Data Privacy Day | Are We Responsible For Leaking Our Own Data?

Introducing Sqlcommenter: An open source ORM auto-instrumentation library
January 28, 2021
Eventarc brings eventing to Cloud Run and is now GA
January 28, 2021
Introducing Sqlcommenter: An open source ORM auto-instrumentation library
January 28, 2021
Eventarc brings eventing to Cloud Run and is now GA
January 28, 2021

With the debate raging over user privacy on platforms such as WhatsApp, Telegram and Facebook, today – January 28 – Data Privacy Day, which promotes privacy awareness and best practices, is a great opportunity to reflect on aspects of the issue that increasingly affects us all.

No Way to Disconnect

Pretty much everyone today interacts with the internet, and for that, they use social networks, mobile devices, and various software (such as Gmail). Most users understand and accept that in order to use these free services and technologies, we have to agree to divulge some of our private information.

The social networks know our preferences, and they know who our friends are; Google scans the content of our emails to offer us customized search results, and mobile apps collect information about us to improve interaction (and increase consumption).

Most people take this data collection, retention, cataloging, and analysis in their stride. After all, they “agreed” to it. However, if we realize that someone is collecting information about us without our prior consent, we rightly kick up a commotion.

Outcry or not, Google, Amazon, and Facebook, as well as Apple and Samsung and many others will continue to gather as much information as possible about their users. Whether it’s to sell that data or use it to enhance their understanding of user behavior, it is all part of their business model. In some cases, it is only such data collection that enables businesses to offer their services at the price they do: often, zero.

For most of us, it’s either impractical or impossible to really break away from these companies; we accept their proportionate invasion of our privacy because the convenience or utility of their service offers us value. Of course, that does not mean they should be allowed to do whatever they want; increasingly, voices are calling for regulators to implement greater oversight and enact and enforce stronger privacy protection laws.

Apply Common Sense

The fact that we are consumers of digital services and products and that we waive some of our right to privacy to a greater or lesser extent does not mean our privacy should in any way be undervalued. Facebook indeed knows an awful lot about us, but there’s no reason we should reveal to the social network, or to our Facebook friends, any more than we need to.

We must be mindful that any post, tweet, photo, or clip will be exposed to millions of unknown eyes. Even if we use the most stringent privacy settings, all that needs to happen is for someone to take a screenshot and share it with their followers for that data to ‘leak’ into the wider public domain.

So the simple rule is: If you don’t want people to know, don’t share it online!

That includes personal information, intimate photographs, private documents, and anything else that other people shouldn’t be able to see.

Visual Data

In the early years of the internet, most private information was structured – addresses, names, phone numbers, bank accounts, and credit card numbers. With the rise of social networks, a new kind of information was added – textual information that we produce ourselves, such as talkbacks, posts, and blogs. In recent years, with the advent of Smartphones, the most significant information produced today is visual information: photos and videos. This type of information is completely different from written or structured information: it is accessible and easy to copy and transfer via screenshots.

Worse, visual information can identify a person definitively. You can’t hide behind a fake user profile if you share a real picture of yourself. And yet, on the other hand, visual information can easily be manipulated with Deep Fake technology.

Here as well, the rule is: don’t share what you don’t want your Auntie or Uncle to see. Did you take a picture? Did you send it to a friend or share it on social media? Keep in mind that “it’s out there” and that this information cannot be erased from the collective memory of the internet.

Child Privacy

Adults, in general, understand these rules, but it is not at all a trivial issue for children. The generation that grew up with mobile devices in their hands feels completely comfortable photographing themselves and sending pictures and videos to friends or posting them online, often without understanding the consequences of such actions. Again, you have to take into account that everything is visible, and everything can live in the Cloud’s memory indefinitely.

When it comes to toddlers, the issue is even more serious as we do not ask their permission at all. Keep in mind that when your children grow up, someone could suddenly pull out an embarrassing picture of them from kindergarten, or worse – naked in the bath (not to mention what pedophiles could do with such pictures).

It is advisable to talk to young children and explain the issue to them, and even to prevent them from using such platforms until at least adolescence.

