The dark web has a shady reputation. Hidden below the transparency and visibility of the internet's surface, the complex anonymity networks that make up the dark web host and distribute all kinds of murky content: illicit drugs, child abuse material, illegal weapons, extremist paraphernalia, and more.
But the dark web is also a misunderstood place, and the connotations its name conjures up aren't representative of the vast majority of activity that takes place within its anonymous confines, according to new research.
A new study led by cybersecurity researcher Eric Jardine from Virginia Tech suggests that only a small fraction of the dark web is being used to access hidden sites – and, in this case, the hidden activity isn't even necessarily illicit activity (although, given the dark web's shadowy corners, it could be).
In the study, Jardine and his team analysed data from the Tor network, generally considered to be the largest and most popular network enabling anonymous, private access to the uncensored web, via use of special software that connects to a system of onion routers, designed to ensure the user's anonymity.
There's nothing necessarily immoral or wrong about any of this, by the way. The deep web, as it is known, is simply the parts of the internet that aren't indexed by regular search engines (as opposed to the surface web). Part of the deep web, however, is the dark web, and parts of the dark web do host malicious content.
For this reason, the researchers wanted to gauge how much of the Tor network might be being used for hidden (and potentially malicious) purposes. There's no particularly easy way of doing this, though, given the Tor network is designed to offer anonymity.
But by monitoring data signatures collected from Tor entry nodes, the team was able to differentiate between users using Tor to anonymously access regular sites on the surface web, and others employing the system to access hidden content within the dark web.
Surprisingly enough, the researchers found just 6.7 percent of global users were using Tor to access hidden services on the dark web (which might or might not provide illegal or objectionable material).
"We found that most Tor users head toward regular web content that could likely be considered benign," Jardine says.
"So even though the Tor anonymity network can be used for some highly malicious purposes, most people on an average day seem to use it more as a hyper-private version of Chrome or Firefox."
Even more interestingly, the analysis showed that the use of Tor to access hidden services or regular web content differed between liberal democratic nations and countries with more repressive laws and rights.
"The average rate of likely malicious use of Tor in our data for countries coded by Freedom House as 'not free' is just 4.8 percent," the authors write in their paper.
"In countries coded as 'free', the percentage of users visiting Onion/Hidden Services as a proportion of total daily Tor use is nearly twice as much or ~7.8 percent."
In other words, people living in liberal democracies are more likely to exploit the dark web for malicious purposes, whereas users living under repressive regimes in non-democratic countries might be more likely to use Tor to circumvent local censorship restrictions and access free information on the internet.
There are a few assumptions being made in this analysis, though, and the Tor Project itself – an incorporated non-profit in the US, has objected to some of the study's findings.
"The authors of this research paper have chosen to categorise all .onion sites and all traffic to these sites as 'illicit' and all traffic on the 'Clear Web' as 'licit'," executive director of the Tor Project, Isabela Bagueros, told Ars Technica.
"This assumption is flawed. Many popular websites, tools, and services use onion services to offer privacy and censorship-circumvention benefits to their users. For example, Facebook offers an onion service. Global news organisations, including The New York Times, BBC, Deutsche Welle, Mada Masr, and Buzzfeed, offer onion services…
"Writing off traffic to these widely-used sites and services as 'illicit' is a generalisation that demonises people and organisations who choose technology that allows them to protect their privacy and circumvent censorship."
It's worth pointing out that Jardine and his team do acknowledge in their study that the dark web can contain socially beneficial content, and they also concede that the clear/surface web hosts troubling content.
Nonetheless, they justify their "probabilistic" conclusions that access to hidden .onion sites and services is likely for malicious purposes by pointing to previous research suggesting that the hidden dark web sites are disproportionately used for illicit purposes.
If they're right, the findings suggest the harms of the dark web could be clustering in free countries hosting the infrastructure, while the benefits are more likely to proliferate in repressive countries.
While the study is likely to be debated further, it makes for some complicated takeaways – and the dark web was already plenty complicated.
"'Free' countries are likely bearing an increased social cost of some size (via the harms from hosted child abuse content, illicit drug markets, etc.) so that those in not free regimes might have access to a robust anonymity-enhancing tool," the researchers write.
"Determining if these increased costs are an acceptable burden to pay so that others might exercise basic political rights is an important normative debate to which the present study supplies some modest empirical results."
The findings are reported in PNAS.