How to access the dark web in 2026 (a guide to getting on safely)
How do you access the dark web? The question fascinates and alarms in equal measure. Despite the image perpetuated by crime dramas and sensationalist news coverage, accessing the dark web is technically straightforward and perfectly legal in France, as in most democracies. This detailed guide walks you through installing Tor Browser, getting onto the dark web safely, exploring .onion sites, and avoiding the most common pitfalls. No special technical skills are needed: if you know how to install Firefox or Chrome, you can install Tor.
⚫ We know why you are here. It's not this page. Tor access →What is the dark web and why access it
The dark web refers to all sites accessible only through specific anonymization protocols, primarily Tor.
These sites use .onion addresses instead of the usual .com or .fr
domains, and cannot be indexed by Google or traditional search engines. It is important to distinguish the
dark web from the deep web: the deep web refers to all online content not indexed by search
engines (your emails, your bank accounts, internal databases, intranets), of which the dark web is only a
tiny fraction.
Why use Tor and the dark web?
The reasons are numerous and, for the most part, entirely legitimate. Major international media outlets — BBC, New York Times, ProPublica, Deutsche Welle — maintain .onion versions of their sites so that readers in censored countries can bypass blocks. ProtonMail and other encrypted email services offer .onion access to strengthen the confidentiality of communications. Journalists use SecureDrop to communicate with sources. Human rights activists, domestic violence victims, cybersecurity researchers, lawyers, doctors exchanging sensitive case information, and ordinary citizens concerned about advertising tracking all have legitimate reasons to use Tor.
The dark web versus common misconceptions
Before going further, it is worth dismantling a few persistent myths. The dark web does not represent 96% of the internet (that figure refers to the deep web — a frequent confusion); it does not consist exclusively of illegal activity (academic studies estimate that roughly 57% of active .onion sites host illicit material, but the bulk of traffic involves legitimate services); and using Tor does not automatically place you on any blacklist maintained by French intelligence services. For a systematic debunking, see our piece on the 50 dark web myths debunked.
Prerequisites before you start
Accessing the dark web requires neither special hardware nor advanced technical skills. An ordinary computer with a stable internet connection is more than enough for the vast majority of everyday use cases.
Hardware and operating system
Tor Browser works natively on Windows 10 and later, macOS, most Linux distributions, and Android. On iOS, Apple does not allow Tor Browser to be installed officially due to its restrictions on rendering engines: the alternative recommended by the Tor Project itself is Onion Browser, based on WebKit. For more intensive use or particularly sensitive scenarios, a dedicated computer or virtual machine is advisable, but it is absolutely not required for everyday use cases such as reading the news via Tor or using encrypted messaging.
Should you combine Tor with a VPN?
This is a debated question in the community. The Tor Project does not systematically recommend adding a VPN to Tor. A VPN can hide from your ISP the fact that you are using Tor, but it introduces a new point of trust: the VPN provider becomes a privileged observer of your traffic, and you depend on their word that they keep no logs. For 99% of use cases (reading a BBC article on its .onion, browsing OnionDir, sending an email via ProtonMail), Tor alone — kept up to date and properly configured — is more than sufficient. For more specific scenarios, pluggable transports such as obfs4 or Snowflake offer an integrated solution that is documented and recommended by the Tor Project.
Installing Tor Browser
Installing Tor Browser is quick and looks much like installing any other browser. The absolute rule, above all else: download only from the official Tor Project website.
Step 1: download from the official site
Go to torproject.org (watch the spelling — fraudulent sites regularly mimic this address). On
the homepage, click "Download Tor Browser" and select the version for your operating system. The file is
between 80 and 100 MB depending on the platform.
Never download Tor Browser from: a third-party site claiming to "make installation easier", a link received by email or direct message, a copy posted on a forum or file-sharing site, or a sponsored Google result (scammers sometimes buy these advertising slots to redirect users).
Step 2: verify the download signature (optional but recommended)
This step, skipped by most users, matters for sensitive use cases. The Tor Project cryptographically signs every version of Tor Browser with a dedicated PGP key. Verifying the signature confirms that the downloaded file has not been tampered with in transit (for example by an attacker on your network). The full procedure is documented on the Tor Project's official support pages. It requires installing GnuPG (free, open source) and importing the Tor Project's public key. For basic and occasional use, downloading from the official site already provides more than sufficient security.
