We review vendors based on rigorous testing and research but also take into account your feedback and our affiliate commission with providers. Some providers are owned by our parent company.
Learn more
vpnMentor was established in 2014 to review VPN services and cover privacy-related stories. Today, our team of hundreds of cybersecurity researchers, writers, and editors continues to help readers fight for their online freedom in partnership with Kape Technologies PLC, which also owns the following products: ExpressVPN, CyberGhost, and Private Internet Access which may be ranked and reviewed on this website. The reviews published on vpnMentor are believed to be accurate as of the date of each article, and written according to our strict reviewing standards that prioritize professional and honest examination of the reviewer, taking into account the technical capabilities and qualities of the product together with its commercial value for users. The rankings and reviews we publish may also take into consideration the common ownership mentioned above, and affiliate commissions we earn for purchases through links on our website. We do not review all VPN providers and information is believed to be accurate as of the date of each article.
Advertising Disclosure

vpnMentor was established in 2014 to review VPN services and cover privacy-related stories. Today, our team of hundreds of cybersecurity researchers, writers, and editors continues to help readers fight for their online freedom in partnership with Kape Technologies PLC, which also owns the following products: ExpressVPN, CyberGhost, and Private Internet Access which may be ranked and reviewed on this website. The reviews published on vpnMentor are believed to be accurate as of the date of each article, and written according to our strict reviewing standards that prioritize professional and honest examination of the reviewer, taking into account the technical capabilities and qualities of the product together with its commercial value for users. The rankings and reviews we publish may also take into consideration the common ownership mentioned above, and affiliate commissions we earn for purchases through links on our website. We do not review all VPN providers and information is believed to be accurate as of the date of each article.

What Is the Deep Web and How Does It Work? [2024 Update]

Emma Browne Fact-checked by Ryan Jones Cybersecurity Researcher

From the news stories and articles you see, it’d be easy to assume that the deep web is a shady place filled with criminals, hackers, and all kinds of ne’er-do-wells. But, as with most things, the truth is far more complex and far less sensational than that.

In short, the deep web is no more illicit than the “surface web” or the bits of the internet that you find through Google. In most cases, those scary stories you’ve heard about hacker hideouts and drug smugglers are all referring to the dark web — not the deep web.

Confused? That’s understandable. Hold on tight and join me as we dive into what the deep web actually is and why it’s unfairly received a bad reputation.

Pro Tip: If you’re interested in exploring the dark web instead, it’s best to exercise caution. Check out our complete guide to accessing the dark web safely.

The Different Layers of the Web

There are actually 3 distinct layers that make up the internet — the surface web, the deep web, and the dark web. Understanding these 3 layers is key to truly grasping how the internet works.

What Is the Surface Web?

The surface web is the portion of the internet that's accessible to anyone through standard web browsers and search engines. When you use Google to find a website, browse social media, or shop online: that's all on the surface web. This visible layer only makes up about 4% of the entire internet.

A screenshot of the Disney Plus landing pageI found this from searching "Disney Plus" on Google

Websites on the surface web are “indexed” — that is, they’ve been discovered and cataloged by Google, Bing, or any other surface search engine. For example, to find this page, you might have searched for something related to the deep web on Google. You found us because this page is indexed.

For a page to be indexed, it needs to have a valid link. Most websites do this in two ways. They build what’s called a sitemap, which exists to help search engines automatically navigate the site. Then, for human users, they add new pages to their overall site structure.

There are ways for website owners to keep parts or all of their site from being indexed and shown in search results. They do this by using a file called “robots.txt”, which gives instructions to web crawlers — automated bots that search engines use to catalog and index web pages.

For example, a website could use robots.txt to block crawlers from their login portals, sites under development, or sections with sensitive data. Properly configured robots.txt directives tell crawlers: "Don't go here, don't index this."

What Is the Deep Web?

The deep web comprises pages that aren’t indexed by search engines. The deep web (or deep net) is larger than the surface web you're used to — experts estimate it makes up a staggering 95% or more of the internet.

The vast majority of the deep web consists of pages that you need to log in to, like your email, online banking, streaming services, and more. Your private account pages exist on the deep web.

