by Greg Sparrow
Now more than ever before, “big data” is a term that is widely used by businesses and consumers alike. Consumers have begun to better understand how their data is being used, but many fail to realize the hidden dangers in every day technology. From smart phones, to smart TVs, location services, and speech capabilities, often times user data is stored without your knowledge. Here are some of the most common yet hidden privacy dangers facing consumers today.
- Geo-Location- Geo-Location can be convenient, especially when you’re lost or need GPS services. However, many fail to realize that any information surrounding your location is stored and archived, and then often times sold to a 3rd party who wants to use that information for a wide variety of reasons. For example, are you aware that data is often collected during your shopping experiences? A variety of stores will purchase location information to determine how long a customer browsed in a particular aisle, so that they can further market to those customers in the future- promoting similar products. The information may seem harmless, but would you feel that same way if you saw a physical person following you around collecting the same information?
- Social Media- Facebook, Google, Twitter, and Instagram are all social media services that are provided to individuals for “free,” but have you ever wondered what the real cost might be? It is often said that if you don’t have to PAY for the service, then you probably ARE the service. The hidden cost for utilizing these social media sites is the forfeit of personal information for the social media sites to sell and thus profit from. In fact, Google and Yahoo can actually read their customers personal email. Some individuals might say they don’t mind because they have “nothing to hide,” but wouldn’t you be wary of publicly posting your login credentials not knowing who might have access? Giving these large organizations rights to your private messages, can be interpreted as pretty much the same thing. After all, isn’t your personal email just that – personal? Another unknown fact about Facebook is that they can create “ghost profiles” using facial recognition for people who do not have an account, but appear in someone else’s photos. During the Dakota Pipeline Protests, Facebook sold the private chat messages of its users who were discussing the matter to the FBI and local police, as well as private security companies who further reported inside information directly to the pipeline company. Because the information was “for sale,” the police didn’t need a warrant to obtain confidential information- they simply needed to buy it. This is just one of the many ways that social media affects those who don’t realize the implications.
- Web Browsers and Apps- Before smart phones existed, “apps” were nonexistent. Anything accessed now through an app, was before accessed through an internet browser. The web browser on a smart phone is what is referred to in the cyber security industry as “sandboxed,” meaning it cannot access general data on the system or control hardware. An installed app however can be coded to do anything it wants to gain access to any hardware the user has control of. Take the History Channel for example, if a user accesses the site from a laptop, they can access the entire website without a problem. However, if accessed through a web browser on a smart phone, the user is promoted to “download the app.” Many times, if you do not download the app, the website will disable you from viewing or using it, forcing you to download the app and giving up your personal information in the process. After downloading the app, it asks for permission to access the camera and the microphone on your device. This is because the app is storing personal information of its users outside of what happens within the History Channel app you just downloaded.
- Speech Software & Smart TV’s- Speech software such as Cortana, Alexa, and Siri have become increasingly popular in the past few years. However, if you are running these services in your home or office, then you have an active listening device running at all times. Essentially, you are “bugged.” These services are running, tapping and sending your audio steams to remote servers daily. Many fail to realize that the cameras on these devices can be turned on without the light being activated. Meaning, your smart TV can be watching you even when you aren’t watching it. All of this can be done without downloading any related software because the software is already built-in. Some smart TV’s will not turn on if the camera is covered with tape, or if the microphone has been disabled. If you’re living in the United States and utilizing a smart TV, it’s likely monitoring and watching you.
- Shopping & Savings Cards- Are these just great programs to help you save a little money at various stores? What is in it for the business offering these ‘savings’? There are some little- known privacy danger inherent in the “frequent shopper” or savings cards offered by many grocery stores and retailers. These organizations are saving, analyzing, and sharing information on what you buy, when you buy it, and predicting future sales. The savings passed on to the consumer are far less than the amount of money these companies are making by selling the information to outside resources regarding your purchasing history and habits. Specifically, Kroger and Ingles make over 200% more profit from the data that they sell than the savings that the consumer experiences. The best way to protect oneself from the sharing of personal information, is to limit the number of programs you participate in.
About the Author:
Greg Sparrow is the Vice President & General Manager of CompliancePoint’s Information Security Practice. Greg has over 15 years of experience with Information Security, Cyber Security, and Risk Management. His knowledge spans across multiple industries and entities including healthcare, government, card issuers, banks, ATMs, acquirers, merchants, hardware vendors, encryption technologies, and key management.