This article describes the value of each network and some popular sites within them. This site list is not exhaustive, and sites are constantly changing as they are removed or added.
The deep web includes websites and data that are non-discoverable by search engines within the surface web.
The term “deep web” is not interchangeable with the darknet— it includes the darknet, as well as password-protected or dynamic pages, encrypted networks, and internet archives. Much of the deep web’s content requires authentication to view, such as private banking pages, email accounts, and direct messages on social media. It is estimated that the deep web is at least 400-500 times the size of the surface web.
OpenBazaar is a decentralized, open-source marketplace launched in 2016. The network’s goal is to avoid the “middleman” involved in surface web commerce. Buyers and sellers on OpenBazaar use cryptocurrencies and engage directly to avoid fees associated with typical payment methods like Paypal. Users can also share as little or as much personal information as they want. There are over 20,000 sellers on OpenBazaar with user activity across 150 countries.
OpenBazaar is not inherently anonymizing, but can be accessed through Tor if users desire anonymity. The network does not cater to illicit exchanges, and the bulk of its transactions are not illegal. However, because it is decentralized, OpenBazaar has no way to accurately track or deal with illegal activity.
Illegal OpenBazaar listings are not indexed and are not always accessible by search engines within the marketplace. On the darknet, marketplace moderators assume the risk of running a site—but OpenBazaar users run software on their own computers, so each user assumes the risk of engaging in illicit transactions.
Telegram is a cloud-based instant messaging, voice, and video messaging service similar to WhatsApp. It’s considered to be one of the most secure messaging apps for several reasons:
Telegram allows groups with up to 200,000 members each. Groups can be public or private. Groups differ slightly from channels, which have no limit on the number of users in them. When users post in a channel, their identities aren’t shown. Only the name and avatar of the channel is revealed in this public format.
Telegram also offers access to their public API, which opens up endless possibilities for individuals to create games, get alerts, create data visualizations, build custom tools, and even exchange payments between users. API access to Telegram means that many of the conversations in public channels are largely discoverable to organizations gathering open source intelligence from online sources.
With over 200 million active users, it is no surprise that Telegram is a popular place to hold discussions about illegal activity. There have been many reports of phishing scammers using Telegram as their method of contact with victims.
Discord is a voiceover IP and messaging program. Discord’s user interface looks like a cross between Skype and Slack. It’s free to use, and is available as a web, mobile, and desktop application.
Within Discord, users can create their own servers and host private, password protected, or public channels within those servers. Channel moderators then send invitations to users in order for them to join a channel. Although it was originally built for the gaming community, its versatile chat, video, and voice capabilities have drawn in a diverse mix of 200 million users since December 2018.
Discord has been criticized for being vulnerable to attacks from cybercriminals, and the privacy and security of the platform has often been called to question. Beyond security issues, the conversations taking place on Discord have evolved to include adult, narcotic, or NSFW (Not Safe For Work) content. Discord is linked to discussions about illegal activity as well as the alt-right movement. In August 2017, it was discovered as a planning tool for organizing the “Unite the Right” rally in Charlottesville, VA.
IRC (Internet Relay Chat)
The IRC is an instant messaging application designed for large numbers of users to communicate in real-time. It was created in 1988 and has declined in popularity since 2003 as more users move to social media platforms and other messaging tools. The IRC still has close to 500 million active users and 250,000 channels.
Users require a client to connect to a server on one of the IRC networks. There are over 800 active IRC networks ranging from popular networks with over 10,000 users to smaller networks associated with specific locations or topics. The IRC has been associated with illegal file trading, denial of service (DoS) attacks and trojan/virus infections.
The IRC isn’t inherently designed for anonymity. Users must use a VPN or access the IRC through Tor to achieve user anonymity.
Some IRC networks include:
EFnet: The original IRC network’s “descendent.” It’s associated with illegally copied software, hackers, and DoS attacks.
Freenode: Peer technical support for free software and open source projects.
Undernet: One of the largest IRC networks with close to 1 million active weekly users.
The open web can be defined as an open network that is decentralized (control is shared by many parties), accessible (anyone can participate without requesting permission) and open-source (anyone can modify or improve it).
It can also be defined by what it isn’t: the internet’s “walled gardens” where content is centrally controlled and monetized (Facebook and Google, for example). These walled gardens provide an easier and more curated user experience, but at the cost of certain freedoms—algorithms control what content is published, and publishers are restricted to services that are built by the sites.
Content on the open web is publicly accessible but not necessarily indexed by common search engines like Google. The following are site examples on the open web with pages that may not be indexed:
4chan is an imageboard site with topics ranging from video games to sports. 4chan is also associated with subcultures and activism groups, such as the alt-right and denial of service (DoS) cyber attacks.Craigslist is a classifieds site used for hosting discussion forums and advertising goods, services, housing, and employment. Scams and sales of counterfeit or stolen goods are not uncommon on Craigslist.
LeoList is a classifieds site frequently used by sex workers. It has been linked to human trafficking cases.
