You've said it. I've said it. We've all said it: "I found it on the internet.
But here's the thing — you probably didn't. In real terms, you found it on the web. And no, that's not the same thing.
What Is the Internet, Actually
The internet is plumbing.
Not the glamorous kind. Not the kind you show off at dinner parties. That said, it's the physical and logical infrastructure that moves bits from one computer to another. Fiber optic cables stretched across ocean floors. Copper wires buried under your street. Routers, switches, data centers humming in windowless rooms. Protocols — TCP/IP, mostly — that agree on how packets get addressed, routed, and reassembled.
Think of it like the road system. The roads don't care what drives on them. Trucks, bicycles, emergency vehicles, that weird neighbor's lawnmower — the asphalt just provides a path That's the part that actually makes a difference..
The internet works the same way. So naturally, it's a network of networks. Your home Wi-Fi connects to your ISP. Here's the thing — your ISP connects to bigger networks. Those connect to backbone providers. Eventually, everything talks to everything else. No central authority runs the whole thing. It's a distributed agreement, held together by standards bodies and a lot of mutual self-interest.
The internet predates the web by decades
ARPANET went live in 1969. In practice, file transfers, remote login, Usenet newsgroups — people were doing real work on the internet long before anyone heard of a "browser. Email existed in the early 70s. So " The web didn't show up until 1991. That's a 22-year gap Turns out it matters..
What Is the Web, Then
The web is a service that runs on the internet. One of many That's the part that actually makes a difference..
Tim Berners-Lee built it at CERN to solve a specific problem: physicists needed to share documents across different computer systems. His insight was simple but profound — give every document a universal address (URL), a standard format (HTML), and a protocol for fetching it (HTTP). Day to day, link them together. Let anyone publish. Let anyone read.
That's it. That's the web.
It's an application layer. Just like email (SMTP/IMAP/POP), file transfer (FTP/SFTP), secure shell (SSH), voice over IP (SIP), multiplayer gaming protocols, IoT device communication, cryptocurrency networks, and dozens of other things you use daily without opening a browser.
The browser is not the web
This trips people up. But they render HTML. wget accesses the web. Consider this: chrome, Firefox, Safari, Edge — these are user agents. Consider this: curl accesses the web. They speak HTTP. In real terms, they execute JavaScript. Python's requests library accesses the web. But they're just one way to access the web. Your smart fridge's firmware update checker accesses the web.
And yeah — that's actually more nuanced than it sounds The details matter here..
The web is the system of linked resources. The browser is just a window into it.
Why People Conflate Them
Honestly? Because for most people, the web is the only internet they've ever touched The details matter here..
If you were born after 1995, your first online experience was almost certainly a browser. Worth adding: aOL, Netscape, IE, Chrome. You typed words into a box. Pages appeared. That became your mental model for "the internet." The distinction never came up because you never needed it.
The language doesn't help
We say "surf the web" but "browse the internet.The internet kept running; parts of the web became unreachable. " We say "internet browser" when we mean "web browser." News headlines blur the line: "Internet breaks after BGP hijack" — no, routing broke. "Internet archive saves websites" — the Wayback Machine archives web pages, not the internet itself Worth keeping that in mind..
Marketing loves the confusion. "Internet of Things" sounds better than "Web of Things" even though most IoT devices speak MQTT or CoAP over IP, not HTTP. "Internet speed" tests measure throughput to a server — usually via HTTP — but they're testing your connection, not the web Simple as that..
Mobile made it worse
Apps. So many apps.
Open Instagram. That's not the web — it's a native app talking to Facebook's APIs over HTTPS. And open Uber. Same thing. But your weather app? Probably a REST API call. Your email app? IMAP or ActiveSync. None of these are "the web" in the browser sense, but they all use the internet.
Yet people say "check the internet" when they mean "open the app." The icon on your home screen is the internet to you.
Why It Matters
You might think this is pedantic. Semantics. Who cares?
Policy and regulation care
Lawmakers write bills about "internet governance" when they mean "web content moderation.Think about it: " The distinction changes what's technically possible. Practically speaking, you can't "shut down the internet" for a specific website without breaking everything else on that network segment. You can block DNS, seize domains, pressure CDNs, or order ISPs to null-route IPs — but those are web-layer interventions, not internet-layer ones.
The Great Firewall of China? This leads to it operates at the internet layer (BGP manipulation, IP blocking) and the web layer (keyword filtering, TLS inspection, DNS poisoning). Understanding the difference explains why some things work and others don't.
Security depends on it
"Internet-facing" means something specific in infosec. A server with port 22 open to the world is internet-facing. So is one with port 443 open. But the attack surfaces are totally different. That said, sSH brute force vs. SQL injection vs. TLS certificate validation — different protocols, different layers, different defenses Nothing fancy..
If you think "securing the internet" means "installing a WAF," you've already lost.
Architecture decisions live or die here
Building a system? You need to know whether you're designing for the internet layer or the application layer.