Smart Homes and Wearables

The world of consumer electronics is evolving at a breakneck pace. When computers entered our lives, there was no privacy risk involved. Personal computers were not connected to anything. We then connected them to the internet and learned not to tell strangers our passwords. With the smartphone, we also learned about the dangers of the camera and microphone.

But the evolution of modern ‘Smart’ technology is relentless. Smarthomes record our actions, photograph and record us, and also know what we have in the fridge. Because there is no need to take an active “log in” or manually run an app, our sensitivity to risk decreases, and we forget that the Smart device is there, listening to us. “Hello, Siri”. “Alexa, …”.

Hiding in Plain Sight | The IoT Security Headache and How to Fix It

Here, too, the rule is: Only use such monitoring devices if you have a real need. It is wise not to install Smart cameras and microphones where they can record things we do not want others to see or hear. Do you really need a webcam in your own or your child’s bedroom? These devices are supposed to be secure, but there have been many instances where they have been hacked and their content broadcast or sold.

And don’t forget your wearable devices, which constantly report your physiological data to a third-party across data center. Here, we need to ask ourselves whether we really need non-stop monitoring or whether the danger of such fine-grained data collection might one day turn out to be greater than the benefit. Leaked Smartwatch data that can be used to locate individuals is not unheard of.

Safekeeping Our Data Whilst In the Hands of Others

So far we’ve discussed information that we produced and were, to some extent, in control of its distribution; thus, the responsibility for protecting it lies with us. However, there is also a great deal of information we provide to other entities to identify, perform actions, or retain on our behalf (such as cloud storage and backup services).

Some of the major information security incidents of recent years have occurred when such entities have been negligent in securing our information. As the information producers (and customers of those entities), we do not have much control over the security of how our data is stored by these companies – the information is no longer with us, and sometimes we will not even know that it was taken from the party that received the information from us.

What Can We Do?

For most of us, it’s not possible to completely “disconnect” and we accept some degree of our privacy is forfeited in return for the benefits of the product or services we use. But there are things that we can do to reduce unnecessary exposure:

  • Choose your platform, service and software – You have a choice. Dissatisfied with WhatsApp sharing your data with Facebook? You can use Signal or Telegram. If you’re not happy with the privacy protections of your Chrome browser, you can explore the privacy protections offered by alternatives such as Firefox or Brave. Each have their own pros and cons, but check out what works for you and know that there are alternatives depending on what features you value most.
  • Explore privacy settings – If you choose to use a certain service or platform, take the time to study its privacy features. For instance, on LinkedIn you can check which applications are associated with your account and limit data sharing with 3rd parties, decide which parts of your profile are showed as part of your public profile.
  • Change default password on Smart devices – Smart home devices usually ship with built-in default passwords (or worse, none whatsoever). This makes it easier for hackers to gain access to your device. Change defaults and set your own secure passwords on all IoT devices as soon as you unbox them.
  • Erase older accounts – If you are not using your old Yahoo! Gmail or Hotmail account (as well as numerous other accounts you probably have on obscure sites and platforms) you should erase them. This will reduce the risk of leaking data from either insecure passwords or insecure storage of your passwords.
  • Do not provide information unnecessarily – Many sites ask customers for an ID number, phone number or other PII without any real need for that data. In some cases, you can often fill in required data that is not necessary for your use of the service with ‘junk’ data. If you find yourself having to do this, don’t forget to complain to the vendor.
  • Think before you post! – The good old rule of thumb is ‘would I be embarrassed if my boss, colleagues, partner, parents, children saw this content? Consider that in light not just of the present, but the future, also (like your next job interview).

In short, don’t assume you can leave the safety of your private data solely in the hands of service providers. On Data Privacy Day, it’s worth us all taking a moment to reflect that we have to take responsibility for our own data privacy wherever we can. As we’ve outlined above, there are actionable ways that we can do this.


Like this article? Follow us on LinkedIn, Twitter, YouTube or Facebook to see the content we post.

Read more about Cyber Security

Leave a Reply

Your email address will not be published. Required fields are marked *