What is the Dark Web?

The dark web is the part of the internet that is not indexed by normal search engines and cannot be reached without special software, most commonly the Tor browser. It is a small subset of the larger "deep web," which is just anything behind a login or otherwise not crawlable.

What distinguishes the dark web is the deliberate anonymity of both the users and the sites themselves. That is what makes it useful for journalists, whistleblowers, and people living under surveillance. It is also what makes it useful for drug markets and credit-card fraud.

How it works

Tor routes each connection through at least three volunteer-run relays scattered around the world, encrypting the traffic in layers so that no single relay knows both the source and the destination. Sites hosted as Tor hidden services use .onion addresses and are reachable only from inside the network. Other overlay networks like I2P and Freenet work on similar principles with different tradeoffs.

None of this is inherently illegal. The same technology that protects a Russian dissident from the FSB also protects a vendor selling stolen logins.

What is on it

Content ranges from mundane to criminal. On the legitimate end there are mirrors of news organizations (the BBC, The New York Times, and ProPublica all run .onion versions), SecureDrop submission portals used by investigative reporters, and forums for privacy-focused technical discussion. On the criminal end there are markets and services that tend to cluster around a predictable list:

• Drugs and controlled substances, which have dominated marketplace volume since the original Silk Road was seized in 2013.
• Stolen credentials, credit-card data, and full identity packages ("fullz").
• Firearms and explosives, though many listings in this category turn out to be scams or law-enforcement stings.
• Child sexual abuse material, which is the primary target of most coordinated takedowns.
• Hacking-as-a-service offerings, from phishing kits to ransomware affiliates.
• Counterfeit currency, forged identity documents, and fake diplomas.
• Extremist and terrorist propaganda that has been pushed off the clear web.

Why moderation is hard

The dark web is not a platform. There is no central operator to send a takedown notice to, no content policy to enforce, and no stable identity tied to any given post. That changes what moderation even means in this context.

Anonymity

The Tor design makes it difficult to attribute content to a real person. Law enforcement can sometimes deanonymize users through operational mistakes, malware, or exploits in the Tor client itself, but those are expensive investigations, not routine moderation. For platforms on the clear web, the practical concern is usually the edges: clear-web services being abused to advertise dark-web markets, or stolen data from a dark-web leak showing up in a public forum.

Encryption

Traffic inside Tor is end-to-end encrypted between the user and the hidden service. Even when an abuse report identifies a specific address, investigators often cannot see what is being exchanged without seizing the server or infiltrating the service. Decryption of stored evidence then has its own legal and technical hurdles.

Decentralization

There is no hosting provider to call.

When a market is seized, like AlphaBay in 2017 or Hydra in 2022, the operators or their successors typically relaunch under a new .onion address within weeks. Reputation moves with them through PGP-signed vendor keys, so customers follow. This is why takedowns work as disruption rather than elimination.

Legal and ethical lines

Not everything on the dark web is illegal, and not everything illegal in one jurisdiction is illegal in another. Content moderators, researchers, and law enforcement all have to draw careful lines between privacy that is protected and privacy that is being used as cover for harm.

Most serious dark-web work is done by specialized units (NCMEC for child-safety material, Europol and the FBI for markets) rather than by platform trust and safety teams, whose job is usually to catch the spillover into clear-web services.