A screenshot of the Disney Plus app settings pageThis page is only accessible through your Disney Plus account

Even public websites utilize the deep web. For instance, an e-commerce site may have a small portion indexed for product listings but a much larger database inventory that’s hidden on the deep web.

While the deep web may sound ominous, the majority of it is simply data and content not meant for public access. It's largely benign, enabling everything from confidential records to password-protected accounts. However, there are also legally dubious areas that host illicit content. So, you should still be careful when diving below the surface web.

What Is the Dark Web?

The dark web describes any page that’s unindexed by search engines and requires specialized software (like Tor) to access. Tor (The Onion Router) is a free network that routes internet traffic through many encrypted relays to anonymize your browsing. This allows you to connect to hidden dark web services that use special “.onion” domains, which don’t work with regular browsers.

Despite its notoriety, the dark web has legitimate uses. Journalists and whistleblowers rely on its anonymity to transmit data and communicate securely away from prying eyes. Political activists use it to organize and spread information freely in oppressive regimes. Even law enforcement and intelligence agencies leverage the dark web.

A screenshot of ProPublica's dark web siteFacebook and the BBC also have mirror websites

However, a large portion of the dark web is used for illegal purposes that are best avoided. One of the most infamous dark web examples was the Silk Road, which was a market for buying and selling illegal drugs, weapons, hacking tools, pirated content, and more. It was shut down in 2013, and its creator, co-owners, administrators, and some of its sellers were hunted down and arrested. While the dark web provides some anonymity, it still carries major risks if misused.

Pro Tip: If approached carefully, the dark web can be a fascinating place with a ton of useful information, including investigative journalism, resources for activists, whistleblower tips sites, and more. We’ve collected a list of the best Onion sites to browse.

How Does the Deep Web Work?

To understand how the deep web works, let’s first look at how search engines work. Search tools use crawlers to regularly analyze new or updated web pages. This information is then “indexed” — it’s stored in the search engine’s index that it uses to show you search results.

There are large swaths of data that crawlers can't access and index for a variety of reasons, like:

  • The website owner has used a robots.txt file to request crawlers not to index specific pages.
  • The page is password-protected or uses CAPTCHA tests.
  • The page blocks automated bots.
  • The page isn’t linked to by a sitemap or other crawlable link (at the time of writing, crawlers can’t normally use search boxes).

The deep web also covers content that only exists for a specific user. Social media is a perfect illustration — while Facebook's public pages are indexed, your personalized News Feed or private messages with friends are not. These pages get stitched together dynamically every time you log in, combining unique data sets.

This divide between public and private/personalized internet content is crucial for security and functionality reasons. Just imagine if your entire Facebook profile, messages, payment histories, and other sensitive data were openly crawlable, and could be found and read by anyone.

Pro Tip: Although your private social media data might not be accessible to search engines, everything you search for is. If you want to explore more of the internet without handing your data over to advertisers, take a look at our top recommended private search engines.

What Is the Deep Web Used For?

Here are just a few examples:

  • Online banking portals. These exist behind login credentials that crawlers can’t access, making personal banking data uncrawlable.
  • Subscription streaming services. While public streaming homepages like Netflix are indexed, the actual shows/movies and your tailored account homepage exist in unindexed databases. This applies to music services like your Spotify library too.
  • Cloud storage. The data and content you store online are usually protected by passwords and encryption, keeping them hidden from search engines.
  • Intranet sites. Internal sites for employee communications and documents or student portals are protected from the public web. Most companies even prevent their login page from being indexed for extra security.
  • Travel reservation pages. Your specific upcoming flight/hotel reservations with airlines and booking sites are held on dynamic deep web pages, so crawlers won’t be able to index your specific itinerary.
  • Webmail inboxes. While you can likely find your email login page through a search engine, individual inboxes aren’t indexed — and neither are the emails you send or receive.
  • Online retail order histories. Your order details and individual account areas on e-commerce sites (like Amazon) exist behind password-protected pages. As with most unindexed pages, these are dynamically filled with your personal information.

In addition, investigating the deep web is a massively important part of cybersecurity research. That’s because researchers (and hackers) can use the deep web to find information about you or specific companies. Hackers and penetration testers might use this to send targeted phishing emails (“spear-phishing”) or find hidden pages they can probe for weaknesses.

