Hackers, drugs and porn. The dark web is easy to distill into cliché. It’s a bad place where bad people do bad things, usually while wearing hoodies and ruining their eyesight hunching over a laptop in a darkened room.

But there’s something more to the dark web, too. It’s a tiny enclave where the real promises of the internet - freedom, anonymity, privacy - are, for the most part, still intact.


“The dark web isn’t for a single purpose,” says Sarah Jamie Lewis, an anonymity and privacy research who maps the dark web, exploring how its sites are connected by links, shared bitcoin addresses or other identifiers. At the end of September she’s speaking at WIRED Security in London on September 28.

For plenty of people, including those in marginalised communities or people live under authoritarian regimes, using the internet anonymously is a matter of survival. It allows them to live their lives and communicate without the fear of their government, or any other malicious observer, keeping tabs on what they’re doing.

Read next These are the startups changing the future of cybersecurity These are the startups changing the future of cybersecurity

The dark web is designed to allow people to browse with complete anonymity. Sites are set up so that their location is hidden and they won’t show up in search results. Anyone who has the address of a dark website can visit it – providing they’re using the right kind of browser – while the identity of the website owner, and its visitors, stays hidden.

The open internet is a very different place. Here, your internet provider can see which sites you’re visiting and when you’re enjoying your internet-connected vibrator. If you’re in the states, they’re allowed to sell that information to the highest bidder. Google keeps an eye on your browsing and search history, and uses that data to deliver tailored to your every insecurity.


We’ve come a long way since the early days of the internet, Lewis says. Now we’re all paying with our personal data, whether we know about it or not. “I think we made a mistake when we made free services on the internet,” she says. “They’re not free, you are giving something up to use them.”

The dark web offers an alternative way of doing things. People shouldn’t be forced into paying with their data, Lewis says. “We have models for funding services that allow people to pay and support users without abusing them.”

She’s already seeing a change in the kinds of people that are using the dark web and other services, such as secure messengers Ricochet and Briar, that can’t be traced. “I think we are seeing a demographic shift,” she says. Off-grid services are no longer the preserve of people who have something to hide.

Read next 5 things you need to know about the future of cybersecurity 5 things you need to know about the future of cybersecurity

For some, anonymous apps and websites are the only way to avoid being traced by abusive ex-partners. Lewis has seen an increasing number of cases where technology-savvy abusers track their victims through their online metadata.


Slowly, online anonymity is becoming more acceptable to normal users, says Lewis. At the beginning of this year, the volume of encrypted web traffic overtook that of unencrypted traffic. Now, as long as you’re browsing a website that uses HTTPS (signified by that little lock next to the URL), a broadband provider or other observer is unable to see exactly what you’re reading or posting on the web. They can, however, still see metadata, including information about which sites you visited and when.

Online anonymity is a double-edged sword. The privacy afforded by the dark web creates the perfect hiding place for criminal organisations to buy and sell stolen credit card information or plot the next cyber attack. “The amount of money changing hands on the dark web is huge,” says Avi Kasztan, CEO of the Israel-based cyber intelligence firm SixGill.

SixGill claims to surreptitiously track criminals on the dark web so that they know when and where hackers are planning to strike next. These attacks, which include stealing databases, extorting customers and identity theft, are usually carried out by sophisticated networks of hackers who use the dark web to plan attacks. “It’s very rare, almost impossible, for one person to conduct an attack against a serious organisation,” he says. “You cannot do everything alone.”

But the dark web isn’t a total safe haven for online criminals. In July this year, a joint operation between Europol and US police took down two of the largest dark web drug marketplaces, AlphaBay and Hansa. The Dutch National Police took control of Hansa in late June, but deliberately left the site online, to catch users flooding to the site after the shutdown of AlphaBay.

If the authorities are to continue putting pressure on dark marketplaces, they’ve got their work cut out. When one dark site dies, users move quickly to competitors. In the week after Alphabay and Hansa shut down, the number of listings on other sites rose by up to 28 per cent. Many of the dark webs worst corners, including sites that host child porn and images of torture, remain incredibly difficult to shut down.

The dark web, in all its deplorable infamy, has given online anonymity a bad name. The same goes for encryption in messaging apps like WhatsApp. Encryption isn’t for “normal people,” argued home secretary Amber Rudd recently, it only benefits terrorists who can plot without fear of being overheard.


But researchers like Lewis are fighting against this tide of ignorance to turn privacy in a mainstream concern. The popularity of encrypted messaging apps is a start, but for now the conversation over online anonymity concentrates on the malicious few who abuse that rights, and not on the many who desperately need the security and freedom that anonymity provides.

Enshrining anonymity across the web would require a monumental change in thinking from the public, tech companies and governments, Lewis says. “Right now, it’s an impossibility.”

Sarah Jamie Lewis will be speaking at WIRED Security 2017.