The dark web: how big, how dark and what’s there?

The description alone – “the dark web” – makes it sound like the stuff of horror movies or Grimm’s grimmer tales. Will the screen be darker? Are there tendrils? You can see the concern in the questions people ask on public fora: “Is it safe to browse the dark web? I don’t want to p*** off authorities… I’m mainly curious to see what the hell it is, not the illegal content,” to quote one.

But since the Snowden revelations of multi-government surveillance in 2013, media and user interest in Tor and the dark web has rocketed. (They’re not quite the same, as we’ll explain.) Nor is it all to go and buy cocaine on Silk Road, the most infamous of such sites – where people could buy drugs, weapons or even (allegedly) hire a hitman. In fact, around half of the estimated 30,000 sites on the dark web are for completely legal uses, or uses that are legal in other parts of the world. “Some are things that you might not think of as illegal, such as online gambling, which is illegal in some parts of the US, for instance,” said Professor Alan Woodward of the University of Surrey, who is also an adviser to the cybercrime arm of the European policing organisation Europol.

Dark or deep?

It’s tricky to distinguish the “dark web” from the “deep web”. They have many similarities: neither will turn up on any conventional search engine. But the deep web is far bigger than the dark web – the latter is generally defined as that slice of the web that can only be accessed using the Tor browser. Sites there are immediately recognisable by the use of the “.onion” domain name. They tend to contain content that doesn’t want to be found by Google’s spiders: people offering drugs, guns, dubious videos, stolen credit card details, fake passports and driving licences.

“The darkness online”, a study published in February by King’s College London, performed a deep search that found that more than half of the 5,205 “live” sites on Tor were for something illegal. (One notable finding was a complete absence of Islamic extremist content; Daniel Moore and Thomas Rid, the study authors, suggest that’s because propaganda doesn’t thrive if it can’t be found.)

In all, the researchers found 300,000 addresses within the Tor network, comprising roughly 205,000 web pages. By contrast, Google reckoned that the open web comprised 30 trillion pages back in March 2013. In other words: the dark web may be dark, but it’s also tiny.

READ NEXT: How to access the dark web

Yet there’s seemingly been a recent explosion in the amount of content buried in the dark web. Late in February the number of “hidden services” pages roughly tripled, according to Tor’s metrics – yet traffic to hidden services, as measured by the same system, didn’t budge. How could you have more pages, yet nobody visiting them? Woodward thinks the best explanation is a ransomware program called Locky which encrypts victims’ hard drives and automatically sets up a unique “.onion” page. The victim is then directed to this page to pay a ransom in bitcoins; in return, they receive the key to decrypt their drive.

Post-Snowden spike

You can see why the “dark web” doesn’t have the best reputation. And yet its popularity has grown, and not just among ransomware writers. In the aftermath of Edward Snowden’s revelations in mid-2013 about the extent of US and UK government surveillance of internet use, interest rocketed. “The number of people entering the Tor network had been about one million before Snowden,” says Woodward. “It spiked at six million just afterwards.”

But that wasn’t necessarily people who were looking for “hidden services”, as sites inside it are called. Tor’s analysis in February 2015 suggested that only 3-6% of overall traffic on the network was actually visiting “Tor” sites. So what are the rest doing? Woodward chuckles. “People at work using it to access Facebook,” he suggests.

That’s because using Tor to browse the open web defeats a lot of surveillance. You can access any site, not just the dark web, via the Tor browser (the interface of which closely resembles Firefox’s). Anybody sampling your web traffic (including monitoring systems at work) would see an encrypted stream, hiding the content and the destination you were visiting. Nor can the destination sites see where you were visiting from; the IP address would be that of an “exit node” from the Tor network.

But that use may fall off too; a collaborative study by four universities in February found “discrimination” against Tor users, with more than one in 30 of the most popular thousand sites turning Tor users away at their front page. Some security researchers see that as bad – preventing anonymous browsing by people who could have good reasons not to be traceable. However, Jonathan Zdziarski, a computer forensics and security expert, suggests that Tor users who are refused admission to sites only have themselves, or their predecessors, to blame. “Tor users [are] actively discriminated against by the tech community that knows better than to trust a third of the people on Tor,” he observed on Twitter, calling it “a network known for abuse”.

Woodward says that for those traversing Tor, “the other use is probably to create the equivalent of a VPN [virtual private network] while at work”. With many video-based services blocking access on the basis of IP addresses, using Tor could be one way to circumvent it.

The US and UK appear to make up the highest proportion of users. “The fractions are tiny,” says Woodward. “About 10 to 25 people out of every 100,000.” For the UK, with an internet population of about 58 million, that would translate to a userbase of between 5,800 and 14,500 people. Even in the two countries with the highest proportional use, Israel and Italy, the figure is only about 200-300 out of every 100,000, or a few thousand per million internet users.

