The dark web in France: legal framework, uses and landmark cases
France occupies a particular position in the global Tor and dark web ecosystem. With between 15,000 and 30,000 daily users according to Tor Project metrics, the country ranks among the ten largest users of Tor in Europe. Its liberal legal framework on encryption, combined with a tradition of freedom of expression and an active investigative press, explains this sustained level of use. This article offers a complete overview of the French situation: what is legal and what is not, who uses Tor and for what purpose, how the authorities approach the subject, and what are the landmark cases that have shaped recent history.
⚫ This page is the showcase. The rest is elsewhere. Tor access →The French legal framework: Tor is legal, offenses are not
Under French law, using Tor and browsing .onion sites are perfectly legal. No provision of the Penal Code, the Internal Security Code, or the Electronic Communications Code targets, directly or indirectly, anonymization tools. This position sits within a broader framework of encryption liberalization, initiated by the decree of March 17, 1999, which authorized the free use of strong encryption (France had previously maintained a restrictive regulatory regime, a legacy of the era when cryptography was classified as war material).
The Digital Republic Act of October 7, 2016, championed by Secretary of State Axelle Lemaire, reaffirmed several principles favorable to Tor users: net neutrality, the right to digital privacy, and freedom to use anonymization tools. This law — which was the subject of a notable participatory process (an online public consultation) — positioned France as one of the most liberal European countries in terms of digital freedom.
The LCEN (Loi pour la Confiance dans l'Économie Numérique, the Law on Trust in the Digital Economy) of 2004 establishes the legal framework for technical intermediaries. It exempts technical providers (hosts, registrars, operators) from liability for content they transport or host, unless they have actual knowledge of it and fail to remove it. This framework protects operators of Tor relays in France, who can operate without direct legal risk.
What is obviously illegal are offenses committed via Tor, just as anywhere else: drug trafficking, arms trafficking, glorification of terrorism, threats, financial fraud, computer hacking, counterfeiting, violations of privacy, and so on. The full arsenal of criminal law applies identically on the clearnet and on Tor. Tor's anonymity is not a legal immunity: high-profile arrests in the context of operations like Bayonet (2017), or more recently around dismantled ransomware groups, serve as regular reminders of this.
One nuanced legal point concerns viewing certain content. Article 227-23 of the Penal Code criminalizes the "habitual viewing" of child sexual abuse material, not a one-time exposure. Article 421-2-5 criminalizes glorification of terrorism. Case law generally requires intent and repetition to constitute an offense. A single accidental exposure does not constitute a criminal act, but the right instinct is to close the page immediately and report it to PHAROS.
Who uses Tor in France?
Contrary to the dominant media image, Tor users in France are primarily legitimate and varied in profile.
Journalists are one of the most identifiable groups. Newsrooms at Le Monde, Mediapart, AFP, Radio France, and Arte have integrated Tor into their toolkits. SecureDrop, used by several of them, runs entirely on Tor. Foreign correspondents in sensitive countries (Russia, Iran, China, Turkey) use Tor daily to protect their communications. AFP regularly trains its teams in digital security tools.
Civil society activists make up another significant population. Human rights organizations (Amnesty International France, FIDH, La Quadrature du Net), whistleblowers (collectives linked to tax evasion, industrial pollution, and corruption cases), and climate and social activists use Tor to coordinate their actions and protect their sources.
Cybersecurity researchers use Tor professionally to study threats, analyze malware, and monitor criminal marketplaces. French universities such as Inria (notably the Prosecco team), ANSSI, and companies like Orange Cyberdefense, Sopra Steria, and Thales employ specialists who use Tor on a daily basis.
Legal and healthcare professionals sometimes use Tor to protect the confidentiality of communications with their clients or patients, particularly in sensitive cases (criminal defense lawyers, psychiatrists, specialized physicians). The Paris Bar Association has issued recommendations on this topic.
Ordinary citizens probably make up the silent majority of users: people concerned about their privacy in the face of advertising tracking, victims of domestic violence or stalking seeking to escape surveillance by a partner, sexual or religious minorities protecting their intimacy, and citizens who are cautious on principle. The use is often discreet but widespread.
