Skip to main content

The Dark Web Iceberg Explained In Simple Terms

  |  Dashlane

There is more to the internet than meets the eye. It might seem like an infinite library with unrestricted browsing rights. But in reality, the internet is more like an iceberg, and we can only view what’s above the water. Let’s take a closer look at the internet iceberg to find out what lies below the surface.

A graphic representation of the internet iceberg. The top 4% of the iceberg above the water represents the surface web. Below the water lies the deep web, which is not accessible with traditional search engines. At the bottom of the iceberg is the dark web, which is a private unsearchable subset of the deep web.

What is the surface web?

The surface web is the publicly visible portion of the internet we’re all familiar with. This is the segment of the web we access by using search engines to crawl and index pages. Most people don’t realize that the surface web is just one of several internet layers and makes up only 4% of the entire web—it’s just the tip of the internet iceberg.

Want to learn more about using a password manager?

Check out our our personal plans or get started with a free trial.

What is the deep web?

Just below the surface web is what is known as the deep web. Content stored in the deep web is not accessible using traditional search engines. Unlike the surface web, some pages in the deep web do not use common domain extensions like .com, .edu, or .gov. Since the pages are not hyperlinked to other pages, they are also not picked up by web crawlers. In fact, some pages residing in the deep web might be configured to block search engines altogether. To access a blocked or unconnected web page from the deep web, you need to possess the correct authorization and credentials.

This large and rapidly expanding internet layer contains information that is updated frequently and presented based on user permissions. 

Not all deep web content is harmful

Web pages don’t always reside in the deep web because they are harmful. There is so much content stored on the internet today that making all of it searchable isn’t feasible—or necessary—and as a result, the vast majority of this content never gets web traffic. Deep web content includes many harmless items like archived news stories and databases, invite-only forums, and unpublished blog posts. You’ll also find banking information, resources stored behind paywalls, and stored social media content.

What is the dark web?

Within the deep web, there is another more mysterious layer of the internet known as the dark web. The dark web is an encrypted subset of the deep web that is less accessible to the general public. 

  • Deep web vs. dark web. Unlike the deep web in general, the dark web generally lives up to its spooky moniker by concealing illegal activities. The unsearchable, private nature of the dark web offers users complete anonymity. While there are some legal and legitimate purposes for the dark web, like protecting confidential news sources and communicating with others privately, most above-board data storage and archiving takes place in safer regions of the deep web.
  • Cybercriminals use the dark web. Data on the dark web is deliberately hidden, and specialized software tools are required to access it. Cybercriminals frequent the dark web for illicit purposes like buying and selling contraband, malware, and stolen user credentials. In one alarming case, a cybersecurity firm detected half a million private Zoom accounts for sale on the dark web, complete with email addresses, passwords, and meeting host keys.

To protect business data, you need to know if it has ever been compromised by a data breach.
Use this free, powerful tool sponsored by Dashlane to find out if your data has been exposed on the dark web: Has your business been breached?

How do you access the deep web?

Getting to the bottom of the internet iceberg is possible with the right tools and information in hand. In fact, millions of people and businesses access the deep web every day to update unsearchable social media content, payment accounts, and subscription-only information.      

Methods for accessing deep web pages depend on the site you are searching for and the protections in place. Certain sites require credentials and authorization, while others require special tools. For example, a web page that resides on the deep web because it lacks searchable hyperlinks might be accessed just by typing in the complete URL. Other sites found in the dark web subset of the deep web might require specialized software to access them.

What is a Tor Browser?

Tor is a deep web search engine. It was developed by the U.S. government to protect whistleblowers and circumvent surface web censorship. In 2006, the U.S. Navy transferred ownership of the Tor network to a non-profit organization called the Tor Project.

The Onion Router (TOR) is a popular anonymizing browser that uses multiple layers to block a user’s identity. A series of proxy servers render the IP address untraceable, and messages are encrypted at each access point, which makes the trail of communication nearly impossible to follow. Onion routing refers to the process of removing encryption layers systematically from internet communications, like peeling back the layers of an onion. Appropriately, the .onion suffix replaces .com or .org for websites that are hosted on the Tor network.

A graphic depiction of how onion routing works. A user sends an encrypted message through a random series of nodes in the Tor network. When the message leaves the Tor network, the recipient receives the message unencrypted.

Should I access the dark web?

While there are software tools available that let you access the deep web, or even the dark web, doing so is not advisable or necessary. Files you download from the dark web might contain harmful malware. Cybersecurity professionals like threat hunters are trained to follow safety protocols when they gather information from the deeper layers of the internet iceberg, but the rest of us should steer clear.

