| Glossary | Software | Darknet


Definition and demarcation

A darknet is an encrypted network based on protocols for encrypted communication. It serves as a platform for anonymous interactions and enables users to maintain their privacy and anonymity online and is therefore also referred to as a privacy network. In the dark web enabled by a darknet, users can communicate freely and uncensored, exchange data and access content without their identity or activities being tracked. Here, darknet and darkweb can be seen as analogous to the terms Internet and World Wide Web (WWW).

Strictly speaking, the darknet is actually made up of several independent darknets. The most popular of these is The Onion Router [1]tor for short, but other networks such as I2P or Freenet also exist with many thousands of users. Nevertheless, the term darknet is almost invariably used as a synonym for the Tor network. Access to a darknet such as Tor requires separate software that implements the technical aspects of anonymous communication – for Tor, the Tor Browser [2] for Tor, and the I2P software for I2P [3].


The Darknet became known to the public in 2002 when four Microsoft employees published a scientific article [4] in a scientific article [4] to describe P2P networks in which copyrighted material was distributed. At the time, this referred to networks such as Napster, Gnutella and eDonkey. Numerous media formats picked up on this and coined the term darknet as a synonym for file-sharing networks in the 2000s.

In response to the methods that soon emerged for detecting copyright infringements in these networks, P2P networks were supplemented with mechanisms designed to protect the identity, in this case primarily the IP address, of the participants. Networks soon emerged that emphasised the anonymity of users and the concealment of available content [5]. One well-known example of this was freenet [6]which was a type of cryptographically protected distributed storage.

From 2011, the meaning changed to what we know today as the darknet: Networks such as Tor, which are technically structured in such a way that they can guarantee anonymity to their participants.

Application and examples

From a technical perspective, two mechanisms are particularly important for a darknet such as the Tor network: onion routing, which enables anonymous communication, and onion services, which are intended to ensure freedom from censorship.

Onion routing [1] is a technique for anonymous communication via a computer network. When accessing the Internet via the Tor network, data traffic is routed through several intermediate nodes. To do this, the user creates the request as a data packet, which – like an onion – consists of several layers, each of which is individually encrypted. The encrypted data packet passes through a series of nodes (onion routers) on its way to its destination, with each node decrypting one layer and forwarding the remaining data to the next node. After the data packet has passed through all intermediate nodes, it reaches the last node, which decrypts the last layer and forwards the original request to the destination. Each node only ever knows the previous and next node in the path, but not the entire path between the user and the destination, which ensures anonymity.

Onion Services [1] allow services to be hosted anonymously in the Tor network. Each onion service has a special, randomly generated address with the ending .onion as a unique identifier. Communication between users and onion services takes place via special Tor nodes, which serve as intermediaries between the user and the service, and is exclusively encrypted and takes place within the Tor network. By using onion services, the location of a server is concealed, which creates an additional layer of security: Since it is not known where the server is located, no action can be taken against it, such as confiscating the hardware.

Criticism and problems

The term darknet became particularly well known after the media reported in 2011 that the activist group Anonymous published user data from the Lolita City platform hosted on the Tor network, where child pornography was posted. The Silk Road platform also went down in history as the first major darknet marketplace to combine the anonymity of Tor with anonymous payments via Bitcoin, operating successfully from 2011 to 2013. During this period, around 9.5 million Bitcoin were traded via Silk Road with a total value of around USD 1.2 billion at the time (today’s value is around USD 400 billion). Since the rise and fall of Silk Road and numerous similar platforms, the darknet has become known to the public as a place on the internet where people can communicate anonymously and which is therefore seemingly used almost exclusively for criminal activities.

However, Tor is also used to circumvent censorship in repressive political environments[7]. For example, it has been shown that the use of Tor is increasing precisely where political rulers are trying to restrict free access and the dissemination of information on the Internet. However, this reveals a fundamental problem with Tor: although data traffic is anonymous when using Tor, it can generally be recognised and blocked as Tor traffic. The constant attempts by those in power to block access to Tor have been met with new concepts such as Snowflake[8] which uses voluntary intermediaries to enable access to Tor via unsuspicious connections.


