Like an onion, the TOR browser runs communications through many layers of encryption.

If you think back to the iceberg analogy from earlier, we have learned that the surface web makes up only a small portion of the Internet, which is easily searchable and accessible to all. The Deep Web is an area of the web where content has intentionally been non-indexed but still remains accessible with the use of standard browsers. The DarkNet is also non-indexed but remains inaccessible with the use of standard browsers like Safari, Firefox, Internet Explorer, and Google Chrome. The DarkNet is encrypted and requires a special type of browser to access this area of the web.

TOR – The Onion Router

The most common browser used in the DarkNet is the TOR browser. TOR stands for “The Onion Router.” While it is the most common, others that can be used are I2P and Freenet. I2P, or the Invisible Internet Project, offers more options than TOR and Freenet Project and still provides anonymity. The Freenet Project not only encrypts like the TOR but also lets users create networks that are private. For this training, we will primarily focus on the TOR browser.


The TOR browser is a type of browser that allows the user’s identity to be concealed as well as his or her online activities. The TOR browser runs software that provides its users anonymity by encrypting their communications and IP addresses. It does so by routing between different layers of relays using a network of other people’s computers.

The graphic to the left shows another example of how data is encrypted, and when it isn’t encrypted, when using TOR to surf the DarkNet.

This example clearly shows that data is encrypted all the way through except when it hits the Exit Relay router. At this point, interception is a lot simpler; however, tracing information to this point is extremely difficult.