How to keep your info off the dark web

It’s best to limit your browsing to the top portion of the dark web iceberg diagram. But how do you find out if your information is being traded on the dark web and protect yourself from data breaches? Fortunately, there are many advanced cybersecurity tools available to protect your information from a safe distance.

  1. Run a dark web scan: Strong password policies and anti-malware software can limit the chances of a data breach, but no cybersecurity tools are 100% foolproof. Completing a dark web scan helps you determine if your passwords, email addresses, or other private information have been compromised and need to be updated.
  2. Use Dashlane dark web insights: With Dark Web Insights, businesses can protect their employees from security breaches and other vulnerabilities by using a built-in tool to continually scan over 20 billion dark web records. Employees and IT admins are alerted immediately if private information is detected. The insights include all workers, even those who are not using Dashlane yet, since the scans are based on the company domain. This holistic and proactive approach helps IT teams mitigate threats before they escalate.
  3. Enable 2FA: 2-factor authentication (2FA) uses a second credential, such as a code sent through an app or text message, to confirm your identity. This adds some time to your login process but makes it nearly impossible for an intruder to access your accounts and steal your information without having your device in their possession. Multi-factor authentication (MFA) uses two or more factors,  such as biometric identifiers like facial recognition or fingerprints.
  4. Use VPN on public WiFi: Wireless networks in airports, cafés, hotels, and other public locations can be subject to man-in-the-middle attacks and other hacking tactics intended to intercept information. A VPN minimizes the odds of your information ending up on the wrong side of the internet iceberg by encrypting all data going into or out of your device and routing it through a secure portal. A VPN also masks your IP address so that you can browse the internet more privately.
  5. Avoid reusing passwords: The habit of reusing passwords is an easy one to fall into since it minimizes memorization and new password creation. Reused passwords also weaken security by exposing multiple accounts if one password is stolen and sold on the dark web. You should replace your reused passwords with strong passwords that are at least 12 characters long, include a random mix of letters, numbers, and special characters, and leave out identifying phrases like your first name or address.
  6. Only share passwords securely: Password sharing is almost unavoidable for things like video streaming services and retail accounts, but you should always try to share passwords as securely as possible. Shared passwords expose everyone in the group if any one of them is impacted by cybercrime. The safest way to share passwords is by using the encrypted sharing portal of a password manager. Dashlane’s password-sharing tool can be used to send Secure Notes or passwords to other Dashlane users.
A screenshot of Dashlane’s secure sharing portal in the web extension.

How Dashlane protects you from the dark web

The dark web is a place most of us will never visit—or want to visit. Thankfully, advanced Dashlane features like Dark Web Insights visit the dark web for us to ensure our private information stays private. Additional standard features like an advanced Password Generator, AES-256 encryption, 2FA, VPN, and a Password Health score that tracks weak, reused, and compromised passwords help keep your information safe and off the dark web.

Dashlane's patented zero-knowledge architecture means no one (not even Dashlane) can view your passwords and personal information.

Find out what makes Dashlane the security-first password manager.


  1. Incognito, “The Layers of the Web – Surface Web, Deep Web and Dark Web,” 2023.
  2. OEDb, “The Ultimate Guide to the Invisible Web,” 2023.
  3. Dashlane, “What Is the Dark Web?” March 2020.
  4. Dashlane, What is Encryption? March 2019.
  5. Dashlane, “500,000 Zoom Accounts on the Dark Web,” April 2020.
  6. Business Breach Report, “Has Your Business Been Breached?” 2023.
  7. Tor Project, “History.”
  8. Crowdstrike, “What is the Dark Web?” September 2022.
  9. Dashlane, “Business Breach Report.”
  10. Dashlane, “Dark Web Monitoring,” 2023.
  11. Dashlane, “A Beginner’s Guide to Two-Factor Authentication,” August 2022.
  12. Incognia, “What are the Key Differences between 2FA and MFA?” 2023.
  13. Dashlane, “How Would I Hack You? With White-Hat Hacker Rachel Tobac,” 2023.
  14. Dashlane, “How Password Reuse Leads to Cybersecurity Vulnerabilities,” May 2023.
  15. Dashlane, “How Strong Is Your Password & Should You Change It?” August 2022.
  16. Dashlane, “Best Way to Store Passwords at Home or Work,” September 2022.
  17. Dashlane, “Everything You Need to Know About Your Password Health Score,” October 2020.
  18. Dashlane, “Putting Security First: How Dashlane Protects Your Data,” January 2023.
  19. Dashlane, “Understanding Your Dashlane Password Health Score,” October 2020.

Sign up to receive news and updates about Dashlane