“I don’t have anything to hide, so why should I care what happens to my information?” That’s a question I’ve heard from many people, often phrased in different ways, but the sentiment is the same. It’s a very good question and one which needs more attention in this modern digital age. All too often we hear of companies being compromised as a result of varying methods e.g. neglectful ignorance or hacking. We entrust these companies with our data while often being nieve of how it’s kept safe or the risk it poses to us.
The case for privacy that I make is that we have a right to privacy, you could ask the counter questions; “Do you close the door to the toilet when you use it? Do you have curtains in your bedroom that you close? Do you walk around calling out your credit card numbers? Do you ever look to see if someone is following you when yo walk to your car?”. While some of these questions can get a bit silly, most people of course you protect these kinds of things. We of course DO close the toilet doors, and our curtains, and I certainly check what’s going on around me, and we do these things to protect our privacy and our physical well-being, but why do we care less about our digital identities?
Is it that we don’t think that this ‘online’ information is not valuable to others, or that it’s not important to us? There have been too many stories of identity theft where the victims details were easily obtained online from a breached database or simply from them posting enough information about themselves online that made them an easy target. The number one way for people to get your details online is called phishing (pronounced ‘fishing’), it’s where the unsuspecting victim clicks on a link, opens an attachment, fills in an insecure form or provides sensitive details to people posing as a credible source e.g. your bank, ATO etc.
According to the Australian Government site “Scam Watch”, for the whole 2018 year, Australians lost a reported “$107,001,471” to scams. 100 MILLION DOLLARS. I don’t intend to to cause mass panic or overreaction, but I will point out that these people may have been very private and secure people, phishing and ‘spear phishing’ (a more targeted approach based on know preferences) can happen to anyone, but the more of your details are out in the open on the Internet, the easier or more thoroughly you can be targeted. I’m going to do the next whole blog for Digital Hygiene just on Scams, we recently talked about ‘Situational Awareness’ and ‘scams’ in a previous blog titled “Digital Hygiene [Part 2] – FREE PC Protection”, but it’s becoming so frequent that it warrants more attention.
So what are the threats to your privacy? The big one is that your information is valuable to companies whom depend on monitising advertising, but the problem is that they seldom respect you privacy. Many apps you may install on your phone will often ask for more permissions that they require. Don’t give your flashlight app access to your contacts, as an example, very few apps require access to things like your contacts and location. IF you grant access to you contacts, according to some of their terms and services, you’ve just given them permission to make a copy of all your contacts’ details. Did you know that?
Large companies that hold onto our data are tempting targets for ‘black hat hackers’. A ‘hacker’ is someone that likes to probe code, a ‘black hat’ refers to someone doing this for illegal purposes. We only need to cast our minds back to the recent Marriott Hotel data breach where their ‘Starwood guest reservation’ database was exposed, allowing the bad actors responisble access to up to 500 million people’s private data. This included; people’s names, addresses, phone numbers, email addresses, passport numbers, dates of birth, gender, Starwood loyalty program account information, and reservation information. For some, they also stole payment card numbers and expiration dates. Marriott says the payment card numbers were encrypted, but it does not yet know if the hackers also stole the information needed to decrypt them. Source: https://www.consumer.ftc.gov/blog/2018/12/marriott-data-breach
This is but one in a recent string of nasty data breaches not just across America but across the globe, it just so happens that a lot of the larger companies are based in America. Adding woe to their problems, several cities and states across the US are facing increased cyberattacks from advanced Malware and in particular ‘Ransomware’ (which locks files and demands payments to unlock them again) with some councils yielding to demands, paying upwards of $500,000 to get their files back. A lot of this could have been avoided, in my opinion, had more funding been allocated to the local IT security department of each area, and, if staff in governmental facilities had been better trained in preventing attacks. More info on the US cyberattacks; https://www.msn.com/en-us/news/us/how-to-stop-cyberattacks-crushing-cities-across-the-us/ar-AADKNus
So what can we do to protect ourselves from these big companies either missuing or misshandeling our data? Well that’s getting harder and harder to do, but here are a few things that I recommend everyone look into to in order to be more private and secure online:
- Password Managers (look up LastPass, I’ve mentioned it in a previous blog post and will be making a video on using it soon) see also “Digital Hygiene [Part 3] – P@$$w0rds (passwords)”
- Use a different username and password for every site! (sounds hard, but use LastPass and a mail forwarder so you don’t have to give out your actual email address to everyone)
- Email forwarder (you tell it your actual email address and it gives you the abaility to make up email address on the fly. E.g. make “Stuff4Me” your account then you can enter “John@stuff4me.33mail.com” or “pizza@stuff4me.33mail.com” and it will still get to your proper email account) See http://www.33mail.com to see get started
- Use a good Internet browser (I like Brave, but Firefox is also good, Chrome is getting too heavy with cookies for my liking)
- Add extensions to your browser to improve privacy (I always use Cookies AutoDelete, NoScript and uBlock Origin)
- Give out less info! (Don’t give apps access they don’t need, think about what info you give out. My wife hates it when she goes to pick up pizzas I’ve ordered and having to give the name ‘Roberto’ or ‘Mr. Scnachez’ because I’ve not given out my real name.
- Keep learning. As mentioned back in ‘All about Podcasts’ I mentioned a podcast that I recommended the ‘The Privacy Paradox’ podcast. It’s 5 part series that talks the paradox of wanting to live in a more connected world but also wanting to keep some parts of our lives private. I felt that it is a ‘must listen to’ for all people living in a digital world. Have a listen then pay it forward. Get your mother or father to listen to it, get your friends to have a listen too.
This all might seem like too much to be bothered with, but I feel that it’s worth fighting for. The right for privacy stems from a need to protect one’s own identity, whether it’s your name, postal address or your email and phone number. We don’t know when the next data breach will be or what bad things could be done with our data, so try and keep your private information… well, private.
Thanks for reading, I know there was some more technical stuff near the end there, I’m planning more blog posts and videos on these topics soon. I’ve not had a chance to get much done lately, but I’m hoping this will change soon.
Tell me in the comments if you think my privacy protection measures are too extreme, or not extreme enough. Would you believe that you can get to a whole new level if that’s something you want to do?
Warm Regards,
Paul
HobStar Computer Solutions 