Step 3: install the software for your system
On Windows: double-click the downloaded .exe file. The installer prompts you
for a location; accept the default folder unless you have a specific reason not to. After installation, a
Tor Browser icon appears on the desktop and in the Start menu. The software can be moved afterwards without
reinstalling: Tor Browser is "portable", meaning it works from any folder, including a USB drive.
On macOS: open the downloaded .dmg file. Drag the Tor Browser application into
the Applications folder. On first launch, macOS may display a security warning because the app comes from a
developer outside the App Store: right-click the application, choose "Open", and confirm. This message will
not appear again.
On Linux: download the .tar.xz archive, extract it to your home folder (or
/opt/ for a shared system install). Run ./start-tor-browser from the extracted
folder. No system installation is required, and Tor Browser can coexist with your regular browser without
interference.
On Android: install Tor Browser for Android via Google Play or, for users who prefer not to go through Google, via the alternative store F-Droid. The app is official, developed by the Tor Project. The interface is adapted for mobile but the main features are identical to the desktop version. To route other apps through Tor, the companion app Orbot allows you to configure a system-wide proxy.
First launch and configuration
On Tor Browser's first launch, a connection window greets you. Two main options are offered: standard connection (suitable for most situations) and bridge configuration, useful in countries that censor Tor.
Standard connection
In most cases, simply click "Connect". Tor Browser then establishes your first circuit through three relays distributed around the world: an entry node, a middle node, and an exit node. This takes between 10 and 60 seconds depending on your connection. You then land on the homepage with DuckDuckGo as the default search engine — a deliberate choice, as DuckDuckGo does not track queries and does not block connections coming from Tor, unlike Google.
Using a bridge if Tor is blocked in your country
If you are in a country that blocks Tor (China, Iran, Russia, Belarus, Saudi Arabia in part), the standard connection will fail. Click "Configure a bridge" to activate one. Three options are available, each suited to different contexts. The most common is obfs4, which disguises Tor traffic as random traffic indistinguishable by Deep Packet Inspection systems. meek-azure routes your traffic through Microsoft Azure's CDN — effective but very slow. Snowflake uses WebRTC and ephemeral proxies provided by volunteers, and is particularly robust against sophisticated blocking.
To obtain the address of a private bridge beyond the built-in ones, send a blank email to
[email protected] from a Gmail or Riseup address (these two providers are the only ones
accepted by the BridgeDB service to limit abuse).
Available security levels
Tor Browser offers three security levels, accessible via the shield icon in the toolbar. The Standard level, enabled by default, leaves all features active and offers the best compatibility with regular sites. The Safer level disables JavaScript on non-HTTPS sites and blocks certain custom fonts — a good compromise for careful browsing. The Safest level disables JavaScript entirely, blocks SVG images, custom fonts, and advanced math functions; it is suitable for exploring unknown sites or situations where the risk of exploits is high. On most legitimate sites in our OnionDir directory, Standard or Safer is sufficient.
Exploring the dark web safely
Once Tor Browser is configured, you can browse like any other browser. To access a .onion site, simply paste
its full address into the URL bar. No need to add https:// in front — Tor Browser handles the
protocol automatically.
Where to start your first explorations
Here are some legitimate .onion addresses for your first steps, all listed and verified in our OnionDir directory. DuckDuckGo, already active as the default engine, for regular searches without tracking. BBC News for international news in multiple languages. The New York Times for the major American newspaper. ProtonMail to access your encrypted email while maintaining connection anonymity. Ahmia as a search engine specialized in .onion services, with active filtering of illegal content. Hidden Wiki as a historical .onion link directory — use with caution given the variability of its editors.
For a more complete list of the most surprising and legitimate sites, see our top 30 .onion sites, which presents in detail around thirty services ranging from international media to privacy tools and cultural curiosities (continuous radio, anonymous online chess, digital libraries).
Finding new sites as you explore
Unlike Google, dark web search engines only index a fraction of existing sites. Organized directories like OnionDir usefully complement search engines for discovering quality new services. Absolutely avoid links shared on forums or by strangers without independent verification: fraudulent imitations of legitimate sites (.onion phishing) are common, and the 56-character addresses make visual differences easy to conceal.
Essential security rules
The anonymity Tor provides depends as much on your behavior as on the technology itself. Most documented de-anonymizations result from "opsec" (operational security) mistakes by the user, not from flaws in the Tor protocol. Here are the essential rules to follow.
