ebuyer daily deals 40% off

privacy what you need to know title

Privacy, the 21st century’s go-to topic. I can almost guarantee that if you turn on a rolling news channel or flick open a newspaper, privacy will be featured somewhere in the first 5 stories.

Privacy is divisive, it’s encompassing, it’s controversial, it’s a human right and everyone has an opinion. Many argue the concept of ‘privacy issues’ will be the defining topic of this generation.

With the advent of the consumer internet in the 1990s, smart technologies in the 00’s and now the IoT, privacy is one of the media’s hottest topics alongside terrorism and climate change.

privacy what you need to know security image

But what makes privacy such a deliberated topic? Why are governments at war with corporations over it? Why should a person’s right to privacy be challenged, what are the counterarguments and what are the ramifications of encroaching on privacy?

 

Well, that’s exactly what we’re going to look at, well more precisely that’s what Paul Bischoff, journalist and privacy advocate, from Comparitech is going to look at.

We’ve lined up some of the most commonly asked questions in the field of privacy and online security for Paul to answer, and hopefully shed a little light on the much published 21st century networked world.

 

What is the worst case scenario if I don’t protect my privacy?

That’s tough, because there are so many possible hypothetical situations. Maybe someone steals your identity and uses it to purchase explosives before committing an act of terrorism, implicating you in the crime causing you to lose all your friends and spend a fortune on legal fees. That would suck pretty bad.

 

I prefer to use a more realistic but still pretty ‘sucky’ example of a hacker that collects information about you–be it public on Facebook or private financial info–and uses it to impersonate a friend or family member. They then ask for a loan of some sort only to run away with your cash. I like this example because it shows how being too laissez faire with your personal information not only affects you, but also your friends.

 

Why do I care if the government is accessing my personal data or eavesdropping on my calls?privacy call snooping

I think the most annoying thing someone can say to a privacy advocate is, “I have nothing to hide.” That’s pure rubbish, because everyone has something to hide or that we at least prefer no one know about. We lay down this imaginary line between our real lives and our internet lives and just give into surveillance on the latter because it’s become the status quo. But if cops were monitoring your every move at every time of the day–when you wake up, what you had for breakfast, what type of toothpaste you use; and that’s just the morning routine–you would rightly feel harassed. For some reason we tolerate government’s invasion of privacy online, but it shouldn’t be that way.

 

Lately, we’ve heard a lot about the internet of things and all the security vulnerabilities that come with it. How much of a threat is IoT?how safe is the smart home title

The advent of the internet of things came swiftly and largely left security by the wayside when it did so. After all, why would someone want to hack my mom’s Fitbit and find out if she made her 10,000-step goal two weeks ago? But the internet of things is expanding in both our private and public lives, and threats exist to each. For instance, if a hacker can find out when Nest activates your air conditioning every day when you come home from work, then they know when to burgle your house. If a terrorist can manipulate when the automatic locks in a building activate or track city buses during their routes in real time, they gain an advantage when planning attacks.

 

These concerns only scratch the surface of what security vulnerabilities in the internet of things can amount to, and as IoT tech grows the need for decent security multiplies. On top of those safety hazards, IoT security is a legal and technological minefield as it hasn’t yet developed a set of standards that apply across the board.

 

Where do you fall in the Apple vs US government encryption debate?

I tend to side with Apple. Stopping terrorism is important, but forcing Apple to implement a backdoor on their devices only leaves users more vulnerable, and there are dozens of apps and other means of encrypting data that are free and open for terrorists to use as alternatives. As Ben Franklin once said,–and I’m probably paraphrasing here– “Those who surrender freedom for security will not have, nor do they deserve, either one.”

 

Is backing up files on the cloud a good idea?

Depends on the cloud. Is the cloud encrypted? Is the transfer encrypted? Can the company hosting your data decrypt it? If you’re using Google Drive or Dropbox, for example, the answer is no. They don’t encrypt your data on the cloud, but you can encrypt critical or sensitive files before uploading them using an app like Boxcryptor or Cloudfogger. Some storage and backup services will encrypt your data, like iBackup and SpiderOak, but no single service is perfect and invulnerable.

