What is the dark web?
Quick answer
The dark web is a small slice of the internet that you can only reach with a special browser like Tor — it hides who is connecting and what they are reading, which is useful for journalists and dissidents but also where stolen passwords and illegal goods are traded.
What it's NOT
The dark web is NOT where files go when you delete them, it is NOT 90% of the internet, and it is NOT illegal to visit. Most of what people imagine as 'hidden internet' is actually the deep web — ordinary content behind a login, like your bank or Gmail — which is completely unrelated to the dark web.
More context
The dark web is a small set of websites that only respond to a special privacy network — most commonly Tor (The Onion Router). Instead of www.example.com, dark-web addresses look like someverylongrandomstring.onion. The Tor network routes every request through three different volunteer-run relays around the world, scrambling who is asking and where the answer comes from.
That privacy was the original point. Tor is funded in large part by press-freedom and human-rights organisations because it is the only way some journalists, activists and people living under authoritarian regimes can read and publish safely. Whistleblower platforms like SecureDrop, used by Le Monde, the New York Times, the BBC, and many others, run on the dark web for exactly this reason.
The same privacy also attracts crime — marketplaces selling stolen credit cards, leaked password databases, ransomware-as-a-service kits, drugs, weapons. These get the headlines, but they are a minority of dark-web traffic. They are also where leaked corporate and personal data tend to surface after a data breach — which is why “did my email appear on the dark web” is a real question, and “have I been pwned” type services exist to answer it.
What the dark web is NOT:
- It is not 90% of the internet. That widely repeated number is wrong. Estimates of Tor hidden services vary, but they are a tiny fraction of regular web traffic.
- It is not the same as the deep web. Deep web = anything not indexed by Google (your inbox, your bank, internal tools). Dark web = a specific privacy network. They are almost unrelated — see deep web for the full distinction.
- It is not where deleted files go. Deleting a file removes it from your device or its cloud bin. It does not “fall through” anywhere — least of all to Tor.
- It is not illegal to visit. Tor Browser is free, open-source, and legal in democratic countries. What you do once you are there is governed by the same laws as anywhere else.
For most households, the practical takeaway is simple: assume that at some point one of your email addresses and one of your passwords will end up in a leaked database that ends up on the dark web. Use a different password for every important account, turn on two-factor authentication (or, better, passkeys) wherever possible, and stop reusing your old favourite password.
People also ask
Is it illegal to go on the dark web? +
Visiting the dark web with Tor Browser is legal in most countries, including the US, UK, France and the rest of the EU. What is illegal is the same thing that is illegal anywhere — buying drugs, weapons, stolen data, child-abuse material. The browser is a tool; the legality follows what you do with it.
What is the difference between the dark web and the deep web? +
The 'deep web' is everything on the regular internet that is not indexed by Google — your online banking, your private inbox, internal company tools, paywalled articles. It is huge and mostly boring. The 'dark web' is much smaller: sites that only respond on hidden networks like Tor (.onion addresses) or I2P. Most people accidentally use the deep web every day; almost nobody accidentally uses the dark web.
Can someone find my information on the dark web? +
Possibly — if your email and password were part of a data breach, they often end up on dark-web marketplaces or paste sites. The practical defence is not 'monitor the dark web' but: use unique passwords (a password manager helps), turn on two-factor authentication, and freeze your credit if you live somewhere that supports it. Once data is leaked, you cannot remove it; you can only make it useless.
Do I need a VPN to visit the dark web? +
No. Tor Browser already routes traffic through three relays specifically to hide the origin. Adding a VPN on top changes the threat model — it can help in countries that block Tor itself, but it can also hurt your privacy by giving the VPN provider a record of your activity. For most people, plain Tor Browser is the right tool.
Also explained
What is the deep web, and is it the same as the dark web?
The deep web is everything on the internet that search engines do not index — your inbox, your online banking, internal company tools, paywalled articles, anything behind a login or a paywall — which is huge, completely ordinary, and almost entirely unrelated to the dark web.
What is a VPN, and do I actually need one?
A VPN is a privacy tool that hides your internet activity from your local network (your office, the café Wi-Fi, your ISP) and from websites — but it does NOT make you anonymous, and for most people in 2026 it is far less essential than the ads suggest.
What is a data breach, and what do I do if my information is in one?
A data breach is when an organisation that holds your personal information loses control of it — your email, password, phone number, address, sometimes your credit-card or ID details end up in a leaked file that attackers download and reuse; the practical response is to change the password on that account, change it anywhere else you reused it, and turn on two-factor authentication.