Red Hot Cyber

Cybersecurity is about sharing. Recognize the risk, combat it, share your experiences, and encourage others to do better than you.
Search
Red Hot Cyber Academy

Discovering the Deep Web and Dark Web: The Ultimate Guide

Antonio Piovesan : 7 August 2025 14:57

There has been a lot of talk for some years now about the deep web and the dark web, and many have wondered: but what exactly does this mean?

The dark web is often associated with shady and criminal activities that are carried out or transit on the Internet. This is not always true, but to understand how to enter the dark web, we must first know it and understand its history and motivations.

In this article, we will fully understand what the deep web and the dark web are and then explain how to safely access the latter.

We are all accustomed to starting our Internet browsing from the search engine. Regardless of which is the preferred one, the operation is always more or less the same: we ask a question (in the form of a search key) and the portal responds by showing us a series of results that it believes may be related to what we are looking for. But have you ever wondered what lies beyond the results that the engine offers us?

Of course, the Internet doesn’t begin and end with those suggestions, but there’s much, much more to it. Just think that it is estimated that Google, which is the most powerful and most used search engine, is able to index (and therefore reveal) less than one percent of all the content on the world wide web. Everything that Google does not see, therefore, is not non-existent: it is simply invisible, often intentionally.

We also talked about it some time ago with a video on the RedHotCyber YouTube channel, but today we want to tell you, in addition to what the Deep Web is, also how to access it safely.

Differences between deep web and dark web

Before going into and explaining what is meant by the Dark Web and Darknets, we must remember that this term came to life in the Arpanet era, precisely in 1970, to identify all those networks parallel to the Arpanet network, now the Internet, which could not be indexed by search engines and were therefore hidden and not in the public domain.

The Internet is in fact divided into 3 levels of depth, and this representation is often represented as a drifting iceberg, which we can classify as follows:

  • A first level is called “Surface web” or “clear web”, that is, the discovered or known world, the indexed world that can be accessed by everyone, such as social networks, online magazine websites, e-commerce sites, in short, everything that can be searched for through search engines.
  • A second level is called “deep web”. This is an ecosystem of non-indexed resources that are in fact inaccessible, such as for example, corporate intranets, private network systems of companies and universities, new websites that are not yet indexed by search engines.
  • Then we have a third hidden level, called “darknet” or “dark web”. This level is unattainable through a normal Internet browser but to access it you need special software and we are talking about the Onion network and the Tor client, or other networks such as I2P and Freenet to name a few.

The Deep Web

Returning to the concept of the iceberg: the tip, the one that emerges from the water and we know to be the visible but smaller part, is the normal “clear web”, which we can all reach with a connection without particular requirements and which we query through search engines. We are therefore talking about “indexed” pages.

Just below the surface of the water there is a part of the web that cannot be seen, which is precisely the deep web: these are very often perfectly legitimate sites but which, due to their peculiarities of creation and content, are not captured by search engines, and are therefore said to be “not indexed”. As we have said, this case includes company intranets, private network systems of companies and universities, and new websites that are not yet indexed by search engines.

Obviously, among these there are also sites whose content is considered illegal and therefore excluded from the search engine’s search results, or resources that do not want to be indexed by their legitimate owners, but in this last case, it is enough to know the address and these sites are normally accessible, without any precautions. details.

The deep web, ultimately, is the internet that escapes Google and its associates by choice or technical limitation. It may mean that there is something to hide, but not necessarily.

The Dark Web

The last part of the iceberg, the most inaccessible, is the dark web.The contents that travel on the dark web, in addition to not being indexed by normal search engines, cannot even be reached directly by knowing their addresses. To access it, it is necessary to go through programs that act as a “bridge” between the clear internet and the dark web.

Through these bridges you can access particular networks called darknets, the most famous of which is the Onion network accessible with the Tor Browser, where dark web sites are found.

When we talk about illegal sites, it is essentially the dark web that we are referring to. This is where all types of buying and selling take place (from drugs to weapons, up to human beings or organs), in a completely anonymous manner by paying in bitcoin. When talking about the dark web, the emblematic case SilkRoad is often cited. SilkRoad was a forum on the dark web where you could buy absolutely anything, so much so that it earned the nickname “Amazon of drugs”.

Its ownership was traced back to the nickname Dread Pirate Roberts and the FBI arrested the person believed to be operating under this pseudonym. Shortly thereafter, Dread Pirate Roberts reappeared, suggesting that there was more than one identity at the head of Silk Road.


