What Is the Dark Web and What to Do to Ensure That Personal Data Does Not End up There
The term 'dark web' seems to be one of the most widely misused concepts in the world of online security. Partly because some journalists don't fully understand how things work on the internet, and partly because it sounds cool and generates quite a lot of traffic, people tend to wrongly assume that if something illegal is done online, it's done on the 'dark web'. This is not strictly true.
In fact, the part of the internet we use every day is the breeding ground for most of the malicious activity we see and hear about. That said, the dark web isn't just the invention of a clever marketing person. It does exist, and today we're going to talk about how it affects your personal data. Before we get to that, however, let's get a better understanding of what we're talking about. We'll start with some history and a few technical details.
Table of Contents
Tor and the dark web
Although a small portion of the dark web relies on other technologies, most of it exists thanks to The Onion Router or Tor as it's commonly known. Tor as a concept was born more than twenty years ago, and believe it or not, the people who created it had absolutely no illegal activities on their mind. Its initial purpose was to protect US online intelligence communication. In its current form, Tor isn't used exclusively by government agencies. In fact, if you download the Tor browser (it is completely legal and free to do so), you too can access the Tor network.
Cybercriminals use Tor because it provides a way of communicating online anonymously. When you're on the Tor network, every bit of information is subjected to multi-layer encryption (this is where the "onion" metaphor comes from) and is then relayed through multiple different machines in a completely random fashion (this is the "router" part). In the online world, saying that something is "impossible" is not a terribly good idea, but you can be pretty sure that tracing people on Tor is extremely difficult. This enables whistleblowers to communicate securely with journalists without the fear of having their identity (or location) exposed. It also allows government agencies to transmit some extremely sensitive information without fearing that unauthorized parties could see it.
What can you find on the dark web?
Unfortunately, the same anonymity lets criminals buy and sell tons of illegal goods without worrying about law enforcement officers knocking on their doors. This trade is what makes the dark web dark.
Criminals use special dark web marketplaces to buy, sell, and share anything from pirated content, through hacking tools, to drugs and weapons. It's a massive industry that operates globally, and the birth of cryptocurrencies has definitely contributed to its recent growth.
Law enforcement agencies are fighting a losing battle trying to stop the criminal activities. Over the years, we've seen a few major dark web marketplaces shutting down for good, and some people even got to see what the world looks like from behind bars. Unfortunately, most of the crooks don't seem all that bothered about it. New markets replace the ones that got shut down, and people with humongous Bitcoin wallets continue to roam the streets freely.
Where does my data fit into the whole picture?
In a perfect illustration of the problem we described at the beginning of the article, whenever an organization discloses a data breach, you read reports saying that very soon, the stolen information will be bought and sold on the dark web. This isn't always the case.
Many people will tell you that "data is the new oil" and indeed, the market capitalization of companies like Google and Facebook show that information (whether willingly shared or stolen) is very valuable. The thing is, there is so much of it nowadays that even when it's obtained illegally, it's not quite as precious as some people would have you believe.
Login credentials, credit card numbers, and even health records are indeed bought and sold on the dark web. That said, the potential consequences of trading data are not as significant as those of trading drugs or weapons, for example, which is why crooks often prefer not to bother with the so-called dark web. They just buy, sell, and share compromised information through websites and forums that can be easily accessed with a regular browser after a simple Google search.
All in all, when it comes to trading personal information, the dark web isn't as popular a destination as you may think. Regardless of whether we're talking about the dark web or more easily accessible resources, however, you don't want to find your personal information getting transferred from one pair of criminal hands to another.
How to keep your data safe?
Experts have written books, drawn diagrams, and recorded courses trying to answer this question. Despite the huge volume of work, putting together a step-by-step guide to protecting your data online is just not feasible.
A good approach would be to think about the worst-case scenario and assume that sooner or later, you (and/or a service you're using) will get hacked. This will help you realize how important data security is before it's too late.
You'll probably want to review the privacy settings of your social media accounts, and you'll see that you might be sharing a bit too much information with your friends.
When it comes to passwords, you should know that storage is very important. If a password is stored correctly (salted and hashed with a strong algorithm), cracking it would be hard, as long as it's not too short or a dictionary word. If it's hashed with a weaker algorithm, only really complex and long passwords can remain hidden for the crooks. If it's stored in plain text, and if you're using it on multiple websites, we've got a sitting duck scenario. Unfortunately, the way the vendors store your passwords is beyond your control, which means that you have little other choice but to once again assume that the worst is going to happen.
The only way of keeping as much of your data as safe as possible is to create long, complex, and unique passwords for all your accounts. Cyclonis Password Manager gives you a quick and convenient way of doing just that.
