You know, most people describe the dark web as this massive digital iceberg where ninety percent of the internet is hidden underwater, but I was looking into the actual numbers this morning and that metaphor is just fundamentally broken. It’s more like a small, highly fortified, and very confusing village that’s actually much smaller than the city it’s tucked behind.
Herman Poppleberry here, and you are spot on, Corn. That iceberg graphic has been the bane of network researchers for a decade. It’s usually labeled with "Surface Web" at the tip, "Deep Web" in the middle, and "Dark Web" at the bottom. But that middle layer—the Deep Web—is just the unindexed stuff. It’s your private Gmail inbox, your Netflix queue, or a corporate payroll database. It’s massive, sure, but it’s not "hidden" in a mysterious way; it’s just behind a login. The Dark Web is a very specific, tiny subset of that which requires special software to access. Today’s prompt from Daniel is about exactly this: the actual scale, the technical architecture that resists indexing, and whether there is any legitimate reason for a normal person to ever touch it.
It’s a great one from Daniel because it cuts through the "hacker in a hoodie" tropes. By the way, fun fact for everyone listening—Google Gemini 3 Flash is actually writing our script today, so if we start sounding too logical, you know why. But back to the iceberg—if we aren't looking at this massive hidden mass, what are the actual numbers? Because the media makes it sound like a sprawling continent of crime. If I’m a regular user, am I one in a billion, or one in a hundred?
The reality is almost shockingly small. If you look at the Tor Project’s own metrics from late 2024 and heading into now, we are looking at roughly two to three million daily users. To put that in perspective, that’s about the daily foot traffic of a medium-sized social media niche, or roughly the population of Houston, Texas. It's not a global superpower. And in terms of actual sites—what we call onion services—we’re talking maybe one hundred thousand to one hundred and fifty thousand active addresses at any given time. Compare that to the "clear web" where Google is indexing roughly sixty trillion pages. The dark web isn't an iceberg; it's a shed in the backyard of a skyscraper.
A shed where everyone is wearing a mask and speaking in code. But why is it so small? If it’s this ultimate frontier of privacy, you’d think it would be exploding, especially with how much people complain about surveillance on the mainstream web. Is it just too hard to use, or is there a technical ceiling to how big an anonymous network can actually get? I mean, why hasn't there been a "Dark Web Facebook" that everyone actually uses?
It’s a bit of both, but the technical ceiling is the real story. To understand why it doesn’t scale like the regular web, you have to look at how onion routing actually works. Normally, when you go to a website, your computer says, "Hey, I’m at this IP address, give me the data for this domain." It’s a straight line—point A to point B. In Tor, your traffic goes through three distinct layers—the guard relay, the middle relay, and the exit relay. Each layer only knows the step immediately before and after it. It’s like a game of telephone where no one knows the original caller or the final recipient. Each of those bounces adds a massive amount of "overhead" because of the encryption involved.
Right, so it’s bouncing around the world like a pinball. I’d imagine that creates a massive latency penalty. I’ve tried using a Tor browser before and it felt like I was back on a fifty-six-k dial-up modem in nineteen ninety-eight. You click a link, you go make a sandwich, and maybe the page has loaded by the time you're back.
That latency is a feature, not a bug, but it’s a massive barrier to entry. Every packet is being re-encrypted multiple times. You can't run a high-definition streaming service or a massive real-time data processing hub on Tor efficiently. Imagine trying to watch a 4K YouTube video where every single frame has to be bounced through three different countries and decrypted three times. It would be a slideshow. But the real reason it stays small and "unindexed" is the lack of a Central Directory. On the regular web, we have DNS—the Domain Name System. It’s a giant phone book that translates human-readable names like myweirdprompts dot com into IP addresses. The dark web doesn't have that. An onion address is just a cryptographic hash of a public key. It looks like a forty-eight-character string of gibberish ending in dot-onion.
So there’s no "index" because there’s no list. It’s like trying to find a house in a city where there are no street signs, no map, and every house looks like a blank gray box until you knock on the door with a secret password. But wait, if someone wanted to, couldn't they just write a script to try every possible combination of those forty-eight characters?
