Dark web monitoring is one of the latest services being touted by cybersecurity companies, and while it isn’t actually a new service, it has been receiving larger pushes into the mainstream’s eye. Some conclude that dark web monitoring is a relatively useless service, while others maintain that it serves a legitimate purpose.
In this article we will make a fair and unbiased explanation of what dark web monitoring services do for the consumer, so you can decide whether it’s right for you.
What dark web monitoring is and isn’t
In simplest terms, dark web monitors are software that scrape the dark web for instances of where your personal information may have been posted. This includes things such as your accounts, passwords, bank information, which can be frequently leaked onto the dark web in the aftermath of data breaches on larger companies that hold this information.
The main criticism against dark web monitors is that they can really only scrape data from the surface-level of the dark web, which means they will mainly scour through publically available leaks such as when criminals just post entire credential logs on forum boards and the like.
Unfortunately, there are much deeper layers of the dark web, which are locked behind paywalls and invitation-only access. It is highly unlikely that dark web monitor software can penetrate these layers, unless the company is actually paying for access to them, similar to how the FBI monitors the dark web.
So it would be dishonest for a dark web monitor service to promise they can alert you instantly when your data has been leaked onto the dark web, because in all honesty, it’s probably already been shared on the really nasty, invitation-only hacker networks, and the DWM services are just picking up the pieces that get leaked out from those networks. In essence, you could perform the same service for yourself on a free website like HaveIBeenPwned.
Now, there are some benefits to having a dark web monitor service, which we’ll touch on in a bit.
Confusions about what dark web monitor services can do
There are false assumptions floating about the mainstream as to what DWM services are actually capable of. In a survey by the Consumer Federation of America (CFA), they found:
- 36% of those who saw ads for DWM services believed that the services could remove their information from the dark web.
- 37% believed that DWM services can prevent their personal details from ever being leaked on the dark web.
Both of those are false assumptions, and pretty impossible for DWM services alone to accomplish. Once something is on the web, especially the dark web, it’s there. Just imagine all the celebrities who have sued websites for hosting scandal videos involving them – it may make it more difficult to find those videos via Google search, but they still exist somewhere on the internet.
People are making assumptions that are natural, but incorrect,” said Susan Grant, CFA’s director of Consumer Protection and Privacy. “Dark web monitoring may be able to alert consumers that their stolen personal information is being offered for sale on the internet, but it can’t put the genie back in the bottle.”
So what are dark web monitors good for?
A bit of convenience, really. As mentioned, there are free websites like HaveIBeenPwned which perform the exact same services, and some dark web monitors are actually just hooked into the HIBP API and showing you those results which you could get for yourself – but it’s the convenience of not going through the trouble yourself.
Dark web monitors can also be bundled with additional cybersecurity features, such as password management and phishing / fraud detection, so the DWM is offered as an additional service, rather than the main product. In this instance, having the additional DWM service doesn’t hurt to have, as long as you’re primarily using the main cybersecurity tools.