Experian and many other companies are pushing "dark web scans". They promise to search the dark web for your personal information to find out if criminals are selling it. Do not waste your money.
What is the Dark Web?
The "Dark Web" consists of hidden websites that you can not access without special software. These websites will not be displayed if you use Google or any other search engine, and you will not be able to access those websites if you do not use the appropriate tools.
For example, the Tor software can be used anonymously. However, it also hides specific Web sites called ".onion sites" or "Tor hidden services." These sites use Tor to disguise their location, and you can only access it through the Tor network.
RELATED: What is the Dark Web
There are legitimate hidden service applications from Tor. For example, Facebook offers a Tor.onion site on facebookcorewwwi.onion that you can only access if you're connected to Tor. This allows people to access Facebook in countries where Facebook is blocked. The DuckDuckGo search engine is also available at a hidden service address from Tor. This could also help avoid state censorship.
The dark web is also used for criminal activity. If you sell credit card and social security numbered databases online, you want to hide your location so that the authorities will not step in. For this reason, criminals often sell this data in the dark web. It's the same reason why the infamous Silk Road website and the online black market for drugs and other illegal things were only available through Tor.
You do not scan the entire dark web
Let's make one thing clear: These services do not scan the entire dark web for your data. That's just impossible.
There are 1,208,925,819,614,629,174,706,176 possible Web site addresses in the dark web, and this only counts Tor.onion sites. It would not be possible to check everyone to see if he's online, and then search for your data.
Although these services scan the entire public dark web – which they are not – you would not be able to see the exclusive stuff anyway. That would be private and not public.
What does a "Dark Web Scan" do?
No company that offers a "Dark Web Scan" can tell you what it does, but we can certainly do a well-founded guess. These companies collect data dumps that are published on popular websites in the dark web.
When we talk about "data dumps," we're referring to large databases of usernames and passwords, as well as other personal information, such as social security numbers and credit card details, stolen from compromised websites and published online.
Instead of scanning the dark web, lists of leaked passwords and personal information are scanned, but they are often found on the dark web. They will inform you if your personal information is included in any of the lists they could get hold of.
Even if a dark web scan says you're okay, you may not be able to find publicly available leaks that they have access to. You can not scan everything.
How to Monitor Data Breaches for Free
Behind all the "dark web scan" hype is a slightly useful service. But guess what: you can already do a lot of it for free.
Troy Hunt is I Pwned? shows you if your email address or password is displayed in any of the 322 (and counting) data dumps of websites. You can also be notified if your e-mail address is displayed in a new data dump.
This service does not check if your Social Security number is included in any of these leaks, as it does with dark web scans. If you just want to see if your credentials have leaked out, this is a useful service.
As always, it's a good idea to use unique passwords everywhere. Even if your email address and password leak from a website, criminals can not easily try this combination on other websites to access their accounts. A password manager can remember all these unique passwords.
Imagine the facts: your data has already been stolen
You may still think a dark web scan might be useful. After all, you will see if your social security number is included in a data dump. That's useful, right?
Well, not necessarily. You should probably assume that your social security number is already at risk and that criminals can access it if they wish. That's the harsh truth.
Big violations have come hard and fast. Equifax went through 145.5 million social security numbers. Anthem has leaked out the information of 78.8 million people, including social security numbers. The US Office of Human Resources (OPM) has also leaked 21.5 million people – including social security numbers – with sensitive information.
These are just a few examples. Over the years there have been many other leaks – a few million here, a few hundred thousand there. And these are just the data breaches that have been reported publicly. Statistically, most Americans have violated their social security numbers on at least one of these violations. The mind is out of the bottle.
Freeze Your Credit; Now for free!
If you fear someone is abusing your Social Security number, we recommend that you freeze your credit reports. Credit stops and stops are now free throughout the US.
Freezing your credit prevents people from opening a new loan on your behalf. A lending institution can not call your loan until you freeze it or provide a PIN. You may temporarily release your balance when you apply for a loan, for example when you apply for a credit card, car loan or mortgage. However, a criminal should not be able to request a credit with your personal information when your credit reports are frozen.
We recommend only freezing your credit reports and skipping the dark web scan. Unlike a dark web scan, the freezing of credits is free. You also do something – even if your social security number can be found in a dark web scan, you can freeze your credit anyway. And criminals could get their hands on your social security number even if it does not appear in a dark web scan.
Photo credit: Maxim Apryatin / Shutterstock.com, yosmoes815 / Shutterstock.com.