Q: Should I consider a service that scans the dark web for my personal information?
A service being offered by various security companies is a “dark web scan,” which sounds pretty impressive based on the name.
The dark web is where lots of cyber-criminals conduct business, so logically, monitoring the activity in the underworld makes sense. But, it’s important to understand the limitations.
What is the “dark web”?
If you think of the internet as an iceberg, the part that we interact with is the portion above the waterline, which is indexed by search engines such as Google and Bing.
A much larger part of the internet is actually below the waterline in what is known as the deep web or the portions of the internet that cannot be indexed by search engines.
The deep web is where private databases exist, along with all the protected information that is behind subscription walls or secured logins for private industry, government entities and academic networks just to name a few.
A small portion of the deep web is known as the dark web because it’s primarily known as the place to go if you want to engage in illicit activities.
It’s not indexed
Unlike the internet that you’re using every day, the dark web is not indexed, so there is no way to find things unless you know exactly where to look.
The notion of “scanning” the dark web in the way most people would envision the process is actually impossible, because without an index, there’s nothing to scan. What these services are offering to do is “monitor” the small portion of the dark web that are known as “bazaars” or “marketplaces,” but only the ones that they know about.
The real heavy criminal activity often exists in hidden and very hard to join private networks in which users are scrutinized extensively before they’re allowed in.
Most estimates are that commercial “dark web scan” services only know about your information in a small fraction of the actual underworld’s activity.
A better approach
If you think about it, you’d be paying these companies to tell you whether your personal information is floating around in the underworld, and if so, you’d respond accordingly.
You would likely change your passwords and make them stronger, close accounts that you’re no longer using and start monitoring your credit file regularly.
My suggestion is that you should just assume that your personal information is being traded on the dark web and act accordingly.
With all of the major breaches of sensitive information over the past decade, it’s almost a certainty that your sensitive personal information exists in one or many underworld databases.
Remember: Security companies generally are using the dark web scan to convince you to pay for some form of adjunct service such as ID theft protection.
The best defensive step you can take against ID thieves is to freeze your credit report, which prevents anyone from accessing your credit file. If you’re actively applying for loans, you’ll want to wait until your applications have all been approved and place a fraud alert on your file instead.
Fraud alerts need to be renewed every 90 days, and you’ll want to do so with all three of the major credit bureaus (Experian, Equifax and TransUnion).
Ken Colburn is founder and CEO of Data Doctors Computer Services. Ask any tech question on Facebook or Twitter.