Dark Web Glossary
A comprehensive A-Z reference of dark web and darknet terminology, from basic concepts to advanced security vocabulary.
C
Circuit
In the Tor network, a circuit is the path your traffic takes through three relay nodes (guard, middle, and exit) to reach its destination. Tor Browser creates new circuits periodically to enhance anonymity.
Clearnet
The standard, publicly accessible internet that can be browsed with any regular web browser. Clearnet traffic is not anonymized and can be traced back to the user's IP address. Opposite of the dark web.
Cryptomarket
Academic term for darknet markets that use cryptocurrency for transactions. Cryptomarkets operate on the Tor network and function similarly to legitimate e-commerce platforms with vendor ratings, escrow, and dispute systems.
D
Dark Web
The portion of the internet that requires special software (primarily Tor) to access. Dark web sites use the .onion domain extension and intentionally hide their IP addresses. Distinct from the deep web.
Darknet Market
An e-commerce platform operating on the Tor network that facilitates anonymous buying and selling, typically of illegal goods. Uses cryptocurrency for payments and features vendor ratings, escrow, and dispute resolution systems.
Deep Web
All internet content not indexed by search engines. Includes email inboxes, banking dashboards, medical records, private databases, and paywalled content. The deep web is mostly legal and used daily by most internet users. Not the same as the dark web.
E
Entry Guard
The first relay node in a Tor circuit. The entry guard knows your real IP address but does not know your final destination. Tor clients use the same entry guards for extended periods to reduce the risk of certain attacks.
Escrow
A payment system used by darknet markets where cryptocurrency is held by a neutral third party (the market) until the buyer confirms receipt of goods. Protects buyers from vendor scams and vendors from payment fraud. Can be bypassed by Finalize Early (FE).
Exit Node
The final relay in a Tor circuit that sends traffic to the destination on the open internet. The exit node knows the destination but not the source. Running exit nodes is legal but controversial as exit node operators can see unencrypted traffic.
Exit Scam
A fraud where a darknet market suddenly closes and disappears, taking all user funds held in escrow or account balances. Exit scams are a recurring risk in the darknet ecosystem. Notable examples include Evolution Market (2015) and Incognito Market (2024).
F
Finalize Early (FE)
A payment option on darknet markets where the buyer releases funds from escrow to the vendor before confirming receipt of goods. FE bypasses escrow protection and should only be used with highly trusted, established vendors. High risk for buyers.
M
Monero
A privacy-focused cryptocurrency (ticker: XMR) that hides transaction amounts, sender addresses, and receiver addresses by default using ring signatures, stealth addresses, and RingCT. The preferred currency for privacy-conscious dark web users.
Multisig
Short for multi-signature. A cryptocurrency transaction that requires signatures from multiple parties to execute. In darknet markets, 2-of-3 multisig escrow requires signatures from buyer, vendor, AND market to release funds, reducing exit scam risk.
O
Onion Routing
The core technology behind Tor. Data is encrypted in multiple layers (like an onion) and routed through a series of relay nodes. Each relay decrypts one layer, revealing only the next destination — no single node knows both the source and final destination.
Onion Service
A hidden service on the Tor network accessible only through Tor Browser via a .onion address. Onion services hide both the server's location and the visitor's identity. Also called a hidden service. V3 onion addresses are 56 characters long.
OpSec
Operational Security. The practice of protecting sensitive information by identifying and mitigating potential vulnerabilities in your behavior, habits, and communications. On the dark web, OpSec errors are the most common cause of deanonymization.
P
PGP
Pretty Good Privacy. An encryption standard that uses public-key cryptography to encrypt and digitally sign communications. On darknet markets, PGP is used to encrypt shipping addresses and verify market/vendor identities. The free implementation is GPG (GnuPG).
Pluggable Transport
A technology that disguises Tor traffic to bypass censorship. Examples include obfs4 (obfuscated traffic) and Snowflake (WebRTC-based). Essential for users in countries that block the Tor network.
T
Traffic Correlation
An attack on Tor anonymity where an adversary observes traffic timing patterns at both the entry and exit of the Tor network to link a user to their destination. Requires access to significant network infrastructure. The most significant theoretical threat to Tor.
W
Warrant Canary
A publicly displayed statement on a website that says the site has not received any government orders or national security letters as of a specified date. If the canary is removed or not updated, it signals (without explicitly stating) that such an order may have been received.