Dark Web vs. Deep Web: Uncovering the Difference

5 minute read

Most people are familiar with the surface web. In fact, we use it every day when we browse the news, scroll through social media, and perform a search. Essentially, it is everything that is indexed by a search engine. The surface web is not completely void of threats like phishing attacks but is generally considered safe for users. On the other hand, the surface web only makes up a small fraction of the internet, roughly 10%. So, what about the other 90% of the internet?

The dark and deep web make up the other 90% of the internet as we know it. This is the part of the internet that is not indexed by search engines. However, when comparing the dark web vs. deep web, these are very different spaces and it’s important to know the difference.

Deep Web vs. Dark Web: What’s the Difference?

Deep Web

The term deep web describes all pages on the internet that are not indexed by a search engine. In other words, if you can’t find it through a Google search, it’s likely part of the deep web. Information on the deep web is not necessarily illegal to access or dangerous for users.

The deep web includes paid content or pages with a paywall enforced by a login to see the content. This is considered the deep web because search engines are unable to index content that requires payment or login. A familiar example is a streaming service where a user pays to access content movies and binge-worthy tv shows. Although you can find the login and marketing pages on the surface web through a search engine, the majority of the content is private and requires payment and/or login.

Content and pages behind a login screen are considered the deep web
Content and pages behind a login screen are considered the deep web

Dark Web

The dark web is a small fraction of the deep web, which means it’s also something that is not indexed by search engines. In order to access the dark web, users need to download special software that handles required encryption. Despite the ominous name, not all dark websites are used for illegal activity.

The Onion Router (TOR) is often involved in dark web conversation. TOR is one of the most popular overlay networks that make up the dark web. TOR sites have a “.onion” root, but as mentioned above, special software is needed. A TOR browser can be downloaded and used to access TOR sites. A browser like this is needed because it builds a route of random relays, each with its own encryption, to connect to the sites. Keep in mind that although this improves anonymity, it does not mean it’s untraceable.

.onion site that is used for legal purposes, posting news articles
.onion site that is used for legal purposes, posting news articles

Due to the increased anonymity, the dark web is used for crime. After breaching victims’ sensitive information, hackers often market the stolen data on dark web forums. Examples of data listed for sale on various dark web marketplaces include usernames/passwords, bank information, credit card numbers, and other PII.

Screenshot of thread in dark web forum used to assist criminals committing financial fraud
Screenshot of thread in dark web forum used to assist criminals committing financial fraud

Key Differences Between Dark Web vs. Deep Web

Remember that the dark web is a subset of the deep web, but there are some key differentiators regarding purpose and access. Here are the key differences between the dark web vs. deep web.

Dark Web

  • The dark web is a small fraction of the deep web
  • Often used for illegal activity
  • URLs can be obfuscated, making them difficult to find
  • The dark web requires special software to handle encrypted relay connections

Deep Web

  • The deep web makes up most of the internet we know
  • In general, the deep web is not inherently dangerous
  • Aside from the dark web, most of the deep web is not used for crime
  • URLs are typically familiar and extensions of public-facing surface web applications

Application of Deep Web

The deep web is something that is used regularly in both the workplace and at home. Here are some of the primary use cases for the deep web:


Intranets or internal networks are technically the deep web because they are not public-facing pages and likely require VPN access in order to review the contents. Many organizations use intranets for internal documentation and to host applications that their employees use daily.

Paid Applications and Content

As mentioned above, paid applications and content are pages where a user has to pay to access. Because there is a paywall, this content is not crawled by search engines. Some examples include Software-as-a-Service offerings, streaming services, and paid news sources.

Software and Content Requiring Login

Not all software and applications require payment but still become part of the deep web with required logins. Examples of applications that have pages on the deep web are banking applications after the login page and your free email account. It would be scary if someone could search how much money you have in your bank accounts using Google Search!

Dark Web Tools and Services That Present Enterprise Risk

With a plethora of forums and marketplaces on the evolving dark web, the odds are high that your organization or similar organizations in your industry have fallen victim to data leakage by hackers. Due to the improved anonymity and several layers of encryption as data moves through the dark net, hackers feel more comfortable operating out in the open. In some cases, marketplaces require users to sign up like a normal surface web application. The only difference is that many of these marketplaces contain illegal content. The dark web serves as a vehicle for hackers and bad actors to transmit and sell stolen sensitive data.

Stolen data puts enterprises at risk because it allows unauthorized individuals to perform malicious actions like gaining privileged access, using stolen credit cards for purchases, or compromising an entire infrastructure. Not only does this damage your enterprise’s reputation, but it can result in monetary losses as well. Although leaked data on the deep and dark web is a symptom of improper security controls, monitoring can help identify your most significant vulnerabilities.

Protecting Your Company on the Dark Web and Deep Web

Information is often unintentionally leaked by employees who improperly configure security settings or fall victim to business email compromise and phishing attacks. It’s important to monitor popular sites on the deep and dark web to understand your organization’s exposure. Without institutional knowledge and experience, this is a tall task. ZeroFox continuously monitors deep and dark channels in order to provide your team with early detection of information leakage, contextual analysis of cyberattacks, and actionable alerts. Your security team can use dark web detections from ZeroFox to better understand where your attack surface is vulnerable and the source of the data. Finally, you can take steps to mitigate data leakage by implementing security controls like securing vulnerable hosts or notifying users to change their passwords.


Subscribe to our Blog

Best practices, the latest research, and breaking news, delivered right to your inbox.