Deep Web vs Dark web:
What's the Difference?

Bart Lenaerts-Bergmans - October 25, 2022

What Is the Difference Between the Deep Web and the Dark Web?

“Deep web” and “dark web” are NOT interchangeable terms. Although the entire dark web is part of the deep web, it isn’t true in reverse. Simply put, the deep web is any part of the Net that is not indexed by search engines. This includes websites that gate their content behind paywalls, password-protected websites and even the contents of your email. The dark web, on the other hand, uses encryption software to provide even greater security.

What Is the Deep Web?

The “deep web” includes everything on the Net that is password protected, paywalled or even just protected from crawling by a site’s robots.txt file, which altogether account for anywhere between 96% and 99% of the content of the Net will never be found on any conventional search engine. For instance, when you log in to your favorite video streaming site or check your bank account balance online, that’s the deep web at work.

What Is the Dark Web?

The dark web, on the other hand, makes up a tiny fraction of the Net as a whole. In order to access it at all, you will need to use an anonymizing web browser and a virtual private network (VPN). Later, we’ll delve deeper into how to access the dark web, but for now, you should just be aware that if you find yourself on a Web page and you have no idea how you got there, it isn’t part of the dark web. You have to be intending to visit it.

Deep and Dark Web vs Surface Web

differences between the open web, deep web, and the dark web

The surface web, which is also called the visible web and the open web, is any website that search engines can add to their database. This includes not only websites and blogs but also online product listings and even public posts on social media.

To help remember the differences between the surface web, the deep web and the dark web, think of the differences between “public,” “private” and “secret.”

The surface web is entirely public. The person or group who’s posted it doesn’t care who has access to it or what can be done with it. To use a real-world example, you probably don’t care who in a large group knows your name or the color of your hair.

The deep web, on the other hand, is private. The average person doesn’t share their private life with just anyone; they let specific people know it when the information is needed. For example, you might tell your closest friend about a problem in your personal life, but you would not tell the clerk at your grocery store.

The dark web is secret. This is akin to the things you actively hide from other people, and what you don’t want anyone else to learn. This doesn’t have to be deep, dark secrets—not even your closest friends need to know the password to your email account, for instance.

Deep Web vs Dark Web Use Cases

Most of the Net is on the deep web and for good reason. While criminal activity (including trade in stolen data and identity theft) may be the first thing people think of when they hear about the dark web, it’s far from the only reason to use it. However, it is generally used for activities that people want to actively keep secret.

Deep Web Use Cases Dark Web Use Cases
Routine Use: Users logging into routine websites such as bank accounts or social media using personal credentials do so on the deep web without realizing it.Uncensored Journalism: Journalists use the dark web frequently (usually via the Tor Project,), especially when they are working on sensitive stories or traveling to foreign countries.
Secure Payments: Everytime consumers pay for a product or service online, they enter payment information through the deep web.Free Speech: Citizens of oppressive regimes (such as North Korea) use the dark web to safely organize and speak freely. The dark web was critical for protesters avoiding Net censorship during the Arab Spring after governments shut down access to social media.
Campaigns: Website Developers can have certain part of their websites or pages on the deep web to track campaigns, such as displaying specific homepage designs for users on specific locationsSafety: Many corporate and government whistleblowers rely on the dark web to ensure their safety. Notably, WikiLeaks has a counterpart on the dark web for exactly this reason.
Payed Subscriptions: Paywalls prevent search engine crawlers from accessing certain content that only users who paid for or subscribed to can access. This content, by definition, is on the deep web. Privacy: Victims of stalking and similar online threats may use the dark web to cover their tracks as they find their way out of their situation.

Risks of Accessing the Deep Web vs Dark Web

The deep web and the dark web have a lot of uses, but they also aren’t without their risks. If you know anything about data privacy and protecting yourself from identity theft, it’s easy to mitigate these risks on the deep web. In fact, you probably already do it whenever you log in to a secured website. Accessing the dark web, however, is riskier.

