September 10, 2019 By Jasmine Henry 4 min read

The darknet isn’t all creepy, illegal content. There’s definitely no shortage of criminal forums or malware marketplaces beneath the surface web, but there’s also a few legitimate websites and communities.

To be clear, the darknet is still, well, dark and dangerous. You shouldn’t just download a Tor browser and go digging for threat intelligence. Not everyone who heads below the surface web, however, is trying to buy stolen passwords or rent a botnet for hire. Some Tor users are simply trying to read the news, access an ad-free search experience or play a game of chess.

Remember, the darknet is not the same as the deep web. The deep web includes any web services that aren’t accessible to the general public, such as corporate intranet pages or online banking portals. The darknet is defined as websites and services that aren’t indexed by major search engines or accessible by normal browsers. It’s estimated there are somewhere between 10,000 and 100,000 websites on the dark internet, according to TechRepublic.

Globally, there are around 2 million daily users of the Tor browser. Some of these Tor users are up to no good. Others just want to browse the surface web anonymously, or occasionally contribute to wholesome darknet content.

10 Bright Spots on the Darknet

While there’s no shortage of horrifying content below the surface of the internet, there are also some websites that have real value to the public interest. Others are educational or simply entertaining. Here are 10 bright spots to keep an eye out for on the darknet.

Note: Avoid attempting to access .onion sites from a surface web browser and proceed with caution.

1. The Chess

“The Chess” is a dark website dedicated to fully anonymous games of chess, played in real time against a stranger. Once you create an account, you can participate in unlimited gaming or talk strategy in dedicated forums. There’s no cryptocurrency fee and the rules are transparent. If there were any downside, it would be that the UI of this website is a lot like gaming in Windows 95.

2. Academic Research

Darknet resources such as Sci-Hub offer free access to tens of millions of academic papers, but these services aren’t necessarily legal. You’re better off sticking with surface web resources such as Google Scholar to avoid breaking intellectual property laws. Late last year, the American Journal of Freestanding Research Psychology (AJFRP) became the first free and open Darknet academic journal. All academic papers must be submitted by the original authors. It remains to be seen whether AJFRP will become a successful project, or even the first of many darknet-based academic exchanges.

3. ProPublica

This American nonprofit news organization was the first major media outlet to create a dedicated presence on the darknet in 2016. ProPublica specializes in investigative public-interest journalism and was the first online-only source to ever win a Pulitzer Prize in 2010. The onion site offers anonymous access to individuals worldwide, including readers in countries where journalism is tightly censored.

“Everyone should have the ability to decide what types of metadata they leave behind,” ProPublica developer Mike Tigas told Wired. “We don’t want anyone to know that you came to us or what you read.”

4. SecureDrop

This open-source submission system is widely used by journalists to anonymously communicate with sources. SecureDrop doesn’t record a submitter’s IP address or any browser data, simply storing the date and time of messages. Forbes, The New Yorker, The Washington Post and Vice Media are just several of many major media outlets that use SecureDrop. A full list of adopting media outlets is available on the service’s surface website.

The U.S. government is also experimenting with SecureDrop to potentially accept anonymous vulnerability reports and collaborate more with white hat hackers, per CyberScoop.

5. The CIA

Other agencies have adopted a presence on the darknet to encourage anonymous collaboration with sources. The U.S. Central Intelligence Agency (CIA) has an onion site with a “Contact Us” form. The site includes a promise to “carefully protect all information you provide, including your identity.”

6. Tor Metrics

Tor Project Metrics has a dual presence on the surface web and darknet. It publishes anonymous data and analytics, providing insight into how the Tor browser technology is used, and by whom. Academic research of Tor metrics revealed that at least 60 percent of Tor’s usage is for legal purposes. Political censorship tops the list of why users download Tor for noncriminal purposes.

7. IIT Tunnels

The Illinois Institute of Technology campus in Chicago is filled with secret tunnels, originally built for telecommunication access points, services entrances or steam vents. This elaborate underground network has inspired countless student pranks and even more conspiracy theories. One darknet user committed to fully exploring these tunnels and has published his findings and photos online. While there’s no guarantee the author didn’t break trespassing laws, this darknet site is pretty clean entertainment.

