Privacy in a world where there doesn't seem to be any!
This post was updated on 18/11/16 - edit noted by *
Early on this week I noticed yet another story about a website getting hacked with the details of over 400m users potentially being exposed. Now the reason this hack made news headlines is because of the purpose of the site, much like Ashley Madison's breach. But they are by no means the only hacks of this year.
*Since posting this blog another high profile hack has been uncovered, this time at Three Mobile in the UK. This hack has led to the information of 6 million customers potentially being snatched after hackers gained access using the credentials of an employee.
They're just a couple of very public, and large, samples. They make the news because of the sites and because it's a nice tasty headline. If you want to get an idea of just how many other hacks there are you could check out informationisbeautiful's amazing interactive infographic of all the reported hacks over the last number of years. The number of people whose information has made it into the wild is simply staggering.
In fact if you want to get a bit of a fright maybe do this next thing.
First visit haveibeenpwned.com and check your existing email addresses to see if your details are on some database somewhere. And you might be surprised because it's just as likely to be your online betting account that has been leaked.
This is an important thing to do. If you have an account that has been hacked and you have credit card detail associated with that account then your details along with your email address and password are available to anyone who knows how to get this kind of information. From there it's not that big of a leap to some credit card fraud.
Having your password for your email also means they probably have your password for many other things too, because come on - we all use the same password for multiple accounts.
So if you find your name and email on one of these lists, then the obvious thing to do is go and change all your passwords on all your accounts.
For anyone who watched the Hacked show on RTÉ, the one big thing that you learned, I'm sure, is that the weakest link in any company's security is the people that work for them. From using USB sticks they find in the gutter so falling for simple social engineering tricks, your data is never that far away from finding itself for sale on a TOR network.
Actively Sharing Your Data
There are also lots of cases where we actively share our data with companies like Twitter or Facebook. Tracking pixels on websites can tell Facebook when you've visited a site so they can then serve ads to you based on your web habits. All this intended to drive revenue for them through ad clicks etc.
The most recent furore over this kind of thing came in the shape of the announcement from WhatsApp that it would be sharing some data with Facebook so as to better target you for advertising. On one hand they give us end-to-end encryption so the likes of the NSA can't just dip in and read your conversations but then they say it's ok to share some data with Facebook for better targeting. It all seems like a massive flip flop. You either care about data privacy or you don't. There's no halfway.
Luckily for us in Europe, enough data commissioners made enough noise to get Facebook and WhatsApp to put the project on hold while they look into all the questions that have been raised. But it's still not an ideal situation. And the worst part of it all is the passivity of many people who used these networks and see the erosion of their data privacy as the price of doing business.
We also share other data quite passively and without friction. Information like your location history and the Google searches you pretty much freely share and the things that Google knows about you would probably give you a bit of a shock.
The truth is there are many social messaging apps out there that you could use that are far more secure than WhatsApp - but because it's so ubiquitous the biggest barrier would be getting all your friends to switch. I mean, we just spent the last 4 years getting everyone on WhatsApp right?
I'm not advocating we all move to new platforms overnight or anything so extreme, but what I would like to see is for people to be more aware of their data, how they share it and how they might be exposed by it.
Simple things like changing passwords regularly and not clicking on that weird looking attachment in the email from the person you really don't know can go a long way to preventing bad things from happening.
It used to be that privacy was a right. Now, it's more likely something that you have to work quite hard to keep.