Mathematically, no. The number of possible combinations in a V3 onion address is so vast that even if you had every computer on Earth working on it, the sun would burn out before you mapped a fraction of them. That’s why it’s "dark." It’s not that the light can’t reach it; it’s that there’s no way to know where to point the flashlight. Because those addresses are cryptographic, they can be ephemeral. A site can exist for two days, change its address, and vanish. For a search engine like Google to work, it uses "spiders" that crawl from link to link. But on the dark web, there are very few "inter-links." Sites don't want to be found unless they want to be found. Even the best dark web search engines, like Ahmia, only see a fraction of what’s out there because they rely on manual submissions or very limited crawling. If you don't have the exact string of gibberish, the site effectively doesn't exist to the rest of the world.
It sounds like a librarian's nightmare. But Daniel asked about the "white hat" or normal uses. Because if it's that slow and that difficult to navigate, why would anyone who isn't selling stolen credit cards or something worse bother with it? There has to be a utility that outweighs the headache. What’s the "killer app" for a law-abiding citizen on the dark web?
This is where the conversation gets a lot more interesting and frankly, more noble. One of the biggest "normal" users of the dark web is actually the traditional press. The New York Times, ProPublica, and The Guardian all maintain onion services. Why? Because if you’re a whistleblower inside a corporation or a high-level government office, or if you’re a journalist in a country with heavy internet censorship like Iran or certain parts of Southeast Asia, you can’t just go to nytimes dot com. Your ISP or the government will see that request and you might get a knock on the door. By using the onion version, the government only sees that you are using Tor, but they have no idea you are talking to the Times.
So it’s a bypass. It’s not about the content being "dark," it’s about the connection being "dark." You’re reading the same news, you’re just doing it through a tunnel that the local authorities can’t see into. It’s more about the "how" than the "what."
Precisely. In twenty-twenty-two, even Twitter—back when it was still Twitter—launched an onion service to help users in Russia bypass blocks. We also see academic researchers using it. If you’re a cybersecurity researcher and you want to analyze how a new piece of malware communicates with its "command and control" server, you don't want to do that from your university’s IP address. You do it over Tor so the hackers don't see who is poking at their code. It’s a laboratory environment where you can observe the "bad guys" without leaving a trail back to your own front door. If the malware authors saw a hit from a Department of Defense IP address, they’d shut the whole operation down instantly. Tor provides the "camo" for the researchers.
I love the idea of the New York Times having a secret entrance. It’s very "All the President’s Men" but for the digital age. But let’s talk about the dark side for a second, because Daniel mentioned dark web monitoring. We see these companies like Flashpoint or Recorded Future promising to "alert you if your data is on the dark web." If the network is so hard to index, how are these companies doing it? Are they just better at "knocking on doors" than Google is? Or is it all just marketing smoke and mirrors?
They aren't indexing the whole dark web—that’s impossible. What they’re doing is social engineering and targeted scraping. These companies hire analysts who speak multiple languages and have "street cred" in these underground forums. They gain access to the private rooms where the data brokers hang out. They aren't "searching" the dark web; they are infiltrating specific communities. When a hacker dumps a database of ten million passwords from a healthcare provider, they don't just put it on a public website. They post a "teaser" on a forum like XSS or Breach Forums. The monitoring companies see that post, and that’s what triggers the alert. Think of it like an undercover cop in a warehouse—they aren't searching every warehouse in the city, they're just in the one where the stolen goods are being auctioned.
So when I get an email saying "Your password was found on the dark web," it’s not because a robot found it while crawling. it’s because a human or a very specialized script saw a listing for a stolen database that likely contains my info. It feels a bit like those companies are just hanging out in the shady parts of town and reporting back on what they hear in the bars. But if that's the case, isn't there a huge delay? If a human has to find it, isn't the data already long gone?
Often, yes. By the time it hits a public-facing dark web forum, it’s usually been sold privately multiple times. And one of the huge trends we’re seeing in twenty-twenty-five and twenty-twenty-six is that a lot of this activity is moving off the dark web entirely and onto Telegram. Telegram isn't part of the "dark web" by technical definition—it’s a clear web app—but it’s where the distribution happens now. It’s faster, it has better mobile support, and it’s much harder for law enforcement to take down a single chat group than it is to seize a server in a basement in Eastern Europe.
That’s a fascinating shift. So the "dark web" as a technology—the onion routing—might actually be getting less "criminal" because the criminals are moving to more convenient encrypted apps? Is Tor becoming... respectable?
There’s definitely a migration happening. The dark web is becoming a place for "hosting" and "initial access," while the "trade" happens on Telegram. For example, on a forum like XSS, you might see someone selling "initial access" to a corporate network. They’ve found a vulnerability, but they don't want to do the ransom themselves. They sell the "key" to the house on the dark web, and the transaction might be finalized over an encrypted chat. It’s a layered ecosystem. The dark web provides the "bulletproof" hosting for the data, but the communication happens where it’s most efficient.
