Most of the Internet isn't visible. The surface or open web, which can be accessed and explored by search engines, represents less than 5% all content online.
The deep web and dark web, meanwhile, collectively make up the other 95%. But what exactly are these deeper, darker webs? What do they contain, how are they accessed, and what risk do they pose to organizations and their data?
Here's a deeper dive into the underbelly(s) of the Internet.
Understanding the Deep Web
The deep web contains private content that is not crawled or indexed by search engines. Browsers may be blocked from indexing this content, or it may require usernames and passwords to access. It's estimated that the deep web accounts for 90% of the Internet.
Definition and explanation of the deep web
Content and services on the deep web exist "below" the surface web. In practice, this means they can't be found or indexed by search engines. Bank accounts are an easy example. Public users can't search for your bank account details or transaction lists on the public web. Instead, this data is part of the deep web. Search results won't return this data, and the only way to access this information is by providing credentials such as usernames, passwords, or biometric identifiers like fingerprints.
The vast majority of content on the deep web isn't illegal or illicit — it's simply private. Given the sheer amount of this data generated and stored every day, the deep web significantly outpaces the size and scope of the surface web.
Worth noting? Resources intended to be part of the deep web may end up on the surface web if they are misconfigured. Consider a company that deploys a secure database but doesn't update factory firmware settings, the database may not require a password for access. And if UCP ports are improperly configured, the database may show up in search engine results.
This is a common concern for businesses. For example, in February 2024, a misconfigured cloud storage server exposed sensitive data belonging to BWM including private keys and internal assets.
How the deep web is accessed
The deep web is accessed with a typical web browser. No special tools or software are required. In most cases, all users need is their login and password data to access sensitive data.
While deep web results aren't returned in search engines, these engines will direct users to deep web access points. These access points typically take the form of login pages for services such as e-commerce or bank accounts. A quick search sends users to the login page, where entering their credentials gives access to deep web resources.
In some cases, login pages may not be part of the public web. A company using a cloud storage service probably won't make its single sign-on (SSO) page public, but stored data still remains part of the deep web since the storage service is connected to the Internet.
Common uses and examples of the deep web
Some common uses of the deep web include:
- Bank accounts
- Medical data
- Legal records
- Government documents
- Subscription platforms
- Corporate assets
What Is the Dark Web?
The dark web is the remaining 5% of the Internet which isn't public or private — it's secret. The dark web is effectively invisible to search engines, and regular browsers such as Chrome, Edge, or Firefox can't access dark web content. Instead, users need special tools such as The Onion routing (Tor) project to explore the dark web.
Definition and explanation of the dark web
The dark web is often considered a hub of illicit activity. This position has merit — almost any product and any service, illegal or not, can be found and purchased on the dark web.
But that's not the only purpose of the dark web. It's also used by individuals in countries where public Internet access is limited or highly monitored as a platform for political speech or protests. The dark web also serves as a way for users to communicate securely since it's virtually impossible to identify where messages originate, where they're headed, and who receives them.
How the dark web is accessed
The dark web is accessed using purpose-built browsers. One of the most popular is the Tor browser, which keeps user identities, locations, and activities a secret so they can access the dark web security. As noted above, Tor is an acronym for The Onion Routing Project. The idea here is that just like layers of an onion, the browser uses multiple layers of protection to keep users safe.
Once users have downloaded Tor or a similar browser, they can access the collective content of the dark web. Unlike the surface web, however, there is no index or ranking system for the dark web. Users must directly type in the URL they want to visit or use a dark web search engine. These engines, however, have no safeguards on their results, meaning users could be exposed to websites that are illegal, unethical, or potentially harmful.
The dark web can also be accessed using open-source operating systems designed for this purpose. The systems are often more complex and customizable than Tor or similar browsers. This makes them a good choice for more experienced users; those with only a passing knowledge of obfuscation and encryption are better served by Tor-type browsers, which require no special setup.
Examples of illegal activities and risks associated with the dark web
Because the dark web can't be accidentally accessed and isn't indexed by search engines, it's difficult for law enforcement to track down and eliminate illegal sites. While some of the content on the dark web is simply secret rather than illicit, the majority of sites operate in either legal grey areas or provide access to outright illegal activities.
Examples of illegal activities on the dark web include:
- Drug sales or trafficking
- Sale of stolen user credentials
- Malware development and sales
- Cryptocurrency crimes
There are also risks associated with the dark web, such as:
- Stolen data
- Malware infections
- Service or product scams
- Disturbing content
Key Differences Between the Deep and Dark Web
The deep and dark web are not the same. While these terms are often used interchangeably, they represent two different spheres of online content and services.
Put simply, all the content in the dark web is part of the deep web. The difference is access. In the case of the surface web, resources are publicly available and easily searchable. Deep web content is private, meaning search engines do not return it, and in many cases, it requires credentials to access. The dark web is secret — a special browser is required to gain access.
Level of accessibility and anonymity
The deep web can be accessed using a standard web browser. While search engines don't return deep websites, they aren't secret — they're simply not public. As a result, the deep web isn't inherently private, just protected. To increase privacy and reduce the risk of compromise, users may choose to leverage a virtual private network (VPN) which obfuscates their name, location, and activities.
The dark web, meanwhile, is only accessible using special tools or browsers. It is also anonymous. Content on the dark web is not monitored or indexed by search engines, and access tools are designed to anonymize users. That said, tracking users on the dark web is not impossible — for example, while law enforcement may not be able to see which sites users are visiting, they may be able to track user entry and exit points on the dark web.
