The Dark Web, Tor, and Anonymity as a limit to Big Tech
The myth of the Dark Web. Tor as a barrier to Big Tech's “surveillance capitalism.” Why anonymity is now an act of resistance.
25 de feb. de 2026 — Juan Brodersen
Humanity has never created as much information as it has today. It is said that between 2014 and 2017, as much was produced as from prehistory up to 2014. While much of that repository used to be text, video, and audio on physical media, today it consists of ones and zeros. And there’s a metaphor of an Iceberg that tells us that a good portion is inaccessible.
Welcome to the realm of the “Dark Web.” One of the biggest myths of the internet.
The dark web appears as a nook where the sale of personal, corporate, and state data, stolen credit cards, drugs, and all kinds of illicit activities converge in cyber-dantesque circles that can be visited if you know what apps to download and which addresses to visit.
Marcelo Acevedo
It is said that, within this iceberg of information, everything we find while browsing search engines like Google is the “surface web,” indexed and locatable. After all, Google is not the web, but rather a (once) very good index of it. Below that lies the “Deep Web,” or unindexed content, such as databases, emails, bank accounts, and what’s behind a login screen. And, at the very bottom, the Dark Web, which is also unindexed, filled with all its illicit activities.
Unlike the so-called “clearnet” (the web we access every day, transparent, accessible to anyone, and locatable by Google), in this Dark Web, you need to know where to go. There’s no search engine; instead, you actively visit specific underground corridors.
Now, the idea of a hidden corpus seems to have accompanied us forever. From the lost texts of Aristotle during the Middle Ages, to a secret area in Doom, to a hidden track at the end of an album, it seems there has always been a “gatekeeper” controlling who gets access and who doesn’t.
Tor, a browser that, unlike Chrome and Firefox, prioritizes anonymity, occupies that place as a portal to the unknown (and dark). But the paradigm is much larger: The Tor Project is a bet on a web outside the surveillance capitalism of Big Tech, which has little to do with the Dark Web and more with a different conception of what the internet is.
Its creator, along with two hackers and an engineer, unravels the knot of the Dark Web, one of the biggest myths in digital popular culture in recent decades.
“The Dark Web doesn’t exist”
Before taking any step towards the depths of the iceberg, it’s important to remember a fundamental difference. Internet and the web are not the same. The internet is the infrastructure that supports everything: protocols, routers, cables, chips, silicon. The web is a service that operates over the internet, using the HTTP (hypertext) protocol.
All of this falls under what is known as the “clearnet,” an accessible network, without much fuss. You open Google Chrome, Firefox, Safari, search or type an address, and you enter. Almost everything for everyday use by the average user runs here.
The percentages of the iceberg (4%, 90%, 6%) are outdated estimates. The Deep Web is not a clandestine underworld but everything that is not indexable by a search engine: your email, your online banking, or private databases. Thinking that the unindexed is illegal is like assuming that everything that happens inside a house is a crime.
In fact, there is no single definition of the Dark Web, but the term is often seen in mainstream media to associate it with a realm of illicit activities that exists on the web but is not easily accessible.
“The Dark Web doesn’t exist. Criminals are everywhere, including WhatsApp, Signal, Telegram, Facebook, Instagram, VK, and more. Does all that seem dark to you? Because it doesn’t to me. The place where criminals gather to discuss and do business depends on the type of activity they engage in,” says a hacker who tracks threats for an international company.
“In the case of Russian speakers, such as affiliates and operators of ransomware or groups dedicated to extortion, they often move in specific forums like Exploit[.]in, XSS, Duty Free, Rehub, and TierOne,” he lists. Many of them are accessible via the “normal” web. Threat actors move for convenience, language, and business model.
Eddie Fitte
Most operate on a registration, credit, and reputation system, which is sometimes only accessible by invitation from a third party. “It depends on the forum. Some are open with registration and reputation systems, others operate by invitation or payment (often in cryptocurrencies like XMR), and the most exclusive require a validation process by active members,” adds another hacker who frequents these sites.
The most famous case is that of BreachForums, perhaps the most well-known marketplace for personal data, where personal information has been put up for sale not only from Argentine citizens but also from states and companies around the world. The site has always been accessible via the clearnet. That is, through any browser, typing in the URL that, although it has migrated countless times (Breached, RaidForums) due to its illicit nature, has always been easily locatable by Google.
Juan Ruocco 🧙♂️
“I won't name the most well-known forums, but I can say that most are accessed via the clearnet, although the two or three important ones have their onion version on Tor. Interestingly, some are on both, but people prefer to access via clearnet, and it’s especially noticeable when a domain goes down and everyone complains (the Tor ones almost never go down),” says a cybercriminal data broker to 421.
Perhaps a large part of the association between the Dark Web and Tor is due to Ross Ulbricht, founder of Silk Road, one of the most well-known online black markets in the world. A character worthy of a separate article, sentenced to life in 2015 and, 10 years later, pardoned by U.S. President Donald Trump under the guise of a promise made at the 2024 Libertarian National Convention.
It’s also linked to ransomware, a type of malware that encrypts a victim's information to make it inaccessible and demands a ransom in cryptocurrencies in return. Generally, ransomware groups operated on sites accessible via Tor, a project with a much broader focus that found itself caught in the crossfire between cybercriminals, dark clients, and law enforcement.
