Tech companies are claiming to be the guardians of individual privacy, but how much information is truly private?
Last year, US-based journalist Kevin Rose decided to indulge in a bit of an experiment. He invited, in fact dared, the top hackers in the US to hack him.
Very soon every aspect of his life had been invaded. In an article on fusion.net, a news website where Rose is News Director, he wrote that the hackers had done everything from “breaking into my email accounts, stealing my bank and credit card information, gaining access to my home security camera, spying on my Slack chats with co-workers, and — the coup de grâce — installing a piece of malware on my laptop that hijacked my webcam and used it to take photos of me every two minutes, then uploaded those photos to a server owned by the hacker.”
Most of this hacking does not require deep technical skill, according to Sanjoy John, an information security consultant at a Dubai-based computer systems firm.
“From a simple phone call a person can find out your bank account number and social security number. This is called social engineering. They’ll play a video in the background that makes it sound like you are in a panick situation and urge the customer care person to change the password or provide the security code to access accounts. The people on the other end are human, and try to help out. That is one way in which data is compromised. Most of the hacks that happen are through ‘social engineering’. If you know something about the individual you can reset the password. People use technical skills as a last resort,” he told Gulf News.
However, John added that service providers like banks are trying to train employees so that such incidents do not take place and to also contact customers frequently informing them that bank representatives would never request customers for bank account details. Tech companies, too, clearly mention how they use your data in the terms and conditions, the ones that nobody reads and everybody agrees to. And while platforms like Gmail are secure, the information you send through those platforms can, and does, get accessed by Google. The company’s ‘Adsense’ programme combs through every bit of information sent or received through your Google accounts. So, the moment you receive an email confirmation of your ‘Batman vs Superman’ movie ticket, entertainment related ads will start popping up every time you browse the internet.
“Eighty per cent of Google’s revenue comes from advertising. What Google does with the data is written in their terms and conditions, and I’m sure nobody reads them. Now you look at Whatsapp, which has started end-to-end encryption, which is a great thing. If your messages are intercepted in transit, they are completely encrypted so nobody can read them. But the fact remains that these messages are saved on Whatsapp servers and everytime you back up your messages they get stored. Does Whatsapp have access to these messages? This will again be mentioned in the terms and conditions,” John added.
But if we’re being completley honest, reading terms and conditions is quite a tedious task. Switching your Facebook settings to control who can easily view your photographs is not. However, many people fail to secure their data even on that front.
“When it comes to social networks, try and understand what kind of privacy Facebook or Instagram are giving you. Read about it, understand privacy settings. It is on their servers so they have right to the data but you have to make sure that no third party or person with malicious intent should have access to your data. I have seen people post pictures from their holidays with global settings on. So, anybody from the world can access them. You have to understand that there are people who are looking for pictures of children, you have to be careful — social network is a boon but also has its evil side. Keep your friend circle small, only add people you know. Use two factor authentication whenever it is offered on accounts,” John added.