Deep Web vs. Dark Web: What’s the Difference?

Think of the internet like an iceberg — the surface web is everything you can see, and the deep web is everything below the surface. While the dark web is below the surface too (and, therefore, part of the deep web), it’s not the same thing. Confusing, I know, but let me explain.

If we define the deep web as any website that you can’t find on Google, Bing, or any other “regular” search engine, then the dark web falls under that same definition. However, the dark web has another layer of obfuscation that means regular browsers can’t access it. Going with my earlier metaphor, we can consider this at the very bottom of the iceberg.

Here’s a quick summary of the main differences:

Deep Web Dark Web
Size An estimated 95% of the internet Difficult to catalog, but estimated at under 100,000 sites, most of which are copies
Accessed via Your regular browser A specific browser that can use the randomized network nodes to access “.onion” sites
Main application Prevents public access to sensitive data by hiding potentially vulnerable pages from search engines Provides anonymity by randomizing user IP addresses through volunteer-run nodes
Security Can only access pages with a direct link. Typically, this link requires a valid username and password to view data.Content is largely benign, but may host some illegal or dangerous pages Hosts primarily illegal/dangerous content, though it has some benign uses for whistleblowers and other privacy-conscious users. While your identity is usually protected, malicious pages may attempt to infect your device or steal your data
Pro Tip: If you’re trying to access the dark web, you’ll need to use a browser like Tor. Tor is an open-source browser that communicates exclusively with onion sites via a Tor circuit and was built to protect your privacy. Take a look at our complete guide on how to use Tor safely.

Can You Access the Deep Web?

Yes, and it’s really easy to do so — you probably access the deep web multiple times a day without realizing it.

You don’t need to use a specific browser to visit the deep web. Most of the time, all you need is to log in to any of your personal accounts. Otherwise, you just need to know the specific URL of the website you’re visiting, and you’re good to go.

Is the Deep Web Illegal or Dangerous?

The deep web itself is neither illegal nor inherently dangerous. However, the nature of what you're trying to access on the deep web — and how you go about doing it — determines whether dangers or illegal activities are involved.

The deep web hosts a vast array of legitimate content like email inboxes, online banking portals, subscription services, and more. If you're just logging into accounts you have proper access to, there's no risk in accessing this unindexed portion of the internet.

That said, the deep web can contain illegal or dangerous content though. That can include pages that host malware or are used in phishing scams, which most legitimate search engines will automatically refuse to index.

Additionally, search engines in specific regions may not index websites that are blocked by the local government, as is the case in restrictive countries like Russia or the UAE. Using these websites may be illegal in these jurisdictions.

How to Stay Safe on the Deep Web

When you explore the deep web, remember these essential safety points to keep you and your devices safe:

  • Protect your accounts. Use strong, unique passwords for every account you make, and use two-factor authentication (2FA/MFA) where possible. A password manager can also make this easier. That way, if you accidentally enter your account details into a fake login page, you can limit any damage — if not prevent it completely.
  • Invest in safety tools. When diving into the unknown, I recommend using a reputable antivirus tool (like Norton 360) and a VPN. The former will quarantine any suspicious files and the latter will encrypt your data and hide your IP address so it can’t be logged by third parties. Identity theft monitoring services can be a good idea, too. Just make sure to use a trusted VPN (free VPNs can often be more dangerous than not using one at all).
  • Treat every web page with suspicion. It’s best to assume that everything is a scam unless proven otherwise. You can always check if a page is legitimate by checking the URL closely (look for HTTPS, which is more secure than HTTP) and clicking the lock icon in your address bar to check its security certificate.
  • Use a private browser. Hackers and snoops can use “fingerprinting” (assigning an identity to your specific browsing data) to track your movements around the web. Before exploring, open a private browser window that has no plugins or logged-in accounts. You can also opt for private OSs like Tails (“The Amnesic Incognito Live System”).
  • Think before you click. Hovering over links will show the URL they’re sending you to. Remember, clicking unknown links could send you to scam pages, disturbing content, or malware. If anything starts downloading, cancel it immediately and run an antivirus scan.
  • Check your local laws. Some websites aren’t indexed because they’re banned in your region. Depending on the region, accessing these sites may carry penalties, so I always recommend checking their legal status if you’re in doubt.
  • Don’t hack anything. I know it sounds obvious, but unless you’re authorized to access a page hidden behind a login screen, don’t try. This carries heavy repercussions in many countries. The only exception to this rule is if you have explicit permission as part of a bug bounty program or an authorized penetration test.
Pro Tip: To keep you, your data, and your devices safe, I recommend using a trustworthy VPN like ExpressVPN while exploring the deep web. It offers military-grade encryption to protect your data against hackers and snoops. Plus, its built-in Threat Manager feature blocks websites from communicating with potentially harmful third parties, so you can explore with minimal risk. For more info, check out our full ExpressVPN review.

