If you've seen addresses that end in .onion, you've encountered the unique addressing system used by Tor hidden services. These addresses look strange and random for good reasons. Understanding how they work helps you navigate the dark web safely and verify you're visiting legitimate sites.

What Are .onion Addresses?

A .onion address is the web address for a hidden service on the Tor network. These sites can only be accessed through Tor Browser. Regular browsers can't reach them because .onion isn't a real top-level domain like .com or .org. It's a special designation that tells Tor you want to access a hidden service.

Unlike regular websites that use domain names registered with companies, .onion addresses are generated mathematically from cryptographic keys. Nobody owns or controls the .onion namespace. You can't buy an .onion domain from a registrar. The address comes from the mathematics of the service's encryption keys.

Why Do They Look So Random?

Most .onion addresses look like this: 3g2upl4pq6kufc4m.onion or thehiddenwiki2345abcdefghijklmnopqrstuvwxyz.onion. The random-looking characters serve a security purpose.

When someone creates a hidden service, they generate a cryptographic key pair. The .onion address is derived from the public key through a mathematical process. This makes it nearly impossible to fake. If you know the correct .onion address, you can be confident you're connecting to the real service and not an imposter.

The randomness also means addresses are hard to remember. Most people bookmark important .onion sites or find them through trusted directories. Some services create vanity addresses that have recognizable words at the beginning, but the rest remains random characters.

V2 vs V3 Onion Addresses

There are two generations of .onion addresses still in use, though v2 addresses are being phased out.

Version 2 (Old Format)

V2 addresses are 16 characters long before the .onion part. Example: 3g2upl4pq6kufc4m.onion. These addresses use older cryptography that's less secure. The Tor Project stopped supporting v2 addresses in October 2021, but you might still see them referenced in old directories.

Don't use v2 addresses. They're obsolete and potentially vulnerable. Any legitimate service has migrated to v3 by now.

Version 3 (Current Format)

V3 addresses are 56 characters long. Example: thehiddenwiki2345abcdefghijklmnopqrstuvwxyz234567.onion. The extra length comes from stronger cryptography that provides better security and makes the address even harder to fake.

All modern hidden services use v3 addresses. When you see an .onion link, count the characters. If it's much longer than 16 characters, it's probably v3 (the current standard). These addresses are safe to use as long as you verify them properly.

How to Verify Legitimate Addresses

The biggest risk with .onion addresses is phishing. Scammers create fake versions of popular sites with similar-looking addresses. Since the addresses are random, it's easy to miss a different character or two. Here's how to protect yourself.

Save Known Good Addresses

When you find a legitimate .onion address from a trusted source, bookmark it immediately. Use Tor Browser's bookmarking feature, or better yet, keep a text file of verified addresses on your computer (not in the cloud).

Check Multiple Sources

Don't trust a single source for an .onion address. Look for the address on the service's clearnet website if they have one. Check multiple directories. If all trusted sources list the same address, it's probably legitimate.

Look for HTTPS

Even on Tor, sites can use HTTPS. The address bar will show a padlock icon. This doesn't guarantee the site is what it claims to be, but it does mean your connection to that specific .onion address is encrypted. Legitimate services almost always use HTTPS.

Verify Through PGP Keys

Many legitimate hidden services publish PGP public keys on their clearnet sites and on their .onion sites. If the keys match, you know both sites are run by the same people. This is one of the most reliable verification methods but requires basic PGP knowledge.

Warning: Phishing on Tor is common. A single wrong character in an .onion address could send you to a malicious site designed to steal your information or cryptocurrency. Always triple-check addresses before entering any sensitive information or making transactions.

Vanity Addresses

Some .onion addresses start with recognizable words or patterns. These are called vanity addresses. For example, facebookcorewwwi.onion (this isn't the real Facebook address, just an example of the concept).

Vanity addresses are created by generating thousands or millions of key pairs until one produces an address starting with the desired pattern. The beginning might be readable, but the rest is still random. This makes addresses easier to remember and harder to phish successfully.

Creating a vanity address takes computing power. Short patterns (4-7 characters) are relatively quick to generate. Longer patterns take exponentially more time and resources. A 10-character vanity prefix might take months of computing time.

When you see a vanity address, the recognizable part gives you confidence you're at the right place, but you still need to verify the complete address. Scammers sometimes create similar vanity addresses that differ by one character.

Accessing .onion Sites

You need Tor Browser to access .onion addresses. Regular browsers don't understand them. If you try to visit an .onion site in Chrome or Firefox, you'll get an error.

Copy and Paste Carefully

When entering an .onion address, copy and paste it when possible. This prevents typos that could send you to the wrong site. But be careful where you're copying from. Only use trusted sources.

Check the Full Address

Before pressing enter, look at the complete address in your browser's address bar. Does it match what you intended? Are there any extra or missing characters? This simple check prevents many phishing attempts.

Wait for the Connection

.onion sites often take longer to load than clearnet websites. Tor needs to establish the connection through multiple nodes and negotiate with the hidden service. If a site doesn't load after 30-60 seconds, try requesting a new circuit (click the onion icon, then "New Circuit for this Site").

Common Misconceptions

.onion Sites Are All Illegal

Many legitimate organizations run .onion sites. Facebook, The New York Times, BBC, ProtonMail, and DuckDuckGo all have official .onion addresses. These services provide .onion access so people in restricted countries can access them safely.

All .onion Sites Are on the Dark Web

The terms "dark web" and ".onion sites" are often used interchangeably, but they're not identical. Dark web technically refers to any content not indexed by search engines that requires special software. All .onion sites are on the dark web by this definition, but not everything on the dark web is illegal or nefarious.

.onion Addresses Are Anonymous

The .onion address itself provides privacy for the server's location, but your anonymity depends on how you use Tor Browser and what information you share. The address format doesn't make you anonymous by itself.

Finding .onion Sites Safely

Since .onion sites aren't indexed by Google, how do you find them?

Use Trusted Directories

Sites like this one curate lists of known .onion addresses. These directories verify links and remove dead or malicious sites. Start with established directories that have good reputations.

Check Clearnet Announcements

Legitimate services usually announce their .onion addresses on their regular websites. If you want to find the .onion version of a legitimate service, check their official clearnet site first.

Use .onion Search Engines

A few search engines index .onion sites, like Ahmia and notEvil. These aren't as comprehensive as Google, but they help discover new sites. Be cautious with search results and verify addresses before visiting.

Tip: Create a simple text file on your computer with verified .onion addresses you use regularly. Include the site name, the full address, and the date you verified it. This personal directory helps you avoid phishing sites.

Technical Details (Optional)

For those interested in the technical side, .onion addresses are created through a process involving SHA-1 hashing (for v2) or SHA-3 hashing (for v3) of the service's public key. The resulting hash is encoded in base32 (using characters a-z and 2-7) to create the address.

When you connect to an .onion site, your Tor Browser contacts introduction points on the Tor network, which relay your connection request to the hidden service. The actual server's IP address never appears in any communication. Both you and the server are anonymous to each other.

Staying Safe With .onion Addresses

The unique nature of .onion addresses provides both security and challenges. The mathematical generation prevents domain hijacking, but the randomness makes phishing easier. Your safety depends on careful verification and good habits.

Never trust an .onion address from an untrusted source. Don't click random links in forums or messages. Use directories you trust, verify addresses through multiple channels, and bookmark verified sites. These simple practices prevent most problems.

Remember that the .onion address is just one part of staying safe. What you do on the site, what information you share, and how you configure Tor Browser all matter more than the address format itself.