50 dark web myths debunked: complete fact-check
The dark web is without doubt one of the technological topics where the gap between reality and the collective imagination is largest. Sensationalist documentaries, television reports, YouTube videos with millions of views, and film scripts have built, layer by layer, a dense mythology mixing verifiable elements, narrative exaggerations, urban legends, and pure inventions. As a result, when an ordinary internet user hears about the dark web, they generally have in mind an image strangely removed from what this technical infrastructure actually is.
⚫ Filtered page. The complete catalog is on Tor. Tor access →This article offers a systematic fact-check of the fifty most widespread myths, organized into five broad families: media myths fueled by the mainstream press, technical myths about how Tor works, legal myths about what is or is not legal, pop culture myths inherited from films and TV shows, and marketplace myths and scams. For each claim, we provide a verdict (True, False, Partially True, or Nuanced) and a detailed explanation, drawing on verifiable sources: documentation from the Tor Project, published academic studies (King's College, Princeton, Terbium Labs), Europol and Interpol reports, court decisions, and investigative journalism from the BBC, the New York Times, and ProPublica.
The goal is not to "defend" or "demonize" the dark web. The illegal activities that take place there are real and concerning, and we do not glorify them. But the fight against these activities would benefit from being based on facts rather than media fantasies. Moreover, the vast majority of Tor uses are perfectly legitimate, and misconceptions discourage privacy practices that everyone would need in an era of widespread advertising surveillance. Separating fact from fiction serves both objectives.
Each myth comes with a unique identifier (for example #dark-web-96-pourcent) that allows you to
cite the debunking in a share or article. If you want to explore a specific question further,
our unusual dark web FAQ covers fifty complementary questions from
a more narrative angle. For definitions of technical terms, see our glossary.
📺 Media myths about the dark web
Media portrayals of the dark web oscillate between fascination and sensationalism. Here are the most widespread clichés found in the press, on television, and in sensationalist documentaries.
« The dark web makes up 96% of the Internet. »
TV news segments, YouTube videos, mainstream press articles
This statistic confuses two very different realities. The 96% figure refers to the "deep web" — all content not indexed by search engines: your emails, your online banking, companies' internal databases, intranets, anything protected by a password. The dark web accessible via Tor, by contrast, represents only a tiny fraction of the Internet, estimated at less than 0.01% of the total web. The most rigorous studies, such as those from Terbium Labs or the Tor Project itself, count between 30,000 and 80,000 active .onion services at any given time — compared to 1.8 billion sites on the open web. The iceberg infographic that has been circulating everywhere since 2001, popularised by BrightPlanet, has permanently blurred this distinction in the public imagination.
« Everything that happens on the dark web is illegal. »
TV news broadcasts, social media discussions
The landmark study on this subject, conducted by Daniel Moore and Thomas Rid of King's College London in 2016, classified roughly 57% of active .onion sites as containing illicit material. That is significant, but it also means 43% do not. And those figures count sites, not traffic: the vast majority of visits on Tor concern perfectly legal services such as Facebook, DuckDuckGo, BBC News, the New York Times, ProPublica, and ProtonMail. Of the 2 to 3 million daily users estimated by the Tor Project, the overwhelming majority does nothing illegal: they read news, protect their privacy, circumvent their country's censorship, or communicate securely. The dark web is a technically neutral space; its uses are diverse.
« The dark web is controlled by Russian mafias. »
Mainstream documentaries, TV series pitches
This claim corresponds to no technical or organisational reality. The Tor network is a decentralised infrastructure maintained by approximately 7,000 volunteer relays spread across a hundred countries. There is no central "control" that could be exercised by any organisation, including criminal ones. Certain cybercriminal groups are indeed Russian-speaking, particularly in the ransomware sector, and several forums and marketplaces have historically been operated from the former Soviet Union. But they represent only a share of a global and highly fragmented criminal ecosystem. Europol and Interpol reports describe a fragmented landscape with no single hierarchy, featuring Chinese, Nigerian, North American, European, and South American actors each playing their own part.
« Mainstream journalists avoid the dark web. »
Editorial commentators, television panel debates
Major international newsrooms are in fact among the first institutional users of Tor. ProPublica was a pioneer in 2016 with the first major .onion address from a general-interest media outlet. The New York Times followed in 2017, the BBC in 2019, then Deutsche Welle, Radio Free Europe, Le Monde (via SecureDrop), Mediapart, The Intercept, and The Washington Post. Hundreds of professional journalists use Tor daily to communicate with confidential sources through platforms such as SecureDrop or GlobaLeaks. SecureDrop's funding, provided by the Freedom of the Press Foundation, is supported by major donors including Reuters, the AP, and Al Jazeera. Far from shunning the dark web, investigative journalism has made it a standard professional tool.
« Tor was created by criminals to protect their activities. »
Arguments from politicians calling for Tor to be banned
The Tor network was developed from the mid-1990s by the U.S. Naval Research Laboratory, as part of a research programme into secure communications for government agents abroad. Researchers Paul Syverson, Michael Reed, and David Goldschlag published the first scientific papers on onion routing in 1996. The source code was made public in 2004, and the Tor Project, a non-profit organisation based in the United States, was founded in 2006 by Roger Dingledine and Nick Mathewson. The project still receives funding from the U.S. government through the Open Technology Fund, as well as from the Ford Foundation, the EFF, and individual donors. Tor was born out of a state security need, not a criminal project.
