Image Alt Text
technology and security

How dangerous is the dark web? (and ways to protect your identity)

When it comes to online browsing, the dark web has a mysterious and murky reputation as a hive of criminal activity, but what is it exactly?

The dark web is part of the internet’s deep web, a segment of the World Wide Web that’s not indexed by web search engines. Sites on the dark web are intentionally hidden so that they can’t be accessed by a traditional web browser.

Instead, you need to use a special web browser, such as the Tor Browser or the Onion Router, that has an encrypted IP address to conduct a dark web search and non-indexed pages and web content.

Research suggests that the deep web makes up the majority of the internet at 96 to 99 percent, while the surface web only accounts for 1 to 4 percent. Other estimates indicate that the dark web only makes up 0.01% of the deep web.

Is the dark web illegal?

While the dark web gets a lot of bad press on most news sites, it isn’t illegal to visit, and not all of its web content is illicit or unsavory.

For example, free speech advocates that political dissidents of oppressive regimes, journalists, and activists simply use dark web sites as a forum to communicate without being monitored by surveillance agencies. 

That being said, the anonymous nature of the dark web is a natural magnet for criminals to conduct illicit activity, including selling personal data on web marketplaces, selling narcotics and illegal drugs on the Silk Road, trading firearms, child abuse images, promoting terrorism, cyberattacks, and hitman-for-hire schemes.

How can you access the dark web?

As mentioned above, you can access the dark web by using the Tor Browser. Essentially, the Tor Browser routes your device’s web page requests through multiple proxy servers on volunteer machines that are distributed across the globe to make your IP address untraceable.

After downloading the Tor Browser from, you can route your traffic through the encrypted TOR network to prevent your ISP and government agencies from tracking your internet activity under layers of encryption. 

You can then use the hidden wiki to navigate, which acts as a directory of .onion links to other dark web sites.

It’s worth noting that Tor isn’t just used to visit the dark web; it can also be used to hide your activity when browsing on the surface web. 

Is the dark web really anonymous? 

On paper, using the Tor browser means that neither the sites you visit, nor law enforcement can snoop on your activity and identify you. 

Although Tor isn’t impenetrable in practice, hackers and law enforcement have developed techniques to identify users on the dark web.

One of the main security limitations is the TOR network itself. In 2007, a security researcher hosted five Tor exit nodes to intercept passwords and messages sent by various email accounts. 

Reflecting on the exercise, the researcher suggested it was likely that governments and hackers were also setting up volunteer nodes to intercept information. 

For example, when accessing the entrance of the network, owners of Tor nodes can identify the user's IP address when they connect to the service. On the other hand, the final tor node in the chain decrypts communications before delivering them to the end server, which enables the owner to see all communications between the user and the server.

So, when visiting the dark web with Tor, it’s important to remember that hackers and intelligence agencies do have techniques they can use to harvest your data, so it's vital to use a virtual private network (VPN).

Is using a VPN enough to protect your identity when browsing the dark web?

While using a VPN is a good step for protecting your identity when using the dark web, that doesn’t mean your data is completely protected. You’ll also want to make sure you have plug-ins like JavaScript and Flash disabled; otherwise, you run the risk of them leaking your IP address to hackers and federal authorities. 

However, even if you do use a VPN and disable JavaScript and flash, it’s important to remember that you can’t guarantee complete anonymity. If a hacker or law enforcement agency takes an interest in your activities, they can always find out more information about you if they put the time in.

However, the good news is that if you don’t draw attention to yourself or engage in criminal activities, it’s unlikely that law enforcement or malicious actors will spend the time and resources necessary to find out more information about you.

Why was the dark web created?

The dark web was originally created in the 1990s by the US government, when scientists Paul Syverson, David Goldschlag, and Michael Reed created the concept of “Onion routing” at the U.S Naval Research Laboratory. Onion routing enables entities in the intelligence community to communicate anonymously.

Onion routing was then patented by the US navy in 1998, until 2006 when Syerson and Roger Dingledine founded The Onion Routing Project, or Tor Project, as a non-profit organization in 2006.

