly normal stuff, just not indexed. The darknet is intentionally hidden, needs tools like Tour and hosts both illicit marketplaces and vital tools for privacy and safety.
And that second part is easy to forget, isn't it That anonymity well abused, is also genuinely needed by vulnerable people, by journalists, by activists.
It's crucial to remember that balance. The technology itself is neutral is how people use it, but the risks, especially on the darknet, are very real. Caution is paramount extreme caution.
As you said, So wrapping this up, it leaves us with a pretty big question, doesn't it for you the listener?
Yeah, think about this. As our world gets more digital, privacy becomes well trickier. We have this an internet that enables crime but also protects freedom. How is that tension going.
To play out? How will our relationship with the deep web in darknet shape, online freedom, security, privacy, all of it in the future. Definitely something to chew on. Thanks for navigating us through.
That, my pleasure. It's a fascinating and important topic