Okay, so if the dark web is this niche, slow, but highly secure tunnel, what’s the growth look like? Daniel asked if it’s growing in size and utility. You mentioned the user base has plateaued around two or three million. Is that a sign that it’s reached its limit, or is the "utility" changing even if the "size" isn't?
The utility is definitely increasing as the "clear web" becomes more surveilled and more fragmented. We’re seeing a lot of work on "Post-Quantum" encryption for Tor. There’s a fear that if quantum computers become viable, they could crack the current encryption that keeps onion routing private. The developers are already working on ways to make Tor "quantum-resistant." That tells me that for the people who really need it—the activists, the high-level whistleblowers—it’s more important than ever. Even if the raw number of users doesn't go up, the importance of those users might.
It’s the classic arms race. But let's get practical. How does one even get there? I know there's the Tor Browser, but are there other ways? And if I do go in, am I immediately going to be targeted by hackers?
The Tor Browser is the gold standard because it’s a modified version of Firefox that’s hardened against "fingerprinting." On the regular web, sites can see your screen resolution, your fonts, your battery level—all that stuff creates a unique "fingerprint" for you. Tor Browser makes everyone look identical. As for being targeted, just being on the network doesn't make you a target. It’s like walking down a street—you’re only in trouble if you start walking into open garages or clicking on suspicious things. The danger isn't the network; it's the destinations.
So for the average person listening to this—someone who isn't a journalist in a war zone or a malware researcher—is there any reason to ever download the Tor browser? Or is it just a way to accidentally end up on a government watchlist? I mean, does the NSA just flag everyone who uses Tor?
That "watchlist" thing is largely a myth in Western democracies, but the practical advice is: understand your threat model. If you’re just worried about Google tracking your searches, a good VPN and a privacy-focused browser like Brave or Firefox is plenty. You don't need the "nuclear option" of Tor for everyday browsing. It’s like wearing a full hazmat suit to go grocery shopping because you’re worried about germs. It works, but it’s a massive hassle and everyone’s going to look at you funny. Plus, many "clear web" sites will block you if they see you're coming from a Tor exit node. They assume you're a bot or a hacker.
I like that. "The Nuclear Option of Browsing." I can see you, Herman, in your digital hazmat suit, meticulously clicking through three relays just to check the weather. But what about the "Deep Web" part of Daniel's question? If we've established the Dark Web is small, how big is the Deep Web actually?
Oh, the Deep Web is essentially the entire internet. Think about every password-protected page on Earth. Every internal company wiki, every private medical record, every "Drafts" folder in every email account. That is the Deep Web. It’s estimated to be four hundred to five hundred times larger than the surface web that Google can see. But it’s not "mysterious." It’s just private. When Daniel asks about the scale, the Deep Web is the ocean, the Surface Web is the waves we see, and the Dark Web is a single, very specific submarine hiding in a trench.
That's a much better mental model. So, when people say "90% of the internet is the Dark Web," they are just confusing privacy with secrecy. Checking my bank balance is a Deep Web activity, but it’s not a Dark Web activity.
And the real takeaway for professionals is that dark web monitoring is limited. If you’re a business owner, don't rely on a service telling you your data is "out there." By the time it’s on the dark web, the damage is done. You should be focusing on "clear web" breach detection—things like unauthorized logins or unusual data egress. The dark web is the "aftermarket" for stolen goods. You want to stop the theft while it’s happening in the store.
That makes total sense. It’s the difference between a smoke detector and a call from the insurance adjuster after the house has burned down. So, let’s look at some of the "white hat" examples again. You mentioned SecureDrop. I think that’s a really cool piece of tech that people don't realize is powered by the dark web. How does that actually work for a source?
SecureDrop is brilliant. It’s an open-source whistleblower submission system that almost every major news organization uses. When you go to a "Contact Us" page on a site like the Washington Post, they’ll often give you an onion address for SecureDrop. It ensures that when you upload those leaked documents, there is no metadata connecting your IP address to the upload. Even the newspaper doesn't know exactly who you are unless you tell them. They just get a notification that a new file is in the "dead drop." That is a massive service to democracy that only something like the dark web can provide. It removes the "paper trail" of the digital world.
It’s basically a digital version of meeting a source in a dark parking garage at three a.m., but without the risk of getting followed home. It’s the "Deep Throat" of the twenty-first century.