From the beginning, the core concept of the dark web was to provide users with a virtual space to communicate together anonymously. The idea was to provide the US government with a forum to conduct covert operations and for citizens under oppressive regimes to dissent.

As a business owner, why should I be worried about the dark web?

Business owners shouldn’t necessarily be worried about mysterious threats on the dark web, but they should be aware that all employees have identities, which could be compromised and leaked on the dark web at some point or another.

Identity and credential theft is so common on the dark web that it contains over 15 billion stolen passwords, as cybercriminals will often leak or sell information harvested from data breaches to assist other criminals. 

Being aware about the risk of dark web leaks is vital for preventing your organization from falling victim to a data breach because it lets you know when you're vulnerable.

For example, if an employee uses an enterprise service like Microsoft 365 and an attacker breaks into the company’s internal systems and places it on the dark web, you need to be able to monitor and detect this as a business owner, so that you can notify the employee to change their login credentials before their details are exploited. 

Ultimately, the best offense is a great defense. That’s why all employees of any business must be trained on the latest ways to protect themselves from identity theft and various types of cyberattacks, including phishing scams, social engineering attacks, imposter scams, and more.

Who typically uses the dark web? 

Just like the surface web, a wide range of individuals use the dark web. On one end of the spectrum, you have government, military, and law enforcement personnel, who use the dark web to keep tabs on illegal activity to catch criminals. On the other end, you have criminals who engage in illicit acts, such as buying and selling weapons and drugs on dark web marketplaces, coordinating terrorist attacks, human sex trafficking, and other crimes.

Somewhere in between, you have those users who are exploring out of curiosity by buying and selling bitcoin and cryptocurrency to those who are attempting to sidestep political censorship in countries that forbid free press or free speech, such as North Korea or even China. 

In a nutshell, the following groups use the dark web: 

·     Whistleblowers

·     Political dissidents

·     Activists

·     Journalists

·     Law enforcement

·     Intelligence agencies

·     Criminals and hackers

What happens on the dark web? 

As mentioned above, lots of things happen on the dark web, such as sensitive intelligence communications, whistleblowing, activism, phishing scams, malware and trojans, underground black market weapon or drug exchanges, and other criminal activities.

Once again, while the dark web isn’t an inherently bad place, the reality is that any area where anonymity is largely protected will become a hotbed for criminals to engage in illegal acts that are away from the prying eyes of the FBI and other law enforcement agencies.

What illegal things are available on the dark web?

Any illegal act or trade you can think of can probably be found on the dark web, whether it’s buying or selling narcotics, child pornography, sex trafficking, or other black markets. 

However, it’s important to note that it's not uncommon for individuals to create fake websites that are designed to shock casual browsers with disturbing images or back stories.

One of the most valuable commodities available on the dark web is consumer’s personal information that hackers have harvested from past data breaches.

How does the dark web actually work?

Once again, you need an anonymous browser called Tor to access the dark web. Tor’s browser uses a network of volunteer-run encrypted servers known as Tor relays. Tor relays anonymize your web traffic, so that your online activity can’t be traced by authorities. 

This approach is designed to prevent snooping from world authorities and protect the user’s privacy, so that they can browse without being monitored by surveillance agencies. 

While Tor is designed to provide you with a certain level of anonymity, it’s a good idea to use a VPN to not only connect to the Tor network from a different IP address than your normal one, but also disable Flash and JavaScript to lower the chance of anyone identifying you.

What are the risks of using the dark web?

When accessing the dark web, there are some key risks that you need to be aware of. The first is that hackers and scammers often like to use the dark web to gather personal information with phishing scams and fake websites. 

Another risk is that the dark web is a minefield of illegal activity, which means that if you click on the wrong thing, you could not only be committing a serious crime, but also encounter distressing material that impacts your mental health, such as child pornography or snuff films. 

In addition to the distress of encountering illegal or disturbing material, you may also catch the attention of law enforcement agencies if you access something they’re monitoring.

So, while there are many segments of the dark web with legitimate and inoffensive content, it’s important to be aware of the risks, so that if you do decide to browse, you can take steps to browse safely.