Never mix identities. The most common mistake is logging into your personal Gmail, Facebook, or Instagram account during a Tor session. These services immediately identify you to their servers, and your anonymity is gone. Use dedicated accounts for your Tor sessions, or better yet, avoid any accounts linked to your real name.
Do not download files from unknown sources. Files downloaded from the dark web may contain malware, particularly Office documents, PDFs with JavaScript, and executables. If a download is necessary, open it on an isolated virtual machine or, better still, on a dedicated Tails system that does not persist data.
Keep Tor Browser up to date. Updates regularly fix critical security vulnerabilities that are sometimes actively exploited by attackers. Tor Browser alerts you automatically when a new version is available; install it immediately, before any sensitive session.
Do not maximize the window. Maximizing the Tor Browser window reveals your exact screen resolution, which can be a potentially identifying signature through fingerprinting. Leave the window at its default size (pre-configured to match that of the large majority of users).
Avoid JavaScript on suspicious sites. Many historical attacks against Tor exploited JavaScript vulnerabilities in Firefox (the base of Tor Browser). Disable it via the "Safer" or "Safest" security level when exploring sites you don't know.
Never share personal information. Real name, first name, city, precise occupation, personal photo, phone number: none of this should ever appear in a Tor session, even in an exchange that seems friendly or innocuous. Stylometric analysis techniques can identify an author from a few paragraphs; anonymity requires constant hygiene.
Report illegal content. If you accidentally land on clearly illegal content (child sexual abuse material, terrorist glorification), close the page immediately and report it via PHAROS (internet-signalement.gouv.fr). Your report is anonymous and protected by law. Reporting is not self-incrimination — it is participating in legitimate policing.
The most common mistakes to avoid
Most problems encountered by new Tor users stem from a handful of classic mistakes, which we list here so you can avoid them.
- Downloading Tor from a third-party site — always use torproject.org
- Enabling unofficial Firefox extensions, which modify the browser's fingerprint and break the protective uniformity of Tor users
- Using your regular Google account, which cancels out anonymity
- Maximizing the window, exposing your screen resolution
- Ignoring security updates, leaving critical vulnerabilities unpatched
- Connecting from your employer's network, which can see that you're using Tor and may sanction this use under its IT policy
- Sharing photos containing EXIF metadata: photos taken with a smartphone often contain the device model, the exact date, and sometimes GPS location. Clean them with ExifTool or Tails' Metadata Cleaner before sharing
- Neglecting behavioral fingerprinting: your writing style, connection times, and vocabulary can identify you if you post across multiple platforms
Legal framework in France
Using Tor and browsing the dark web are perfectly legal in France. No provision of the Penal Code, the Internal Security Code, or any other law sanctions the use of anonymization tools as such. The 2016 Digital Republic Act reaffirmed the principle of net neutrality and the right to digital privacy. The decree of March 17, 1999, liberalized the use of strong encryption.
What remains obviously illegal are the punishable activities carried out via Tor or elsewhere: purchasing illicit products, incitement to hatred, habitual viewing of child sexual abuse material (Article 227-23 of the Penal Code), glorification of terrorism. The applicable law is exactly the same as on the regular web: the tool is neutral — only reprehensible use falls under criminal law. A user who reads the BBC via its .onion, browses OnionDir, or uses ProtonMail over Tor is not breaking any French law whatsoever.
For accidental exposure to illegal content, Article 227-23 generally requires habitual viewing (repeated, deliberate) rather than a single incident to constitute an offense. A unique, accidental exposure without recording or repeat visit does not constitute an infringement. If in doubt, report to PHAROS: making a report puts you firmly on the right side of the law.
Going further
You now have a solid foundation for starting to explore the dark web safely. To deepen your understanding and master more advanced scenarios, several additional resources are available to you. Our dark web and Tor network glossary explains in detail every technical term you may encounter, with short definitions and extended explanations. Our unusual FAQ answers fifty curious questions about Tor, from urban legends to surprising use cases.
To thoroughly debunk the misconceptions circulating in the media and on social networks, our piece on 50 debunked myths offers systematic fact-checking with clear verdicts. Our top 30 legitimate .onion sites offers a guided tour of the most surprising services, from international media to privacy tools and cultural curiosities.
To explore by theme, browse our directory categories: media with .onion versions of the BBC, NYT, and others; privacy tools including SecureDrop, OnionShare, and secure operating systems; encrypted email and messaging with ProtonMail and Riseup; search engines specialized in .onion; and community forums such as Dread.