« Most Tor users are criminals. »
Political debates, security opinion articles
The Tor Project's own statistics on network usage contradict this claim. Of the 2 to 3 million daily users, the majority are located in countries where legitimate anonymity needs are high: Iran, Russia, Belarus, Turkey, China — where circumventing state censorship is a civic act. In the United States and Western Europe, typical users are primarily journalists, activists, security researchers, legal professionals, domestic abuse victims seeking to escape their partners, or simply citizens concerned about their privacy in the face of advertising tracking. Academic studies converge: the vast majority of network traffic involves clearnet services accessed anonymously, not criminal hidden services.
« Google can see what you do on Tor. »
Misinformed advice on general-interest forums
Technically, Google has no way to see the content of your browsing when you use Tor Browser correctly. Tor's layered encryption makes your requests unreadable to all intermediaries, including Google. If you visit google.com from Tor, Google sees a request coming from a Tor exit node (not your real IP), with a standardised browser fingerprint specific to Tor Browser. Google can therefore serve an adapted page or even impose a CAPTCHA, but cannot link it to your real identity or to other non-Tor sessions. For .onion services, Google does not index them at all: they never appear in its results. The only way to compromise this anonymity would be to log into your personal Google account while on Tor, which would obviously break the entire setup.
« Police operations are gradually making the dark web disappear. »
Europol press releases repeated uncritically
International police operations (Onymous in 2014, Bayonet in 2017 which took down AlphaBay and Hansa, Europol's recurring actions against Dream Market, etc.) dismantle specific marketplaces, not the Tor network as a whole. The phenomenon resembles a cat-and-mouse game: when one market is shut down, vendors migrate to another, or a new market emerges. Long-term statistics show stability, or even growth, in overall Tor traffic. The Tor Project publishes this data publicly: the number of daily users rose from under one million in 2014 to nearly three million in 2024. What changes is the composition: more media users, more censorship circumvention, and criminal activity that fragments without disappearing.
« Governments will soon ban Tor in Europe. »
Recurring rumours on social media
No European legislation targets a ban on Tor, and no serious proposal has been tabled to that effect. On the contrary, European Union institutions actively fund anonymisation and censorship-resistance tools as part of their digital rights policy. France, through the Digital Republic Act (2016), reaffirmed the principle of net neutrality. ANSSI, France's national cybersecurity agency, itself uses Tor in some of its research work. Only a few authoritarian regimes (China, Iran, Belarus, Russia partially) restrict access to the network. In a democracy, banning Tor would mean banning a tool used by journalists, whistleblowers, and victims, which would immediately raise questions of constitutionality and compliance with the European Charter of Fundamental Rights.
« Interpol monitors all Tor users in real time. »
TikTok videos, conspiracy theory forums
Interpol is an international police cooperation organisation that has neither the operational authority nor the technical capacity to individually monitor millions of users in real time. Its role is to facilitate information exchange between national police forces, mainly through its databases and notices. For the dark web, Interpol coordinates operations with Europol and national police forces on specific, always targeted, always judicially supervised investigations. No mass surveillance infrastructure of Tor exists at Interpol, and the very nature of the protocol makes this type of surveillance technically impossible. What Interpol does in practice: analyse public marketplaces, infiltrate forums, cooperate on transnational cases. Not blanket surveillance.
⚙️ Technical myths about Tor and how the dark web works
Many technical misconceptions circulate about Tor, some of them dangerous because they lead to poor security practices.
« Tor and the dark web are the same thing. »
Common usage in non-specialist media
Tor is a software and anonymisation network; the dark web is a set of non-indexed sites accessible via specific protocols. The two overlap but are not identical. The majority of Tor traffic does not involve the dark web: users route through Tor to visit standard websites (clearnet) while preserving their anonymity. Conversely, other dark web technologies exist that do not rely on Tor: I2P, Freenet, ZeroNet, GNUnet — each with its own architecture. Tor dominates in popularity, which explains the confusion, but technically an I2P site does not open in Tor Browser and vice versa. This distinction matters for understanding technical debates: when a journalist writes "the dark web", they usually mean "hidden services accessible via Tor", but rigorous terminology prefers to keep the two separate.
« You absolutely must use a VPN with Tor, otherwise it is dangerous. »
VPN advertisements, YouTube tutorials with bad advice
The Tor Project itself does not recommend automatically adding a VPN to Tor for most users. A VPN adds a layer that can be useful in certain contexts (hiding from your ISP the fact that you are using Tor) but also introduces a new trust point: the VPN provider becomes a privileged observer of your traffic. In a "VPN over Tor" configuration, you lose some of Tor's protections; in "Tor over VPN", you depend on the VPN provider's word about the absence of logs. Tor's official documentation details these scenarios without concluding that one is clearly superior. Most users achieve broadly sufficient security with Tor alone, correctly configured. VPN advertisements perpetuate this myth to sell subscriptions, but independent security experts (Matt Tait, The Grugq) are far more nuanced.