Illegal activities exist but represent a minority share. France has seen cases of drug trafficking, weapons sales, and financial fraud via Tor, which are regularly covered in the press. Police investigations show, however, that the majority of these activities are carried out by a small number of relatively inexperienced individuals, often identified quickly through their operational security mistakes.
French investigative journalism and Tor
The French press integrated Tor into its professional toolkit from the mid-2010s, in the wake of the Snowden revelations. The integration happened gradually, newsroom by newsroom, often at the initiative of individual journalists before being institutionalized.
Le Monde launched its secure reporting system in 2017, based on SecureDrop. Accessible via
lemonde.fr/signalement, it allows sources to transmit documents anonymously. Several major
Le Monde investigations (SwissLeaks, Panama Papers, Paradise Papers on the French side) used encrypted
channels linked to Tor.
Mediapart, founded by Edwy Plenel in 2008, has made investigative journalism its trademark. The site has run an active SecureDrop instance for several years. Mediapart has published numerous investigations received through encrypted channels, notably on the Libyan financing of the Sarkozy campaign, the Cahuzac affair, and various political corruption cases.
AFP (Agence France-Presse) does not have a public SecureDrop instance but trains its journalists in the use of Tor and good operational security practices. For correspondents in conflict zones or authoritarian countries, Tor is a standard professional tool.
Radio France (France Info, France Inter, France Culture) has set up secure channels for its investigation unit. Journalists on Investigations at France Inter, for example, regularly use Tor to protect their sources.
Arte, the Franco-German channel, has integrated Tor into its editorial workflows, particularly for investigative documentaries on sensitive subjects (surveillance, cybercrime, human rights).
Alternative media such as Blast, Reporterre, and StreetPress also use Tor to varying degrees, depending on their technical resources. Training provided by Reporters Without Borders France and the CFDT Journalists union helps spread these skills.
For a deeper look at journalistic use cases, see our Tor guide for journalists dedicated to that profession.
Official positions: ANSSI, CNIL, intelligence services
The official position of French authorities toward Tor is broadly neutral, and even favorable on certain aspects — which contrasts with a sometimes more guarded political discourse.
ANSSI (the French National Information Systems Security Agency), the French public authority on cybersecurity, regularly publishes guides and recommendations that mention Tor without particular hostility. Several ANSSI researchers use Tor themselves in their threat analysis work. The agency targets dangerous practices (unreliable VPNs, careless downloads) rather than legitimate anonymity tools.
The CNIL (Commission nationale de l'informatique et des libertés) actively defends digital privacy rights. Its philosophy is broadly aligned with that of the Tor Project. The CNIL recommends in its digital hygiene guides the use of privacy-protecting tools, even if it does not always name Tor explicitly.
Intelligence services (DGSI for domestic intelligence, DGSE for foreign) have, like their foreign counterparts, targeted surveillance capabilities on anonymization networks. These capabilities are governed by the 2015 Intelligence Act, which requires authorization for any individual surveillance measure. Mass surveillance of Tor users in France does not exist: it would be both technically impossible (with several tens of thousands of users) and legally prohibited.
Specialized police units (cybercrime sections of prosecutor's offices, OCLCTIC — the Central Office for Combating Crime Related to Information and Communications Technology) conduct targeted investigations into specific cases. Their cooperation with Europol and foreign police is close, particularly within international operations such as Bayonet.
PHAROS: reporting illegal content on the dark web
PHAROS (Plateforme d'Harmonisation, d'Analyse, de Recoupement et d'Orientation des Signalements) is France's official mechanism for reporting illegal content encountered online, including on the dark web. It is operated by the OCLCTIC.
The platform is accessible at internet-signalement.gouv.fr. Reporting is
anonymous by default: you are not required to provide your identity. Only OCLCTIC officers
can access reports and conduct investigations. Several million reports have been processed since PHAROS
was created in 2009.
Categories handled include: child sexual abuse material, glorification of terrorism, incitement to racial hatred, discrimination, major online fraud, and serious threats. For less serious offenses (defamation, minor harassment), other channels are more appropriate.
