Beacon currently navigates 8 data sources on the deep web and darknet: OpenBazaar, Telegram, Discord, IRC (Internet Relay Chat), the Open Web, Tor, I2P (Invisible Internet Project), and ZeroNet.
This article describes the value of each data source and some popular sites within them. This site list is not exhaustive, and sites are constantly changing as they are removed or added.
Deep Web Sources
The deep web includes websites and data that are non-discoverable by search engines within the surface web.
The term “deep web” is not interchangeable with the darknet— it includes the darknet, as well as password-protected or dynamic pages, encrypted networks, and internet archives. Much of the deep web’s content requires authentication to view, such as private banking pages, email accounts, and direct messages on social media. It is estimated that the deep web is at least 400-500 times the size of the surface web.
OpenBazaar is a decentralized, open-source marketplace launched in 2016. The network’s goal is to avoid the “middleman” involved in surface web commerce. Buyers and sellers on OpenBazaar use cryptocurrencies and engage directly to avoid fees associated with typical payment methods like Paypal. Users can also share as little or as much personal information as they want. There are over 20,000 sellers on OpenBazaar with user activity across 150 countries.
OpenBazaar is not inherently anonymizing, but can be accessed through Tor if users desire anonymity. The network does not cater to illicit exchanges, and the bulk of its transactions are not illegal. However, because it is decentralized, OpenBazaar has no way to accurately track or deal with illegal activity.
Illegal OpenBazaar listings are not indexed and are not always accessible by search engines within the marketplace. On the darknet, marketplace moderators assume the risk of running a site—but OpenBazaar users run software on their own computers, so each user assumes the risk of engaging in illicit transactions.
Telegram is a cloud-based instant messaging, voice, and video messaging service similar to WhatsApp. It’s considered to be one of the most secure messaging apps for several reasons:
- Chats can be destroyed when the conversation ends, or be automatically deleted with a self-destruct timer.
- Telegram boasts three layers of encryption, as opposed to the typical two layers touted by other messaging apps.
Telegram allows groups with up to 200,000 members each. Groups can be public or private. Groups differ slightly from channels, which have no limit on the number of users in them. When users post in a channel, their identities aren’t shown. Only the name and avatar of the channel is revealed in this public format.
Telegram also offers access to their public API, which opens up endless possibilities for individuals to create games, get alerts, create data visualizations, build custom tools, and even exchange payments between users. API access to Telegram means that many of the conversations in public channels are largely discoverable to organizations gathering open source intelligence from online sources.
With over 200 million active users, it is no surprise that Telegram is a popular place to hold discussions about illegal activity. There have been many reports of phishing scammers using Telegram as their method of contact with victims.
Discord is a voiceover IP and messaging program. Discord’s user interface looks like a cross between Skype and Slack. It’s free to use, and is available as a web, mobile, and desktop application.
Within Discord, users can create their own servers and host private, password protected, or public channels within those servers. Channel moderators then send invitations to users in order for them to join a channel. Although it was originally built for the gaming community, its versatile chat, video, and voice capabilities have drawn in a diverse mix of 200 million users since December 2018.
Discord has been criticized for being vulnerable to attacks from cybercriminals, and the privacy and security of the platform has often been called to question. Beyond security issues, the conversations taking place on Discord have evolved to include adult, narcotic, or NSFW (Not Safe For Work) content. Discord is linked to discussions about illegal activity as well as the alt-right movement. In August 2017, it was discovered as a planning tool for organizing the “Unite the Right” rally in Charlottesville, VA.
IRC (Internet Relay Chat)
The IRC is an instant messaging application designed for large numbers of users to communicate in real-time. It was created in 1988 and has declined in popularity since 2003 as more users move to social media platforms and other messaging tools. The IRC still has close to 500 million active users and 250,000 channels.
Users require a client to connect to a server on one of the IRC networks. There are over 800 active IRC networks ranging from popular networks with over 10,000 users to smaller networks associated with specific locations or topics. The IRC has been associated with illegal file trading, denial of service (DoS) attacks and trojan/virus infections.
The IRC isn’t inherently designed for anonymity. Users must use a VPN or access the IRC through Tor to achieve user anonymity.
Some IRC networks include:
EFnet: The original IRC network’s “descendent.” It’s associated with illegally copied software, hackers, and DoS attacks.
Freenode: Peer technical support for free software and open source projects.
Undernet: One of the largest IRC networks with close to 1 million active weekly users.
Open Web Sources
The open web can be defined as an open network that is decentralized (control is shared by many parties), accessible (anyone can participate without requesting permission) and open-source (anyone can modify or improve it).
It can also be defined by what it isn’t: the internet’s “walled gardens” where content is centrally controlled and monetized (Facebook and Google, for example). These walled gardens provide an easier and more curated user experience, but at the cost of certain freedoms—algorithms control what content is published, and publishers are restricted to services that are built by the sites.