 

Who or what is the ultimate source of authority when it comes to online privacy?

As much as I’d like to toot my own horn, I’d say the Electronic Frontier Foundation is the best place to learn about online privacy and stay up to date. If I could only listen to a single source when it comes to privacy, it would be the EFF.

 

How important is a VPN?

In this day and age I would argue that a VPN is equally as important as antivirus. A VPN ensures that anyone that intercepts your internet traffic–be they a script kiddie hacking the Wi-Fi at your local coffee shop or your internet service provider or the NSA itself–can’t monitor or log your online activity. They can’t see your location, they can’t see the location where your data is travelling to and from, and they can’t decrypt that data using any efficient means. This is hugely powerful when online.

 

What’s the biggest privacy/security risk that people aren’t aware of?free wifi

Public Wi-Fi hotspots, probably. People get desperate for internet sometimes and will connect to anything that doesn’t require a password, but those hotspots are often compromised or even specifically provided by hackers to steal their information or serve viruses to users. If you’re a frequent public Wi-Fi user, getting a decent VPN should be at the top of your list of security measures to invest in. The barista at your local coffee shop is not a network administrator and won’t know if their Wi-Fi has been hijacked.

 

How are net neutrality and internet privacy related?net_neutrality

Net neutrality argues that the internet should be treated as a utility like electricity. It doesn’t matter if you use that electricity to run a hair dryer or a bitcoin farm–the electricity costs the same per unit. When it comes to the internet, ISPs generally do this, but not always. They know if you’re watching a movie on Netflix or looking at Facebook, and can throttle traffic to sites they don’t like (usually Netflix). For them to do this, they peek at your internet traffic to find out, metaphorically speaking, if you’re using the hair dryer or running a bitcoin farm. They shouldn’t be allowed to peek, and therefore they shouldn’t be allowed to discriminate against certain websites and apps. This is another reason you should get a VPN, because it prevents ISPs from snooping on your internet activity.

 

If you had to pick three privacy tools that you think everyone should get, what would they be?

A VPN, an ad blocker, and some sort of encryption software for your files. I’m leaving out antivirus because most computers and phones sold today come with virus and malware protection in some form.

 

Is there any way to protect yourself from data breaches?

No matter how much care you put into guarding your own privacy, some company somewhere is going to screw it up for you and leak you credit card or other info. All those Ashley Madison members really got screwed, and not in the way they wanted.

 

The only thing you can really do about it is avoid using your card at companies you don’t trust and stay on top of news about data breaches. If you stop using a company or service, ask in writing that your data be removed from their servers. Identity theft protection companies can minimize the risk and catch threats early on by scanning black market websites for your information, but they can be costly.

 

If you were a hacker, how would you steal people’s data?is hacking a hobby hackers ahead

I’d get a phone with a good 4G subscription, go to Starbucks, and set up a fake Wi-Fi hotspot from that phone called “Starbucks FREE” or something like that. Then I’d see how many suckers connected to it, route the traffic through something like Wireshark (a network protocol analyzer) on my laptop, and record everything they do. If they’re stupid enough to do online shopping or banking on a sketchy free Wi-Fi hotspot without any encryption, then that’s a jackpot.

 

Have you ever been hacked?

I’ve had my credit card number stolen a couple times, probably as a result of a data breach. I think someone used one of my Gmail accounts to serve spam or phishing scams once, so every email I sent went into people’s spam folders. I once downloaded a trojan from a torrent website and had to restore Windows. Nothing serious, though.

 

Can Facebook be private?

Not really, but it’s not meant to be. There are steps you can take to make it more private than what it is by default, particularly by modifying your connected app settings, but it will never be a private experience. Just don’t post anything sensitive.

 

What are your feelings on Safe Harbour?

Safe Harbour is no more. The EU and US are attempting to resurrect it, but it can never really be achieved without overhauling America’s policy on bulk surveillance. Anything less will be a chocolate teapot, as they say.

