Just like the internet generally, not all of the Tor network is safe. Sometimes, people set up malicious exit nodes—the part of the network where a user’s traffic joins the rest of the normal web—in order to spy on what users are up to.
But there are other types of nosy nodes too. Researchers have uncovered over 100 malicious hidden service directories (HSDirs): the relays of the network that allow people to visit dark web sites.
Typically, a Tor user reaches out to these HSDirs, which store descriptors for various hidden services, in order to visit whatever dark web site they’re after. At the time of writing, there are over 3,000 nodes with the HSDir flag, according to figures from the Tor Project, the non-profit that maintains the Tor software.
When set up properly, these directories don’t record or log the addresses of the services themselves, allowing the dark web sites to, hopefully, remain undiscovered. But sometimes people deliberately modify their HSDir to keep a record of all the sites it spots.by