What the Silk Road home page looked like

The last “pirate” was identified as Ross Ulbricht, a brilliant college student from Texas. As head of SilkRoad, Ulbricht believed he was above the law and could go unpunished. Furthermore, he exploited his popularity to theorize a new, freer economic and social system free of violence and aggression, proselytizing among users. However, his identity was discovered, and some of the same users began blackmailing him, threatening to reveal it. The FBI managed to arrest him when he tried to hire hitmen to kill his blackmailers; he was later tried and sentenced to life in prison.

The darknets that make up the dark web include small peer-to-peer, friend-to-friend networks, as well as large, popular networks such as Tor, Freenet, I2P (Invisible Internet Project), and Riffle, run by public organizations and individuals. Dark web users refer to the regular web as “Clearnet” due to its unencrypted nature. The Tor dark web or onion land uses the traffic anonymization technique called onion routing, under the network’s top-level domain suffix “.onion.”

Onion routing is a technique for anonymous communication over a computer network. In an onion network, messages are “encapsulated” in layers of encryption, analogous to the layers of an onion. The encrypted data is transmitted through a series of network nodes called onion routers, each of which “peels off” from a single layer, discovering the data’s next destination. When the final layer is decrypted, the message reaches its destination. The sender remains anonymous because each intermediary (each intermediate node) only knows the location of the nodes immediately before and after it. Although onion routing provides a high level of security and anonymity, there are methods to break the anonymity of this technique, one of them is “timing analysis.


Onion network anonymization model.

You may choose to use the dark web to access services and pages that can’t be accessed using standard browsers. One reason for using the dark web might be to maintain anonymity, and there are many reasons why you might want to keep your online identity private. One of these might be because you want to exercise your right to free speech and your government doesn’t allow it. Political censorship and media muzzling are among the reasons people seek to use the dark web; in fact, the dark web is also used for anonymous whistleblowing activities.

Finally, the dark web is used for illegal trafficking such as the sale of prescription drugs, prohibited drugs like cocaine, and toxic chemicals; criminals also use the dark web to sell legal and illegal weapons. Just like the “other spheres” of the web, using the dark web can be dangerous, so let’s look at some precautions to protect yourself when “visiting” the dark web.

  • Use a Virtual Private Network (VPN);
  • Be careful of malware/viruses (better not to download or download Torrents);
  • Use a browser dedicated to this purpose (Tor Browser);
  • Remain as anonymous as possible (using an OS, an email service and search engines appropriate);
  • Be familiar with your government’s laws;
  • Disable ActiveX and Javascript in any available network settings. These frameworks are notoriously exploited by cybercriminals for infiltration. If you want to travel on a network that is teeming with threats, you must avoid this risk;
  • Use a secondary local user without administrator privileges for all daily activities;
  • Always use an updated version of the client, for example TOR.

From the onion …. garlic.

We talked about onion routing – Garlic routing is a variant of onion routing that encrypts multiple messages together to make it harder for attackers to perform traffic analysis and increases data transfer speed.

Michael J. Freedman of Princeton University defined “garlic routing” as an extension of onion routing, in which multiple messages are grouped together. He called each message a “bulb,” while I2P calls them “garlic cloves.” All messages, each with its own delivery instructions, are exposed to the endpoint. This allows for the efficient bundling of an onion routing “reply block” with the original message.

“Garlic routing” is one of the key factors that distinguishes I2P from Tor and other privacy or encryption networks.

How to Break into the Dark Web: VPNs

For maximum protection when breaking into the dark web, you should use a Virtual Private Network (VPN), which means:“a network that helps protect your data and keep your information private online.”

When using the Tor browser, it’s still possible for your online traffic to be monitored. As long as the “other party” (the eavesdropper) has enough time, sufficient resources, and the right expertise, they can easily trace your online activity back to you.

Your IP address could even be leaked, which can be very damaging. By running a VPN in the background while using the Tor browser, these problems are avoidable. Because your VPN encrypts your traffic, it also keeps your IP address safely hidden from government surveillance and hackers even if your traffic leaks on the Tor network.

How to Choose a VPN

Consider paying for a virtual private network service. Free VPN services often make money by exposing you to ads and selling your sensitive data. This is also true for a paid VPN, as zero risk doesn’t exist, but we certainly have a better starting point.

In fact, a free VPN is never truly free… And with hackers and scammers infiltrating Tor nodes every day, the dark web is not the place to take risks.