- Raw sockets? Internet layer.
- gRPC over HTTP/2? Web-ish, but not the web.
- WebSockets? Web layer, but persistent.
- QUIC/HTTP/3? Web layer, but running over UDP at the transport layer.
- Libp2p? Application layer, peer-to-peer, can run over anything.
Choosing the wrong abstraction leaks complexity everywhere. I've seen teams build custom TCP protocols when a REST API would've worked. I've seen teams force everything through HTTP/JSON when a message queue was the right call. The confusion costs real money.
Other Things Running on the Internet Right Now
Just to make this concrete — here's a non-exhaustive list of stuff using the internet right this second that isn't the web:
SMTP for sending. IMAP or POP3 for receiving. Maybe ActiveSync. Maybe JMAP. None of it is HTTP. Your Gmail web interface is the web. The email system underneath? Not even close And that's really what it comes down to..
DNS
The phone book. Every time you type a domain, your computer asks a DNS resolver (UDP port 53, usually). That query travels the internet. The answer travels back. No web involved — unless you use DNS-over-HTTPS, which wraps DNS in web traffic. Irony intended The details matter here..
Streaming video
Netflix, YouTube, Twitch — they serve content via HTTP
Streaming Video (Beyond HTTP)
While Netflix and YouTube primarily deliver content over HTTP, their underlying infrastructure often relies on more specialized protocols. Real-time streaming might use RTMP (Real-Time Messaging Protocol) for live broadcasts, while adaptive bitrate streaming leverages HLS (HTTP Live Streaming) or DASH (Dynamic Adaptive Streaming over HTTP). Even WebRTC, used for peer-to-peer video calls, operates at the application layer but bypasses traditional web servers entirely. These protocols highlight how "streaming" is a broad category that spans multiple layers, from transport (TCP/UDP) to application-specific implementations.
Voice Over IP (VoIP)
Services like Zoom, Skype, or WhatsApp voice calls often use SIP (Session Initiation Protocol) to establish connections and RTP (Real-time Transport Protocol) to carry audio streams. These run directly over IP networks, not HTTP. Emergency services like 911 in the U.Because of that, s. are transitioning to NG911 (Next Generation 911), which routes calls over IP networks using SIP/RTP instead of traditional phone lines—another example of internet-layer communication replacing legacy systems Worth keeping that in mind. Nothing fancy..
Online Gaming
Multiplayer games frequently rely on custom UDP-based protocols for low-latency communication between clients and servers. Titles like Fortnite or Minecraft use proprietary networking stacks optimized for real-time interaction, avoiding HTTP’s overhead. Even cloud gaming platforms like Google Stadia or NVIDIA GeForce Now stream gameplay using WebRTC or custom protocols, not standard web APIs Simple, but easy to overlook..
Internet of Things (IoT)
Smart home devices—thermostats, security cameras, industrial sensors—often communicate via MQTT (Message Queuing Telemetry Transport) or CoAP (Constrained Application Protocol). These lightweight, machine-to-machine protocols operate over TCP or UDP, prioritizing efficiency and reliability in constrained environments. They’re integral to the internet’s fabric but invisible to end-users who interact through web dashboards.
File Sharing and Peer-to-Peer Networks
BitTorrent, IPFS, and other P2P systems distribute files without centralized web servers. They use protocols like BitTorrent (over TCP) or libp2p (as mentioned earlier) to share data directly between nodes. Similarly, FTP (File Transfer Protocol) and SFTP (SSH File Transfer Protocol) remain staples for transferring large datasets, operating independently of web browsers or HTTP APIs.
Messaging Apps
WhatsApp, Signal, and Telegram use end-to-end encrypted messaging protocols that often run over custom TCP/UDP channels. While their web interfaces may use HTTP, the core messaging infrastructure prioritizes direct, secure communication. Even Slack and Discord, which have web clients, rely on WebSockets or proprietary protocols for real-time chat synchronization.
Why This Matters
Confusing the web (a subset of internet applications) with the internet (the global network infrastructure) leads to flawed assumptions. Security teams focusing solely on HTTP-layer threats ignore risks in SMTP, SIP, or IoT protocols. On top of that, regulators aiming to "control the internet" might inadvertently target DNS or BGP—critical systems that underpin far more than websites. Architects who conflate layers end up with brittle systems that can’t adapt to evolving requirements That's the whole idea..
The internet’s strength lies in its layered design: each abstraction allows innovation without rebuilding the entire stack. When policymakers, developers, or security professionals lose sight of this, they risk stifling progress or creating vulnerabilities. Clear terminology isn’t pedantry—it’s precision. And in a world where billions depend on the internet’s invisible machinery, precision is non-negotiable Small thing, real impact. Turns out it matters..
Understanding these distinctions isn’t just technical rigor—it’s the foundation for building, governing, and securing the systems that power modern life. The web is just the tip of the iceberg That's the part that actually makes a difference..