« Tor Browser is riddled with viruses. »
Fearful comments on social media
Tor Browser itself is not infected. It is a maintained fork of Firefox ESR, regularly audited, with an open source code. If you download it from the official Tor Project website (torproject.org) and verify its cryptographic signature, you have a browser as secure as Firefox. The risks come from elsewhere: downloads from unofficial sources (tampered copies), visits to malicious .onion sites that attempt exploits on the browser, careless enabling of JavaScript on dubious pages. These risks exist on the regular web too. The difference with Tor is psychological: dangers are expected, so people are more vigilant. The fundamental advice applies everywhere: keep your browser up to date (Tor Browser automatically signals updates), avoid suspicious downloads, use the highest security mode when exploring unknown sites.
« .onion addresses can be guessed at random. »
Technical misconceptions
A v3 .onion address contains 56 base32 characters, encoding a 256-bit Ed25519 public key. The space of possible addresses reaches 2²⁵⁶, a number of roughly 78 digits. To give you a sense of scale, that is infinitely more than the number of atoms in the observable universe (estimated at around 10⁸⁰). Randomly guessing a specific .onion address would statistically take longer than the age of the universe, even with every computer on the planet running in parallel. This size is not chosen for elegance: it is designed precisely to make brute-force impossible. "Vanity" addresses (such as Facebook's facebookwkhpilnemxj7asaniu7vnjjbiltxjqhye3mhbshg7kx5tfyd.onion, which begins with "facebook") are generated by computing billions of keys until one is found whose first characters resemble a word. Even these readable prefixes cost several days of computation on dedicated hardware.
« The dark web uses "quantum crypto" accessible only to the initiated. »
Clickbait videos about dark web "levels"
"Quantum crypto" is a vague term that corresponds to no technology used by Tor or any dark web service. Tor uses perfectly documented classical cryptography: elliptic curves (Curve25519 for handshakes, Ed25519 for signatures) and standard symmetric algorithms (AES, ChaCha20). Nothing "quantum" in the sense the general public imagines. Research into post-quantum cryptography — aimed at resisting future quantum computers — is public and coordinated by the American NIST. Some projects already incorporate these algorithms to prepare for the future, but this is not a privileged access reserved for an elite. No operational quantum machine today can break modern cryptography, let alone provide "secret access" to hidden layers of the Internet. This narrative belongs to the realm of science fiction.
« Artificial intelligence can now de-anonymise Tor. »
Post-2023 rumours about "super-AIs" that break everything
No published research to date demonstrates that an AI — even the most recent models — can de-anonymise Tor users who follow best practices. Known de-anonymisation attacks (traffic correlation, browser vulnerability exploitation, behavioural fingerprinting) predate generative AI and do not fundamentally depend on it. Researchers sometimes use machine learning to analyse traffic patterns, but the gains are marginal and only concern attackers capable of observing a significant fraction of the network. For an ordinary user who uses an up-to-date Tor Browser from a clean environment (ideally Tails), no AI accessible to the public or to a private company can reconstruct their identity from their Tor activity. Sensationalist announcements on this topic are invariably marketing content, not peer-reviewed scientific publications.
« You need to be a hacker to use the dark web. »
Intimidation by clickbait content creators
Basic use of Tor Browser is as simple as Chrome or Firefox. You download, install, launch, and click "Connect". Navigation works like any other browser. No particular technical skills are required to read a BBC article on its .onion or browse OnionDir. Technical complexity begins if you want to host your own .onion site (server configuration), create a vanity address (compilation of specific tools), or set up advanced security scenarios (combining with Tails, Whonix, Qubes, etc.). These advanced uses concern a minority of users. For the vast majority, Tor is a mainstream browser, installed and usable in a matter of minutes. The "hacker required" myth is perpetuated by a cinematic media aesthetic that bears no relation to the everyday reality of users.
« Tor makes you 100% anonymous. »
Marketing promises, arguments from unscrupulous vendors
No tool guarantees absolute anonymity. Tor protects against many forms of surveillance, but it does not protect against human errors, which are the primary cause of documented de-anonymisations. Logging into your personal Gmail account while on Tor immediately breaks anonymity. Posting a file containing metadata (photo EXIF data, Word metadata) reveals the author. Using a recognisable writing style allows identification through stylometric analysis. Tor also does not protect against adversaries capable of simultaneously observing traffic entering and leaving the network, which is within reach of certain government agencies for specific targets. Anonymity is a continuum, not a switch. Tor is a powerful tool, but it fits within a broader security hygiene that includes user behaviour, parallel tools used, and information voluntarily shared.
« .onion sites are indexed by Google. »
Confusion between search engines
Google technically cannot index .onion services. Its indexing robot (Googlebot) navigates the clearnet via standard protocols (HTTP, HTTPS) and does not support the Tor protocol. Even if it did, it has no way to discover .onion addresses, which are not listed in a public DNS and whose structure prevents systematic discovery. Dark web search engines (Ahmia, Torch, Haystak) are completely separate infrastructures, themselves hosted on Tor, with their own crawlers that follow links from known directories. Ahmia, for example, is maintained by Juha Nurmi and indexes around 20,000 to 30,000 active services. DuckDuckGo has a .onion version to protect its users, but its index remains that of the regular web. The separation between the two worlds is technical and architectural, not a matter of will.
