Did you ever ask yourself if you care what personal information you give out online or in exchange for a “free” service? Do you really want to mix your colleagues with a friends or family on social media? Do you really want to leak some information about your life and interests to strangers? (Yes, strangers because you don’t know your online audience and how it may use information released by you against you.)
Some people don’t take their online privacy and security seriously. They prefer to ignore it or say that they have nothing to hide. On one hand, they have some degree of concern and on the other hand they don’t apply simple privacy restrictions to protect their personal information online. The web holds a huge depository of personal information that is open to the public.
Maybe it is harder to imagine that you are being spied upon when you are in a virtual environment rather than the physical world. People make themselves vulnerable by allowing friends, colleagues or other people to track their daily life activities, habits, religious beliefs, sexual orientation, shopping or other consumer preferences.
This happens because many of us even don’t realise how we could be tracked and profiled online. The Internet never forgets: data about our online activities is recorded and archived. People tend to change their opinions or views on certain things over time, or after certain life situations, but those previously expressed opinions might be used against you depending on your actions or views in the future.
Unfortunately, the Internet and the applications running on it were not designed for privacy, which means anyone using them can potentially be tracked online by governments, security agencies, Internet service providers (ISPs), corporations, hackers and other parties. Here are some examples of the different purposes that tracking and collecting data can be used for:
Search engines and email providers are some of the biggest players in data collection. Their business model is mainly focused on advertising and selling collected data. It is based on tracking their customers for advertising purposes. They provide “free” services to their users and in return, they collect data about users in order to monetise it. We may pay a higher price for services like flights, hotels, insurance based on our browser history, geolocation, online searches, email communication and other information about us because the history of our online activity has been sold to the service providers and they know in advance about our needs and interests.
These programs may do more than just provide us with services or information. Apps can trace our online behaviour, have full access to the contact list, regularly track our location, automatically send information about your device, and even activate a device’s microphone and speakers.
These bodies have access to a large amount of online data and special equipment to process it, enabling them to build a profile of the Internet user and their usage habits. Details about the US Government’s PRISM data collection surveillance program, and of information collected via PRISM and its information providers can be found here. Mass surveillance data can be narrowed to specific target surveillance if individual has a different views on religion, politics and so on.
Profiling is built from browsing history, search engine searches, emails communication, geolocation information, chatting history, even posts of your contacts and friends. One of the biggest screening tools used by employers and other individuals to build a profile of the Internet user is Facebook.
The Psychometrics Centre within the University of Cambridge conducted interesting research called “Apply Magic Sauce “, where user’s online behaviour and digital footprints were translated into psychological profiles.
Stylometry is another way of identifying people from their writing style and it may be used in social media for personality prediction and de-anonymization of online users. Here is an example of a program that was designed to perform a stylometric analysis and text comparison for author identification, and you can read more about stylometry here.
Hackers usually prefer to access confidential data about businesses or individuals through social engineering attacks. Revealing too much personal information online could make users vulnerable to different and creative hacking scenarios and phishing scams. Attackers may also get personal information to steal a user’s identity and compromise their bank account. They usually look for information like your date of birth, home address, mother’s maiden name, information about your family and friends, PPS numbers and geolocation.
I would like to say a few words about stalkers because some people may still not realise how stalkers can affect their quality of life or make them vulnerable to online harassment. A stalker’s main goal is to affect their victim’s social or career growth. Even knowing some limited information about an individual could be enough for a stalker to create or change that person’s profile.
The most vulnerable groups to this kind of cybercrime are children and people over 55. It is in your hands to protect yourself, your children, or even elderly parents and relatives from becoming a victim of stalkers. People tend to make silly mistakes in their teens. You probably remember some of your own. But if those are recorded online, remember that the Internet never forgets. Who knows when and how posts that were posted in childhood or teenage years can be used in the future?
In my next post, I will talk about what methods are used for tracking and how can we restrict our information online and protect ourselves from invasions of our privacy.