Q: Should I consider a service that scans the dark web for my personal information?
A service being offered by various security companies is a “dark web scan,” which sounds pretty impressive based on the name.
The dark web is where lots of cyber-criminals conduct business, so logically, monitoring the activity in the underworld makes sense. But, it鈥檚 important to understand the limitations.
What is the “dark web”?
If you think of the internet as an iceberg, the part that we interact with is the portion above the waterline, which is indexed by search engines such as Google and Bing.
A much larger part of the internet is actually below the waterline in what is known as the deep web or the portions of the internet that cannot be indexed by search engines.
The deep web is where private databases exist, along with all the protected information that is behind subscription walls or secured logins for private industry, government entities and academic networks just to name a few.
A small portion of the deep web is known as the dark web because it鈥檚 primarily known as the place to go if you want to engage in illicit activities.
It’s not indexed
Unlike the internet that you鈥檙e using every day, the dark web is not indexed, so there is no way to find things unless you know exactly where to look.
The notion of “scanning” the dark web in the way most people would envision the process is actually impossible, because without an index, there鈥檚 nothing to scan. What these services are offering to do is “monitor” the small portion of the dark web that are known as “bazaars” or “marketplaces,” but only the ones that they know about.
The real heavy criminal activity often exists in hidden and very hard to join private networks in which users are scrutinized extensively before they鈥檙e allowed in.
Most estimates are that commercial “dark web scan” services only know about your information in a small fraction of the actual underworld鈥檚 activity.
A better approach
If you think about it, you鈥檇 be paying these companies to tell you whether your personal information is floating around in the underworld, and if so, you鈥檇 respond accordingly.
You would likely change your passwords and make them stronger, close accounts that you鈥檙e no longer using and start monitoring your credit file regularly.
My suggestion is that you should just assume that your personal information is being traded on the dark web and act accordingly.
With all of the major breaches of sensitive information over the past decade, it鈥檚 almost a certainty that your sensitive personal information exists in one or many underworld databases.
Remember: Security companies generally are using the dark web scan to convince you to pay for some form of adjunct service such as ID theft protection.
The best defensive step you can take against ID thieves is to freeze your credit report, which prevents anyone from accessing your credit file. If you鈥檙e actively applying for loans, you鈥檒l want to wait until your applications have all been approved and place a fraud alert on your file instead.
Fraud alerts need to be renewed every 90 days, and you鈥檒l want to do so with all three of the major credit bureaus (Experian, Equifax and TransUnion).
Ken Colburn is founder and CEO of . Ask any tech question on or .