Content on the open web is publicly accessible but not necessarily indexed by common search engines like Google. The following are site examples on the open web with pages that may not be indexed:
Gab, described as a "safe haven" for extremists including the alt-right, white supremacists, and neo-Nazis, is a popular social networking website. The platform is operated by the people for the people- it lacks overarching moderation and posts are instead "upvoted" to increase visibility. Gab stands by their mission of "defending free expression and individual liberty online for all people” by welcoming social media users banned from other platforms for violating their terms of service.
Mastodon is free, open-source software that is often seen as a progressive alternative to Twitter and a “utopian escape”. It is a decentralized, federated platform, meaning users are spread throughout independent communities, called instances, yet remain unified in their ability to interact with each other. Users post short messages called "toots" for others to see, and can adjust each of their post's privacy settings, including everything from direct messaging, to posted to the public feed. Mastodon differs from traditional social networks by allowing users to choose a specific server which has policies they agree with, or to leave a server that has policies they disagree with, without losing access to Mastodon's social network.
4chan is an imageboard site containing a wide range of topics. Like many imageboards, the site is populated with subcultures and controversial activist groups, such as the alt-right. 4chan threads also expire from the site after a short amount of time, making its content structure unique from other imageboards.
8chan (8kun’s predecessor) was an anonymous, extremist-friendly forum that was a breeding ground for bigotry and violence, where these ideals were not only tolerated, but encouraged. After three 8chan-linked mass-shootings, the popular board was taken offline in August of 2019. In November of 2019, the board was controversially rebranded as 8kun.
8kun is nearly identical to 8chan, eliciting many of 8chan’s users to flock to the new alt-right haven, notably QAnon. QAnon is a conspiracy theory group detailing a supposed secret plot against President Donald Trump, and claims that only a site structured like 8chan or 8kun could allow them to reliably communicate.
Users are presently constructing 8kun into a radical board similar to its precursor- transferring their boards from the offline 8chan and rebuilding their extremist community.
Endchan is a image board or "chan" site similar to other well-known image boards such a 4chan and the former 8chan. The site describes itself as "an anonymous imageboard that promotes ideas over identity." Although its user base isn't as large as more popular chan sites like 4chan, its purpose is similar—to provide an anonymous platform that promotes free expression. Assuming the site's demographics are roughly similar to 4chan, its user base is largely American males between 18-34.
A lot of content on Endchan is harmless—ranging from news commentary to software discussions. However, like other chan sites, Endchan is populated with users either migrating from other chan sites taken offline (ie. 8chan), or banned from more heavily moderated or centralized platforms for expressions of hate speech or extreme ideologies. Endchan is linked to the 2019 Bærum mosque shooting in Norway, where a user posted suggestive content referencing Brenton Tarrant shortly before opening fire in the mosque.
Raddle is a web-based forum where users can post pictures, discussions, and links. With a mission statement of "to give the people control over their own community, with full transparency and accountability between mods, admins and users", Raddle aims to stand out from its forum-based competitors through their zero tolerance policy. Raddle actualizes the anonymity-seekers' dream: a platform to share opinions completely devoid of tracking, ads, user-profiling, or collection/sharing of data or IP addresses.
Marketed as “the front page of the internet”, Reddit is an extremely popular social news, content rating, and discussion website. Unlike 4chan, users have personal accounts that still allow them to remain pseudonymous. Reddit is divided into communities called subreddits, and there’s a subreddit for just about everything. Within these subreddits users create relationships with other like-minded individuals and contribute to distinct internet cultures, like “TodayILearned” or “LifeHacks”.
It has spawned many trends including a set of now widely-recognized abbreviations, such as AMA (Ask me anything), IMO (In my opinion), or IRL (In real life). View a more comprehensive list on Reddit's help site.
Craigslist is a classifieds site used for hosting discussion forums and advertising goods, services, housing, and employment. Scams and sales of counterfeit or stolen goods are not uncommon on Craigslist.
LeoList is a classifieds site frequently used by sex workers. It has been linked to human trafficking cases.
DeepPaste is a dark website that allows users to publish plain text anonymously. It is similar to other paste sites in its basic functionality as a text-sharing site. However, DeepPaste’s heightened anonymity on the Tor network means that the site is populated with nefarious content that would be removed from moderated open websites like Pastebin.
Some examples of DeepPaste content includes users sharing .onion links for other Tor sites, users offering illegal goods or services (e.g. financial fraud, ransomware, child pornography, human trafficking, narcotics), and personally identifiable information breaches (doxxing). Even though the site claims that child pornography is “not welcome,” site admins are prohibited from censoring or deleting content.
The site has a simple interface, organizing content by the latest public pastes and the top latest public pastes. Unlike Pastebin, users must be registered to create or comment on pastes. According to the site’s counter, DeepPaste gets about 400K-500K views per day.
Pastebin and similar sites are popular for hosting torrents, hacking data dumps and links to darknet sites.