A list of possible choices:

  • NordVPN (Panama with WireGuard)
  • Surfshark (British Virgin Islands with WireGuard since October 2020)
  • Private Internet Access (USA with WireGuard)
  • VyprVPN (with WireGuard)
  • CyberGhost
  • ExpressVPN
  • Hide.me (with WireGuard) WireGuard)
  • PureVPN
  • Hidden24

NordVPN It’s apparently the best VPN for Tor. This service has a unique feature: Onion over VPN. It offers all the benefits of an Onion (Tor) router combined with the added security of a VPN tunnel. This connection method guarantees protection against unauthorized access by your internet service provider or authorities. Your ISP may be able to see that you’re using Onion without realizing it. NordVPN protects you from all third parties and doesn’t monitor your online activity: you’ll use the Internet in complete privacy. NordVPN is easy to use, fast and offers many servers around the world.

  • 5500+ servers in 59 countries
  • Unblock Netflix and other streaming services
  • WireGuard for fast speeds
  • 6 simultaneous connections
  • Received an independent cybersecurity AUDIT

Based in Panama and with a verified no-logs policy, Nord is a good choice for many reasons. Thanks to NordLynx (based on WireGuard), it is the fastest VPN around and offers a good range of features including split tunneling on Android and Windows.

ExpressVPN has its own DNS servers that guarantee your privacy. This service never logs your internet traffic, so no one will be able to identify you by your IP address or timestamp. When making online payments, ExpressVPN helps you maintain complete anonymity. The service does not provide your information to any government sources and does not store traffic logs so your data does not fall into the wrong hands. All this makes ExpressVPN one of the best VPNs for the Tor browser.

CyberGhost VPNprovides protection against DNS leaks and emergency connection blocking. All data is encrypted using the AES-256 protocol. CyberGhost VPN reliably hides your IP address and anonymizes outgoing Internet traffic. What makes this provider one of the best VPNs for the Deep Web is its NoSpy server. Only CyberGhost specialists have access to the NoSpy servers, can control and manage them. This helps significantly reduce the risk of external access and interference by individuals.

Surfshark has a clear and simple interface and a wide range of features. It has apps and extensions that protect popular devices and web browsers and costs less than most of its competitors, despite allowing an unlimited number of connections.

  • 3200+ servers in 63 countries
  • Unblock Netflix and other streaming services
  • Kill switch
  • Unlimited simultaneous connections
  • Two-Factor Authentication
  • GPS Spoofing (on Android)

Based in the British Virgin Islands with a strict no-logging policy and MultiHop servers for added security and privacy, it’s a great choice, even for darknet browsing.

One possible criterion for choosing could be the possibility of using a VPN with the WireGuard protocol.

VPN: What is WireGuard?

WireGuard is a communications protocol and free, open-source software that implements encrypted virtual private networks (VPNs). It was designed with ease of use, high-speed performance, and a low attack surface. It aims to provide better performance and greater energy savings than traditional VPN tunneling protocols (IPsec and OpenVPN). The WireGuard protocol passes traffic over UDP.

The WireGuard protocol uses the following:

  • Curve25519 for key exchange (elliptic curve technology)
  • ChaCha20 for symmetric encryption
  • Poly1305 for message authentication codes
  • SipHash for keys hashtable
  • BLAKE2s for cryptographic hash function
  • Connectionless UDP transport layer

Watch out for malware

Malicious software is everywhere, even on the dark web. A great way to ensure your safety while browsing online is to install an anti-malware program and keep it up to date. However, avoid downloading files or torrent-type downloads.

Use a dedicated browser

You must have a dedicated browser if you intend to use the dark web (Tor browser for .onion sites). Using the TOR browser is very similar to using a standard browser, but the difference is that it allows you to reach websites that exist on the dark web. While using the browser, the best way to stay safe is to disclose as little information about yourself as possible.

Refrain from random searches while online and avoid providing personal information even when a website asks for it. When you notice suspicious links, don’t click on them—these measures will ensure there’s very little evidence of your presence on the dark web.

How to Stay Anonymous

Make sure you keep your private information private at all times. You can never be too careful. Taking proper precautions before and after opening the Tor browser will make you less vulnerable to hackers. Before entering the dark web, close all non-essential apps, such as password managers.

Also, stop unnecessary services from running on your device and cover your webcam with a piece of tape or paper. It’s common for hackers to access users’ webcams without them even realizing it. Also remember to disable your location, as it can be used to obtain your IP address.

Operating Systems

The Best Operating Systems for TOR … you might be wondering, what makes these operating systems different and suitable for TOR? If you want to use TOR, you are clearly privacy-conscious. Even if you are not involved in any DarkWeb activity, TOR is still one of the best ways to browse the dark web, but it is not enough.

The operating systems listed below, unlike Windows which is basically a sort of “keylogger sys op”, do not track or follow you. In fact, they’re committed to eliminating all traces you might leave on your system.

