Monday, November 19, 2012

Hey That's (not so) Private - Introduction to Internet Privacy

As of the year 2011, an estimated 65% of the world’s population are internet users. And although people are becoming more aware of internet security, how do you know that someone isn’t watching your browsing patterns? Can you be certain that your internet session is not being monitored by others on the net? Are you sure that your personal information is safe? Although, it may be argued that your browsing patterns and data aren’t worth much, this article will discuss some of the techniques people use to view your internet usage and what they may be able to do with that information. Then we will mention some ways to control your privacy on the net.

What is Internet Privacy?
Internet privacy refers to the privacy of your personal data on the internet. This can refer to the websites you use, the services you subscribe to, and the data, photos and media you place in an online environment. Just as in real life, you don’t want someone watching your every move and listening to your every word. Although this is reasonable within context for instance you would not mind if your peers tracked your project research patterns, but you probably would not be too happy if your boss saw some of your ‘insincere’ comments about him on your Facebook profile. Some of us feel uncomfortable when someone is watching your screen over your shoulder especially when you are typing in a password or accessing a personal site. OK, so the above mentioned examples are more of annoyances and can’t do too much damage. But what if that data fell into the ‘wrong’ hands.

Your data can be valuable to quite a few people on the net. Have you ever wondered why free sites such as Facebook, Twitter and Linked in are profitable? Marketing companies are always striving to advertise to the correct market group. With information such as likes, friends, browsing patterns and other general information which can be acquired from social websites and data stored on your pc, a profile of your persona can be generated. For instance, let’s assume you like a few football teams on Facebook, tweet about your team’s results, browse football websites. A sports based company can target you and have specific football related adverts popup on your Facebook page, Google results and everyday websites. Although some people may argue that this can be convenient. To see just how your browsing data can be tracked, get the collusion Firefox add-on.  I’ve been using the Collusion for some time and below you can see what data is being shared amongst websites.
Above is some of the websites that exchanged data information with Google
The above image shows the site visits that Twitter is aware of.

But let’s step it up a notch. Say that websites begin to filter data based on your personal information.  What if your age, political or religious views start to affect your browsing experience? Your right to information is being revoked without your knowledge. Still ok? What if your personal comments photos or browsing sites become a contributing factor to losing your social status, job, family and friends? There’s a strong possibility that most people have aspects of their personal life that they want to keep secret.  This becomes a major issue when money is involved. It is a real threat that banking information is being stolen and money is being embezzled. Is it safe to trust websites without personal data?

How do they do it?
Social websites are usually the source of privacy concerns because people share so much of their personal information with these websites. So for the right price, marketing companies can buy your data from these websites. That’s why sites like Facebook and Twitter are profitable. Another technique of tracking your data is by looking directly on your personal computer. Whenever, you visit a website, a small file is saved on your computer functioning as the website’s personal storage space. This storage file known as a cookie, stores information about your sessions such as your identity, pages viewed and other general information. Usually this would help make your browsing experience more convenient, for example, being able to authenticate you without having to re-login or restore you’re shopping cart items from your previous session. But these cookies can also be seen accessed by other websites that you visit and thus be used to profile you.

One of the more popular and profitable techniques is phishing. Phishing is a process whereby the victim is fooled into providing their personal information under the false pretenses that they are making that information available to a trustworthy source. Phishing scams are usually distributed via email posing as your personal bank, a service or a friend in need. The email and sites that are linked to would usually look identical to the original sites, and people don’t know they are being scammed. Banks have tried to combat this by implementing SMS authentication where a user receives a code to their mobile device which authenticates the session.  But even this can be circumvented by scammers.

One of the other techniques reserved for the con artists of the digital world is social engineering. Social engineering is a scam whereby the attacker will impersonate a person and gain access to that persons private data by manipulating external people into thinking that they are interacting with the victim.’s senior writer Mat Honan was recently a victim of a major hack whereby the attackers were able to use personal information acquired from one site and authenticate his account on another site and ultimately wreak havoc on his digital life. Hackers were able to access his Apple account using billing information (acquired from a simple whois) and the last 4 digits of his credit card. The credit card information was acquired from Amazon whereby the hackers impersonated the victim and took advantage of some security procedures to acquire the digits. In the space of minutes hackers had all the information necessary to reset his Google and Twitter accounts as well as wipe clean his laptop and iPhone.  Although the Apple and Amazon may have not followed policies in place as they may have ignored some key security questions and other security policies, the staff were able to replicate the hacks after the incident.

Finally, viruses, malware (malicious software) and Trojans are being developed with the purpose of stealing personal information. Key loggers are applications that log every single keyboard stroke the user makes. They are usually installed via Trojans and other malware. Hackers are able to then review your strokes and identify personal information such as, mobile numbers, conversations banking details and so on. This is also known as spyware which is malware that records user information without users consent. The SMS Authentication can be spoofed by a program that re-routes the traffic to the hacker’s servers thus functioning normally but instead using the hacker’s system.

How to control your privacy and information
There are a few technique internet users can deploy to help control the use of their private data as well prevent being victimised.

Don’t disclose personal information unless you can verify the site. A simple Google search can tell if a site is malicious or not. On a related note avoid logging into that site using your social network services.  This will just give the website more information on you as well as provide links to your accounts which can be compromised.

Use 2 step authentication techniques or authenticator apps if possible. These will normally require more information than a password and take a slightly longer time but they make it more difficult to get access to your data. Authenticators apps provide a 1 time pin code that expires after use or a certain time so if someone gets a hold of it, it is fairly useless.

There are browser add-ons available such as PrivacyFix that allows you to view the data that you are sharing and change it according to your personal preferences.  Another program available for your browser is Disconnect. This application blocks tracking cookies from Facebook, Google, Twitter, Digg, and Yahoo as well as preventing access to browsing or search history from third party sites that you may visit.

Restrict your privacy settings on your social networks (such as Facebook). Also do not accept invites from people you don’t know as they may not have good intentions.

Keep your operating system, programs and antivirus updated. New security updates come out daily which prevent data leaks and hacks as well as identifying Spyware and other malware.
Make sure that when accessing websites requiring personal data have a security certificate and the correct website address is in the address bar. 

The state of the internet, social media and web trends mean that privacy has become a fallacy. Most internet providers and governments have gateways that allow you to access the net. So your data and information will be visible to someone. You have the ability to control what can be seen and it is important for people to research and acknowledge the threats of identity theft, hacks and other attacks associated with personal information. 

Further Reading