Even if you don’t visit the dark web, you need to be aware that cybercriminals can, and will, leak your data, if it’s exposed in a data breach of any service provider that you’re a customer of.

What can be done with your information on the dark web?

The anonymity of the dark web makes it an ideal marketplace for cyber criminals, who use it as a medium to sell data they’ve harvested from data breaches of other organizations. 

For example, a hacker can break into a company's internal systems, steal the login credentials and personal details of thousands of customers, and then offer to sell that information to other hackers for a profit on the dark web. 

There are a lot of hacker forums on the dark web where cyber criminals will meet to discuss hacking techniques and sell data they’ve stolen from other users.

How can you detect and prevent your information from being posted/stolen on the dark web? 

The easiest way to protect your information from being leaked on the dark web is to sign up for an identity theft protection service that offers dark web monitoring.

A dark web monitoring service will scan the dark web 24/7 for your personal details, so that once someone leaks them on a forum, you’ll receive a notification from a support representative who will help advise you on actions to take to protect your identity.

Dark web monitoring is useful because it lets you to see the moment your details are released, enabling you to start changing your passwords and credit card numbers before someone can use them to steal your identity.

What is a dark web scan?

A dark web scanner scans the dark web for personal details, such as online accounts, credit details, social security numbers (SSN), bank account numbers, and ID numbers, and notifies you if your information has been leaked so you can react before someone steals your identity.

While modern dark web scanners are comprehensive, the dark web is such a large convoluted place that no service offers complete coverage of personal details that are exchanged privately or on gated sites.

That being said, using a dark web monitoring service does offer you comprehensive coverage of the most common places that your information is likely to be leaked online. 

What can a dark web scanner help me with?

A dark web scanner can help prevent you from falling victim to identity theft. When your information is released online, there’s a narrow window for you to take action and respond before fraudsters can use it. 

For example, if someone leaks your Gmail account password, you can receive a notification from your service provider and change your password before someone tries to login and steal your identity. 

In this sense, the biggest advantage of using a dark web scanner is having a heads-up notification when your information is publicly disclosed, so that you can react before someone has a chance to use your information to commit identity theft.

What should I do if my information is found on the dark web? 

If your information is released on the dark web, you should immediately identify all compromised information and jot down what you need to do to respond and protect yourself from identity theft.

If an online account password is leaked, change it. If your credit card details have been leaked, contact your card provider and request new details. 

You can also freeze your credit report to prevent fraudsters from applying for credit in your name. In the event that your SSN has been stolen, report it to the Federal Trade Commission and your local police department 

It’s worth noting that an identity theft protection service with white-glove incident response will be able to provide you with detailed support and guidance on the immediate actions you can take to protect your identity, avoid any further disruption, and guide you through the process.

What are some ways I can protect my identity online?

As a general rule of thumb, you can prevent identity theft by being cautious about what information you share with friends and family, and avoiding posting any sensitive information on social media that an attacker can use to gather information about what sites and services you use.

You can protect yourself further by using an identity protection service to monitor the surface web and dark web websites. Doing so will immediately identify if your data is leaked online, so that you can respond before it's too late.

Don’t be scared; be cautious

While the dark web has a scary reputation, you can protect yourself from any nasty surprises and maintain your cybersecurity by signing up for an identity theft protection service to catch leaked information. And if you decide to visit the dark web, use a VPN to protect your identity and online banking accounts.

Like most technologies, the dark web is a tool that can be used constructively or negatively according to the user’s choices. If you want to browse the dark web, make sure you do so safely, and be cautious of visiting any site that could be engaging in illegal activity or infect your device with malware or ransomware.

Recommended for you

Mail icon
Get the latest to your inbox
No Thanks

Get the latest to your inbox

Relevant resources to help start, run, and grow your business.

By clicking “Submit,” you agree to permit Intuit to contact you regarding QuickBooks and have read and acknowledge our Privacy Statement.

Thanks for subscribing.

Fresh business resources are headed your way!

Looking for something else?


From big jobs to small tasks, we've got your business covered.

Firm of the Future

Topical articles and news from top pros and Intuit product experts.

QuickBooks Support

Get help with QuickBooks. Find articles, video tutorials, and more.