 

And finally… Who would win in a fight between Julian Assange and Edward Snowden?

Snowden seems a bit more fit when I see him on television and I imagine being stuck in an embassy for a few years hasn’t helped Assange’s physical condition, so I’d put my money on Snowden. I wish both of them a safe and prison-free trip back to their respective home countries, though.

ebuyer-logo

password-safe-title

5 COMMENTS

  1. “…maybe someone steals your identity and uses it to purchase explosives before committing an act of terrorism, implicating you in the crime causing you to lose all your friends and spend a fortune on legal fees. That would suck pretty bad.”

    Yeah of course, your friends who know you quite well, know nothing of the IoT and instantly believe that you’re a terrorist and the police would never believe that you were at home watching telly and of course guilty until proven innocent is the way the justice system works – not.

  2. I’m a privacy professional. I work for one of the UK’s (and probably the world’s) biggest holders of personal data, and I’m responsible both for matters of policy and of operational implementation of “privacy” (primarily compliance with the UK DPA); I provide compliance advice and guidance to 100,000 staff; and I’m on first-name terms with compliance officers and investigators in the ICO.

    And I’m damn’ good at what I do.

    I can legitimately call myself a “privacy advocate”, then – and my personal starting point when thinking about privacy? I’ve got nothing to hide.

    The fact is that this is a PERFECTLY legitimate way to consider personal privacy. It doesn’t imply a lack of concern about privacy, or a lack of understanding of its implications.

    But it DOES serve as a robust foundation for a sensible, low paranoia, Real World way to look at privacy.

    The point is this: I have nothing to hide, because the stuff I want to keep completely private is used in such a way that it doesn’t get exposed to attack vectors that would make me regret its existence.

    In other words, I have nothing to hide because nothing I’d want to keep hidden is placed into a situation where it might be “unhidden”.

    It’s a very healthy way to think of privacy.

    I’m not saying I don’t engage with the Real World – I shop and bank online, and I have an electronic life that involves the sharing and processing or personal data about me – but I SURELY don’t have the level of paranoia (which looks suspiciously to me like an AGENDA) that many “privacy advocates” like to encourage in their readership.

    So: “I think the most annoying thing someone can say to a privacy advocate is, “I have nothing to hide” ” is actually FINE with THIS privacy advocate…

  3. Guy wrote:

    “Yeah of course, your friends who know you quite well, know nothing of the IoT and instantly believe that you’re a terrorist and the police would never believe that you were at home watching telly and of course guilty until proven innocent is the way the justice system works – not.”

    Yep – exactly. It’s just more paranoid tub-thumping, isn’t it?

  4. “Yeah of course, your friends who know you quite well, know nothing of the IoT and instantly believe that you’re a terrorist and the police would never believe that you were at home watching telly and of course guilty until proven innocent is the way the justice system works – not.”

    Yep – it’s just more paranoid tub-thumping, isn’t it?

  5. “I have nothing to hide, because the stuff I want to keep completely private is used in such a way that it doesn’t get exposed …. ”

    In my opinion, this is a rather naïve statement.

    Firstly, its unlikely that your “stuff” is either completely private or completely open. There are many shades of grey.

    Secondly, the statement that you have “stuff” which you wish to keep completely private, means that you do indeed have things to hide (as do we all). You say you hide these things by using them carefully. Security is a risk business – you’ll never eliminate all risk, no matter how careful you are. There is always some risk left, something you forgot or didn’t consider important. A good social engineer or hacker will be able to spot those and take advantage.

    Thirdly, you can never be quite sure what new ways to obtain your completely private stuff are just around the corner. What works now will surely fail tomorrow.

    Information has a value. If your completely private stuff is valuable enough then someone will want it and they may well have better techniques and resources available to get it than you or I have to protect it. What they do with it is limited by their imagination, not yours.

    I’d also argue that privacy isn’t really a tangible property. Its a feeling, part of human nature. Losing something private, even if it was low value or only a little private, still hurts.

LEAVE A REPLY

Please enter your comment!
Please enter your name here