Tell me about Tor / the deep web

So I am looking for someone who can educate me on Tor and the deep web. I read some news stories recently about how Tor was supposedly compromised by some kind of javascript exploit, and it got me interested in the subject. I have heard of the deep web before but have never really understood it that well. Plus I am kind of scared to actually use Tor because I don’t want to accidentally run across something illegal. I am sure there are some people here who are knowledgeable on this, so here are my main questions (I’m sure these are mostly stupid questions, so please forgive me upfront):

  1. Can Tor be used to go to any website, or only websites ending with .onion?

  2. Is there more to the deep web than just the .onion sites? If so, what makes up the rest of the deep web? Are they URLs that you can just type into the Tor browser, or is it more complicated than that? What kind of DNS suffix do they end in if not .onion?

  3. Is there a difference between hidden services and .onion sites, or does this basically mean the same thing?

  4. What happens if you try to go to a .onion site on a regular internet browser? I ask this because I was reading an article about the deep web on my iphone and while scrolling down the page, my finger accidentally clicked some .onion link. Does this mean I am going to get hacked or murdered or something now? Or does the browser just not recognize the URL if you aren’t using Tor?

Thanks for anyone who can answer this!

Yes, the Tor network will route your request randomly through several nodes until it comes out the other end and reaches the regular site.

“Deep web” is a catch-all term that refers to web pages that aren’t normally indexed. It has nothing to do with Tor. Things like paywalled content archives, private message boards, content returned in response to HTTP POSTs, anything that requires a login so bots can’t see it, etc.

“Hidden services” could mean anything. What specifically are you referring to?

The DNS lookup would fail.

Yes. Run for your life!

Awesome, thanks for your quick answer! In regards to “hidden services”, they use this term a lot on the Tor Project website and on the wikipedia article about Tor. But I think they are just referring to any website that can only be reached via Tor.

One other question…Tor is supposedly notorious for people using it for illegal activity…if so, how does the person running the exit node not get constantly raided by the police? Wouldn’t the IP address of the exit node show up in the website logs?

Yes and yes. In some countries it’s common for Tor exit node operators to be raided or harassed by law enforcement. Most of them are run in locations where that is less of a problem. Some are run by universities, ISPs and other organizations with good lawyers. And there are some sensible precautions that minimize problems:

There are enough legitimate users of Tor, and legitimate reasons for it to exist, to justify running a node.

Anyone can download the Tor Browser bundle from and use it to browse the plain old legal web anonymously. There are some Dopers who live in locations where Tor (or something like it) is necessary.

In that case I guess they’re talking about the .onion sites.

What makes you think the police aren’t running the exit node? Once HTTP traffic comes through an exit node, there’s absolutely nothing to prevent the operator of that node from snooping it.

But .onion sites (where a lot of illegal stuff happens) only exist within the Tor network. Traffic does not go through an exit node to reach a .onion site.

In the case of accessing a publicly-available site via Tor, then yes, the exit node would show up in the site operator’s logs. But that’s no different than using a proxy service. Except it’s a lot slower.

I read this elsewhere as well in regards to .onion traffic not going through an exit node, and it still confuses me a little. So if someone is running an onion website, what IP address do they see in their logs if it isn’t the exit node? Or are they just not able to see any IP addresses at all?

This page tells you how to setup a hidden service HTML server:

The webserver would see all connections as coming from localhost. The Tor service receives requests to access your webserver using the public key host name thats generated. Those requests don’t contain any IP addresses, since they’ve gone through several layers of TOR wrapping / unwrapping.

I think I2P is regarded as a better alternative

Can I please get to to elaborate on this bit. Does this mean that using TOR would enable you to circumvent paywalls?

Or is that a question I shouldn’t be asking here and I should just toddle off to Wickipedia or the Tor project site?

No, the two things are unrelated.

Tor is a peer-to-peer network that does two things:

  1. Encrypted “onion routing” to disguise the origin of traffic (including HTTP traffic) that may traverse the Tor network and come out the other side.

  2. A platform for creating services (including HTTP services) which are only available from within the Tor network.


Thanks for that.