And there are also "onion mirrors" of legitimate sites. Facebook launched one years ago. Why? Because in some countries, Facebook is the only way people communicate with family, but the government blocks it. By having an onion address, Facebook allows those users to stay connected without the government being able to block the specific IP addresses of Facebook’s servers. It’s about maintaining the "freedom to connect." Even DuckDuckGo has an onion service, allowing you to search the clear web without the search engine even seeing your IP address.
It’s funny how we started with "it’s a place for criminals" and we’ve ended up at "it’s a vital tool for the New York Times and Facebook to reach people in oppressed regions." It really is just a tool. A hammer can build a house or break a window. But what about the future? Is there anything that could replace Tor?
That’s the most accurate summary you could give. And as we move further into twenty-twenty-six, I think we’re going to see the dark web become even more of a "utility" network. There’s a project called I-two-P—the Invisible Internet Project—which is a different kind of dark web that’s more focused on internal "leeching" and file sharing within the network rather than just being a tunnel to the outside world. It uses "garlic routing" instead of "onion routing."
"Garlic routing"? Okay, now we're just getting into a grocery store metaphor. What's the difference? Does it keep the vampires away?
Close! In onion routing, one message is wrapped in layers. In garlic routing, multiple messages are bundled together, so it’s even harder for an observer to tell which "clove" of data belongs to which user. It’s even more decentralized than Tor. But it has the same drawback—it's slow.
"The Invisible Internet Project." That sounds like the name of a synth-wave band you’d listen to, Herman. But does it solve the speed problem? Or are we always going to be stuck in the slow lane if we want to stay hidden?
Not really. Speed and anonymity are fundamentally at odds. If you want to be fast, you have to be direct. If you want to be anonymous, you have to be circuitous. You can’t have both. It’s a law of digital physics. Think of it like a getaway car. If you want to get away fast, you take the highway. If you want to not be followed, you take every side street, double back, and drive through three different parking garages. You’ll get to your destination, but you won't be setting any speed records.
Well, I think we’ve effectively popped the "iceberg" bubble. It’s not a massive hidden world; it’s a small, specialized, and very slow set of tunnels used by people who have a very specific reason to hide their tracks—some for good, some for bad. It's not the Wild West; it's more like a very high-security private club with a very confusing entrance.
And for Daniel's question about whether it's growing—the "visibility" is growing because we’re getting better at talking about it, but the actual network is staying relatively stable. It’s a mature technology now. Tor has been around for over twenty years—it actually started as a project for the U.S. Naval Research Laboratory. It’s not a fad; it’s part of the permanent infrastructure of the internet. It's the pressure valve for the modern web.
I feel much better about my "clear web" existence now. I’ll keep my "hazmat suit" in the closet unless I decide to start leaking state secrets, which, let’s be honest, would probably just be my secret recipe for slow-cooker chili. Although, maybe that is a state secret in some circles.
And trust me, the dark web is not ready for that level of heat, Corn. The encryption might hold, but the servers would melt.
Fair point. Well, this has been a great dive into the shadows. I think the biggest takeaway for me is just how small it actually is. It makes the whole thing feel much more manageable and much less like some looming digital monster. It's a tool for specific jobs, not a replacement for the internet we use every day.
Specificity always kills fear. When you realize it’s just a few million people and some clever encryption, the "boogeyman" aspect disappears and you can focus on the actual security implications. It's about data integrity and connection privacy, not just scary stories.
True that. Well, I think we’ve covered the "what," the "why," and the "who" of the dark web. It’s a fascinating corner of our world, but maybe one I’m happy to just observe from a distance. I'll stick to the "surface" where the cat videos are easy to load.
Nothing wrong with staying in the light, as long as you know where the tunnels lead. Knowledge is the best firewall you can have.
Well said, Herman. This has been "My Weird Prompts." Big thanks to our producer, Hilbert Flumingtop, for keeping us on track and making sure we didn't get lost in the relays.
And thanks to Modal for providing the GPU credits that power this show. It’s amazing what you can do with a little serverless compute and a lot of curiosity.
If you’re enjoying these deep dives, do us a favor and leave a review on your favorite podcast app—it really does help other people find the show, and it keeps us motivated to keep digging into these prompts.
You can also find us at myweirdprompts dot com for all the show notes, technical links about onion routing, and ways to subscribe to our newsletter.
Until next time, keep asking the weird questions. No prompt is too niche for us.
We'll be here to find the nerdy answers. Goodbye!
See ya.