While the dark web may not be the monster that it’s made out to be, its very existence poses a risk to the rest of the World Wide Web. Organizations constantly face the risk of data breaches, but the existence of the dark web highlights it. For instance, if your company suffers a quiet data breach, your users’ personal information will likely end up for sale on a dark web marketplace, so dark web monitoring is a critical step toward your ultimate security.

Safely Accessing the Deep Web and Dark Web

In general, the rules for accessing the deep web and the dark web safely are very similar to the best practices for accessing the surface web. However, you cannot simply browse to sites on the dark web—you have to take steps to ensure privacy first.

How to Access the Deep Web Safely

As previously mentioned, more than 90% of the traffic on the Net is already on the deep web, so the keys to accessing it safely are virtually the same as for the open web. Assess every website you visit for threats and security holes. While you obviously don’t have to perform a penetration test on every website you log into, you should ensure that it runs on a secure framework that uses HTTPS encryption.

Once you’ve accessed deep web sites running a secure framework, take the following best practices to mitigate risk on deep web:

  1. Have strong and unique credentials. Having a strong password can make it hard for attackers to gain access to your private information. Change the generic password provided by the company if applicable.
  2. Maintain good IT hygiene. Access only using networks you know and trust, especially when submitting payment and other sensitive information like social security numbers.
  3. Adopt Cybersecurity Training. The best way a company can protect its information is by ensuring all stakeholders within the organization are aware and complying with all cybersecurity policies. This includes instructions and best practices when accessing the deep web.

How to Access the Dark Web Safely

In order to browse the dark web, you need to take preemptive steps toward anonymity. In particular, you will need a VPN connection and a secure web browser (such as the Tor Browser). Depending on your needs, you may want to use your VPN to download the secure browser of your choice.

Once you’ve downloaded your chosen security software, take the following steps to access the dark web:

  1. Activate your VPN first. Make sure that you’ve disabled any unnecessary software, especially programs such as browser add-ons. (In general, the only browser add-ons that you need to access the dark web come preinstalled with most secure browsers.)
  2. Open your secure browser and make sure that it is fully updated. For the greatest level of security, avoid changing the size of your browser window.
  3. Navigate to the dark web website that you want to access. Instead of a regular top-level domain, it will have a domain name ending in .onion, and it will usually also contain a random, frequently changing series of numbers and letters.

2023 Threat Hunting Report

In the 2023 Threat Hunting Report, CrowdStrike’s Counter Adversary Operations team exposes the latest adversary tradecraft and provides knowledge and insights to help stop breaches. 

Download Now

Best Browsers for Accessing the Deep and Dark Web

When accessing the dark web, you can only use a secure browser (which is also called an onion browser). There are a few options available for this:

  • Tor Browser—This browser (created by the Tor Project) is what people most commonly use when accessing the dark web and for good reason. Unlike many other secure browsers, the Tor Browser is ready to use as soon as you download it.
  • The Invisible Internet Project—This web browser and private network layer was designed to help people in oppressive regimes avoid Net censorship.
  • Subgraph OS—Subgraph is an operating system and not a traditional web browser. This allows it to be bundled with a variety of advanced security features, including a secure email client and instant messaging program.
  • TAILS—The Amnestic Incognito Live System is free software that is designed for browsing the dark web. You can download it onto a USB drive or a DVD and bring it with you on any computer. Because it runs primarily on RAM, it leaves no trace on the computer you use it on.
  • Whonix—This is another operating system designed for deep browsing. It doesn’t rely solely on TOR exit nodes, isolating its data streams for heightened security.

GET TO KNOW THE AUTHOR

Bart is Senior Product Marketing Manager of Threat Intelligence at CrowdStrike and holds +20 years of experience in threat monitoring, detection and intelligence. After starting his career as a network security operations analyst at a Belgian financial organization, Bart moved to the US East Coast to join multiple cybersecurity companies including 3Com/Tippingpoint, RSA Security, Symantec, McAfee, Venafi and FireEye-Mandiant, holding both product management, as well as product marketing roles.