Reporting does not expose you legally. The law explicitly protects people who report illegal content in good faith. On the contrary, Article 434-3 of the Penal Code punishes the failure to report certain serious crimes (particularly involving minors). Reporting is therefore both a civic act and a legal protection for you.
When to report: if you accidentally land on clearly illegal content while browsing the dark web, take a few minutes to copy the .onion address and submit it to PHAROS via the form. Your report helps investigators map threats and can sometimes trigger dismantlement operations.
Landmark legal cases
Several French cases linked to the dark web have marked the last decade.
Operation dismantling a weapons sales network (2016–2017). A joint DGSI, gendarmerie, and Europol operation dismantled a French network that was selling firearms via the dark web. Several arrests followed in the Paris region and in the provinces. The suspects had used marketplaces such as AlphaBay for their transactions.
Buyers identified through Hansa (2017–2018). During Operation Bayonet, Dutch police secretly took control of Hansa for a month. The information collected (delivery addresses, transaction histories) subsequently enabled the identification of numerous customers across Europe, including several dozen in France. Sentences varied depending on volumes and the nature of the products purchased.
Tax fraud cases using the dark web. Several cases involving tax fraudsters who used the dark web and cryptocurrencies to launder funds were handled by the National Financial Prosecutor's Office (PNF) from 2018 onward. These cases contributed to the development of the European directive on cryptocurrency tracking.
Dismantling of ransomware networks (2021–2024). France participated in several international operations targeting ransomware groups operating from the dark web: the partial dismantling of LockBit in February 2024 (coordinated by the British NCA but with French participation), and operations against REvil and Hive. ANSSI and the Paris prosecutor's office's cybercrime section played key roles.
Stalking and harassment cases. Several cases of people using the dark web to commission cyber-harassment services against private individuals have been tried. Sentences were generally proportional to the severity of the offenses (harassment, threats, and in some cases complicity in violence).
For a broader view of internationally dismantled marketplaces, see our historical category Dismantled platforms.
Challenges specific to France
Several issues particular to France deserve to be highlighted.
The European debate on encryption. France has on several occasions proposed, at the European level, measures that would weaken strong encryption (proposals for "legal backdoors" for authorities). These proposals, supported by part of the executive, have been broadly opposed by digital rights advocates (particularly La Quadrature du Net), cryptographers, and industry. France's final position remains ambiguous, oscillating between privacy protection and the desire to have effective investigative tools.
The relationship between justice and technological anonymity. French examining magistrates are increasingly confronting the technical limits of anonymization. Device encryption (iPhone, Samsung) and Tor's anonymity complicate conventional investigations. Magistrates are adapting by seeking alternative techniques (blockchain analysis, infiltrations), but the debate over the balance between privacy and judicial effectiveness remains live.
Protection of journalistic source secrecy. French law strongly protects journalistic source secrecy (Article 2 of the law of January 4, 2010). This legal protection reaches its full effectiveness when backed by technical tools that make sources technically unidentifiable. Tor, SecureDrop, and Tails form the modern infrastructure of that protection.
The stance on blocking. Unlike Russia, which officially blocked torproject.org, France does not block Tor in any way. This position reflects a commitment to freedom of access to information and net neutrality. Occasional attempts to propose administrative blocking (particularly in the context of anti-terrorism laws) have been systematically challenged by the Constitutional Council or by civil liberties advocates.
The French cybersecurity ecosystem. Several important French players contribute to privacy technologies. Olvid, an encrypted messaging app developed by a French startup, has been approved by ANSSI. NextGraph, Rock, KDrive, and other French products offer sovereign alternatives. Campus Cyber, opened in 2022 in Paris, brings together institutions and companies in the sector. France is positioning itself to be a European leader in cybersecurity and digital protection.
Going further
For the practical aspects, see our safe dark web access guide, which includes details on the French legal framework. Our guide for journalists details the tools specific to the profession. Our article on real dangers covers French legal risks in depth.
For the history of the Tor ecosystem, see our complete history of Tor and our Silk Road timeline. To debunk misconceptions, our 50 myths debunked piece systematically dismantles French clichés about the dark web.