September 10, 2019 By Jasmine Henry 4 min read

The darknet isn’t all creepy, illegal content. There’s definitely no shortage of criminal forums or malware marketplaces beneath the surface web, but there’s also a few legitimate websites and communities.

To be clear, the darknet is still, well, dark and dangerous. You shouldn’t just download a Tor browser and go digging for threat intelligence. Not everyone who heads below the surface web, however, is trying to buy stolen passwords or rent a botnet for hire. Some Tor users are simply trying to read the news, access an ad-free search experience or play a game of chess.

Remember, the darknet is not the same as the deep web. The deep web includes any web services that aren’t accessible to the general public, such as corporate intranet pages or online banking portals. The darknet is defined as websites and services that aren’t indexed by major search engines or accessible by normal browsers. It’s estimated there are somewhere between 10,000 and 100,000 websites on the dark internet, according to TechRepublic.

Globally, there are around 2 million daily users of the Tor browser. Some of these Tor users are up to no good. Others just want to browse the surface web anonymously, or occasionally contribute to wholesome darknet content.

10 Bright Spots on the Darknet

While there’s no shortage of horrifying content below the surface of the internet, there are also some websites that have real value to the public interest. Others are educational or simply entertaining. Here are 10 bright spots to keep an eye out for on the darknet.

Note: Avoid attempting to access .onion sites from a surface web browser and proceed with caution.

1. The Chess

“The Chess” is a dark website dedicated to fully anonymous games of chess, played in real time against a stranger. Once you create an account, you can participate in unlimited gaming or talk strategy in dedicated forums. There’s no cryptocurrency fee and the rules are transparent. If there were any downside, it would be that the UI of this website is a lot like gaming in Windows 95.

2. Academic Research

Darknet resources such as Sci-Hub offer free access to tens of millions of academic papers, but these services aren’t necessarily legal. You’re better off sticking with surface web resources such as Google Scholar to avoid breaking intellectual property laws. Late last year, the American Journal of Freestanding Research Psychology (AJFRP) became the first free and open Darknet academic journal. All academic papers must be submitted by the original authors. It remains to be seen whether AJFRP will become a successful project, or even the first of many darknet-based academic exchanges.

3. ProPublica

This American nonprofit news organization was the first major media outlet to create a dedicated presence on the darknet in 2016. ProPublica specializes in investigative public-interest journalism and was the first online-only source to ever win a Pulitzer Prize in 2010. The onion site offers anonymous access to individuals worldwide, including readers in countries where journalism is tightly censored.

“Everyone should have the ability to decide what types of metadata they leave behind,” ProPublica developer Mike Tigas told Wired. “We don’t want anyone to know that you came to us or what you read.”

4. SecureDrop

This open-source submission system is widely used by journalists to anonymously communicate with sources. SecureDrop doesn’t record a submitter’s IP address or any browser data, simply storing the date and time of messages. Forbes, The New Yorker, The Washington Post and Vice Media are just several of many major media outlets that use SecureDrop. A full list of adopting media outlets is available on the service’s surface website.

The U.S. government is also experimenting with SecureDrop to potentially accept anonymous vulnerability reports and collaborate more with white hat hackers, per CyberScoop.

5. The CIA

Other agencies have adopted a presence on the darknet to encourage anonymous collaboration with sources. The U.S. Central Intelligence Agency (CIA) has an onion site with a “Contact Us” form. The site includes a promise to “carefully protect all information you provide, including your identity.”

6. Tor Metrics

Tor Project Metrics has a dual presence on the surface web and darknet. It publishes anonymous data and analytics, providing insight into how the Tor browser technology is used, and by whom. Academic research of Tor metrics revealed that at least 60 percent of Tor’s usage is for legal purposes. Political censorship tops the list of why users download Tor for noncriminal purposes.

7. IIT Tunnels

The Illinois Institute of Technology campus in Chicago is filled with secret tunnels, originally built for telecommunication access points, services entrances or steam vents. This elaborate underground network has inspired countless student pranks and even more conspiracy theories. One darknet user committed to fully exploring these tunnels and has published his findings and photos online. While there’s no guarantee the author didn’t break trespassing laws, this darknet site is pretty clean entertainment.

8. Anonymous Email

There are several heavily encrypted email services available on the darknet. ProtonMail is among the best known. This end-to-end encrypted service was developed by MIT and CERN scientists and has a presence on the surface web. Like many other aspects of the darknet, fully anonymized email is neither good nor bad on its own. It’s neutral, and there are perfectly legitimate use cases. For example, one might set up ProtonMail to create a darknet chess account.

9. Ad-Free Search

There are darknet search engines, but they’re mostly research projects that attempt to index onion sites. The majority of the deep web remains inaccessible through any means aside from wiki lists. Darknet search engines such as DuckDuckGo exist to crawl the surface web while protecting Tor user anonymity. You won’t find onion sites on DuckDuckGo, but you’ll be able to search without advertisements.

10. Tor Kittenz

Tor Kittenz is a now-defunct Tor website that was literally just a slideshow of user-submitted cat pictures. The website looked like a 1990s-style throwback, but it was a welcome respite from darker content on the deep web.

Is the Darknet All Bad?

The darknet isn’t entirely illegal activity. There are some bright spots in between criminal marketplaces and hacker forums. There are also important use cases for darknet services, such as anonymously communicating with intelligence agencies or entertainment. Similarly, the millions of Tor users worldwide doesn’t signify that the darknet has hit the mainstream. In many cases, users download Tor to avoid censorship laws or to simply protect personal data while browsing the surface web.

While there are wikis, forums and websites dedicated to indexing darknet links, it’s hard to pin down exactly what exists below the surface. The hidden web isn’t indexed by major search engines. The closest we can come to understanding good versus evil on the darknet is through projects like Hyperion Gray’s data visualization maps. Other than occasional bright spots and legitimate use cases, the sub-surface web is murky place best left to threat intelligence experts.

More from Intelligence & Analytics

X-Force Threat Intelligence Index 2024 reveals stolen credentials as top risk, with AI attacks on the horizon

4 min read - Every year, IBM X-Force analysts assess the data collected across all our security disciplines to create the IBM X-Force Threat Intelligence Index, our annual report that plots changes in the cyber threat landscape to reveal trends and help clients proactively put security measures in place. Among the many noteworthy findings in the 2024 edition of the X-Force report, three major trends stand out that we’re advising security professionals and CISOs to observe: A sharp increase in abuse of valid accounts…

Web injections are back on the rise: 40+ banks affected by new malware campaign

8 min read - Web injections, a favored technique employed by various banking trojans, have been a persistent threat in the realm of cyberattacks. These malicious injections enable cyber criminals to manipulate data exchanges between users and web browsers, potentially compromising sensitive information. In March 2023, security researchers at IBM Security Trusteer uncovered a new malware campaign using JavaScript web injections. This new campaign is widespread and particularly evasive, with historical indicators of compromise (IOCs) suggesting a possible connection to DanaBot — although we…

Accelerating security outcomes with a cloud-native SIEM

5 min read - As organizations modernize their IT infrastructure and increase adoption of cloud services, security teams face new challenges in terms of staffing, budgets and technologies. To keep pace, security programs must evolve to secure modern IT environments against fast-evolving threats with constrained resources. This will require rethinking traditional security strategies and focusing investments on capabilities like cloud security, AI-powered defense and skills development. The path forward calls on security teams to be agile, innovative and strategic amidst the changes in technology…

Topic updates

Get email updates and stay ahead of the latest threats to the security landscape, thought leadership and research.
Subscribe today