As part of our research and analysis work, members of the COAR team recently attended a Department of Homeland Security (DHS) Office of Cyber and Infrastructure Analysis (OCIA) hosted workshop on the future of the DarkNet and its implications to national security.This workshop was coordinated through the efforts of Monitor 360. The day began with a high level overview of the DarkNet narrative and the findings of a Narrative Analysis™ performed by Monitor 360. As part of the workshop Dr Paul Syverson, the creator of the The Onion Router (Tor) network and onion routing protocol, spoke regarding the inception and continual efforts surrounding the advancement of the Tor browser as well as the incremental evolution of onion routing.
In our efforts toward both analysis and education, we thought it prudent to define some terms in a way that is clear and hopefully easy to understand. Terms like “darknet,” “dark web,” and “deep web” are sometimes used interchangeably to talk about different parts of the network. To make matters more difficult, these terms are even used ambiguously by seasoned users of the technology, making it problematic to assign definitions.
Nevertheless, if we apply knowledge about the development of the internet proper to the evolution of the DarkNet, fairly clear terminology and definitions can be created, as illustrated by our An Anatomy of the Internet graphic. It should be noted, this graphic is somewhat of an oversimplification and misses many details, some of which we attempt to illuminate below. We hope at least this makes a start toward a more common terminology usage.
For comparison’s sake, let’s start with the largest component and drill down:
- Internet – All protocols, all globally routable addresses.
- World Wide Web (WWW) – The internet as accessible through a web browser.
- Deep Web – Portions of www that are globally accessible, but not indexed by search engines.
- Surface Web – Portions of www that *are* indexed by search engines, and thus, make up most of the Internet that most of us use on a daily basis.
- DarkNet – A network used for routing and/or content that all services and sites are accessible only through non-globally routable addresses or only through overlay networks such as Tor, The Invisible Internet Project (I2P), or FreeNet.
- Dark Web – Darknet services and sites that are only accessible when using darknet networks. Also known as “hidden services.”
- ClearNet – All portions of the Internet that are not in the darknet. Sometimes also defined as the “unencrypted internet” which is not how we’re using it here (the encrypted vs. unencrypted Internet is an interesting debate, but in some ways outside of our scope when discussing the darknet).
Different DarkNet Uses: Tor and I2P
Tor and I2P are particularly interesting overlay networks in that they allow for two different, but overlapping uses. We often hear Tor discussed in the context of surfing the web anonymously. Both Tor and I2P can be used for obfuscated routing, using the overlay network to access ClearNet sites. They can also be used to access content on their respective overlay networks, also known as hidden services. On Tor, these are also referred to as onion sites and denoted by their use of the .onion domain.
FreeNet, in contrast, is only used as a content distribution and publishing network, and thus can only be used to communicate and access content within its overlay network. It cannot be used for obfuscated routing the way Tor and I2P can.
Terminology Is Important
As analysts, it is frequently our job to explain highly complex subjects to others who are not subject matter experts or whose expertise is at best overlapping with our own. Terminology and shared vocabulary can make this much easier or much harder, depending on our shared understanding of the terminology we use. Pop culture’s usage of the terms we discuss here has muddied their definitions (which were already pretty muddy to begin with). It is hard to blame them, the notion of a secret internet that only some can access seems sexy and cool. Unfortunately, more frequently than not, it is portrayed as something that it is not. What the DarkNet and DarkWeb actually look like will be fodder for a later post.