« Tor can be faster than a regular browser in certain cases. »
Unfounded technical claims
There is no credible scenario in which Tor would be faster than a direct connection to the same site via a standard browser. By its very nature, Tor adds at least three intermediate nodes between you and the destination, inevitably introducing latency and reducing available bandwidth. Tor Project measurements show average latencies of 200 to 2,000 ms (compared to 10 to 50 ms for a direct connection) and throughputs of a few Mbps (compared to several hundred on a modern fibre connection). Some people claim that Tor would be faster on connections throttled by the ISP: this is theoretically possible if your ISP deliberately slows down certain sites and Tor bypasses that throttling, but this is a very specific case that does not apply to normal use. For everyday use, Tor is significantly slower, and that is the price to pay for the anonymity it provides.
⚖️ Legal myths: what is legal and what is not
Legal myths are the most harmful: they discourage perfectly legal uses and create the impression that prohibitions exist where they do not.
« Using Tor is illegal in France. »
Very widespread misconception
No provision of the French Criminal Code, the Internal Security Code, or the Electronic Communications Code directly or indirectly targets the use of Tor. The software is freely downloadable from torproject.org, and its use is practised daily by thousands of French citizens (journalists, lawyers, researchers, activists, ordinary citizens). The principle of net neutrality, enshrined in the Digital Republic Act of 2016, guarantees the right to use anonymisation technologies. France is also a signatory to European conventions on freedom of expression that protect the use of such tools. What is illegal are the activities committed, whether on Tor or elsewhere (trafficking, threats, illicit content). The tool is neutral; only its reprehensible use falls under criminal law. A user who reads the BBC via its .onion, browses OnionDir, or uses ProtonMail on Tor breaks no French law.
« Downloading Tor Browser puts you on an intelligence agency watchlist. »
Post-Snowden rumours repeated uncritically
This claim dates back to 2014, stemming from a Wired magazine article that revealed the NSA had, in one of its XKeyscore programmes, tagged certain visitors to the torproject.org site. Since then, things have changed considerably. The number of Tor users has become so large (over 2 million daily) that such a tag would be practically useless for targeting individuals. French intelligence services, for their part, have never practised this kind of mass tagging: the DGSI and DGSE work on individualised targets, within a judicial framework under the 2015 intelligence law. Downloading Tor in France has no legal or administrative consequence. That said, good practices still apply if you value the confidentiality of that action: downloading from a shared connection, verifying the binary signature, etc.
« Accidentally seeing illegal content on Tor makes you guilty. »
Widespread fear among new users
Under French law, the mere accidental viewing of illegal content is generally not a criminal offence, except in specific cases. For child sexual abuse material, Article 227-23 of the Criminal Code criminalises "habitual consultation" (not incidental consultation) and "downloading". A single accidental access, without any saving or repeated visits, does not constitute the offence. For other content (glorification of terrorism, incitement to hatred), the material elements required by law include criminal intent and a deliberate act. The practical advice in the event of accidental exposure: close the tab immediately, clear the cache, and if in serious doubt, report it to PHAROS (France's official online reporting platform). A report puts you on the right side of the law, not in difficulty. Fear paralyses more than it protects; knowing the actual rules is far more useful.
« Reporting an illegal site can backfire on you. »
Fear that discourages users from reporting
The PHAROS platform (https://www.internet-signalement.gouv.fr) is designed precisely to allow any citizen to report illicit content found online, including on the dark web, without consequences for themselves. Reports are anonymous by default, and officers from the Central Office for the Fight against Crime Linked to Information and Communication Technology (OCLCTIC) are the only ones who handle the case. Reporting child sexual abuse material, terrorist content, or content inciting hatred is a civic act protected by law, not an admission of frequent consumption. On the contrary, failing to report after discovery could, in certain serious cases, itself be problematic (failure to report a crime, Article 434-3 of the Criminal Code). Fear of reporting sustains the grey area that criminals exploit.
« Having Tor installed on your computer is suspicious to the justice system. »
Confusion between tool and use
Possessing legal software such as Tor Browser is not legally suspicious. An investigator who seizes a computer during a search may note the presence of Tor, but this constitutes no indication of guilt, any more than the presence of Firefox, Thunderbird, or LibreOffice would. What matters to the justice system is actual use: browsing logs (if they exist), content stored on the disk, communications, transactions. By default, Tor Browser keeps no history: there is therefore nothing to analyse on the local usage side. Magistrates and lawyers themselves use Tor in their professional practice, to protect the confidentiality of communications with their clients or sources. Guilt by software association is the stuff of crime fiction, not actual criminal procedure.
« ANSSI and the CNIL advise against using Tor. »
Erroneous generalisations
ANSSI (France's National Information Systems Security Agency) regularly publishes cybersecurity guides that mention Tor without any hostility. Several ANSSI researchers themselves use Tor as part of their threat analysis work. The CNIL (National Commission on Informatics and Liberty), for its part, actively defends digital privacy rights, which is philosophically aligned with the Tor project. The CNIL explicitly recommends in its digital hygiene guides the use of privacy-protection tools, even if it does not always cite Tor by name. Neither institution has ever issued a statement advising against Tor. At the European level, ENISA (the European cybersecurity agency) mentions Tor as one tool among others, in a neutral approach. Any hypothetical "warnings" are a fiction.
