WP_000796

The three kinds of privacy threats

WP_000796We talk a lot about privacy on the net nowadays. Some claim that privacy is dead, and you just have to cope with it. Some are slightly less pessimistic. But all agree that our new cyber-society will redefine and reduce what we once knew as personal privacy.

The privacy threat is not monolithic. There are actually many different kinds of privacy threats and they are sometimes mixed up. So let’s set this straight and have a look at the three major classes of privacy.

Peer privacy

This is about controlling what data you share with your family, spouse, friends, colleagues etc. Tools for doing this are passwords on web accounts, computers and mobile devices, as well as your privacy settings in Facebook and other social media.

This is the fundamental level of privacy that most of us are aware of already. When this kind of privacy is discussed, it is usually about Facebook privacy settings and how to protect your on-line accounts against hackers. Yes, protection against hacking is actually a sort of privacy issue too.

Provider privacy

Who knows most about your life? You, your spouse or Facebook? Chances are that the service providers you use have the most comprehensive profile on you. At least if we only count data that is stored in an organized and searchable way. This profile may be a lot wider than what you have shared yourself. Google knows what you Google for and your surfing habits are tracked and blended into the profile. The big data companies also try to include as much as possible of your non-digital life. Credit card data, for example, is low-hanging fruit that tells a lot about us.

But what exactly are they doing with that data? It’s said that if you aren’t paying for the product, then you ARE the product. The multitude of free services on the net is made possible by business models that utilize the huge database. Marketing on the service provider’s own page is the first step. Then they sell data to other marketing companies or run embedded marketing. And it gets scary when they start to sell data to other companies too. Like someone who consider employing you or who need to figure out if you’re a high-risk insurance customer.

The main problem with provider privacy is that there aren’t any simple tools to guard you. The service provider can use data in their systems freely no matter what kind of password you use to keep outsiders out. The only way to master this is to control what data they get on you, and your own behavior is what matters here. But it is hard to live a normal cyber-life and fight the big-data companies. I have posted some advice about Facebook and plan to come back to other aspects of the issue in later posts.

Authority privacy

The security and privacy of Internet is to a large extent enforced by legislation and trust, not by technical methods like encryption. But don’t expect the law to protect you if you do a crime. Authorities can break your privacy if there is a justified need for it. This can be a good compromise that guards both our privacy and security, as long as the authorities are trustworthy.

But what happens if they aren’t? Transparency and control are after all things that make the work harder for authorities, so they don’t like it. And a big threat, like terrorism for example, can easily be misused to expand their powers far beyond what’s reasonable. Authority privacy really becomes an issue when the working mode changes from requesting data on selected targets to siphoning up a broad stream of data and storing it for future use. There has been plenty of revelations recently showing that this is exactly what has happened in the US.

There can be many problems because of this. It is, first of all, apparent that data collected by US is misused. The European Union and United Nations are probably not very dangerous terrorist organizations, but still they rank high on the target list. Data collected by authorities is also supposed to be guarded well and used for our own good only. But keep in mind that a single person, Edward Snowden, could walk out with gigabytes of top secret data. He did the right thing and spoke out when his own ethics couldn’t take it anymore, and that’s why we know about him. But how many secret Snowdens have there been before him? More selfish persons who have exchanged data for a luxury life in some other country without going public. Maybe your data? Are you sure China, Russia or Iran don’t have some of the data that the US authorities have collected about you?

And let’s finally play a little game to remind us about how volatile the world is. Imagine that today’s Internet and computer technology was available in 1920. The Weimar republic, also known as Germany, was blooming in the golden twenties. But Europe was not too steady. The authorities had Word War I in fresh memory and wanted to protect the citizens against external threats. They set up a petabyte-datacenter and stored all mails, Facebook updates, cloud files etc. This was widely accepted as some criminal cases had been solved using the data, and the police was proud to present the cases in media. The twenties passed and the thirties brought depression and new rulers. The datacenter proved to be very useful once again, as it was possible to track everybody who had been in contact with Jews and communists. It also brought a benefit in the war to come because many significant services were located in Germany and foreign companies and state persons had been careless enough to use them. The world map might look different today if this imaginary scenario really had happened.

No, something like that could never happen today, you might be thinking. Well, I can’t predict the future but I bet a lot of people were saying the same in the twenties. So never take the current situation for granted. The world will change, often to the better but sometimes to the worse.

So lack of authority privacy is not something that will hurt you right away in your daily life. Your spouse or friends will not learn embarrassing details about you this way, and it will not drown you in spam. But the long term effect of the stored data is hard to predict and there are plenty of plausible harmful scenarios. This really means that proper privacy legislation and trustworthy authorities is of paramount importance for the Internet. A primary set of personal data is of course needed by the authorities to run society’s daily business. But data exceeding that should only be collected based on a justified suspicion, and not be kept any longer than needed. There need to be transparency and control of this handling to ensure it follows regulations, and to keep up peoples’ trust in the authorities.

So what can I do while waiting for the world to get its act together on authority privacy? Not much, I’m afraid. You could stop using a computer but that’s not convenient. Starting to use encryption extensively is another path, but that’s almost as inconvenient. Technology is not the optimal solution because this isn’t a technical problem. It’s a political problem. Political problems are supposed to be solved in the voting booth. It also helps to support organizations like EFF.

