Security Monitoring

The Dark Web Vs The Deep Web: What’s The Difference?

At first glance, the dark web and deep web may seem like different words for the same thing, but scratching the surface reveals some fundamental differences.

Article thumbnail image

While “dark web” and “deep web” might seem like similar terms that describe the same thing, that’s actually not the case.

So, what are they?

What Is The Difference Between The Dark Web And The Deep Web?

Good question. 

Conceptually, the two do sound similar. The deep web refers to web pages that haven’t been indexed by search engines. The dark web is non-indexed web pages on the internet that have been purposefully and explicitly hidden from regular search engines, requiring a specific search engine to be accessed. While they’re both made up of non-indexed web pages, this is where their similarities end.

The term for the unencrypted, indexed part of the internet (i.e., the part you can search for, including the exact web page you’re reading this on now) is often referred to as the clear net or, occasionally, the surface web.

The Deep Blue Web

So, what counts as a non-indexed web page? Quite a lot actually, and you’ve used them without even realizing.

A large portion of the deep web is made up of web pages that are inaccessible without having to log in first. Think of user landing pages, online banking, users’ social media pages and profiles, web forums, sites that have paywalls (such as Netflix, Hulu, and certain magazine and news sites), and other sites that have some form of restricted access to their content. Essentially, the deep web includes databases that are only searchable within the database and intranets used by a range of companies and organizations. 

WordPress is a great example of the deep web due to all of its content being non-indexed and therefore unsearchable but accessible with the right credentials before content is published.

Aside from the legitimate uses of the deep web listed above, the deep web is often utilized to access certain services that aren’t available in a user’s area—like TV and films through the use of a VPN—or to illegally download music, books, and more through certain sites (i.e., piracy websites) that may not be indexed but can still be accessed via regular internet browsers.

The deep web is estimated to make the majority percentile of the internet, with some sources putting it at anywhere from 80% to 95%, though 95-96% is the more commonly accepted figure. Basically, no one knows for sure what the exact number is but it’s a lot—and it’s only getting bigger.

The Dark Side Of The Web

The dark web has a certain, infamous reputation. It’s all something we hear about when we first start browsing the internet at some point in our lives, instilling either fear, curiosity, or both. Yet it’s surprisingly pretty small, with some sources putting it at around just 5% of the internet.

They say you can get anything on the dark web and that is, by and large, fairly true. Although, certain things rumored to have been found on there are often a product of urban legends. However, the dark web is commonly associated with criminal activity that can consist of (but isn’t limited to):

  • Trafficking
  • Money laundering
  • The sale and/or exchange of extreme pornography and child pornography
  • The sale of organs—the more vital the organ, the more expensive it is
  • The selling of illegal items such as drugs, firearms, and other banned and questionable objects (exotic pets are also frequently seen up for sale)
  • Counterfeit services such as money or forms of identification (an EU passport can set you back roughly $4000 on average)
  • The sale of stolen data and credentials, such as logins and usernames, credit card information, identity information, bank account details, and so on
  • Social security cards—apparently the most coveted of which have a minimum credit score of 750
  • Netflix accounts, PayPal accounts, etc
  • Vendors selling malware, ransomware, viruses, and other types of harmful code
  • And much more

While the dark web’s reputation may be fairly insidious (which is not completely unfounded given the above reasons users access the dark web) accessing the dark web isn’t actually illegal—it’s just that some of the activities to be found on there are. Alongside the above-mentioned uses, the dark web is used for legitimate and positive reasons as well.

For countries experiencing severe censorship and online surveillance by the government, the dark web can be a lifeline for journalists and activists trying to exchange information and reporting on human rights abuses within their country. The tools used to access the dark web also provide strong anonymity to users, protecting anyone who may come under fire by surveilling dictatorships if discovered.

Overall, while it might be surprising to some, the dark web is just another part of the internet that is just more well-hidden than the rest of it. You can find music, hang out in forums, and buy innocuous items such as books, cheap equipment, or a literal pound of sand if that’s your sort of thing.

How Does It All Work?

So, does the dark and deep web function the same?

Well, yes. But also no.

While the two parts of the web are, by and large, the same kind of thing, they operate quite differently.

How the non-indexing part of the deep web actually works is the sites are concealed behind passwords or security walls. In some instances, websites may alert search engines for certain web pages to not appear. The deep web is still accessible without any specific software or know-how to access, all that’s needed is the right login credentials and right access.

How the dark web works is a bit different. As mentioned, you can’t exactly access the dark web via Google or Bing. You need a specific type of software to access the dark web safely. “Darknet” refers to the overlay network in the internet that can only be accessed through special software or with specific authorization. The way to do so is through using Tor.

Tor—which stands for “The Onion Router”—is a piece of kit that bounces your traffic through random nodes across the globe, and tightly encrypts it every single time, making it incredibly difficult for anyone to track. Actual access to the dark web is done through the Firefox-based Tor browser which needs to be downloaded and installed. All traffic is automatically routed through Tor.

Dark web URLs are often long, random, and complex, making it hard for people to navigate towards what they’re looking for even when they’re actually on the dark web. There are a few dark web sites, however, that do index dark web pages. 

Actioning a purchase on the dark web is also somewhat involved. The currency used is exclusively bitcoin, which helps provide anonymity and, in turn, provides security for those buying and selling items and services on the dark web.

While this all may seem like going to extremes for what is essentially just browsing the web, accessing the dark web via the Tor Network prevents identification and the potential hacking from threat actors that float around the dark web and to help users stay anonymous. The anonymity is particularly attractive to users, especially as Tor can be used to browse the clear net as well, ensuring strong anonymity and protection no matter where a user goes during their session.

Conversely, the deep web isn’t indexed and can’t be searched for (much like the dark web) but it is technically accessible without any additional software—provided you have the right access and credentials.

What Threats Do The Dark Web And Deep Web Present To Business?

One of the reasons personal and company data is such an attractive target for threat actors is because it is often sold on to others on the dark web. Individual pieces of data and information (say, for one specific individual) aren’t that expensive—but an entire database full of information that’s been hacked from a company can certainly bring an attractive return on investment. Hacked cryptocurrency wallets and web service accounts (such as the aforementioned PayPal and Netflix) are also becoming more common on the dark web. 

Basically, whenever there’s a huge data leak, you can expect to find that leak on the dark web. In 2020 alone, several Fortune 1000 execs had their data leaked there, as well as more than 133,000 C-level Fortune executives.

Making sure any pertinent information or sensitive data doesn’t end up for sale on the dark web is an imperative for companies looking to protect theirs, their clients’, and their customers’ data.

And for the deep web? In and of itself, it doesn’t present any threats—but it is an attractive arena for threat actors as it is home to a lot of vital, sensitive information and data, such as financial accounts, email accounts, private databases, legal files, and more. Safeguarding the content kept on non-indexed web pages that a company has is pretty important, thus giving rise to the importance of proper web security measures.

Summary

While the deep and dark web may be just non-indexed web pages, that’s where their similarities end. They’re both purposefully hidden, though one is more to protect data and information and the other is to grant total anonymity. 

The dark web certainly carries a particular reputation, but the actual dark web itself isn’t inherently immoral, illegal, or bad but it does have bad people using it and without regulation this aspect of the dark web has been able to flourish. While it’s not bad in and of itself, you certainly don’t want your data making an appearance there, so establishing best practices and safeguarding against breaches and leaks is the best thing a company can do to avoid ending up there.