« Tor is classified as a "digital weapon" under French law. »
Recurring rumour
No legal category of "digital weapon" exists in French law. The laws on weapons (Articles L311-1 et seq. of the Internal Security Code) concern exclusively physical weapons. Certain specific offensive software can fall under Article 323-3-1 of the Criminal Code (making available a programme designed to commit a computer offence), but Tor, which is anonymisation software, absolutely does not fall under this category. The text targets tools specifically designed for attack (exploits, keyloggers, rootkits), not defence or confidentiality tools. Tor is widely used by IT security professionals, auditors, lawyers, and journalists. Classifying it as a "weapon" would be as absurd as classifying a curtained window as a "surveillance tool".
« Buying cryptocurrencies via Tor is illegal in France. »
Confusion between tool use and taxation
Buying cryptocurrencies has been legal in France for years, provided you use a platform registered with the AMF (Financial Markets Authority) and declare capital gains upon sale (Article 150 VH bis of the General Tax Code). Using Tor to access a legal platform adds or removes no obligation: you buy legally, you declare legally. Most major platforms (Coinbase, Kraken, Binance) do, however, block Tor exit nodes for anti-fraud reasons, making the operation technically difficult. The genuinely regulated subject concerns Know Your Customer (KYC) obligations imposed on platforms, not the user's choice of browser. Buying anonymously without KYC (via certain peer-to-peer exchanges) raises a separate tax question, but the use of Tor in itself is not implicated.
« Strong encryption like that used by Tor is prohibited in France. »
Distorted memory of 1990s legislation
Since the decree of 17 March 1999 and the Law for Confidence in the Digital Economy (LCEN) of 2004, the use of cryptographic means has been entirely free in France. Companies can develop, commercialise, and use strong encryption algorithms without prior authorisation. This freedom also stems from the need for French companies to be competitive on the global market. France did indeed have restrictive legislation in the 1990s (key size limited to 40 bits), but that era is entirely over. Today the French government actively promotes strong encryption as part of its cybersecurity policy. Intelligence services sometimes request lawful access mechanisms (backdoors), but these debates concern interception legislation, not personal use of encryption.
« Banks can close your account if you use Tor. »
Largely unfounded fear
A French bank has neither the technical means nor the legal will to detect a customer's use of Tor. Banks monitor suspicious transactions (AML/CFT obligations), not their customers' browsing habits. Some online banking interfaces do, however, block connections from Tor exit nodes for account security reasons, but this is a simple session block, not a measure targeting the customer. Account closure in France is regulated by law: the bank must justify its decision, and the Monetary and Financial Code provides a right to a bank account for residents. Some customers have been victims of arbitrary closures, but the real reasons relate rather to transactions (cryptocurrencies, suspicious transfers) than to the use of an anonymity tool. Using Tor to read the news will never trigger any banking alert.
🎬 Myths from pop culture and visual stereotypes
Films, TV series, and video games have shaped an image of the dark web that is deeply at odds with reality. Debunking the most widespread clichés.
« Dark web sites look like Matrix screens with scrolling green code. »
Action films, crime series, rap music videos
.onion sites are ordinary web pages in HTML, CSS, and sometimes JavaScript, exactly like on the clearnet. Their aesthetic is generally minimalist, not out of a taste for mystery but for technical reasons: bandwidth is limited, Tor's high security mode disables many visual features, and administrators prioritise performance. You find black text on a white background, sometimes dark themes, occasionally a few images, but nothing resembling a "cyberpunk" aesthetic. The Matrix cliché comes from the 1999 Wachowski film, where the scrolling green code was an artistic representation of the simulation. No website — .onion or otherwise — looks like that. When you visit Dread, Ahmia, or the BBC's .onion version, you see sober, readable, sometimes austere pages, but never a green code animation.
« A hack on the dark web takes 10 seconds, like in the movies. »
Film and crime series scenes
Real cybersecurity bears no resemblance to cinematic portrayals. A security audit of a serious web application takes days, or even weeks, for an experienced tester. Exploiting a zero-day vulnerability, when possible, typically requires months of prior research. Even a brute-force attack on a moderately complex password can take hours to years depending on the configuration. Scenes of hackers frantically typing for ten seconds to "bypass the NSA firewall" are pure fiction. Reality consists of patience, automated analysis tools (Metasploit, Burp Suite, Wireshark), reading documentation, and methodical testing. Most successful attacks, moreover, exploit human weakness (phishing, social engineering) rather than spectacular technical exploits. The Hollywood hacker in a hoodie typing furiously does not exist in real life.
« Dark web hackers type on keyboards blindly, never using a mouse. »
Cinematic stereotype
The reality of work for cybersecurity professionals and hackers (ethical or otherwise) involves the normal use of computers with mice, multiple screens, and graphical interfaces. Malware analysis tools like IDA Pro or Ghidra have sophisticated graphical interfaces. Vulnerability scanners like Nessus or Qualys present rich dashboards. Even in command-line environments (Linux), which are indeed widely used, nobody works "blindly": modern terminals fully support the mouse, multiple tabs, and advanced editors like Vim or Emacs with plugins. The cliché of the hacker typing while looking away is derived from portrayals of computing from the 1980s, when terminals genuinely only supported the keyboard. In the forty years since, environments have changed.