The darknet goes deeper than the deep web. It is classified as any content intentionally hidden or anonymized online. The darknet is made up of websites that can only be accessed through the Tor browser. Because Tor creates user anonymity, it is a breeding ground for illicit activity, ranging from the sale of weapons, drugs, hitman services, and much more.
A more comprehensive list of darknet markets and forums can be found here.
The Tor browser was created by the U.S. Naval Research Laboratory in the 1990’s aiming to enable secure government communications. The name is derived from an acronym for the original software project name, "The Onion Router." Tor is the most well-known and widely used network on the darknet.
A Tor user’s internet traffic is routed through the Tor network and enters several randomized relays before exiting. This process makes it theoretically impossible to decipher which computer originally requested the traffic. This signifies the layering behind the “onion” browser creating user anonymity.
Tor Site Examples:
Tor sites have .onion as their top-level domain. The following are well-known .onion sites:
8chan was launched in 2013 and gained traction after 4chan banned posts affiliated with Gamergate (a widespread harassment campaign against women and progressivism in the gaming community). 8chan serves as an online hate-group for nationalists, neonazis, alt-righters, and misogynists to hold anonymous discussions.
The site is also associated with the 2019 Christchurch mosque and San Diego synagogue shootings. The latter’s perpetrator posted links to his manifesto and Facebook page before committing the attack. The site has 35,000 daily users.
The Daily Stormer is similar to 8chan: it’s an anonymous commentary forum for white-supremacists, anti-semites, and neo-nazis. It was founded in July 2013 and moved to the darknet in August 2017. The site is known for internet trolling and organizing harassment campaigns. It was used to help organize the “Unite the Right” rally in Charlottesville, Virginia in 2017.
Dread is like the darknet’s Reddit. It is modelled closely after Reddit, containing sub-communities and user moderators. The site is a forum, not a marketplace—but contains discussions on producing illegal substances, recommended dealers, and which other Tor sites are run by scammers or have been dismantled.
Hydra is a Russian-language darknet marketplace with individual vendor shops. The site takes measures to keep scammers and law enforcement from entering; it favours Russian vendors who are willing to pay hosting fees, and encourages trusted vendor-buyer communication before transactions take place.
Nightmare Market was launched in 2018 and contains listings for drugs, stolen data, counterfeit goods, and a variety of other illegal transactions. The Market supports escrow (third-party transaction arrangements) and has an affiliated discussion forum.
Silk Road 3.1 is a widely-used replacement for the original Silk Road, which was shut down in 2013. Of 50,000 listings, over half are related to illegal substances.
The Tochka Free Market was launched in 2015 and contains listings for a variety of goods and services, from drugs to stolen data. Tochka listings are available in English, Russian, German, Spanish, French, Italian, Serbian, and Turkish.
I2P (Invisible Internet Project)
I2P is an anonymizing network that focuses on secure internal connections and user communication rather than exchanging goods. Its primary function is to be a “network within the internet” with traffic contained within its borders. In the I2P network, hosted websites are known as “eepsites” and have .i2p as their top-level domain.
I2P Site Examples:
Bigbrother: for news
Sigterm: for privacy and security-related topics
Echelon: for topics related to I2P software
Forum: the oldest and most active forum on I2P
Id3nt: for microblogging
Anch: a Russian-language imageboard for anarchists
Theanondog: articles related to politics, security, and revolts
Visibility: a social network that supports file sharing, blog publishing, polls, page creation, etc.
Multimedia & File Sharing
Xl33t: for streaming movies, TV,and audio
Leecher: for downloading popular TV shows
Mp3arc: for music
Postman’s I2P Tracker: I2P’s main torrent tracker
ZeroNet is a peer-to-peer network launched in 2015. Every network peer acts as a server, making it decentralized and immune to censorship. ZeroNet is not inherently anonymous—but users can achieve anonymity through Tor. It’s also open-source; any user can clone and create their own versions of sites within ZeroNet.
ZeroNet Site Examples:
ZeroNet sites are based on the following ZeroNet sample sites:
ZeroBlog: for creating and editing decentralized blogs
ZeroTalk :for creating decentralized forums
ZeroMail: for engaging in encrypted peer-to-peer communication
ZeroMe: for decentralized microblogging, similar to Twitter
ReactionGIFs: for peer-to-peer file sharing:
ZeroChat: for engaging in real-time peer-to-peer chat messaging
Zeropolls: allows users to create, vote in, and view polls
ZeroWiki: a ZeroNet-focused wiki where users can create and edit topics
Some specific ZeroNet site examples include:
0rc: a decentralized messaging forum with topics related to the Internet Relay Chat (IRC).
KopyKate Big: a video-sharing site—like a decentralized version of YouTube or Vimeo.
Millchan: a decentralized imageboard site similar to 4chan.
Peeper: a microblogging site similar to Twitter.
Play: a BitTorrent site where users can access links to copyrighted movies.