In a span of 30 years, the average person in the United States has gone from explicitly asking the phone company to not publish their phone number in the phone book to sharing every intimate detail of their life on social media. It seems people have lost the understanding of the value of privacy. It is possible that the recent geopolitical tumult, seemingly increasing exponentially as of late, has made the average person question the wisdom of this trend. Many easy options exist to protect your privacy online, and you should be using them. If you, as an individual, wish to be in control of the information you provide to the outside world, deeper knowledge of the technology you use every day is required, along with the discipline to use it properly.

Privacy and Technology

Growing up, my parents and the parents of my friends were skeptical of all the technology making things seemingly so much better in our lives. The multichannel cable converter box, first widely available in the 1980s, allowed companies to multiplex (and control through primitive encryption technologies) dozens of pay channels to households with primitive televisions on a single VHF channel, typically channel 3. Control was through a wired or wireless remote. My parents would repeat rumors they heard of the cable company spying on us through this device. Cordless (not wireless) phones were thought to be dangerous when introduced because it was rumored that there were people in vans with special boxes listening to our conversations. Ordering products from a mail-order company by providing your credit card information to an operator over the phone was a desperate last-resort way of shopping because of concerns over being scammed from afar.

 


The remote used with the QUBE cable television system.
Understanding how all of this then-new technology worked in general, and informed with supporting information I found on computer Bulletin Board Systems (BBSs) accessed from my Commodore 64 over a 1200-baud (bits/s) modem, I assured them they were being paranoid. At most, any information these companies would collect was for their internal use. And more primitive technologies, such as phone calls and the United States postal service, were secured under privacy laws that were in place to protect us.

Privacy as Commodity

In today’s world, these protections are quickly eroding, and much of it is self-inflicted. People now share every detail of their entire day on publicly accessible websites like Facebook and Twitter. Advertisers and companies happily consume this information for profit (it’s how you pay for all of these “free” services), and most people don’t see an issue with that. Indeed, there are many benefits to sharing your information. Companies can make you aware of products and services that are useful to you. It’s easy for your friends to find you in order to get together for social occasions when you share your location with everyone. Sharing detailed bug reports and logs from the apps you use with the companies that created them accelerates the release of new features and improves stability.

The Need for Caution

Unfortunately, the reality is that once your data is shared it is now out of your control. Your information is typically shared with affiliate companies unrelated to the company you shared it with. While corporations promise that your sensitive data will be protected, a mistake by a single programmer could expose your personal and credit card data in plain text for anyone to read. This has happened to me personally, with apologies and offers of free credit reporting, to help minimize the damage.

Further, hackers and spies have myriad ways of stealing the data from these well-meaning companies, and the stolen information can be used for any number of purposes such as a subversion of our laws. For example, individual decision-makers such as judges or regulators could be blackmailed with the information they or their devices have shared with mainstream websites that were thought to be private or limited to a select group of individuals.

Laws, checks and balances, exist to prevent things from getting too out of hand with how companies use and protect personal data. Unfortunately, these laws to protect consumer’s privacy come and go. A recent example of this was S.J. Res 34, signed into law by President Trump on April 3, 2017, a resolution whose chief aim is to remove consumer protections from internet service providers (ISPs) and the handling of your data. The U.S. Senate had previously approved this, with proponents advocating it is a necessary reduction of bureaucracy. In any case, the resolution eliminates a barrier to ISPs collecting data from you and all the possible bad things that can come with that for individuals. With protections being removed, individuals not purposely sharing information about themselves are now unknowingly sharing the same or more data as someone sharing every aspect of their life on social networks. Any unencrypted data being transmitted can be logged and shared, as previously explained.

Know Your Vulnerabilities

Many people incorrectly assume that the shift toward more websites using Secure Sockets Layer (SSL) encryption by default means that they are protected. While this encryption can be compromised, modern web browsers will either alert or prevent communication to the most common man-in-the-middle attack where an intermediary uses a certificate installed on the user’s browser to proxy SSL connections and, therefore, read the encrypted data. There is some truth to this, at least for websites that either enforce or default to SSL communication. However, even though the communication is encrypted, the times, dates, lengths, website or service name and other parameters are easily trackable and saleable.

Further, Domain Name System (DNS) queries remain unencrypted and are trackable as well. There are a host of other protocols and Internet of Things (IoT) services that may not be encrypted, leaving users vulnerable to having their data logged and sold. Among the ways to protect yourself is to use a paid virtual private network (VPN) service and ensure your devices are configured properly to use all services through it, including DNS. This will show up at your ISP as connections only to the VPN provider, through which all your data is routed. Other options include free network traffic proxies like Tor, which uses a peer-to-peer BitTorrent-like scheme, distributing and encrypting web traffic through a massive network of privately owned computers.

Tor is free software that relies on a network of relays to hide users’ location and usage data.

Self-Reliance for Privacy

Compelling arguments exist for maintaining an online presence while also protecting your privacy. Advanced technology has made access to information easier than ever, by more people than ever, without requiring any understanding of how it actually works. This creates an environment for people to lose control of their information without even knowing it is happening. Well-intentioned companies can use this information for profit, but the collection and dissemination of the data can be used to harm individuals and groups. And it can be used to subvert laws. Technology exists to take control of your privacy online. Gone are the days when we could simply count on laws to protect our privacy online, but you still have options to protect yourself.

Learn how CDW can help you meet your security needs.

Leave a Reply

Your email address will not be published. Required fields are marked *

You may use these HTML tags and attributes: <a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <s> <strike> <strong>