« On Tor, you can see other users' IP addresses. »
Film scenarios that ignore how it actually works
The very essence of Tor is precisely to prevent anyone — including other users — from identifying IP addresses. When you visit a .onion site, the server hosting the site does not know your IP (it sees that of the Tor exit node). Other visitors to the same site cannot see you either: each person has their own circuit, each is anonymous relative to the others. The only people who could theoretically link your IP to your Tor activity are your own ISP (who can see that you are using Tor, but not what you are doing there) and, in certain advanced attack scenarios, an adversary capable of simultaneously observing both the entry and exit of the network. For an ordinary user on an ordinary site, the IP is perfectly masked. Films that show a hacker "tracing the IP" of another Tor user in a few clicks are technically incorrect.
« The dark web is a dark and malevolent "place". »
Omnipresent journalistic metaphors
The dark web is not a place; it is a set of websites accessible via a specific protocol. There are no corridors, rooms, or atmosphere — only HTML pages accessible by typing a URL. The anthropomorphisation of the dark web as a "location" (dark, unsettling, populated by threatening figures) is a narrative construct inherited from cyberpunk science fiction. In practice, you navigate exactly as you do on the regular web: you type an address, a page appears. The perception of "darkness" comes partly from the often minimalist aesthetic of .onion sites and partly from the mental association with the illegal activities that make the news. But technically and sensorially, visiting the BBC on its .onion or DuckDuckGo on Tor is an experience absolutely identical to visiting any other site. The "dark" in "dark web" means "non-indexed", not "dark in a moral sense".
« All members of Anonymous are on the dark web. »
Confusion between hacktivism and the dark web
Anonymous is a distributed hacktivist movement with no formal structure or official affiliation. Its historic actions (operations against Scientology, support for WikiLeaks, OpISIS) were conducted primarily through mainstream social networks: Twitter, YouTube, 4chan. The movement has never been exclusively linked to Tor, and many sympathisers probably do not use it. Some Anonymous operators have used Tor to coordinate specific actions, as any activist mindful of their security would, but the movement itself is an internet culture phenomenon, not a dark web collective. The major accounts associated with Anonymous (YourAnonNews, AnonymousNewsOps) have always communicated on public platforms. The confusion between hacktivism and the dark web is fuelled by media that lump together anything that seems technical and political.
« Dark web marketplaces look like Amazon with their categories. »
Viral screenshots comparing the interfaces
Visually, some dark web marketplaces (Dream Market historically, AlphaBay, Hansa before their closure) did borrow codes from mainstream e-commerce: categories, product pages, vendor rating systems, shopping carts. This visual resemblance shocked many commentators. But the resemblance stops there. The underlying operation is radically different: payment in cryptocurrencies, escrow operated by the marketplace (which can itself disappear with the funds — the classic "exit scam"), anonymous vendors, no customer service, zero guarantee. The "reviews" are massively fake, photos are often generic, deliveries are often non-existent. The Amazon-like appearance conceals a digital wild west reality. The surprise of discovering these interfaces should not obscure that behind the CSS, it is a jungle.
« There is a "map" of the dark web that you can consult. »
Frequent Google searches
The concept of a "dark web map" has no technical meaning. Unlike a geographical territory, a computer network has no strictly visualisable form. Some researchers produce graphs showing links between .onion sites, somewhat like mapping the regular web by hyperlinks. But this is not a "map" in the popular sense of the term. Directories such as OnionDir, The Hidden Wiki, or Ahmia organise a list of sites by category — that is the closest equivalent. Scientific visualisation attempts do exist (Hyperion Gray has published several studies with graph visualisations), but they remain abstractions for specialists, not navigation maps. Searching for "the dark web map" on Google leads to blogs that have been republishing the same generic iceberg image for ten years, with no informational value.
« Dark web hackers form a community where everyone knows each other. »
Romanticised portrayals of "the scene"
The reality of cybercriminal and hacker communities on Tor is one of extreme fragmentation. Exploit-selling forums (Exploit, XSS, the former Raidforums before its closure) bring together thousands of members who do not know each other, communicate under pseudonyms, and work in ephemeral "groups" depending on the project. Organised cybercriminals (ransomware operators, botnet developers) operate in compartmentalised cells where each member knows at most two or three contacts. The "community" in the sense of a large family does not exist: it is an ecosystem of transactional, anonymous, often suspicious relationships. Security researchers who study these circles note that cooperation is minimal and betrayal is common, including through anonymous tip-offs to law enforcement. The image of the "hacker club" is a romantic fiction.
« There is a secret elitist community on the dark web, reserved for insiders. »
Sensationalist YouTube narratives
Several dark web forums and groups do have restrictive access policies: invitation-only registration, technical interviews, co-optation. These practices exist in vulnerability research circles, certain malware developer groups, and some closed marketplaces. But this is not an "elite" in the mystical sense: these are anti-law-enforcement-infiltration filters, imposed by operational necessity. Once inside, one finds fairly mundane technical discussions among individuals sharing skills. None of the known closed communities possesses "forbidden knowledge" unavailable elsewhere. The content produced, when published, often spreads beyond the original circle through successive relays. The myth of the secret club that holds hidden truths belongs to conspiracist fantasy, not to reality as documented by security researchers.
