Privacy, the 21st century’s go-to topic. I can almost guarantee that if you turn on a rolling news channel or flick open a newspaper, privacy will be featured somewhere in the first 5 stories.
Privacy is divisive, it’s encompassing, it’s controversial, it’s a human right and everyone has an opinion. Many argue the concept of ‘privacy issues’ will be the defining topic of this generation.
With the advent of the consumer internet in the 1990s, smart technologies in the 00’s and now the IoT, privacy is one of the media’s hottest topics alongside terrorism and climate change.
But what makes privacy such a deliberated topic? Why are governments at war with corporations over it? Why should a person’s right to privacy be challenged, what are the counterarguments and what are the ramifications of encroaching on privacy?
Well, that’s exactly what we’re going to look at, well more precisely that’s what Paul Bischoff, journalist and privacy advocate, from Comparitech is going to look at.
We’ve lined up some of the most commonly asked questions in the field of privacy and online security for Paul to answer, and hopefully shed a little light on the much published 21st century networked world.
What is the worst case scenario if I don’t protect my privacy?
That’s tough, because there are so many possible hypothetical situations. Maybe someone steals your identity and uses it to purchase explosives before committing an act of terrorism, implicating you in the crime causing you to lose all your friends and spend a fortune on legal fees. That would suck pretty bad.
I prefer to use a more realistic but still pretty ‘sucky’ example of a hacker that collects information about you–be it public on Facebook or private financial info–and uses it to impersonate a friend or family member. They then ask for a loan of some sort only to run away with your cash. I like this example because it shows how being too laissez faire with your personal information not only affects you, but also your friends.
Why do I care if the government is accessing my personal data or eavesdropping on my calls?
I think the most annoying thing someone can say to a privacy advocate is, “I have nothing to hide.” That’s pure rubbish, because everyone has something to hide or that we at least prefer no one know about. We lay down this imaginary line between our real lives and our internet lives and just give into surveillance on the latter because it’s become the status quo. But if cops were monitoring your every move at every time of the day–when you wake up, what you had for breakfast, what type of toothpaste you use; and that’s just the morning routine–you would rightly feel harassed. For some reason we tolerate government’s invasion of privacy online, but it shouldn’t be that way.
The advent of the internet of things came swiftly and largely left security by the wayside when it did so. After all, why would someone want to hack my mom’s Fitbit and find out if she made her 10,000-step goal two weeks ago? But the internet of things is expanding in both our private and public lives, and threats exist to each. For instance, if a hacker can find out when Nest activates your air conditioning every day when you come home from work, then they know when to burgle your house. If a terrorist can manipulate when the automatic locks in a building activate or track city buses during their routes in real time, they gain an advantage when planning attacks.
These concerns only scratch the surface of what security vulnerabilities in the internet of things can amount to, and as IoT tech grows the need for decent security multiplies. On top of those safety hazards, IoT security is a legal and technological minefield as it hasn’t yet developed a set of standards that apply across the board.
Where do you fall in the Apple vs US government encryption debate?
I tend to side with Apple. Stopping terrorism is important, but forcing Apple to implement a backdoor on their devices only leaves users more vulnerable, and there are dozens of apps and other means of encrypting data that are free and open for terrorists to use as alternatives. As Ben Franklin once said,–and I’m probably paraphrasing here– “Those who surrender freedom for security will not have, nor do they deserve, either one.”
Is backing up files on the cloud a good idea?
Depends on the cloud. Is the cloud encrypted? Is the transfer encrypted? Can the company hosting your data decrypt it? If you’re using Google Drive or Dropbox, for example, the answer is no. They don’t encrypt your data on the cloud, but you can encrypt critical or sensitive files before uploading them using an app like Boxcryptor or Cloudfogger. Some storage and backup services will encrypt your data, like iBackup and SpiderOak, but no single service is perfect and invulnerable.
Who or what is the ultimate source of authority when it comes to online privacy?
