Millions of child predators are forming sprawling online communities on the dark web using the Tor network, where criminal behavior escalates through the sharing of child sexual abuse material, grooming strategies and normalization of exploitation, experts say. Despite repeated warnings of a growing number of predators taking advantage of it, Tor’s developers have taken no action to curb the spread of this content, critics say.
The Tor (“the onion router”) network is an anonymity-focused internet system that routes traffic through a global web of volunteer-run servers to obscure users’ identities and locations. By encrypting data in multiple layers – like that of an onion – Tor makes digital activity difficult to trace.
This privacy architecture, experts warn, has created a safe haven for child predators. The platform’s design makes it virtually impossible to remove harmful posts or illegal content, they say, and the organization behind Tor has resisted pressure to implement even basic safeguards.
The Canadian Centre for Child Protection (C3P) told the Guardian it has submitted more than 19,000 notifications to the Tor Project – the privacy-focused US non-profit that develops and maintains the network – flagging child sexual abuse material (CSAM) detected on its system. Yet the organization has taken no action, according to C3P.
“Tor is designed in a way such that they can’t remove anything and they refuse to change it, because the idea of any sort of censorship on there is bad,” said Lloyd Richardson, C3P’s director of technology. “Tor has a board of directors that makes decisions surrounding this, and I don’t think they’ve ever been held to account for any of this. They’re the only people who can essentially intervene, and they refuse to do so.”
The Tor Project offers two primary tools designed to enhance online anonymity. The first is the Tor browser, which routes internet traffic on the regular web through a network of volunteer-run servers, effectively masking a user’s location and activity. This process functions similarly to a virtual private network by concealing identifying information.
The second, the onion services (formerly known as hidden services), are websites or services hosted within the Tor network, accessible only via .onion addresses. These provide both user and server anonymity. Onion services websites operate exclusively within the Tor network. Their specialized .onion domain allows them to remain concealed from traditional search engines and standard internet access. Neither of Tor’s products has systems to detect, moderate or report CSAM, or mechanisms for processing user-generated content in the way mainstream social networks do.
To connect to a hidden service, both the user and the service create separate encrypted paths that meet at a randomly selected rendezvous point. This process involves at least three relays or “nodes” operated by anonymous volunteer entities and individuals around the world, keeping both IP addresses hidden from each other, and makes it exceptionally difficult to trace the user’s activity or location.
More users find their way to the dark web
While using Tor onion services requires more technical expertise than the regular web, recent advancements in its usability are driving an increase in the number of predators active there by lowering the barrier of entry, said experts interviewed.
Mainstream social media platforms like Reddit, Telegram and Discord have become informal entry points to the dark web, playing a central role in guiding users onto the Tor network. These platforms host discussions about accessing Tor, which include step-by-step guides, marketplace directories, safety tips and .onion links to illicit content.
Now, individuals are often introduced to Tor through social media chats that promise more extreme or explicit content, lowering the barrier to entry for child predators and other offenders, said a federal prosecutor, who spoke on the condition of anonymity.
“I’ve had cases where people have started on traditional social media platforms and someone will say to them something along the lines of: ‘If you want to see my real stuff, here’s a link to my thing,’” said the prosecutor. “That is often how that happens and how you get people getting on the dark web or accessing things that they don’t traditionally have access to or wouldn’t access without prompting.”
Child predators are drawn to using Tor because they do not need to conceal their activities, already being afforded anonymity by the browser, said Dan Sexton, chief technology officer at the Internet Watch Foundation, a UK-based non-profit that focuses on preventing online child abuse.
“They know that there are law enforcement and other people monitoring these sites,” said Sexton. “Yet they just do it in plain sight because the anonymity gives them that level of protection, and that feeling like they can’t be found, they can’t be caught, so it’s low risk in that respect.”
The predators active in these forums form welcoming communities on Tor’s network, where they compliment and encourage one another in a way that they don’t do elsewhere online, experts say.
The Guardian has reviewed excerpts of discussion threads in which users share tips on how to target, groom and abuse very young children. These dark web forums, accessed via Tor, are estimated to have hundreds of thousands of users by C3P. These excerpts were uncovered this year by investigators at the C3P and shared with law enforcement. The material was redacted to remove any information that could identify a victim before it was passed to the Guardian.
According to experts, these anonymous communities normalise child abuse, making it more likely that participants will go on to commit contact offenses against children they can access in real life.
“People will say ‘this particular victim is what has made me want to violate my own daughter’ and things like that,” said Richardson of C3P. “There’s definitely, by their own admission, this sort of escalation, and they egg each other on in these communities.”
A study published by Nature last year determined that CSAM is easily available using 21 out of the 26 most-used Tor search engines, and that at least 11% of users’ searches seek CSAM. Research published in the Journal of Online Trust and Safety indicates that more than 40% of dark web users accessing CSAM go on to seek contact with children with the aim of pursuing sexual acts.
A spokesperson for the Tor Project said in a statement it is “deeply troubled by the fact that a small fraction of internet users exploit Tor for illicit purposes, and we strongly condemn the misuse of Tor technology for any illicit use cases, especially child sexual abuse material (CSAM). As an organization dedicated to advancing human rights and strengthening online privacy protections, we recognize the legitimate concerns raised by child protection organizations and experts.”
The Tor Project receives funding from a number of backers including the US Department of State, the Swedish government’s international development agency (Sida), the Open Society Foundations, Craig Newmark Philanthropies, the Ford Foundation and Twitter founder Jack Dorsey’s philanthropic initiative #StartSmall.