💰 Myths about marketplaces and scams
Dark web marketplaces give rise to many misconceptions, often dangerous because they lead curious users to take significant risks.
« Buying on the dark web is anonymous and safe. »
Marketing claims by certain vendors
Every purchase on the dark web introduces multiple points of vulnerability. The buyer provides a postal address (which is, by definition, linked to their identity). Payment in cryptocurrencies leaves traces on the blockchain, analysable by specialist companies such as Chainalysis, with which police forces regularly cooperate. Messages exchanged with the vendor, even when encrypted, pass through the platform, which can be compromised. Many high-profile arrests have demonstrated that buyers can be identified: Operation Bayonet (2017, AlphaBay/Hansa) allowed police to monitor Hansa for a month before closing it, capturing all transactions and delivery addresses. The "security" promoted by marketplaces is a commercial illusion. The only genuinely safe and anonymous purchases concern dematerialised goods (files, codes, documents) downloaded without any address to provide.
« Vendor rating systems guarantee reliability. »
The marketplaces' own marketing argument
Reviews on dark web marketplaces are massively manipulated. Vendors create fictitious buyer accounts to give themselves positive ratings. The teams operating the marketplaces sometimes share profits with major vendors and turn a blind eye to manipulation. Research conducted by the Center for Cybersecurity Studies (King's College) demonstrated that more than 40% of the reviews analysed showed suspicious patterns (same sentence structure, close timestamps, identical scores). A buyer who trusts the stars and reviews is navigating blind. The only relatively reliable "reputation" is that built over several years with hundreds of transactions, but even these established vendors regularly disappear in an "exit scam", pocketing the escrowed funds. The information asymmetry between buyer and vendor is total, and justice is inaccessible in the event of fraud.
« The escrow system fully protects the buyer. »
Explicit promise of most marketplaces
Escrow is a mechanism by which funds are held by the marketplace until the buyer confirms receipt of the product. On paper, this is protection. In practice, its effectiveness is very limited. The marketplace itself controls the escrow, and nothing prevents its operators from absconding with all the funds in an "exit scam" (behaviour documented across dozens of historical marketplaces). Disputes between buyer and vendor are arbitrated by the marketplace's operators, not a neutral authority, with all the biases that implies. Vendors know how to exploit the system: tracked shipments with falsified proof, poorly managed expiry deadlines, pressure on the buyer to release funds before actual receipt. Multisig escrows (requiring signatures from multiple parties) offer better guarantees, but are offered by only a few marketplaces and few buyers use them.
« Bitcoin mixers make transactions 100% anonymous. »
Mixing services' own marketing argument
Bitcoin is by nature pseudonymous, not anonymous. All transactions are public and permanent on the blockchain. Mixers (Tumblers, CoinJoin) blend transactions from multiple users to obscure the trail, but modern blockchain analysis tools (Chainalysis, Elliptic, TRM Labs) can often untangle mixed transactions with significant success rates. Centralised mixers are particularly vulnerable: in 2022, the mixers BitMixer and Bitcoin Fog, as well as Tornado Cash, were either dismantled or prosecuted by U.S. authorities for money laundering, with evidence drawn from the analysis of transactions believed to be opaque. Some decentralised protocols (Wasabi Wallet, Samourai Wallet) offer better confidentiality, but none is foolproof. The only cryptocurrency truly private by design is Monero, which uses ring signatures and stealth addresses, but even Monero is subject to active de-anonymisation research by law enforcement agencies.
« Dark web marketplaces have a real customer service. »
Marketplace "Help" pages
Dark web marketplaces often offer a "support" interface that resembles that of a mainstream commercial platform: forms, FAQs, tickets. Behind this facade, there is no structured team, no contractual obligation, no recourse. Responses to tickets, when they come, can take weeks. Disputes are arbitrated by one or two people at best, with no guarantee of neutrality. Theft from escrow, shipments never received, and blatant scams receive standardised responses that lead nowhere. Marketplaces are primarily profitable infrastructure for their operators, not customer services. The "customer service" there is a visual illusion. When a marketplace encounters a serious problem (attack, infiltration, internal conflict), it closes without notice, often taking remaining funds with it. Users have no recourse — neither judicial (since they would be admitting participation in illegal activities) nor through the media.
« You can get a refund if scammed on a marketplace. »
Hope of new users
An actual refund in the event of a scam on the dark web is exceptional. If escrow is active and the dispute arises before the funds are released, the marketplace may (rarely) rule in the buyer's favour. But in the vast majority of cases: the buyer releases funds too soon, the product never arrives, the vendor disappears, and the marketplace declares it can no longer intervene. There is no appeals body. Chargebacks, available with bank cards on the regular web, do not exist with cryptocurrencies: a confirmed transaction is irreversible. Insurance obviously does not cover purchases on the dark web. Consumer associations do not handle these cases. Police cannot remedy a fraud that the victim would have to admit participating in. The scammed buyer has lost, full stop. That is precisely what allows scammers to thrive: they know no one will come after them.