Safe surfing,
Micke

More posts from this topic

Mikko Hypponen What Twitter knows

5 things Twitter knows about you

At Re:publica 2015, our Chief Research Officer Mikko Hypponen told the main stage crowd that the world's top scientists are now focused on the delivery of ads. "I think this is sad," he said. [youtube https://www.youtube.com/watch?v=pbF0sVdOjRw?rel=0&start=762&end=&autoplay=0] To give the audience a sense of how much Twitter knows about its users, he showed them the remarkable targeting the microblogging service offers its advertisers. If you use the site, you may be served promoted tweets based on the following: 1. What breakfast cereal you eat. 2. The alcohol you drink. 3. Your income. 4. If you suffer from allergies. 5. If you're expecting a child. And that's just the beginning. You can be targeted based not only on your recent device purchases but things you may be in the market for like, say, a new house or a new car. You can see all the targeting offered by logging into your Twitter, going to the top right corner of the interface, clicking on your icon and selecting "Twitter Ads". Can Twitter learn all this just based on your tweets and which accounts follow? No, Mikko said. "They buy this information from real world shops, from credit card companies, and from frequent buyer clubs." Twitter then connects this information to you based on... your phone number. And you've agreed to have this happen to you because you read and memorized the nearly 7,000 words in its Terms and Conditions. Because everyone reads the terms and conditions. Full disclosure: We do occasionally promote tweets on Twitter to promote or digital freedom message and tools like Freedome that block ad trackers. It's an effective tool and we find the irony rich. Part of our mission is to make it clear that there's no such thing as "free" on the internet. If you aren't paying a price, you are the product. Aral Balkan compares social networks to a creepy uncle" that pays the bills by listening to as many of your conversations as they can then selling what they've heard to its actual customers. And with the world's top minds dedicated to monetizing your attention, we just think you should be as aware of advertisers as they are as of you. Most of the top URLs in the world are actually trackers that you never access directly. To get a sense of what advertisers learn every time you click check out our new Privacy Checker. Cheers, Jason

May 15, 2015
BY 
Internet Communication

What Clicking Tells Online Trackers

The Internet is first and foremost a communication medium. Every link that people click, every character they enter, and every video they watch involves an exchange of information. And it’s not just a two-way conversation between a person and their computer, or a person and someone they’re chatting with. There’s more people than listening in, and because computers use languages that people don’t necessarily understand, it’s logical to infer that many people may not be fully aware of what they’re actually saying. F-Secure launched a new Privacy Checker to help pull back the magic curtain that hides online tracking. A lot of online tracking is about employing passive data collection techniques – techniques that allow observers to monitor behavior without having any direct interaction with the people they're observing. Such passive data collection techniques are pervasive online, and websites are often designed to facilitate this kind of tracking. The prevalence of these technologies lends credence to the idea that control is becoming ubiquitous online, and represents a substantial threat to digital freedom. Do you ever read “top 10” articles or other types of lists on websites that require you to “turn pages” by clicking a button? Clicking those buttons lets online trackers know how far you go in the article before you stop reading (not something that can be done reliably when content is on a single page). That’s how passive data collection works. The Privacy Checker works by checking the information stored in web browsers, and then generates a report about what it’s learned. It can usually deduce where you’re located, what language you speak, whether or not you were directed to the checker from Google or another website, what device and operating system you’re using, and whether or not you allow your browser to use tracking cookies. If you think about this as a communicative event – an interaction in which information is exchanged – simply clicking a button has told the Privacy Checker all of this information. So if you were to breakdown the result from a check I ran as an interaction, you could say I told the Privacy Checker the following: “I am in Helsinki, Finland”. “I speak English”. “I use Google.fi to find things online”. “I use a mobile device with Android 4.4.2”. “I allow my browser to accept cookies”. The Privacy Checker responded by explaining what I told it when I pushed the “Check Now” button. The Privacy Checker also provided me with some information on how companies use the things I tell them to make money. The Privacy Checker is probably the only online conversation partner that you’ll ever have that provides you with this transparency. Many people don’t know or aren’t interested in constantly sharing this information, and many websites are designed to help their administrators make money from this data. And this is a key threat to online privacy: more and more technologies are being developed to capture, store, and analyze your data without your knowledge. This blog post emphasizes the significance of the threat by pointing out that huge investments are being made in companies and technologies that monetize your data. The author even refers to it as information about "pseudo-private" behavior – a label that really underscores how much value some of these companies place on privacy. The Privacy Checker sheds some light on this to help people understand what they’re really saying when they click around the web. It’s free to use and available on F-Secure’s new Digital Privacy website, which contains more information about online privacy and the fight for digital freedom. [ Image by geralt | Pixabay ]

May 15, 2015
BY 
Freedome for Mac

Freedome Comes to Mac

F-Secure launched Freedome for Mac this week (click here to get a free trial) to help Mac users enjoy the private, premium web experience that’s already being enjoyed by over 2 million Android, iOS, and Windows PC users. Freedome is a user-friendly VPN that’s filled with features to help people enjoy themselves online, and it’s a great way for Mac users to start taking back control of their online privacy and digital freedom. Macs have a reputation for being more secure than Windows PCs, but as Micke recently posted out in a blog post, this is somewhat misleading. And this has important implications for online privacy – Macs are just as susceptible to online snooping as their PC counterparts. People have the same privacy needs, regardless of what devices or operating systems they use to help them access the Internet. So Freedome makes sense for Mac users. Its attractive one-button interface lets Mac users turn the app on and off with just a quick click, and offers them an easy way to do things like encrypt their communications, protect themselves from malicious websites, and select different virtual locations so they can bypass regional locks on web content. But Freedome is also a great way to get involved in the fight for digital freedom. People have become more aware of the ways their privacy is being violated when they do things like browse the web or go online shopping, but they don’t really know what to do about it. Using Freedome sends a message to criminals and companies that someone’s choice to use the Internet does not automatically mean they consent to having their private lives invaded or controlled by others. Freedome for Mac is now available for a free trial, and subscriptions can be purchased for a small fee. You can also get multi-device subscriptions that can be used to cover different combinations of your Mac, Windows PC, Android, iOS, and Amazon Fire devices.

May 7, 2015
BY