Every enforcement mechanism in this series so far has needed an address. Something to fine, someone to write to, a server whose plug can be pulled. The curfew needs a platform to set the default. The ban needs a company to serve. Even the fediverse, for all its awkwardness, has machines with IP addresses somewhere, run by people in jurisdictions, however hard to reach.
Tor and i2p were designed, from first principles, so that none of that is true.
This is the part of the series where the technically-minded reader expects me to reach for the phrase "dark web" and start ringing alarm bells. I'm going to do something more useful, and less comfortable for a tidy narrative: explain honestly why these routes cannot be blocked, and then explain why — of everything in this series — they are the route I worry about least for the average teenager. Both halves matter.
What Tor and i2p actually are
Ordinary internet traffic is a postcard. It has a sender address and a destination address, and every relay in between can read both. That is precisely why the enforcement ideas in this series can work at all: there is a "from" and a "to" to act on.
Tor turns the postcard into a parcel wrapped in three sealed layers, passed between volunteer-run relays around the world, each of which can unwrap only its own layer. The first relay knows who you are but not where you're going. The last knows the destination but not who you are. No single point sees both ends. That's the "onion" in onion routing — layers.
i2p does something similar with a different shape, optimised for services that live entirely inside the network — no exit to the ordinary web at all.
And here is the property that breaks every blocking scheme: a Tor "onion service" or an i2p "eepsite" has no IP address you can block, because it doesn't have a fixed location in the way an ordinary website does. There is no server for Ofcom to find, no host to send a notice to, no company that could comply even if it wanted to. The address is a cryptographic key, not a place. You cannot put a fence around a coordinate that doesn't exist.
"Just block the dark web," and why it isn't a sentence
Politicians reach for "block Tor" the way they reach for "ban encryption" — as though it were a switch someone is simply refusing to flip. It isn't a switch. It's a siege, and one that has been fought — and lost — by governments with vastly more resolve than ours.
To stop people reaching Tor, you must stop their traffic from reaching the entry relays. So Tor publishes a public list of relays — and censoring countries block them. Tor's answer was bridges: unlisted entry points that don't appear on any blockable list. Block those, and Tor wraps its traffic in pluggable transports — obfs4, Snowflake, WebTunnel — that disguise it as ordinary video calls or plain web browsing, so a censor can't tell Tor traffic from Zoom without inspecting and degrading everyone's connection. This is not theory: when authoritarian states mount serious blocks, bridge usage doesn't collapse — it spikes fifty to seventy-fold as the circumvention tools kick in. The network was engineered by people who assumed a hostile government from day one, because for many of its users that is the daily reality.
For the United Kingdom to actually block Tor, it would have to move to the posture of the states Tor was built to defeat: deep packet inspection of the entire population's traffic, a war on VPNs it has explicitly declined to fight, and collateral damage to every legitimate user — the journalists, the abuse survivors, the whistle-blowers, the ordinary people who simply object to being followed. It would cost a fortune, break things that matter, and still fail, because the tools were designed against exactly this. No British government is going to do that to stop teenagers seeing Instagram after midnight. Nor should it.
The twist: why I worry about this route least
Now the uncomfortable-for-alarmists part. Having told you Tor is unblockable, let me tell you why it is near the bottom of my list of parental concerns — and why the "dark web" framing actively misleads.
Circumvention obeys an economic law: people use the cheapest bypass that works. For a teenager who wants a banned app back, Tor is not the cheapest. It's slow — that three-layer wrapping has a speed cost. It's fiddly. Many mainstream sites fight it or break under it. The guides that describe using Tor to defeat UK age checks describe it, honestly, as trial-and-error with mixed results. Set that beside a VPN — one tap, fast, works instantly, marketed at them — and the outcome isn't close. As part one noted, when the porn age checks landed it was VPN signups that surged 1,400% overnight, not Tor usage. The motivated teenager reaches for the easy door, and the easy door is a VPN. Tor is the fire escape nobody uses because the lift works.
So the honest risk assessment is this. The route is unblockable — that's a real and permanent limit on what any law can promise, and pretending otherwise is how you get bad legislation. But the population using it to get their social media back is small, because easier bypasses exist. The children who end up on Tor and i2p are, overwhelmingly, not there by accident chasing TikTok. They are there deliberately, usually older, often already in trouble or seeking something specifically hidden — and that is a safeguarding conversation, not a networking one. It is the province of parents who know their child, and of the police units that work these networks directly, and neither of those is helped by a curfew or a ban list.
This is the misdirection I most want to puncture. The "dark web" gets the headlines and the parental night-terrors. But your average thirteen-year-old is not being groomed on an i2p eepsite. They are being groomed, as part two argued, in the chat function of a game rated for their age, in daylight, on a device you bought them. The exotic route absorbs the fear that the mundane route has earned. Attention is a resource, and the dark-web narrative spends it in exactly the wrong place.
Where this leaves the law
The lesson Tor teaches the legislator is one of humility about reach. There will always be a route that no law can close, run by people no regulator can touch, because it was built by cryptographers who assumed the regulator was the enemy. A grown-up law acknowledges that ceiling and aims beneath it — at the mainstream, where most children actually are, and at the device layer, where a parent-set age can hold regardless of what the far end is doing. A law that instead promises to "clean up the dark web" is promising something it cannot deliver, and will be quoted back at it the first time a bad case makes the news.
What to do tonight, regardless
For most parents, the practical answer to Tor and i2p is: this is not your battlefield, and being told it was has probably scared you about the wrong thing. Spend the worry you were saving for the dark web on the four-question audit of the ordinary apps instead — that's where your return on attention is highest by a wide margin.
But learn the one signal that matters. If you find the Tor Browser (a purple onion) or an i2p client on a young person's device, that is not a virus and not, by itself, a catastrophe — plenty of privacy-minded teenagers install it from pure curiosity, and some of the best security engineers I know started exactly there. It is a conversation opener: not "you're in trouble", but "tell me what you're using this for" — asked with genuine interest, because the honest answer tells you whether you're looking at a budding privacy nerd or a child who has gone looking for somewhere to hide. The difference is everything, and only a calm question will surface it.
Next in the series: the browser in the browser — when the site your child visits is being rendered in another country, and the age check is looking at a data centre.