Understand and protect your online privacy

The landscape of personal data mining and exploitation is shifting faster than ever; trying to protect your online privacy alone is like trying to build your own antivirus software-really, really difficult. But whether or not you have the time (or money) to invest in the pros, there are a few simple steps we can all take to reduce the risk to our private data.

business Updated: Apr 05, 2018 16:12 IST

Long gone are the days when people used to keep their valuables in specially-designed safes, looked by uniquely designed keys and their locations marked obscurely in a map. With time and evolution, the ways we protect our valuables have also evolved and become more complicated. As the technology made huge strides forward, so did the methods thieves incorporated to steal. They have become more cunning, and smarter than most. Today, it is not the cash, or the gold, that they are usually after. They target the numbers and characters in your passwords, which have replaced the traditional keys and boxes. In other words, they assume the very existence of yours and steal your identity!

Have you ever received a huge bill on your credit card, even though you know you've never made those purchases, nor have you ever let the card itself slip from your wallet? There have also been instances when thieves have hacked into a bank account and transferred millions to an off-shore account where no accommodating government has jurisdiction? Just a few days ago, some students from a school in Massachusetts discovered their photos being picked up from Facebook, doctored upon, and published on a pornographic website! Yes, I know it's quite a stimulant watching our desired movie actresses and other celebrities' photos doctored in compromising positions in such websites, but have we ever stopped and wondered how would we feel if something like that happen to us or our children?

Identity theft & privacy breach

Your identity and personal information are valuable. Criminals can find out your personal details and use them to open bank accounts and get credit cards, loans, state benefits and documents such as passports and driving licenses in your name.

The term identity theft was coined in 1964, however it is not literally possible to steal an identity-less ambiguous terms are identity fraud or impersonation.

When you're buying online, it can sometimes be hard to tell whether you're dealing with a legitimate merchant or the online equivalent of that guy selling counterfeit watches at Lamington Road. Most shoppers focus on maintaining the privacy of their credit card data, and that's good. But that's not the only privacy concern you should have while shopping online.

Any time you use your credit card online, your identity is at risk. Organized crime factions from all over the world have streamlined the process of extracting your personal details from all sorts of places, especially shopping sites. These attackers can harvest thousands or even millions of credit cards in one fell swoop.

It may be convenient when your favorite online merchants e-mail offers for products you were thinking about buying. But wait-how did they know that? Unfortunately, if you've been using Google to browse pages for similar products, or perusing the merchant's Website, it's not a secret. You've been telling them what you like to buy and when-they're just listening.

With the advent of tracking technologies and sophisticated analytics, many Web merchants know exactly who you are and what you are most likely to buy. They know because you tell them through your buying and surfing patterns. This is valuable data, and merchants can (and do) sell it to each other.


Online privacy

10 years ago, privacy was just starting to become a major concern and a defined discipline. Chief privacy officers could have held their annual convention in an elevator, and while many Web sites had privacy policies in place, they were primitive and mostly impenetrable for non-lawyers. For most regular Internet users, if they thought of privacy at all, it was likely in the context of email addresses being sold to spammers or whether their Social Security numbers were used as identifiers.

In retrospect, those were the good old days.

The concept of privacy is a thoroughly modern one. As recently as 150 years ago, most people lived in small towns and villages, surrounded by their extended families and groups of neighbors who had, like them, lived in the same area for generations. Everyone knew each other's business and most people ever traveled more than a few miles from their hometowns. The only expectation of privacy was in one's own home, with the door closed and the shutters pulled. Everything else was considered public business.

And then the Internet happened.

Suddenly, not only was anyone else on earth easily accessible, so was anything you wanted to know about them. Need to know what your old college roommate is up to? Look him up on Google or Facebook. There's his home address, maybe his phone number and the name of his employer. There's free email, free videos, free music, huge discounts on anything you're looking to buy, sites that will collect and organize all of your data for you, mobile apps that show you nearby restaurants or dry cleaners or bookshops. Pretty great.

There's only one small catch: Every move you make online, and with the advent of location-aware mobile apps, in real life, is being tracked. All of those free services and discounted products and great apps are simply delivery vehicles for ads and the tracking mechanisms that go along with them.

In case you haven't figured it out by now, check out Google's latest financial figures. Google might be a search engine, it might also be giving out a great mobile operating system for free, but behind it all, it is primarily an advertising network that will die off if no one clicks on its ads.

Here's a similar story that's currently doing the rounds on the Internet.

Another recent online breach of privacy was when a million logins for the hugely popular YouPorn sex site had leaked after a hacker chanced upon a URL linking to a user list apparently left exposed for several years.
Smaller portions of the YouPorn database featuring user email addresses and passwords had appeared on Pastebin, many of them using recognizable first and last names.The vulnerable URL has now been taken down by the publishers of YouPorn, which still leaves a large number of the site's users at risk of having their accounts hacked of phished.