Types of content and websites found in each
In the deep web, content and websites are private. They may contain users' personal or private information, sensitive assets owned by companies, or protected data created and maintained by government agencies. While it's possible for illegal websites to exist on the deep web, they can be discovered, traced, and shut down by law enforcement.
On the dark web, meanwhile, there are no rules about what content, services, or resources can be posted, accessed, or purchased. This means that users may encounter sites that contain lively political discourse that can't happen in public due to government restrictions, but they are equally likely to encounter sites selling stolen cryptocurrencies or offering access to solutions like malware-as-a-service, which allows unskilled users to infiltrate businesses and exfiltrate data.
Legal implications and potential risks for users
Depending on the type of content accessed and the way in which this content was accessed, there are potential risks and implications for users.
In the case of the deep web, for example, content is typically legal but protected. If, however, users attempt to access this content by forcing their way through security tools or undermining security defenses, they may be guilty of cybercrime. If publicly accessible content is simply unprotected, meanwhile, the onus typically lies with data owners.
When it comes to the dark web, meanwhile, accessing content isn't the issue — instead, the content itself is the problem. If users are found to have accessed illegal content or purchased stolen goods or information, such as usernames and passwords exfiltrated by attackers, they may be found guilty of a crime. The dark web also comes with the risk of device compromise or infection. Since sites on the dark web are unregulated and unmonitored, there's no guarantee that sites are free of malware, ransomware, or other malicious code.
Monitoring and security
Monitoring and securing the deep web is relatively straightforward. Since resources can be accessed with standard browsers, security teams, researchers, and law enforcement agencies can effectively explore the deep web as required. While they don't have the benefit of public search engines, they can manually search for sites and discover what types of data are available. If researchers discover that private sites are insecure, they can notify site administrators to fix the issue. If law enforcement finds that businesses or individuals are hosting illegal data or carrying out illicit transactions, they can obtain information such as names, IP addresses, and activity history to pursue criminal prosecution.
Implications for Online Security
Both the deep and dark web come with implications for online security.
How the deep and dark web impact cybersecurity
Because the deep web is often used to store sensitive information, it poses a security risk if sites that hold this information are breached. For example, if a company misconfigures its HR database, criminals may be able to gain access and steal employee data including logins and passwords, payroll records, and health benefits information. This data may then be encrypted and ransomed or sold for profit on the dark web.
The dark web, meanwhile, is a repository for stolen or fraudulent data. If personal or business data ends up on the dark web, it may be purchased by malicious actors as a means of extortion, or as a way to access protected resources on the deep web.
Protecting sensitive information from cyber threats
Protecting information from deep and dark web cyber threats requires a two-pronged approach.
First is limiting the type and amount of data provided. The less data shared by users, the less data available for attackers to steal. The EU's General Data Protection Regulation (GDPR) is a good example of this process in action: Companies are required to collect the minimum amount of data necessary to achieve a specific goal. They must be clear about this goal, give users the chance to opt out, and destroy collected data upon request.
Businesses can also limit risk by deploying strong security controls. These include robust data encryption, threat detection solutions, and regular review of security measures. Companies should also deploy two-factor authentication (2FA) to help reduce the risk of compromise. By requiring users to provide an additional factor of identification, such as a one-time passcode or fingerprint, the theft of user credentials won't be enough to compromise accounts.
Role of password managers in ensuring online safety
Password managers also play a role in online safety.
Despite their prevalence and usefulness, passwords remain a sticking point for security. In part, this is because users tend to repeat passwords across multiple accounts, and often use passwords that are easy to guess, such as "password" or "12345678". This makes it easy for attackers to test multiple username and password combinations until they find one that works.
Password managers help reduce this risk by requiring users to choose strong passwords, such as those that contain a combination of letters, numbers, and symbols, and also by ensuring that passwords are not repeated.
How LastPass Helps Protect You with the Dark Web
LastPass can help companies and reduce dark web risk.
Dark web monitoring
With dark web monitoring from LastPass, you get 24/7 protection — popular dark web sales sites are continually scanned for compromised information that may indicate your accounts have been breached. You also get immediate alerts if your personal data has been found on dark websites, along with proactive recommendations to improve passwords and reduce the risk of compromise.
Strong password requirements
LastPass also helps ensure that the passwords you create are strong, unique, and haven't been previously compromised. In addition, you're the only one with access to your password vault. You hold the master key, and not even LastPass staff can gain access to your vault.
In addition, LastPass password autofill can help ensure that your credentials are only shared with legitimate sites. If you visit a site that isn't on your list of approved and trusted addresses, LastPass won't autofill your credentials.
Dedicated TIME team
The LastPass Threat Intelligence, Mitigation, and Escalation (TIME) team is committed to protecting the community by continuously monitoring for and mitigating threats against our customers, our company, and our industry. With five decades of security and cyber expertise, the TIME team acts as one of the first lines of defense against dark web threats.
Below the surface web lies 95% of the Internet. While much of this content is benign, such as the accounts and services protected by the deep web, illegal and illicit activities often lurk in the dark.
Staying safe means limiting the amount of information you share online and leveraging strong security controls to help monitor for stolen data and reduce the risk of weak, repeated, or easily guessed passwords.
Don't get lost in the dark — try LastPass for free today.
