Get a Free Preview of Your Company's Dark Web Exposure!

Privacy and the Dark Web - Our Announcement

Next: Trends and Projections: Shifting Law Enforcement
Previous: Category Is: Another Data Aggregator Breach
Writer Danny R.
March 25, 2019

Danny is one of the founders of Terbium and is known around the office for his extended soliloquies and pontifications about the security industry. He blogs about global trends and the importance of knowing where one's data is on the dark web.

We often get asked, how do we define the dark web? It’s a great question, because like the phrase “upstate New York,” the term means something different to everyone. Maybe it means the Adirondack Mountains, or maybe it means anywhere above 14th Street.

We define the dark web as essentially any place you wouldn’t want to see your personal or corporate data appear, either in a leak or for sale. It amounts to the internet’s underground bazaar for stolen data and the tools and techniques to commit fraud or steal even more data. Of course, there are other types of illicit content or contraband exchanged on the dark web, but from a commercial perspective, these parts of the dark web that deal in stolen data are the ones that matter—the dark web markets, the paste sites, the hacking forums, the carding shops, the fraud guides, etc.

But this robust underground market for stolen data is a symptom of a broader problem. Its existence is an obvious side-effect of the new digital economy, where data is the new oil. Today’s most valuable companies—Google, Facebook, and others—are the ones that collect the most comprehensive, detailed, and massive data sets. And most often, those data sets comprise enormous amounts of personal and other sensitive information, usually used to target ever more precise digital advertisements at consumers or trade in ever more complex securities. Companies that have extracted this data from the world have reaped enormous rewards in recent years.

But those rewards have come without the concomitant responsibilities to, for example, protect that sensitive data from those who might wish to steal and exploit it, or to not abuse the data themselves for unethical, unintended, or unauthorized ends. As companies have amassed all this data, the priority has been on collecting as much as possible, not on storage or preventing misuse. So across the economy they’ve been keeping it in the digital equivalent of rusty buckets, cardboard boxes, and other leaky containers. It’s no wonder so much of it has seeped out through gray market data brokers doing shady things with the data and ultimately ended up on this robust underground market we call the dark web.

It’s time that changed. With emerging privacy regulations taking hold from Europe to Brazil to California, laws are finally coming onto the books that create the responsibilities that must accompany the rewards of amassing personal data. We see this as the beginning of a tectonic shift in the tech industry, one that rethinks ownership of data and the business models that use it. And no major organization is as far ahead of this shift as the Omidyar Network. Their work in digital identity promotes a “race to the top,” encouraging organizations around the world to adopt positive models toward digital identity data in anticipation of this growing privacy conversation.

That’s why today, in conjunction with the KNOW conference on digital identity, we’re excited to announce that we are partnering with the Omidyar Network to help and promote this conversation around “good ID.” As part of this partnership, ON has invested $2M into Terbium Labs and has joined our Board of Directors. We are thrilled to help them demonstrate that meaningful business models exist that do NOT exploit personal information. In fact, our data fingerprinting technique, in which we monitor for sensitive company and personal information without ever needing to see or store it, is one salient example of technology evolving beyond the exploitation of digital identity information and treating personal data with the care it deserves.

The dark web exists because of the data free-for-all that has driven so much of the tech industry. It’s time that changed, and not only are we proud to help companies avoid the damages associated with data breaches and the dark web, but we’re even more proud to do so in a way that represents the future of how business handle sensitive data.

RELATED ARTICLES
technical April 16, 2018
Privacy, Regulation, and Data Fingerprinting

We at Terbium are big fans of GDPR. Not only have we argued that regulation has a strong role to play in ensuring individual privacy and security, but we’ve built our product, Matchlight, entirely...

analysis May 30, 2018
How Does the Dark Web Fit into New York State’s New Cyber Risk Regulation?

A new regulation from New York state provides both an opportunity and a challenge for cyber risk management: an opportunity to increase visibility of a cyber security program and the challenge of assessing, measuring,...