The Dangers Of Overlooking Cybersecurity And Data Privacy
26 Jan 2024
The Dangers Of Overlooking Cybersecurity And Data Privacy
How many passwords do you use online? Are you aware of what personal information about you is on the internet? Do you know who can access that data and their intentions with it? These are all questions the average person unfortunately doesn’t come across nearly as often as they should. With our lives becoming more and more connected and digitized by the second, a terrifying realization manifests, or even worse, fails to. This essay will look into bad cybersecurity and data privacy practices, their consequences, and ways to remedy them. It will be split into two parts: platform-end issues and user-end solutions.
Fate is Inevitable
The first issue at hand is unnecessary, outright unreasonable, and even at times, illegal data collection. Online advertisements nowadays are as obnoxious as ever, and they’re the cause behind the ridiculous levels of snooping.
“You are the product of T.V.
You are delivered to the advertiser who is the customer.
He consumes you.
The viewer is not responsible for programming——
You are the end product.
You are the end product delivered en masse to the advertiser.
You are the product of T.V.” (Richard Serra, 1973)
This excerpt form the 1973 short “Television Delivers People” by Richard Serra is still very relevant today. If the product is free, you are most-likely the product itself and your price is your data being collected and sold to advertising agencies. Have you ever noticed that you get online ads that are extremely, sometimes terrifyingly relevant to your online activity? If so, have you asked yourself “Why am I seeing this?” or did you just go along with it? Looking at the April 2019 Facebook data breach, we can find the following fields contained in the breach: mobile number, Facebook ID, name, gender, location, relationship status, occupation, date of birth, and email addresses. The part that stands out from this breach is phone numbers, as those were acquired through the use of a vulnerability in the “Add Friend” feature. While it’s not known if only the phone numbers were acquired through the vulnerability, it’s certain that most of the fields were publicly accessible and therefore scraped from Facebook profiles. (Abrams, 2021) The small number of publicly visible fields per user can still be used to generate fairly accurate advertising profiles for each user, and it most likely has been, alongside hidden fields only Facebook engineers are aware of. The point here is data collected is data that could be stolen and/or compiled by bad actors.
This leads us into data storage and security practices, is your information plainly stored in someone’s old notebook? It’s not always possible to omit certain sections about yourself. For example, banks are generally legally required to store quite a bit of information pertaining to their customers. They’re also commonly required by law to store it with some level of security and privacy. Switzerland has famously had very strict banking secrecy laws leading to countless infamous individuals holding accounts in the country. These privacy and data security requirements unfortunately don’t always apply to other entities that collect and have access to you personal information. Data privacy has been put into greater light in the last few years with the European Union’s General Data Protection Regulation (GDPR) addressing a lot of privacy issues and ensuring EU citizens are entitled to transparent collection practices. While the GDPR addresses our next issue, secure storage and processing, under articles 32 and 35 (Regulation (EU) 2016/679 of the European Parliament and of the Council (General Data Protection Regulation)), that doesn’t guarantee someone working behind the scenes will follow the rules to a tee. Breaches still happen fairly often thanks to insecure data transfer and storage protocols, vulnerabilities as plain as daylight, and outright neglect of the platforms in question. Adding salt to the wound, they are usually never publicized immediately, meaning there is an unknown number of data breaches just floating around the dark web.
You can challenge your fate.
The questions asked at the start give hints to what YOU as a user of the internet should do to ensure your safety and privacy online. “How many passwords do you use online?” Most people are likely to answer one or two. This sharing of passwords across multiple online accounts, at times even online bank accounts included, means a bad actor only needs to compromise the site with the weakest security to get ahold of any accounts that share the same password. Fortunately, this can be easily remedied through the use of a password manager and randomly generated passwords, putting the password manager behind one very difficult, ideally long master password. Another form of security should also be enabled, that being two or even multi-factor authentication. This ensures access is locked behind not only a password, but also a possible plethora of walls such as rolling codes stored on your device, physical access keys, and biometric authentication. Another strategy you should employ in your daily life is separation of accounts by how much sensitive information you allow them access to This can be easily achieved by having two email addresses, one for serious personal matters such as banking or government services, and another for less important things like social media and the like.
Users shouldn’t sleep easy knowing their accounts are impenetrable fortresses, however, there is a practically unending number of entry points to an online service. Only give the bare minimum information required about yourself on the web, especially on an unknown or small website. Keep yourself aware of who has what and how is it handled by regularly updating yourself on data policies that your own information is handled under. Another thing that should be checked on frequently is a listing such as Have I Been Pwned where details on data breaches are published and can be searched privately (Hunt, 2023). You type in an email address and it lists leaks where the email was found and the severity of the leaks. I personally have an old email address that returns three breaches, all of them containing passwords.
Even though entities are generally beholden to data protection and privacy laws, laws are not ethics nor are they followed by all. Keeping that in mind, users of today’s web and web-based services should strive to stay safe from the bad side of the internet and guard their personal information as closely and vigilantly as possible. Unless you try to keep yourself safe, you won’t guarantee your own safety, so please stay safe out on the wilderness of the internet. While fate is inevitable, only you can challenge yours.
Reference List
Abrams, L. (2021). 533 million Facebook users’ phone numbers leaked on hacker forum. [online] BleepingComputer. Available at: https://www.bleepingcomputer.com/news/security/533-million-facebook-users-phone-numbers-leaked-on-hacker-forum/ [Accessed 26 Jan. 2024].
Consolidated text: Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (General Data Protection Regulation) (Text with EEA relevance). Articles 32 & 35 [online] Available at: https://eur-lex.europa.eu/legal-content/EN/TXT/?uri=CELEX%3A02016R0679-20160504 [Accessed 26 Jan. 2024].
Hunt, T. (2023). Have I Been Pwned: Check If Your Email Has Been Compromised in a Data Breach. [online] haveibeenpwned.com. Available at: https://haveibeenpwned.com/ [Accessed 26 Jan. 2024].
Richard Serra (1973). Television Delivers People. Available at: https://www.youtube.com/watch?v=LvZYwaQlJsg [Accessed 26 Jan. 2024].
Email: yoursred@yoursred.com Github: yoursred