Numerous data leaks appeared on the dark web in the second quarter of 2020. At the end of May, for instance, Cyble found a government database containing the personal information of more than 20 million Taiwanese citizens for sale on an underground web marketplace. That was less than two weeks before The Economic Times reported on a dark web data leak involving BEML, an Indian public sector undertaking.

These incidents paint the dark web as a dangerous place where malicious actors traffic in other people’s personal information. But is that all there is? Are there other security risks concerning the dark web? And can a person have a legitimate cause for visiting the dark web?

AppSec/API Security 2022

This post will endeavor to explore those questions and more. But it’s important to start off slow. It will therefore start off with a definition.

What Is the Dark Web?

CSO Online notes that the dark web constitutes a subset of what’s called the “deep web.” This area of the Internet consists of anything that Google and other search engines have not previously indexed. Content on the deep web, which is estimated to comprise as much as 99% of the Internet, is therefore not accessible via these familiar “surface web” search engines.

The dark web is therefore the part of the deep web that is intentionally hidden for the sake of privacy. It’s not very large in size. According to CSO Online, “most estimates put it at around 5% of the total internet.” Meanwhile, threat intelligence provider Recorded Future found that dark websites available via The Onion Router (TOR) Project accounted for just 0.005% of the entire World Wide web.

What Is the Dark Web Useful for?

The dark web is useful for anything that requires greater privacy than that which is (Read more...)