Experian and many other companies are running "dark web searches". They promise to search the dark web for your personal information to see if criminals sell it. Do not waste your money.
What is Dark Web?
The "dark web" consists of hidden sites that you can not access without special software. These sites do not appear when you use Google or another search engine, and you can not access them even if you're not using the appropriate tools.
The Tor software can for example be used for anonymous browsing on the regular web, but it also conceals special websites called ".onion websites" or "Tor-hidden services". These sites use Tor to dress their location, and you only get access to them via the Tor Network.
RELATED: What is the dark web?
There are legitimate uses for Tor-hidden services. For example, Facebook offers a Tor .onion website at facebookcorewwwi.onion, which you can only access when connected to Tor. This allows people in countries where Facebook is blocked to access Facebook. The DuckDuckGo search engine is available on a Tor-hidden service address. This can also help avoid the government's censorship.
But the dark web is also used for criminal activity. If you want to sell databases with people's credit card numbers and social security numbers online, you want to hide your location so the authorities do not come in. Therefore, criminals often sell these data on the dark web. That is the reason why the infamous Silk Road website and the online black drug and other illegal market were only available through Tor.
They do not scan the entire dark web
Let's get one thing right away: These Services do not scan the entire dark web for your data. It's just impossible.
There are 1,208,925,819,614,629,174,706,176 possible location addresses on the dark web, and it only counts Tor .onion websites. It would not be possible to check each one to see if they are online and then look for your information about them.
Although these services scan the entire public dark web, as they are not – they would not be able to see exclusive things anyway. It would be exchanged privately and not published.
What does a "Dark Web Scan" do? Then?
No company offering a "dark web search" will tell you what they're doing, but we can certainly make an informed guess. These companies collect data pumps that are published on popular websites on the dark web.
When we say "data pumps," we refer to large databases with usernames and passwords, as well as other personal information, such as social security numbers and credit card information-stolen from compromised sites and released online.
Instead of scanning the dark web, they scan the lists of leaked passwords and personal information – which is often found on the dark web. They will then inform you if your personal information is on one of the lists they could handle.
Although a dark web search says you're fine, you may not be-they're just looking for publicly available leaks that they have access to. They can not scan everything out there.
How to Monitor Data Violations for Free
Behind all the "dark web scan" hype is a little useful service here. But guess what: You can already do a lot of this for free.
Troy Hunt have I been pwned? will tell you if your email address or password appears in one of 322 (and counts) data loss from websites. You can also notify you when your email address is displayed in a new data pump.
This service does not scan to see if your social security number is included in any of these leaks, as dark web searches promise to be made. But if you're just looking for information about your data, it's a good service.
As always, it's a good idea to use unique passwords everywhere. That way, even criminals can not only try the combination on other sites to access your accounts, even if your email address and password from a website are shown in a leak. A password manager can remember all the unique passwords for you.
Look at facts: Your information is already stolen
You may still think that a dark web search may be useful. After all, you will tell if your social security number appears in some data pumps. It's useful, right?
Well, not necessarily. See, you should probably assume that your social security number has already been compromised and criminals can access it if they want. That's the hard truth.
Big crimes have come hard and fast. Equifax leaked 145.5 million social security numbers. Anthem leaked the information of 78.8 million people, including social security contributions. The American Agency for Personnel Management (OPM) leaked sensitive information about 21.5 million people, and again, including social security numbers.
These are just a few examples. There have been many other leaks over the years – a few million here, a few hundred thousand there. And it's only the data violations that have been reported publicly. Statistically, most Americans have probably had their social security numbers leaked in at least one of these violations of data now. The genius is out of the bottle.
Freeze your credit; It's free now
If you're worried about someone abusing your social security number, we recommend that your credit reports freeze. Credit freezes (and unfreezes) are now free across the United States.
When you freeze your credit, you prevent people from opening new credit in your name. All lending institutions will not be able to make your credit until you release it or provide a PIN. You can temporarily free your credit to apply for credit, for example, when applying for a credit card, car loan or mortgage. But a criminal should not be able to apply for credit with your personal information if your credit reports are frozen.
We recommend that you freeze your credit reports and skip the dark web search. Unlike a dark web search, credit freezes are free. They also do something – even if your social security number is in a dark web search, all you can do is freeze your credit anyway. And criminals can get their hands on your social security number even if it is not shown in a dark web search.
Image Credits: Maxim Apryatin / Shutterstock.com, yosmoes815 / Shutterstock.com.