The Tor Project: The Cost of a More Anonymous Web
“What do you think is the largest site on the Dark Web? A drug-selling site or some other illegal activity? No. It’s Facebook. And it is because an internal study by the company from ten years ago revealed that a million people connected through Tor. Obviously, there are people who want privacy.” This idea was presented by Roger Dingledine, founder of The Tor Project, at Ekoparty 2025, the largest hacker convention in Latin America. Before a packed audience, the engineer and mathematician explained (perhaps for the thousandth time) why Tor is not “the Dark Web.”
Tor is an infrastructure designed to reduce user exposure on a network that, by design and business, tends to log and profile every movement. The name comes from The Onion Router and implies a logic of encapsulating traffic in multiple layers of encryption that are routed through different nodes before reaching the open web, making the origin of the connection very difficult to trace.
“Without Tor, when you load a website, that site can know your real IP address, and anyone spying on that internet connection can see that you’re accessing that site. When you load it through Tor, your connection bounces through a series of nodes in the network. The first node knows your real IP address but doesn’t know where you’re headed, the second node knows nothing, and the third knows where you’re going but doesn’t know your real IP address. The final site you visit only knows that you came from Tor,” explains Micah Lee, an information security engineer and data journalist, to 421.
Author of the book Hacks, Leaks and Revelations (a bible for anyone interested in data leaks), Lee recalls that Tor “is private and anonymous in the sense that the sites you visit cannot know your IP address, and anyone monitoring internet traffic cannot see what you’re doing, beyond the fact that you’re using Tor.”
In Tor, no node simultaneously knows who the user is and what the final destination is. This distributed design makes it considerably more complex to trace the real origin of the connection. The project originated at the U.S. Naval Research Laboratory and was later developed by the community as a civil tool for protection against widespread surveillance.
Sociologist Shoshana Zuboff described the dominant model of the internet as "surveillance capitalism": an economy based on the systematic extraction of personal data. In that landscape, Tor emerges as a technology that introduces friction into the model that has allowed Big Tech to grow larger than ever.
Its expansion was linked to contexts of censorship and state control. During the Arab Spring, it was one of the tools that allowed people to bypass blocks and access information. Over time, major international media outlets like The New York Times, BBC, ProPublica, and Deutsche Welle published versions of their sites accessible as onion services, specifically for readers who need anonymity.
Tor is by no means a bulletproof digital shield. "Using VPNs, Tor, ProxyChains, and other tools helps users conceal their IP address and other information. But there are ways to be discovered. What if there are compromised Tor nodes and you're not using a VPN? Those controlling those nodes could obtain your IP address," says one of the hackers consulted for this piece.
"What if someone sends you a file through qTox [a p2p protocol] and you're not using a VPN? The person who sent the file can obtain your IP address. There are several examples of how your IP, geolocation, and more can be obtained. It all depends on each person's opsec [operational security]," they explain. This is often a common suspicion among those running Tor nodes (which is why it's absolutely discouraged for individuals to run an exit node): that they could be monitored by security forces, something impossible to know ex ante due to the anonymous nature of the protocol.
"Anonymity involves much more than just hiding your IP address. If you log into your Gmail account through Tor, or use a username linked to your real identity, or mention in a chat where you grew up, or make any number of other slip-ups, it can be easy to de-anonymize you. If you want to do things anonymously on the Internet, Tor can be an important tool to help you, but it's just one piece of the puzzle. You also have to do everything else correctly," Lee adds.
This largely underpins why, ultimately, a project like Tor goes beyond illicit use: if a technology like this were banned, cybercriminals would continue to operate through the vast array of means available today, beyond the onion network.
Some even argue that Tor is funded by the U.S. government because they prefer cybercrime to be concentrated in one place rather than spread across different sites. This is debatable when we consider the number of sites, protocols, and messaging services that operate with easily downloadable applications from the web, Apple's App Store, or Google Play (like Telegram).
Why anonymity on the web matters
Anonymity on the web is, in 2026, increasingly complicated. But perhaps, it has rarely been so desirable.
"One of the things that worries me is the avalanche of age verification laws popping up around the world, and the fact that large corporate platforms, which concentrate a huge portion of online conversations, are complying with them. For example, Discord will soon require users to present a government-issued ID or other mechanisms to prove who they are in order to access certain features, and this trend continues to expand," says Lee.
"There will always be ways to communicate and publish information anonymously, but it can become much more difficult to get your message out if you're excluded from the major platforms. And with fascists firmly in power in the United States, it's wise for people around the world to stop relying on American platforms that bow to Trump's censorship demands. The outlook is grim," he concludes.
Roger Dingledine, founder of Tor, also expressed concern about the current situation: the average user doesn't fully understand under what model they are using the web.
"One of the major challenges we continue to face in the world is whether people can make decisions for themselves about their data, or if those decisions should be left in the hands of companies and governments. We see this conflict in authoritarian governments like Russia and Iran, which try to censor the internet and block users from being able to inform themselves or express themselves freely," says Dingledine.
"But we also see it in what used to be traditional democracies, where we allow companies to accumulate power and money by spying on users, while at the same time our governments seem eager to centralize control," he adds.
"For me, the only answer to this corporate surveillance capitalism and these backsliding democracies is to return power to the citizens. That's why decentralized tools like Tor are so important for our freedoms, both now and in the future," Roger Dingledine concludes in conversation with 421.
The first step is to stop calling a project like Tor the Dark Web, which, with all its counterpoints, presents an alternative model to the permanent surveillance of Meta, the data commercialization of Google, and the inevitable toll of identifying oneself with name and ID to participate in online conversation.