There are numerous research papers on the darknet, especially on Tor. The primary focus is on investigating and improving the security and anonymity of Tor[9] as well as the collection of key figures on the use of the darknet, for example statistics on trading transactions on marketplaces that operate as an onion service in the Tor network. One challenge for research is to always maintain a neutral perspective[10]. For investigators who want to take action against illegal offers or activities on the darknet, the deanonymisation of users is of great interest[11]. Marketplaces on the darknet are also suitable for research because illegal goods are openly offered and discussed here due to the protection of anonymity. Accordingly, many studies discuss the offer[12]the trade[13] and the possible effects. Individual marketplaces are also frequently analysed in detail [14,15,16]. IT security risks associated with the use of such marketplaces, caused for example by phishing, are also analysed[17].

Another branch of research is the attempt to use the darknet as an indicator for risks on the rest of the Internet. The idea here is to observe network traffic on the darknet in order to make predictions about attacks[18] or to compare it with the network traffic of attacks on the clearnet (the part of the internet that is not darknet)[19].


[1] Dingledine, R./Mathewson, N./Syverson, P. F. (2004). Tor: The second-generation onion router. In: USENIX security symposium 4, 303-320.

[2] https://www.torproject.org/download/ [25/02/2024]

[3] Schweyer T. I2P Download. [25.02.24].

[4] Biddle, P. et al. (2003). The darknet and the future of content protection. In: Digital Rights Management: ACM CCS-9 Workshop, DRM 2002, Washington, DC, USA, November 18, 2002. Revised Papers,155-176. Berlin/Heidelberg.

[5] Steinebach, M. (2020). File-sharing and the darknet. In: Encyclopedia of Criminal Activities and the Deep Web, 165-176, IGI Global.

[6] Clarke, I. et al. (2001). Freenet: A distributed anonymous information storage and retrieval system. In: Designing privacy enhancing technologies: international workshop on design issues in anonymity and unobservability Berkeley, CA, USA, July 25-26, 2000 Proceedings, 46-66, Berlin/Heidelberg

[7] Jardine, E. (2018). Tor, what is it good for? Political repression and the use of online anonymity-granting technologies. In: New media & society, 20(2), 435-452.

[8] Heise online. (2022). Internetsperren im Iran: So leisten Sie mit Snowflake Unterstützung. [26.02.2024].

[9] Platzer, F./Schäfer, M./Steinebach, M. (2020). Critical traffic analysis on the tor network. In: Proceedings of the 15th International Conference on Availability, Reliability and Security, 1-10.

[10] Platzer, F./Lux, A. (2022). A synopsis of critical aspects for darknet research. In: Proceedings of the 17th International Conference on Availability, Reliability and Security, 1-8.

[11] Wittmer, S. et al. (2022). Deanonymisierung im Tor-Netzwerk – Technische Möglichkeiten und rechtliche Rahmenbedingungen. In: Selbstbestimmung, Privatheit und Datenschutz: Gestaltungsoptionen für einen europäischen Weg,151-169). Wiesbaden: Springer Fachmedien Wiesbaden.

[12] Broséus, J. et al. (2016). Studying illicit drug trafficking on Darknet markets: structure and organisation from a Canadian perspective. In: Forensic science international, 264, 7-14.

[13] Me, G./Pesticcio, L. (2018). Tor black markets: economics, characterisation and investigation technique. Cyber Criminology, 119-140.

[14] Lacson, W./Jones, B. (2016). The 21st century darknet market: lessons from the fall of Silk Road. In: International Journal of Cyber Criminology, 10 (1), 40.

[15] Brenner, F./Platzer, F./Steinebach, M. (2021). Discovery of single-vendor marketplace operators in the tor-network. In: Proceedings of the 16th International Conference on Availability, Reliability and Security, 1-10.

[16] Yannikos, Y./Heeger, J./Steinebach, M. (2023). Scraping and Analysing Data of a Large Darknet Marketplace. In: Journal of Cyber Security and Mobility, 12 (2), 161-186.

[17] Steinebach, M./Zenglein, S./Brandl, K. (2021). Phishing detection on tor hidden services. In: Forensic Science International: Digital Investigation, 36, 301117.

[18] Kumar, S. et al (2019). Deep in the dark: A novel threat detection system using darknet traffic. In: 2019 IEEE International conference on big data (big data), 4273-4279.

[19] Yannikos, Y./Dang, Q. A./Steinebach, M. (2021). Comparison of Cyber Attacks on Services in the Clearnet and Darknet. 17th IFIP WG 11.9 International Conference on Digital Forensics, online, February 1-2, 2021.