« Vendors who use PGP are necessarily trustworthy. »
Signal of "professionalism"
PGP (Pretty Good Privacy) is an encryption tool that allows a vendor to receive communications unreadable to anyone else. Its use is indeed a signal of seriousness: a vendor who takes the trouble to configure PGP demonstrates a degree of technical competence and concern for protecting their customers. But PGP in no way guarantees the vendor's honesty, ability to deliver, or product quality. A scammer can perfectly well generate a PGP key and use it to encrypt the postal addresses of victims they will never ship to. PGP is a cryptographically neutral tool: it protects the confidentiality of the exchange, not the value of the transaction. Many documented scam vendors used PGP correctly. The indicator is useful but not sufficient: it must be combined with a long-standing reputation, sustained activity, and ideally recommendations from independent third-party sources. Which, on the dark web, remains difficult to obtain.
« "Premium" or "verified" vendors are more reliable. »
Badge systems on marketplaces
"Premium" or "verified" status on dark web marketplaces is generally purchased. A vendor who wants this badge buys it from the platform, sometimes for several hundred euros. The verification carried out is purely formal: the marketplace cannot check the vendor's real identity, since that vendor is anonymous by design. The badge certifies at best that the vendor has managed a few transactions without complaints, or that they have paid for visibility. Historically, several "premium vendors" on major marketplaces have ended up disappearing with hundreds of thousands of euros in unfulfilled orders, without the marketplace being able or willing to intervene. Premium status is a marketing tool for the platforms to justify higher fees, not a guarantee for the buyer. Genuinely reliable vendors, when they exist, are recognisable by their longevity (several years of continuous activity), not by their badges.
« Monero makes transactions perfectly anonymous. »
Monero advocates' argument
Monero is designed to offer confidentiality by default, whereas Bitcoin exposes all transactions. Its three main mechanisms — ring signatures (RingCT), stealth addresses, and zero-knowledge proofs — make blockchain analysis extremely difficult. Among cryptocurrencies, Monero is currently the best choice in terms of anonymity. But "perfectly anonymous" is an overstatement. Academic research (notably from Princeton University's Center for IT Policy) has shown possible analysis scenarios, particularly for transactions from the protocol's early years. U.S. law enforcement agencies have offered bounties to develop Monero tracing tools, without any publicly known success to date, but research continues. Monitoring entry points (where you buy Monero) and exit points (when you convert them to something else) remains an attack vector. Finally, usage errors (address reuse, links to prior Bitcoin transactions, personal opsec) can compromise anonymity even with Monero. The tool is excellent, not perfect.
« "Product testing" sites on the dark web are honest. »
Sites that claim to analyse substances for sale
Some services claim to offer independent chemical analyses of products sold on marketplaces, via a third-party laboratory. The idea is appealing to buyers keen to verify what they receive. In practice, the majority of these "services" are scams or joint operations with specific vendors, recommending their partners' products. The rare genuinely neutral services (such as EcstasyData in the United States or Energy Control in Spain) do not operate on the dark web, but as clearweb public health projects. Their existence is useful but concerns legally supervised harm reduction in their respective countries. .onion sites that promise "anonymous analysis with postal delivery" are rarely credible: mailing controlled substances is itself illegal, and the result has no verifiable scientific value. Users who rely on these "tests" therefore take a double risk: legal and health-related.
Fact-checking methodology
This fact-check was carried out by cross-referencing several categories of sources. For technical questions, we rely on the official Tor Project documentation, the Tor protocol specifications, and the scientific publications of cryptography and anonymization researchers (notably the proceedings of the IEEE Security & Privacy, USENIX Security, and ACM CCS conferences). For legal questions, we cite the relevant articles of applicable law. For statistics on dark web usage, we refer to published academic studies (King's College London, Terbium Labs, Princeton University) and the reports of specialized agencies (Europol IOCTA, Interpol).
The verdicts used follow a scale borrowed from leading international fact-checking organizations (Snopes, PolitiFact, AFP Factuel): "False" for claims that contradict established facts, "Partially True" for claims that contain some truth but are distorted or exaggerated, "Nuanced" for claims that depend heavily on context, and "True" for claims confirmed by the sources. None of the fifty myths in this list received a "True" verdict — which is not a coincidence, since the corpus was built from the most erroneous misconceptions circulating in the public sphere.
The figures and dates cited are accurate as of the publication date (April 2026). Some elements evolve: for example, the exact number of active .onion sites varies month to month, and new international police operations occur regularly. We update this article as significant developments arise.
Further reading
If you prefer a Q&A format for exploring dark web curiosities, our unusual FAQ gathers fifty common questions, from Red Rooms to the technical workings of hidden services. To concretely explore the legitimate dark web ecosystem, browse our OnionDir directory, which lists only verified sites: major international media, privacy protection tools, dark web search engines, encrypted email services, and community forums.
Our blog goes deeper on topics covered here: guide to accessing the dark web safely, technical explanation of .onion links, selection of legitimate .onion sites. For professionals, our Tor guide for journalists details the uses adapted to editorial work and source protection.
A myth is missing from this list? Write to us. We regularly add entries to this fact-check, especially when a misconception gains traction following a media event or viral content on social networks.