Social networks are the biggest hazards

We used to live in a world where everything was private - photos of loved ones, where we got drunk, where we ate and what we thought about before going to bed. That has all changed recently and privacy has basically been thrown out the window. Online privacy is not complicated, it's not buried in any complicated Facebook settings page or by checking in "off the grid" or by making your Youtube videos private, quite simply it just doesn't exist. If you are putting something online it will be found. The common thoughts among the online community are that "everything defaults to public" or in other words privacy will barely be an option in the future.

In social networks, people can increase their defenses against identification by adopting tight privacy controls on information in personal profiles. Yet an individual's actions, researchers say, are rarely enough to protect privacy in the interconnected world of the Internet.

You may not disclose personal information, but your online friends and colleagues may do it for you, referring to your school or employer, gender, location and interests. Patterns of social communication, researchers say, are revealing.

In today's online world, what your mother told you is true, only more so: people really can judge you by your friends.

Protect your online privacy

The landscape of personal data mining and exploitation is shifting faster than ever; trying to protect your online privacy alone is like trying to build your own antivirus software-really, really difficult. But whether or not you have the time (or money) to invest in the pros, there are a few simple steps we can all take to reduce the risk to our private data.

1] Turn on cookie notices in your Web browser

"Cookies" are tidbits of information that Web sites store on yourcomputer, temporarily or more-or-less permanently. In many cases cookies are useful and inocuous. They may be passwords and user IDs, so that you do not have to keep retyping them every time you load a new page at the site that issued the cookie. Other cookies however, can be used for "data mining" purposes, to track your motions through a Web site, the time you spend there, what links you click on and other details that the company wants to record, usually for marketing purposes.

Browsers are starting to allow user control over cookies. Mozilla Firefox, for example, allows you to see a notice when a site tries to write a cookie file to your hard drive, and gives you some information about it, allowing you to decide whether or not to accept it. It also allows you to automatically block all cookies that are being sent to third parties (or to block all cookies,entirely, but this will make some sites inoperable).

2] Don't put your full birth date on your social-networking profiles

Identity thieves use birth dates as cornerstones of their craft. If you want your friends to know your birthday, try just the month and day, and leave off the year.

3] Use multiple usernames and passwords

Keep your usernames and passwords for social networks, online banking, e-mail, and online shopping all separate. Having distinct passwords is not enough nowadays: if you have the same username across different Web sites, your entire romantic, personal, professional, and e-commerce life can be mapped and re-created with some simple algorithms. One of the services that do that is Rapportive.

In case the passwords become tough to manage, one of the best password management service I'd recommend is LastPass. I use it myself.

4] The fine print

When signing up for a new service, always read its privacy policy and look for opt-outs. Good privacy policies will also spell out whether a service tracks your activities and sells that information to third parties--and they'll state what happens to your data should you terminate the service.

Additionally, use SSL when interacting with Internet sites whenever possible. SSL ensures that when you are wireless, criminals will have a harder time eavesdropping. Not all sites currently support https:// (which indicates that SSL is being used), but Facebook, Gmail, Google, and Twitter do.

5] Use a temporary credit card number

If you know you'll be making a lot of online purchases, contact your credit card provider and ask about getting a temporary number with a preset spending limit and an impending expiration date.

6] Use an anonymizer

Anonymous proxy servers mask your computer's IP address, which allows you to browse without the sites you visit knowing who you are. Web pages will likely take longer to open when you filter them through a proxy server, and the services are not a privacy panacea because they won't stop you from volunteering personal information on a site you shouldn't trust, but they do provide an added layer of protection.

There are plenty of free anonymizing proxy servers available, though I've never used any of these, or any other anonymizers. As I mentioned above, the best way to protect your online privacy is to assume you have none, and modify your online behavior accordingly. But I believe I am in the minority opinion on this matter.

7] Do not reply to spammers, for any reason

"Spam", or unsolicited bulk e-mail, is something you are probably already familiar with (and tired of). If you get a spammed advertisement, certainly don't take the sender up on whatever offer they are making, but also don't bother replying with "REMOVE" in the subject line, or whatever (probably bogus) unsubscribe instructions you've been given. This simply confirms that your address is being read by a real person, and you'll find yourself on dozens more spammers' lists in no time.

If you do open the message, watch your outgoing mail queue to make sure that a "return receipt" message was not generated to be sent back to the spammer automatically. Additionally, most email services block images embedded within emails by default. Do not click on "view images" or any equivalent if the email seems to appear from an unknown user. The very fact that the email gets queried from the spammers' web server also confirms the legitimacy of your email ID.

8] Don't use Internet Explorer

Okay, I can't stress on this point enough.

IE is the most popular browser, which means it's the target for most data thieves. That's not saying you're 100 percent protected when you use Mozilla Firefox or Google Chrome, but at least you're not putting the fate of your personal information in the hands of a single company. (I won't even mention Microsoft's spotty security track record.) Hundreds of volunteer programmers poke and prod Firefox (and to a lesser extent, other open-source software) to identify and patch security vulnerabilities.

Last, but never the least, the most important weapon to fight online privacy threats is common sense. Something that's not so common, after all.

First Published: Feb 24, 2012 17:51 IST