The difficulties of using Tor, from the need for a special browser with limited functionality, to the difficult of logging on to familiar sites (and the concomitant growth in smartphone use as a replacement) may explain why that six million figure from 2013 has since dropped substantially, to about two million today. “People started using it, and then discovered the limitations of using it,” says Woodward. “If you try to log in to Facebook or Twitter and the site doesn’t recognise the IP you’re visiting from, you’ll be asked not just for your password but also to do extra identification steps. That makes it difficult to log in, and people get frustrated with that.” So around four million people who tried Tor gave it up.

Legitimate uses

Still, 3-6% of two million is between 60,000 and 120,000 people using Tor for its hidden services, and if the numbers are proportional to the legality of the service, then 30,000 to 60,000 people are using the dark web for entirely legal pursuits. So what are they doing? I started at a page called The Hidden Wiki, which was set up as a starting point to help people find sites on Tor. It exists in at least ten incarnations; the host of the original was arrested in August 2011 on charges of facilitating online hosting of child-abuse images. (The Hidden Wiki site was also later hacked to remove links to sites hosting such images.)

Right from the start, the culture feels utterly unlike the open web. Site design is often rudimentary, and dark backgrounds popular, as if the web of 20 years ago had been built by the paranoid. Dead ends are frequent; site hosting costs money, and many of the sites on the dark web are, to say the least, sketchy. “Be aware that this is the DarkNet, and everyone could be a scammer,” says the cheery message on OnionDir, which aims to be a directory of sites. (This isn’t hard to figure out when one of the sites advertises itself as “Multiply your Bitcoins 100x in 24 Hours: thanks to a breech [sic] in the system. OFFICIALLY HIDDEN SERVICE ANONYMOUS”. Seems legit.)

The statistics beside some of the sites makes depressing reading: “up 0% last 7 days” isn’t uncommon. Top of the listings I visited was Blackbook, which calls itself “The Facebook of Tor” – a strange concept in itself. (The page wouldn’t load.) There’s also a link to Facebook’s .onion address – “which claims not to keep logs,” says the text by the link. “Trust them at your peril.”

READ NEXT: Best dark websites

I headed over to Intel Exchange – nothing to do with the chip manufacturer, but instead short for “intelligence” – and read up about “how to make people zombies” (use the drug scopolamine, already well known) or “alien tech of the bible” and also – because this is, after all, the deep web – “a battery that produces energy continuously”. (A solar panel on a geostationary satellite? No, a battery pile in a museum in Romania that depletes very, very slowly.)

Then there are the discussion forums, with popular topics including conspiracy theories, hacking, and how to get expensive items cheaply. On the “current events” forum at Intel Exchange, the most-commented thread I visited was the one titled “red room with isis [sic] members”.

A “red room”, in the language of the deep web, is one that shows people being killed; at the extreme, doing so at the whim of viewers. However, its parent posting was six months old, and the discussion quickly turned into a conclusion that “the admin of that page is f***ing crazy” and that there wasn’t actually any content there.

After a few minutes scrolling past other sites such as “Turkish Dark Network – hacking, carding” and “Project SAGE – avant-garde textboard dedicated to technoanarchism, hacking and taoism” you wonder if Taken’s Liam Neeson is available as a wingman. Or whether he would just try to shoot everyone.

Then there’s “Flashlight” – a news site of sorts claiming to be “an info beam in the darkweb” – whose news is vaguely dark-web-related, and whose forums were being spammed to hell and back by a drug vendor trying to sell MDMA. But anyone trying to find out why so many links were dead would be out of luck. That may be because it’s so common that it isn’t news. As one Twitter user commented: “I assumed Tor users were trying to hide their IP address, but it turns out they just hated having fast internet.” As with all satire, it carries the sting of truth: using Tor slows down the browsing experience noticeably.

So I turned to “Football Money”, which ungrammatically promises “information of fixed football games every week”. It turns out to be a Gmail address whose owner says s/he will accept payment by PayPal or Bitcoin. Should I trust it? Perhaps I should ask the “Choose Better” site, which says “we have already tested a lot of sites and we know which are scams and which are not!” And will tell you for only 0.08 bitcoins (about $34 in late February).

Then there are “cheap Apple products”, passports for a variety of countries including the US, UK, Australia and others, credit cards (“with huge balance”), Samsung phones, and “Kamagra – same as Viagra but cheaper!” There is information and PDF files on “weapons, locks, survival, poisons, protesters, how to kill”. And libraries offering thousands of DRM-free ebooks, whose content is strongly skewed towards the young male reader. You might be wondering about the passports. Apparently €650 will get you a British fake; €700 a US one. Of course, it’s impossible to judge whether the products would pass muster. The photos tell you nothing, the passport might be printed on tissue paper, and – unlike Silk Road, for all its illegality – there’s no feedback mechanism or customer reviews, which means you can’t have any trust in it.

What one realises on visiting the “legal” side of the dark web is that, in the words of Gertrude Stein, “there’s no ‘there’ there”. If something’s legal, then it will attract a larger audience and be easier for its creator to maintain on the open web, rather than among the hidden services, whose skankiness tends to afflict everything else. We hear a great deal about the dark web and a lot about criminals using it. There’s a good reason: if you want legal content, it’s a lot easier to find and host on the open web.

Image: russellstreet, Tadson Bussey, Sonny Abesamis, alixroth