As much as I’d like to toot my own horn, I’d say the Electronic Frontier Foundation is the best place to learn about online privacy and stay up to date. If I could only listen to a single source when it comes to privacy, it would be the EFF.
How important is a VPN?
In this day and age I would argue that a VPN is equally as important as antivirus. A VPN ensures that anyone that intercepts your internet traffic–be they a script kiddie hacking the Wi-Fi at your local coffee shop or your internet service provider or the NSA itself–can’t monitor or log your online activity. They can’t see your location, they can’t see the location where your data is travelling to and from, and they can’t decrypt that data using any efficient means. This is hugely powerful when online.
What’s the biggest privacy/security risk that people aren’t aware of?
Public Wi-Fi hotspots, probably. People get desperate for internet sometimes and will connect to anything that doesn’t require a password, but those hotspots are often compromised or even specifically provided by hackers to steal their information or serve viruses to users. If you’re a frequent public Wi-Fi user, getting a decent VPN should be at the top of your list of security measures to invest in. The barista at your local coffee shop is not a network administrator and won’t know if their Wi-Fi has been hijacked.
How are net neutrality and internet privacy related?
Net neutrality argues that the internet should be treated as a utility like electricity. It doesn’t matter if you use that electricity to run a hair dryer or a bitcoin farm–the electricity costs the same per unit. When it comes to the internet, ISPs generally do this, but not always. They know if you’re watching a movie on Netflix or looking at Facebook, and can throttle traffic to sites they don’t like (usually Netflix). For them to do this, they peek at your internet traffic to find out, metaphorically speaking, if you’re using the hair dryer or running a bitcoin farm. They shouldn’t be allowed to peek, and therefore they shouldn’t be allowed to discriminate against certain websites and apps. This is another reason you should get a VPN, because it prevents ISPs from snooping on your internet activity.
If you had to pick three privacy tools that you think everyone should get, what would they be?
A VPN, an ad blocker, and some sort of encryption software for your files. I’m leaving out antivirus because most computers and phones sold today come with virus and malware protection in some form.
Is there any way to protect yourself from data breaches?
No matter how much care you put into guarding your own privacy, some company somewhere is going to screw it up for you and leak you credit card or other info. All those Ashley Madison members really got screwed, and not in the way they wanted.
The only thing you can really do about it is avoid using your card at companies you don’t trust and stay on top of news about data breaches. If you stop using a company or service, ask in writing that your data be removed from their servers. Identity theft protection companies can minimize the risk and catch threats early on by scanning black market websites for your information, but they can be costly.
If you were a hacker, how would you steal people’s data?
I’d get a phone with a good 4G subscription, go to Starbucks, and set up a fake Wi-Fi hotspot from that phone called “Starbucks FREE” or something like that. Then I’d see how many suckers connected to it, route the traffic through something like Wireshark (a network protocol analyzer) on my laptop, and record everything they do. If they’re stupid enough to do online shopping or banking on a sketchy free Wi-Fi hotspot without any encryption, then that’s a jackpot.
Have you ever been hacked?
I’ve had my credit card number stolen a couple times, probably as a result of a data breach. I think someone used one of my Gmail accounts to serve spam or phishing scams once, so every email I sent went into people’s spam folders. I once downloaded a trojan from a torrent website and had to restore Windows. Nothing serious, though.
Can Facebook be private?
Not really, but it’s not meant to be. There are steps you can take to make it more private than what it is by default, particularly by modifying your connected app settings, but it will never be a private experience. Just don’t post anything sensitive.
What are your feelings on Safe Harbour?
Safe Harbour is no more. The EU and US are attempting to resurrect it, but it can never really be achieved without overhauling America’s policy on bulk surveillance. Anything less will be a chocolate teapot, as they say.
And finally… Who would win in a fight between Julian Assange and Edward Snowden?
Snowden seems a bit more fit when I see him on television and I imagine being stuck in an embassy for a few years hasn’t helped Assange’s physical condition, so I’d put my money on Snowden. I wish both of them a safe and prison-free trip back to their respective home countries, though.