8. Anonymous Email

There are several heavily encrypted email services available on the darknet. ProtonMail is among the best known. This end-to-end encrypted service was developed by MIT and CERN scientists and has a presence on the surface web. Like many other aspects of the darknet, fully anonymized email is neither good nor bad on its own. It’s neutral, and there are perfectly legitimate use cases. For example, one might set up ProtonMail to create a darknet chess account.

9. Ad-Free Search

There are darknet search engines, but they’re mostly research projects that attempt to index onion sites. The majority of the deep web remains inaccessible through any means aside from wiki lists. Darknet search engines such as DuckDuckGo exist to crawl the surface web while protecting Tor user anonymity. You won’t find onion sites on DuckDuckGo, but you’ll be able to search without advertisements.

10. Tor Kittenz

Tor Kittenz is a now-defunct Tor website that was literally just a slideshow of user-submitted cat pictures. The website looked like a 1990s-style throwback, but it was a welcome respite from darker content on the deep web.

Is the Darknet All Bad?

The darknet isn’t entirely illegal activity. There are some bright spots in between criminal marketplaces and hacker forums. There are also important use cases for darknet services, such as anonymously communicating with intelligence agencies or entertainment. Similarly, the millions of Tor users worldwide doesn’t signify that the darknet has hit the mainstream. In many cases, users download Tor to avoid censorship laws or to simply protect personal data while browsing the surface web.

While there are wikis, forums and websites dedicated to indexing darknet links, it’s hard to pin down exactly what exists below the surface. The hidden web isn’t indexed by major search engines. The closest we can come to understanding good versus evil on the darknet is through projects like Hyperion Gray’s data visualization maps. Other than occasional bright spots and legitimate use cases, the sub-surface web is murky place best left to threat intelligence experts.

More from Intelligence & Analytics

Hive0051’s large scale malicious operations enabled by synchronized multi-channel DNS fluxing

12 min read - For the last year and a half, IBM X-Force has actively monitored the evolution of Hive0051’s malware capabilities. This Russian threat actor has accelerated its development efforts to support expanding operations since the onset of the Ukraine conflict. Recent analysis identified three key changes to capabilities: an improved multi-channel approach to DNS fluxing, obfuscated multi-stage scripts, and the use of fileless PowerShell variants of the Gamma malware. As of October 2023, IBM X-Force has also observed a significant increase in…

Email campaigns leverage updated DBatLoader to deliver RATs, stealers

11 min read - IBM X-Force has identified new capabilities in DBatLoader malware samples delivered in recent email campaigns, signaling a heightened risk of infection from commodity malware families associated with DBatLoader activity. X-Force has observed nearly two dozen email campaigns since late June leveraging the updated DBatLoader loader to deliver payloads such as Remcos, Warzone, Formbook, and AgentTesla. DBatLoader malware has been used since 2020 by cybercriminals to install commodity malware remote access Trojans (RATs) and infostealers, primarily via malicious spam (malspam). DBatLoader…

New Hive0117 phishing campaign imitates conscription summons to deliver DarkWatchman malware

8 min read - IBM X-Force uncovered a new phishing campaign likely conducted by Hive0117 delivering the fileless malware DarkWatchman, directed at individuals associated with major energy, finance, transport, and software security industries based in Russia, Kazakhstan, Latvia, and Estonia. DarkWatchman malware is capable of keylogging, collecting system information, and deploying secondary payloads. Imitating official correspondence from the Russian government in phishing emails aligns with previous Hive0117 campaigns delivering DarkWatchman malware, and shows a possible significant effort to induce a sense of urgency as…

X-Force releases detection & response framework for managed file transfer software

5 min read - How AI can help defenders scale detection guidance for enterprise software tools If we look back at mass exploitation events that shook the security industry like Log4j, Atlassian, and Microsoft Exchange when these solutions were actively being exploited by attackers, the exploits may have been associated with a different CVE, but the detection and response guidance being released by the various security vendors had many similarities (e.g., Log4shell vs. Log4j2 vs. MOVEit vs. Spring4Shell vs. Microsoft Exchange vs. ProxyShell vs.…

Topic updates

Get email updates and stay ahead of the latest threats to the security landscape, thought leadership and research.
Subscribe today