What is the deep web, and is it the same as the dark web?
Quick answer
The deep web is everything on the internet that search engines do not index — your inbox, your online banking, internal company tools, paywalled articles, anything behind a login or a paywall — which is huge, completely ordinary, and almost entirely unrelated to the dark web.
What it's NOT
The deep web is NOT the dark web. It is NOT hidden, illegal, or dangerous by default. It is NOT 'where everything goes when you delete it'. And it is NOT a small niche either — by most measures the deep web is far larger than the indexed 'surface' web, simply because most modern services live behind a login.
More context
The internet that ordinary people picture — and that search engines map — is only a small fraction of what is actually online. The phrase deep web describes everything that exists on the regular internet but is not reachable by typing a query into Google: pages behind a login, pages behind a paywall, internal tools, private databases, machine-to-machine APIs, dynamically generated content that Google’s crawler cannot or chooses not to traverse.
The three layers, kept clear:
- Surface web. Public, indexed by Google / Bing / DuckDuckGo. Wikipedia, news sites, blog posts, marketing pages, public profiles.
- Deep web. Reachable through normal browsers, normal addresses, but not indexed because search engines cannot get past the login or paywall. Your inbox, your bank, your work tools, your hospital portal, paywalled journalism, internal company Notion, every Google Doc you have ever opened.
- Dark web. A separate, much smaller network — built on Tor, I2P, or similar privacy systems — where sites have
.onion(or equivalent) addresses and only respond to those privacy networks. Accessed through Tor Browser, not your regular browser. See dark web for what actually lives there.
Why the confusion matters: media coverage routinely uses “deep web” and “dark web” interchangeably, and the word “deep” sounds mysterious. The actual deep web is the least mysterious part of the internet — it is where every account-protected, paywalled, work-internal page already lives. Your salary slip on your HR portal is on the deep web. Your child’s school grade dashboard is on the deep web. There is nothing more concerning about that than the existence of a locked office door.
The reason search engines do not index the deep web is technical and intentional. To read your inbox, a search engine would need your password — which it does not have. To read a paywalled article, the publisher would need to grant it access — which they explicitly do not. To read your internal company wiki, the company would need to publish it — which would defeat its purpose. The “non-indexed” property is a feature of every account-based service on earth.
A small overlap is worth noting: some content that was once on the surface web ends up on the deep web after deletion or password-protection, and leaked data sometimes appears both on dark-web marketplaces (where buyers find it) and on the deep web (when journalists or researchers re-publish in protected archives). That overlap is real but minor. For everyday purposes, the deep web is where almost everyone’s online life already lives, the dark web is a different network, and conflating them produces fear of the wrong thing.
People also ask
What's the difference between the surface web, the deep web, and the dark web? +
Three layers. The **surface web** is everything search engines index — public websites, Wikipedia, news sites, public-facing blogs. The **deep web** is everything that exists on the regular internet but is not indexed — your bank dashboard, your inbox, Google Docs, an internal Notion, paywalled articles. The **dark web** is a much smaller and entirely separate space: sites that only respond on privacy networks like Tor (.onion addresses). The deep web is part of the normal internet behind a login; the dark web is a different network you access with a special browser.
Are deep-web sites dangerous? +
No more than any other site you log in to. 'Deep web' just describes the technical fact that search engines do not index a page. Your Gmail inbox is deep web. Your hospital patient portal is deep web. Your work Slack is deep web. The risk is not 'the deep web is sketchy' — it is the normal risks of any logged-in service: password security, phishing, account takeover.
How big is the deep web compared to the surface web? +
Much bigger. A 2001 estimate famously claimed the deep web was 400-500 times bigger than the surface web — that specific number is no longer cited, but the order-of-magnitude claim has held up. Every cloud storage account, every CRM, every banking dashboard, every internal corporate tool is deep web. Search engines see almost none of that because they cannot log in.
Can I 'access' the deep web? +
You do, every time you log into anything. There is no special browser to install and no special address to type. Logging into Gmail accesses the deep web. Reading a paywalled Financial Times article accesses the deep web. Using your bank's online portal accesses the deep web. The phrase 'how do I access the deep web' usually means 'how do I access the dark web', which is a different question with a different (and entirely legitimate, but different) answer: install Tor Browser.
Is my data 'on the deep web'? +
All of it. Your medical records, your banking history, your work documents, your messages all live on services that are part of the deep web — that is what the deep web means. The framing that matters for safety is not 'is it on the deep web' (yes, by definition) but 'is it on a service I trust, is the password unique, is two-factor authentication on'.
Also explained
What is the dark web?
The dark web is a small slice of the internet that you can only reach with a special browser like Tor — it hides who is connecting and what they are reading, which is useful for journalists and dissidents but also where stolen passwords and illegal goods are traded.
What does the padlock in my browser actually mean?
The padlock means the connection between your device and the website is encrypted, so nobody on your Wi-Fi, your office network or your internet provider can read what you send or receive — but it does NOT mean the website itself is honest, legitimate, or safe to trust with your data.
What is a data breach, and what do I do if my information is in one?
A data breach is when an organisation that holds your personal information loses control of it — your email, password, phone number, address, sometimes your credit-card or ID details end up in a leaked file that attackers download and reuse; the practical response is to change the password on that account, change it anywhere else you reused it, and turn on two-factor authentication.