I've posted something to this extent in a previous thread on the same issue, but what's being described here isn't the deep web. It's an element of the deep web- F2F private file sharing, I2P communications and virtual networks, for the most part, but the deep web is a catch-all term for anything that isn't indexed. It's much, much bigger than the surface web, but the overwhelmingly vast majority of it is both accessible outside of onion routing or friend-to-friend private networks, and completely benign. It comprises things like applets that aren't indexed by search engines, web interfaces for accessing extranet or internet-facing hardware using specialist protocols, SCADA and other industrial control systems, dynamic content an dynamically hosted pages, anything that's securely accessed, passworded or otherwise no indexable, unlinked content, non-HTML content and a whole raft of other things.
The networks reachable by Tor are effectively the same thing as securely accessed content. They're part of the deep web (usually referred to as the "darknet") in that they aren't crawled and aren't directly accessible to conventional web browsing, but utilise a particular protocol in order to be accessed. Tor is far from the only method of accessing resources of this kind- there are numerous other distributed, anonymous, secure peer-to-peer services, plus VPNs and all manner of other things. Tor just gets a great deal of attention because it's practically the only one that's partially accessible to the general public. The rest are invitation-only services and probably about a million times sketchier.
As an interesting aside, the Tor protocol implementation in Windows, using the software basis of the Firefox browser, is and has been fundamentally flawed for some time. It's actually possible to exploit the implementation of the Tor protocol in order to move users outside of the encrypted, distributed, multi-layered peer-to-peer communication system and effectively direct them into the surface web, thereby identifying the end user. So a word of warning to anyone using the Tor browser implementation on Windows operating systems for nefarious purposes- it's not secure any more (and probably won't be for some time; the later implementations of Firefox have fixed this exploit but the Tor browser is still using Firefox 17 as its base) and it is actually pretty trivial to identify you. Plus Tor is susceptible to man-in-the-middle attacks, as are all implementations of TLS.
I use Tor for OSINT purposes, solely because it allows you to dynamically change your visible IP address which is extremely useful for conducting reconnaissance and research on organisations who are likely to log and collate the IP addresses of visitors. Like organised cybercrime actors and various hacktivist groups.
Edited by sivispacem, 07 August 2013 - 10:12 AM.