Most of these automatically route your traffic through the Onion network, automatically becoming Tor’s best friend! These also don’t need to be “installed” in most cases. Instead, they can be run from a live disk (USB/CD). Once the device is removed, all traces of your operating system usage and activities are also removed.

These also have their own privacy-friendly apps for messaging, sending emails, storing cryptocurrencies, and more. So, overall, they provide a more secure environment. Isolation and compartmentalization are some of the features common to all these operating systems:

Emails

It’s time to sign up for an untraceable email address. Gmail is out of the question: if you need an email address here are some you might consider:

  • ProtonMail
  • TORbox
  • Bitmessage
  • Lelantos (paid service)
  • Mail2Tor

Note that these services also come with .onion domains, which you need to access using the TOR browser. Please note that regular browsers like Chrome and Firefox do not work towards .onion domains.

Search Engines

Below is an overview of all the dark web search engines that can be used to “orient yourself” in the vastness of the surface.

  • Ahmia.fi – Clearnet search engine for Tor Hidden services
  • DuckDuckGo – A hidden service that searches Clearnet.
  • Candle – Candle is a search engine for the unique dark web and works basically like Google, only not remotely as useful. The dark web simply isn’t designed to be organized and indexed in an orderly fashion. The purpose of most dark web services is to remain hidden except to a select group of people who are “in the know.” Therefore, Candle should be thought of as a minor tool, a small candle in a long, dark corridor.
  • QUO – QUO is a full-text dark web search engine designed to create a continuously updated index of onion pages. QUO lets you explore the dark web quickly and anonymously, without logs, cookies, or JavaScript.
  • SearX – Searx is another search engine that can be used on both the regular and dark web. The advantage of SearX is that you can make your searches incredibly detailed. You can search for files, images, maps, music, news, science, social media posts, videos, and much more. So, if you’re looking for something incredibly detailed, SearX is the search engine to use.
  • Torlinks – TorLinks is a replacement for The Hidden Wiki.
  • Torch – Another of the best search and link engines for the Deep Web is Torch, which has been around for almost twenty years and looks a lot like Google but is much more complex. The great advantage of Torch is that it will help you find anything because, in total, it has more than a million pages indexed in its database.
  • The Hidden Wiki – A copy of the hidden wiki “The Hidden Wiki”.
  • Not Evil – A Tor search engine that indexes only Tor hidden services. Using the Not Evil search bar, you can find anything you want. It’s one of the best search engines for the Deep Web and you’ll find useful pages of all kinds. It has no ads and is very easy to use with a very simple, very simple, and very clean interface.
  • Grams – For the black market, Grams is one of the best links to the Deep Web if you want to search for buying and selling sites. It is specifically for this type of content.
  • Kilos – The Grams search engine has been offline for some time, and its alleged creator has been in prison on charges of money laundering using cryptocurrencies. But its successor “Kilos” has been available for some time.
  • HD WIKI Site aiming to become Hidden Wiki 2.0 with many working links and an attractive design.
  • OnionList – Another directory with the same principle as the hidden wiki and several working links.
  • OnionDir – Interesting directory with deep web links divided into easy-to-use categories and online for several years.
  • Onion Links – Another interesting directory with links to the deep web divided by categories.
  • Other Uncensored Wiki – Another uncensored Wikipedia of the Dark Network. It is no longer clear which is the real one, many links still work, always paying attention to the markets.
  • Under Directory – Another directory with dark websites divided by categories.
  • Matrix Directory – Directory with very interesting links to the deep/dark web and scam warnings.

Familiarize yourself with the laws

Accessing the dark web is not classified as illegal in most states. However, possessing certain things and engaging in “certain behaviors” is. Different states have different laws governing dark web activity, and you should be familiar with your state or federal laws governing dark web activity. Familiarizing yourself with the law will allow you to avoid activities labeled as illegal.

The internet is a great resource and offers solutions to various problems and questions. Like everything else, the internet presents some problems that you can easily avoid and protect yourself from. Having the above knowledge will help you surf the Internet safely.

Antonio Piovesan
He graduated in Computer Engineering in 2002 and CISSP certified since 2023, entered the ICT world as an analyst/full stack developer. He continued his education by attending an executive Master in cybersecurity and data protection at 24ORE Business School. He now deals with cybersecurity governance issues in the large-scale retail sector. He has a strong passion for technology, innovation and cybersecurity, promoting the spread of digital risk awareness. He loves reading books on the history of mathematics and is a fan of science fiction literature and film.

Lista degli articoli