Tor’s services have long served as an important tool for protecting online anonymity, enabling free expression and access to information under repressive regimes. Amnesty International has recognized Tor’s contribution to advancing human rights by shielding users from unlawful surveillance and censorship. The ACLU has similarly advocated for its use, urging government websites to inform users of anonymous browsing options, particularly for reporting sensitive information.
Tor’s anonymity protections have been crucial for whistleblowers and dissidents. Edward Snowden used Tails, an operating system that routes traffic through Tor, to leak NSA documents anonymously in 2013. During Iran’s 2009 protests, activists relied on Tor to bypass state censorship and coordinate securely with the outside world. The Guardian has also made a version of its website available to Tor users as an onion service.
However, critics argue that Tor’s benefits should not come at the cost of enabling the distribution of CSAM.
“Trading content of children being sexually abused is not protected free expression. It’s a felony,” said Gretchen Peters, founder and executive director of the Alliance to Counter Crime Online (ACCO), a non-profit focused on combating serious online crimes. “Why are US government organizations like the state department continuing to fund the Tor Project, while this problem continues to be so severe?”
The US state department did not respond to comment requests.
A spokesperson for the Tor Project told the Guardian that introducing mechanisms to monitor or block content on Tor would undermine privacy and security protections that millions of legitimate users rely upon.
“Tor is not creating the bad sites – it’s creating the unregulated superhighway that people traverse. It’s willful blindness,” said the prosecutor interviewed. “Child sexual abuse material makes up a significant portion of content hosted on dark web sites.”
after newsletter promotion
The Tor Project is not legally obligated to report CSAM to authorities, unlike US-based electronic service providers (ESPs) such as social media companies, which must report any detected or apparent CSAM to the National Center for Missing & Exploited Children (NCMEC), which evaluates the reports and forwards them to law enforcement. Tor is not considered an ESP since it is engineered for privacy and anonymity, routing internet traffic to conceal user identities rather than hosting or moderating content.
These sites operate entirely within the network using .onion addresses.
Yet, well-intentioned volunteer node operators may unknowingly contribute to the transmission of harmful content, including the circulation of CSAM and the operation of pedophile networks, experts said.
“People who join the Tor network have no opportunity to opt out of the CSAM trade. You support all of Tor when you become a relay or none of it,” said Brian Levine, associate dean of IT and facilities and distinguished professor at University of Massachusetts Amherst.
Tor is also not impenetrable to other forms of hacking: the FBI has deployed malware to infiltrate child pornography sites hosted by Tor, which has uncovered thousands of real IP addresses of users visiting the sites.
Millions of pedophiles
Law enforcement agencies around the world have undertaken several high-profile takedowns of large pedophile forums that have revealed the potential scale and organization of these networks.
Kidflix, one of the largest-known paedophile sites in the world, was dismantled by international law enforcement earlier this year in an operation involving authorities from more than 35 countries. The platform, which was hosted on Tor, had attracted 1.8 million users globally between April 2022 and March 2025, according to German law enforcement. On 11 March 2025, German and Dutch authorities seized the server, which at the time held approximately 72,000 CSAM videos.
Another platform on Tor named Childs Play, boasted a million users when it was in operation between 2016 and 2017, Australian police said after their sting operation brought it down.
Shutting one site down rarely ends the problem, as predators can easily migrate to another site on the service, experts say. C3P actively monitors and scrapes information from several pedophile sites on Tor, and the larger sites have estimated user bases of between 300,000 and 600,000 each, said Richardson.
“It’s created this system where law enforcement takes something down,” said Levine. “It all gets rebuilt back up by a single person who may get caught in the future, but there’s always more of these individuals lining up to start up the next forum that’s carrying the knowledge forward.”
The experts interviewed urged Tor to act to remove CSAM from its sites and stem the formation of pedophile groups.
“The notion that just because the web addresses aren’t searchable by the surface web doesn’t mean that the administrators of Tor can’t find wrongdoing that is going on in their systems and remove it and report it to authorities,” said Peters, of ACCO.
The concern, experts warn, is that while the technique can clearly be applied to illegal material, there is no easy way to draw the line that prevents it from being used more broadly.
“Some kind of content moderation is needed. We just haven’t yet figured out how to do it in a way that is scalable,” said Juha Nurmi, cybersecurity expert and postdoctoral research fellow at Tampere University in Finland. “It could be done so multiple parties need to use their private keys to make filtering decisions for a certain website, and these are across multiple countries. It could be a way to handle it so we don’t have a central power making decisions.”
A spokesperson for the Tor Project said: “The Tor Project collaborates with organizations dedicated to combating the tech-enabled distribution of CSAM by leveraging Tor technology to reach individuals struggling with harmful behaviors and offering them pathways to treatment through private, secure channels.”
C3P said its data shows that treatment programs for pedophiles are an ineffective approach to curbing offender behaviour on Tor’s onion services. This is in part because these users aren’t part of the pedophile population seeking help.
“Our data indicates that these forums continue to grow in size, and the trade of CSAM made possible by the Tor Project has only increased,” said C3P’s Richardson.
In a statement to the Guardian, the Swedish International Development Cooperation Agency (Sida) said its funding of Tor is earmarked for the training and capacity-building of human rights defenders, abuse survivors, journalists and reporters in need of protection and privacy
“Sida is in frequent contact with Tor’s leadership. In this specific case, we have also reached out to them to confirm their engagement and are following this matter closely,” said a Sida spokesperson.
Open Society Foundation said it made a grant to Tor to support the ability of human rights defenders to maintain secure and confidential communications, and the grant has since ended.
“We are alarmed to learn of these allegations, and we will be conducting a review of this grant,” said a spokesperson for the organization. “We always expect our grantees to comply with their legal obligations and to uphold human rights principles.”