Pastebin and similar sites are popular for hosting torrents, hacking data dumps and links to darknet sites.
The darknet goes deeper than the deep web. It is classified as any content intentionally hidden or anonymized online. The darknet is made up of websites that can only be accessed through the Tor browser. Because Tor creates user anonymity, it is a breeding ground for illicit activity, ranging from the sale of weapons, drugs, hitman services, and much more.
A more comprehensive list of darknet markets and forums can be found here.
The Tor browser was created by the U.S. Naval Research Laboratory in the 1990’s aiming to enable secure government communications. The name is derived from an acronym for the original software project name, "The Onion Router." Tor is the most well-known and widely used network on the darknet.
A Tor user’s internet traffic is routed through the Tor network and enters several randomized relays before exiting. This process makes it theoretically impossible to decipher which computer originally requested the traffic. This signifies the layering behind the “onion” browser creating user anonymity.
Tor Site Examples:
Tor sites have .onion as their top-level domain. The following are well-known .onion sites:
8chan was launched in 2013 and gained traction after 4chan banned posts affiliated with Gamergate (a widespread harassment campaign against women and progressivism in the gaming community). 8chan serves as an online hate-group for nationalists, neonazis, alt-righters, and misogynists to hold anonymous discussions.
The site is also associated with the 2019 Christchurch mosque and San Diego synagogue shootings. The latter’s perpetrator posted links to his manifesto and Facebook page before committing the attack. The site has 35,000 daily users.
The Daily Stormer is similar to 8chan: it’s an anonymous commentary forum for white-supremacists, anti-semites, and neo-nazis. It was founded in July 2013 and moved to the darknet in August 2017. The site is known for internet trolling and organizing harassment campaigns. It was used to help organize the “Unite the Right” rally in Charlottesville, Virginia in 2017.
Dread is like the darknet’s Reddit. It is modelled closely after Reddit, containing sub-communities and user moderators. The site is a forum, not a marketplace—but contains discussions on producing illegal substances, recommended dealers, and which other Tor sites are run by scammers or have been dismantled.
Hydra is a Russian-language darknet marketplace with individual vendor shops. The site takes measures to keep scammers and law enforcement from entering; it favours Russian vendors who are willing to pay hosting fees, and encourages trusted vendor-buyer communication before transactions take place.
Nightmare Market was launched in 2018 and contains listings for drugs, stolen data, counterfeit goods, and a variety of other illegal transactions. The Market supports escrow (third-party transaction arrangements) and has an affiliated discussion forum.
Silk Road 3.1 is a widely-used replacement for the original Silk Road, which was shut down in 2013. Of 50,000 listings, over half are related to illegal substances.
The Tochka Free Market was launched in 2015 and contains listings for a variety of goods and services, from drugs to stolen data. Tochka listings are available in English, Russian, German, Spanish, French, Italian, Serbian, and Turkish.
I2P (Invisible Internet Project)
I2P is an anonymizing network that focuses on secure internal connections and user communication rather than exchanging goods. Its primary function is to be a “network within the internet” with traffic contained within its borders. In the I2P network, hosted websites are known as “eepsites” and have .i2p as their top-level domain.
I2P Site Examples:
Bigbrother: for news
Sigterm: for privacy and security-related topics
Echelon: for topics related to I2P software
Forum: the oldest and most active forum on I2P
Id3nt: for microblogging
Anch: a Russian-language imageboard for anarchists
Theanondog: articles related to politics, security, and revolts
Visibility: a social network that supports file sharing, blog publishing, polls, page creation, etc.
Multimedia & File Sharing
Xl33t: for streaming movies, TV,and audio
Leecher: for downloading popular TV shows
Mp3arc: for music
Postman’s I2P Tracker: I2P’s main torrent tracker
ZeroNet is a peer-to-peer network launched in 2015. Every network peer acts as a server, making it decentralized and immune to censorship. ZeroNet is not inherently anonymous—but users can achieve anonymity through Tor. It’s also open-source; any user can clone and create their own versions of sites within ZeroNet.
ZeroNet Site Examples:
ZeroNet sites are based on the following ZeroNet sample sites:
ZeroBlog: for creating and editing decentralized blogs
ZeroTalk :for creating decentralized forums
ZeroMail: for engaging in encrypted peer-to-peer communication
ZeroMe: for decentralized microblogging, similar to Twitter
ReactionGIFs: for peer-to-peer file sharing:
ZeroChat: for engaging in real-time peer-to-peer chat messaging
Zeropolls: allows users to create, vote in, and view polls
ZeroWiki: a ZeroNet-focused wiki where users can create and edit topics
Some specific ZeroNet site examples include:
0rc: a decentralized messaging forum with topics related to the Internet Relay Chat (IRC).
KopyKate Big: a video-sharing site—like a decentralized version of YouTube or Vimeo.
Millchan: a decentralized imageboard site similar to 4chan.
Peeper: a microblogging site similar to Twitter.
Play: a BitTorrent site where users can access links to copyrighted movies.