Thought leadership from our experts

The Darknet: What Every Technology Lawyer Must Know

The portion of the Internet that most people generally use is only one of three layers of the Internet. The commonly-used layer that is accessible by search engines is referred to as the clearnet or the surface web. The surface web represents only about 4% of Internet content. In addition to the surface web, the Internet comprises the deep web and the Darknet.

Deep Web

The deep web, or the bergie web, was developed by the United States military and differs from the Darknet. The deep web was originally designed in the 1970s to isolate networks from the ARPANET and hide the locations and IP addresses of United States military operations for security purposes. Military, government and law enforcement organizations are still among the main users of the deep web.

The deep web comprises unindexable content, dynamic content pages and otherwise gated content that is not accessible by regular browsers or search engines. The deep web includes large databases, libraries and members-only websites which are not available to the general public but rather are gated or hidden so only the intended audience has access. Most of the content on the deep web comprises academic resources maintained by universities and other institutions. It is now commonly used for information saved in the cloud.

Darknet: What it is

Generically, a darknet is a collection of networks employing technologies that permit users to communicate and transact in an anonymous manner. The term darknet has been used to differentiate private, anonymous distributed networks from public networks. The term further evolved to refer to a decentralized distributed network that lacks a central index and incorporates privacy encryption security and user anonymity features with the primary purpose of sharing information only with trusted members.

The goal of a darknet is to create a closed network to communicate securely in a manner that avoids detection or penetration so that websites can be accessed anonymously. The Freenet Project is one of the earliest examples of a darknet. It allows for the creation of private networks so that content on a particular website can only be accessed by those who have been manually identified. A more modern private network is I2P, which also provides integrated file storage, secure email, chat and blogging.

The Darknet has also come to mean the "hidden" third layer of the Internet. As a result of the anonymity afforded to users, the Darknet has become a home for a variety of clandestine Internet activities and transactions, including intellectual property infringement, cybercrime and terrorism.

Darknet: How it Works

The Darknet uses onion routing, a technique for allowing anonymous communication over a computer network. The onion router (TOR) is free software that allows encryption and is required for access to the Darknet. The term 'onion' was selected because it refers to numerous layers. TOR was developed in the mid-1990s by the United States Naval Research Laboratory (NRL).

In 2002, the NRL released to the public a version of TOR. The open source release meant that anyone could download and use TOR to surf the surface web anonymously and to visit anonymous websites on the Darknet. Several million people use TOR daily. As a result, websites started to flourish on the Darknet.

Each Darknet website is allocated a specific .onion IP address containing a 16 unit alpha-numeric combination followed by the .onion designation, like «a1b2c3d4e5f6g7h8.onion». A user must use the .onion address to get access to the applicable website. .onion is not a top level domain that is established or supported by ICANN.

Darknet: Communication

The Darknet is very popular among bloggers and journalists living in jurisdictions where censorship and political imprisonment are common. There are numerous chatrooms. FACEBOOK has a Darknet website that is designed for users who visit FACEBOOK by using TOR to evade surveillance and censorship. Over a million users access FACEBOOK via TOR each month.

Darknet: Marketplaces

A key aspect of the Darknet is the number of marketplace websites that sell counterfeit, pirated and illegal goods. For example, users may be redirected from a website on the surface web to a Darknet website without knowing. This may occur through typosquatted, unindexed webpages with names that are close matches to the domain names of legitimate brand websites or by way of search engine results for keywords that resolve to advertisements with links to Darknet websites. It may also result through mobile apps or email messages with links that redirect users to unindexed Darknet websites.

The most popular marketplace on the Darknet was SILK ROAD until it was shut down by the United States government. The individual who operated SILK ROAD was convicted of a number of crimes, including conspiring to violate various laws.2 The operator was ordered to pay over $180 million in fines and sentenced to life in prison without parole for conspiracy and drug trafficking.

As soon as the government shut down SILK ROAD, another individual immediately set up SILK ROAD 2.0 and was promptly charged with the same crimes as the operator of the initial website.3 Many other Darknet marketplaces, including APACA, CLOUD 9, HYDRA and PANDORA, have also been taken down by law enforcement as a result of the use of honeypots, which are websites set up to attract and trap people participating in illegal activities.

However, numerous marketplaces continue to thrive on the Darknet, including ABRAXAS, AGORA, ALPHABAY, ANDROMEDA (formerly DARK BAY), BLACKBANK, BLUE SKY, EVOLUTION, FREE MARKET, MIDDLE EARTH, NUCLEUS, OUTLAW MARKET, PIRATE MARKET RAMP and TOCHKA. Some of these are accessible by invitation only but function in the same way as surface web marketplaces.

Darknet marketplaces generally comprise full-featured markets with vendor pages, product review pages, product listings, as well as customer support and dispute resolution procedures. Many Darknet marketplaces only effect transactions with virtual currency, which uses cryptography for security, including BITCOIN.

For a long time, one of the features contributing to the clandestine aspects of the Darknet was the absence of a meaningful search engine. However, the GRAMS search engine now indexes a number of the Darknet's leading marketplaces.

Darknet: Other Crime

Surveys have revealed that among the most prevalent goods sold on Darknet marketplaces are illicit drugs, credit cards, weapons and counterfeit and pirated goods. The most commonly purchased services are virtual currency, fraud, hacking, hoax, phishing and terrorism services.

When records obtained in data breaches are published and offered for sale, it is often on the Darknet. For example, hackers published on the Darknet the member data obtained from the ASHLEY MADISON dating website for people in relationships.

Child pornography is a much valued commodity on the Darknet. In a United States prosecution for child pornography crimes, it was revealed that the Federal Bureau of Investigation took control of PLAYPEN, the largest known Darknet child pornography service, by way of a network investigative technique to capture the IP and MAC addresses of users and thereby obtain evidence of the accused's sale of pornography.4

* * * *

The Darknet is likely to become increasingly relevant for communication, commercial activity, terrorism and cybercrimes.


  1. © Sheldon Burshtein 2016. Mr. Burshtein is a partner of Blake, Cassels & Graydon LLP and practices in its Toronto, Canada office. This article has been excerpted from his 3 vol. loose-leaf, treatise The Law of Domain Names and Trade-marks on the Internet. He acknowledges the comments of his partner Antonio Turco on a draft of this article.
  2. U.S. v. Ulbricht, 79 F.Supp.3d 466 (S.D.N.Y., 2015). An individual who sold illegal drugs on SILK ROAD pleaded guilty: U.S. v. Slomp, no. 13-CR-689 (N.D.Ill, filed April 23, 2014). Another individual who transferred money for SILK ROAD transactions on behalf of an operator of an illegal BITCOIN exchange also pleaded guilty: U.S. v. Shrem, no. Cr. 243-2 (JSR) (S.D.N.Y., filed December 17, 2014). Two former federal agents involved in the investigation of SILK ROAD pleaded guilty to stealing BITCOIN digital currency during the investigation: U.S. v. Force, no. 15-mj-70370 (N.D.Cal., 2015); and U.S. v. Bridges, no. 15-cv-319 (N.D.Cal., 2015).
  3. U.S. v. Benthall, no 14 MAG 2427 (S.D.N.Y. 2016) (unreported).
  4. U.S. v. Michaud, 2016 WL 337263 (W.D. Wash., 2016) and see (W.D. Wash., 2016) where the FBI was required to provide all relevant code used to hack the accused’s computer; and see also U.S. v. Matish, III, no. 4:16-cr-00016-HCM-RJK (E.D. Va., 2016) (unreported).