Editor's Note: Transparency is one of our core values at vpnMentor, so you should know we are in the same ownership group as ExpressVPN. However, this does not affect our review process.

FAQs on the Deep Web

How do I run a deep web search?

Try a private search engine. More popular search engines often exclude results for a variety of reasons. So, you may have a better chance of finding deep web pages on a private search engine, like Ahmia, Torch, DuckDuckGo, or Wolfram Alpha.

What exactly is on the deep web?

Any web page that isn’t automatically indexed by search engines. These can include anything from internal company networks to your online shopping cart. Streaming content and email inboxes are also part of the deep web.

How big is the deep web?

Experts estimate that the deep web comprises 95% of the modern internet. It’s hard to come up with a specific figure, though, as websites and pages are created and deleted every day. But, to give you an idea, 9.7 billion emails are sent daily in the US alone — these aren’t indexed, nor are users’ individual inboxes. And that’s just emails.

TL;DR: The Deep Web Isn’t as Scary as You Might Think

The deep web is the (mostly) benign majority of the internet, and it comprises all the web pages that search engines can’t (or won’t) index. From personal social media news feeds to app settings pages, your e-banking account to paywalled news articles, the deep web is largely made up of useful, private information.

That’s not to say exploring the deep web isn’t risky — it’s always possible to come across a website that hosts malware or a phishing scam. However, it’s still considerably safer to explore than the dark web, which has only a handful of legitimate, lawful web pages. Unfortunately, because so many people (and particularly the media) often conflate the two, the deep web has a bad reputation thanks to its badly behaved sibling.

Privacy Alert!

Your data is exposed to the websites you visit!

Your IP Address:

Your Location:

Your Internet Provider:

The information above can be used to track you, target you for ads, and monitor what you do online.

VPNs can help you hide this information from websites so that you are protected at all times. We recommend ExpressVPN — the #1 VPN out of over 350 providers we've tested. It has military-grade encryption and privacy features that will ensure your digital security, plus — it's currently offering 61% off.

Visit ExpressVPN

We review vendors based on rigorous testing and research but also take into account your feedback and our affiliate commission with providers. Some providers are owned by our parent company.
Learn more
vpnMentor was established in 2014 to review VPN services and cover privacy-related stories. Today, our team of hundreds of cybersecurity researchers, writers, and editors continues to help readers fight for their online freedom in partnership with Kape Technologies PLC, which also owns the following products: ExpressVPN, CyberGhost, and Private Internet Access which may be ranked and reviewed on this website. The reviews published on vpnMentor are believed to be accurate as of the date of each article, and written according to our strict reviewing standards that prioritize professional and honest examination of the reviewer, taking into account the technical capabilities and qualities of the product together with its commercial value for users. The rankings and reviews we publish may also take into consideration the common ownership mentioned above, and affiliate commissions we earn for purchases through links on our website. We do not review all VPN providers and information is believed to be accurate as of the date of each article.

About the Author

Emma Browne is a writer and editor at vpnMentor with over 5 years of experience writing about technology and online privacy. It’s her goal to help people like you understand the technology you use every day, the privacy and security issues you face, and the things you can do to protect yourself and your family in an age of growing cybercrime.

Did you like this article? Rate it!
I hated it! I don't really like it It was ok Pretty good! Loved it!
out of 10 - Voted by users
Thank you for your feedback

Please, comment on how to improve this article. Your feedback matters!

Leave a comment

Sorry, links are not allowed in this field!

Name should contain at least 3 letters

The field content should not exceed 80 letters

Sorry, links are not allowed in this field!

Please enter a valid email address