Every year on the 28th January we ‘celebrate’ World Data Protection Day (also known also in the US as Data Privacy Day). The purpose of this day is to promote and raise awareness of online privacy and protection of personal data. There is a Wikipedia article on this if you want to read more.
In the light of so many data breaches and cyber attacks resulting in data loss and disclosures, it is even more important now to be aware of:
- How companies use our data
- Why they need it in the first place
- What permissions we are granting to apps on our devices (mobile as well as PC’s).
There are also a lot of scams that attempt to draw information out of us with the promise of a reward of some form (see our blog Scams and Fraud 101 for more information).
We are also bleeding information from our smart phones, PC’s and other devices we use all the time. Think about the example where your phone will tell you that there is a Starbucks nearby. This is done through allowing Google to gather your location information, your payment information and monitor your emails, instant messages through their service and SMS’s through their messages app. It’s algorithms then infer that your current GPS location is near a Starbucks, you have frequented them in the past and therefore sends an alert to you.
An interesting video was brought to my attention recently where the CIA’s Chief Tech Officer on Big Data (Gus Hunt) back in 2013 stated clearly “We Try to Collect Everything and Hang Onto It Forever” (video below). In case you don’t believe me, in the video he also explains how data is extracted from your day to day online activities and feeds mass surveillance by the CIA, NSA and the UK’s GCHQ.
In the News last week (WC 19 Jan 2020) …
There are so many ways your information can be sent to tech companies without your direct knowledge and/or permission. This week an article in HackRead (as well as other online publications) shows a number of dating and health apps were uploading and selling your data. Also, another article in Info Security shows that the Google Play Store is peppered with apps fleecing information from your phones and marketing it. Apple do police their App Store more closely than Google, but apps still slip through the net.
This week the CEO of Alphabet (parent company of Google), Sundar Pichai, suggested, that AI and Facial Recognition should be regulated. The EU are also considering a 5 year ban on Facial Recognition while the City of London Metropolitan Police announced they are rolling out Facial Recognition across London following a successful trial. See also the BBC Click tweet on this with a video that was broadcast back in 2019 amid their trial:
AI is really the algorithms that allow computers to automate some tasks (e.g. facial recognition, alerts for Starbucks). Facial recognition has also been proven to raise false positives in identifying people and when this is linked to law enforcement this can be catastrophic.
A revelation this week that Apple have stopped fully encrypting backups from your iPhone and iPad to the iCloud following a request from the FBI. If you want to fully encrypt your backups, an article from The Verge tells you how to do this.
The US are also considering legislation amending the Patriot Act to limit the ability of the NSA (and other intelligence organizations in the US) from performing mass surveillance. My view is that it has only taken them 7 years to act following the disclosures of one Edward Snowden (read more about this in his autobiography ‘Permanent Record‘).
The above are just a few of the stories that surfaced last week, but do demonstrate the need to pay attention to your own data privacy.
The general principle is that if you are not paying for a product, you are the product by providing your data to these companies.
How can I keep my data private?
There are various ways you can act to keep a lot of your data private and limit the constant flow of information to tech companies:
- Review app permissions and ask yourself whether or not they actually need those permissions to do their job – if not, then either restrict those permissions or do not install the app
- Ask yourself when filling in online forms whether or not they actually need all this information – if they don’t, then you can decline to complete the fields, or just not use that service
- Limit the sensors on your mobile devices so that they are not activated – for example:
- The 3-axis accelerometer
- Location Services providing detailed location information via GPS
- Disable your Microphone for each app that does not need it, equally your camera
- Remove meta data from photos and videos (e.g. location, user Id) before you upload to social media
- Limit what you upload to social media as identifiable information, e.g. your face, your location, what your preferences are
- Regularly inspect your privacy settings on social media services to make sure your information, posts, pictures, etc. are only being seen by people you want to see them
- Use a VPN when connecting to public WiFi, and if you are paranoid then even when connecting from home
- Check the Terms and Conditions, and the Privacy statement, of websites you visit ad subscribe to – if you don’t like what you see, or it is too complex for you to fully understand, then don’t use the service
- Use tracking protection and ad blocking add-ons on your web browser (blog coming on this soon)
- On Social Media don’t just blindly accept friend requests – these could be hackers trying to extract private profile information.
You would be amazed how much information I can acquire about individuals just from monitoring social media profiles. If I can do it, so can hackers intent on attacking you with social engineering methods. The following video from 2016 demonstrates this:
This is clearly a massive topic that needs further exploration. Our Privacy Related Blogs are a good starting point. We will also be blogging on privacy related issues as we go though the year.
As the old saying goes “A dog isn’t just for Christmas, it is for life”. In much the same way Data Privacy and Protection should be a lifestyle choice and not just to be observed one day a year.
Privacy in my opinion is a basic human right. By inference the right to keep personal details about yourself private online is also a human right that tech companies seem to be flouting with monotonous regularity.
Headline image provided by Shutterstock.