Have you ever Binged or Googled for your own name, address or phone number? It’s good to do it now and then, and the result may be shocking. You don’t have to be a celebrity to be mentioned on the net. Most of us occur on the net in quite many places, often a lot more than we imagine.
You can decide how much you reveal to the public in the profiles of your own accounts. But that’s not the full picture. Every time you participate in something under your own name, it may be published on the net, with or without your consent. This kind of publicity is hard to track, and next to impossible to control.
This is what the European court of justice (ECJ) tried to control in a ruling in May 2014. In short, a man from Spain found previously published data to be embarrassing and outdated. The site refused to take down the data and Spanish authorities ruled that there was no legal ground to demand deletion of the lawfully published content. The European court did however rule in favor of him and demanded Google to hide these pages in search results. According to the court, Google has to delete “inadequate, irrelevant or no longer relevant” data from search results.
I’m an advocate of digital privacy and our rights to control our digital footprint. And this is sort of a win for privacy-fighters. But I have mixed feelings about this decision and will not open any sparkling bottles. I think the track that ECJ has entered will turn out to be a dead end.
First of all, trying to create ways to control net content is good. We are dealing with a delicate balance between freedom of speech and peoples’ right to privacy. But most of us probably agree that a net totally without content control isn’t desirable.
But trying to solve this problem with the search engine companies is like creating a giant reality distortion field. The data does not go anywhere even if it’s hidden in Google searches. As a matter of fact, all you have to do is to use a non-European version of Google. And that’s not all. Google is even planning to inform users that items have been hidden from the search result they are viewing. Convenient with a reminder that you should search again with the US version, isn’t it?
Search engines are of great importance for what pages we find and read. But many are probably overestimating this importance now when social media is getting more popular. Nowadays we do not only find our stuff by searching, a significant part is virally spreading links. These links also bypass the reality distortion field totally.
The right to be forgotten is a great principle. But I think it should be restricted to the actual content and not services that help you find it. What we need is a globally working system for content take-down requests. These requests need to be approved by some kind of authority and the system must have built-in safeguards against misuse for censorship. Yes, keep in mind the delicate balance between freedom of speech and privacy. The neutrality of search engines should at the same time be controlled and guaranteed. If something is wrong, let’s fix reality instead of creating a reality distortion field.
Congratulations anyway to Mario Costeja González who won the case against Google. That’s an achievement even if the outcome is questionable. And the funny thing is naturally that you would have no clue who Mario Costeja González is, and that his house had to be sold to pay debts, without this thing called right to be forgotten.
BTW, if your search turned up something you don’t like and you are a European citizen, then you can continue to Googles removal process. We don’t know yet how this will work when the masses start to request removals. The process will probably be an uphill battle, so don’t hold your breath. It will be interesting to see how this develops.
Image by stockimages @ freedigitalphotos.net
Adblocking made waves last summer after Apple announced that it would bake content blocking capabilities into iOS 9. Content blocking lets users filter out content that they don’t want to load, and in this case, it worked with Apple’s Safari web browser. And there’s one kind of content that typically irritates people more than anything else – ads. So Apple’s content blocking capabilities swiftly lead to adblocking on iOS devices, with many companies developing these apps to help secure and improve people’s web browsing experience. This includes F-Secure, who released a free adblocking app last September. Now, F-Secure Labs has written up a brief whitepaper explaining, in detail, how F-Secure Adblocker works. Without getting into too much detail, F-Secure Adblocker basically checks for information about web traffic with F-Secure Security Cloud (a cloud-based service that powers many of F-Secure’s security products). If F-Secure Security Cloud is able to identify the source of web traffic as an advertising server, it lets Adblocker know, and Adblocker can filter out the advertising content, leaving you with the information about sports, news, business, or whatever else you’re browsing for. Using Adblocker also speeds up your browsing, protects you from malvertising, and saves bandwidth for those of you trying to save money on your data plans. Not bad for a free app. Plus, it all operates in accordance with F-Secure’s Privacy Principles. F-Secure can’t connect the information about your web traffic with anything else about you, so you don’t have to worry about sharing information with companies looking to exploit your personal data. The paper is a quick easy read and gives you a comprehensive breakdown about how Adblocker works, so it’s worth checking out if you’re interested in learning how products being ad free can improve your web browsing experience. [Image by Chris Schmich | Flickr]
Mikko Hypponen is one of the world’s most prominent cyber security experts. Described as a “virus hunter” in a Vanity Fair profile called “The Code Warrior”, Hypponen has spent nearly 25 years with F-Secure protecting people from computer viruses, worms, trojans, and other types of malware. In 2011, Hypponen travelled to Pakistan to meet the men behind the first known PC virus – Brain.A. [youtube https://www.youtube.com/watch?v=lnedOWfPKT0&w=560&h=315] The Brain virus was released in January of 1986, making January 2016 the 30th anniversary of this milestone in malware history. I thought it would be interesting to reach out to Mikko and ask him about other families of malware that standout as being noteworthy. So here’s Mikko’s list of some of the most infamous malware families (including viruses, worms, trojans, etc) that’ve pestered, frustrated, and even extorted computer users over the past few decades. 1990 Form – Form was a common computer virus identified in 1990, and for several years, was arguably the most prominent computer virus in the world. Spread through 3.5” floppy disks, it infected millions of computers throughout the world, and is possibly one of the most widespread viruses in history. 1992 Michelangelo – Michelangelo earns a place on the list for being the first truly global virus scare. It was named after the famous artist because the virus remained dormant until March 6 (the artist’s birthday), when it would awaken and overwrite sections of infected hard disks, thereby making the information inaccessible and the computer unusable. The virus was never particularly prominent compared to some of its contemporaries, but its destructive nature and subtlety helped spread Michelangelo Madness throughout the globe. 1995 Concept – Concept was the very first macro virus – a type of virus that infects applications such as Microsoft Word. It was a very prominent security concern in the mid-nineties, and even though it was successful in propagating itself organically during this time, it hasn’t been seen in over a decade. As the first macro virus, it was notable in that it spread by hiding itself as a Word doc and then infecting computers as those documents were shared. By using Word, it could use both Windows PCs and Macs to spread infections, as the software could run on both platforms. 1999 Melissa – Melissa, supposedly named after an exotic dancer, was a computer virus that sent infected Word documents to contacts in victims’ Outlook address book. While the virus was not designed to be particularly destructive, its rapid proliferation through the Internet wreaked considerable havoc on corporate servers and infrastructure. Some accounts claim that it infected twenty percent of computers globally, and the man eventually convicted of releasing the virus into the wild admitted to causing eighty million dollars in financial losses. 2000 Loveletter – Loveletter, also widely known as ILOVEYOU, was a prominent email worm that was able to spread itself throughout the globe in a matter of hours by promising victims a little bit of love. Disguising itself as a chain, love-themed email to recipients helped it quickly spread from its Filipino origin through Asia, Europe and North America. To this date, it is one of the largest malware outbreaks of all time, and responsible for an estimated 5.5 billion dollars of damage. 2001 Code Red – Code Red was the first fully-automated network worm for Windows. As in users would not have to interact with a machine in order to spread the infection. Code Red’s most infamous day was July 19th, 2001, when it successfully infected 300,000 servers. The worm was programmed to spread itself on certain days, and then execute distributed denial-of-service (DDoS) attacks on others, and was used against several different targets (including The White House). 2003 Slammer, Lovsan, and Sobig – Ok, so there’s three here and not just one. But they all occurred very close together, and unfortunately, all three were worms responsible for massive, global malware outbreaks. Slammer targeted servers so it’s presence wasn’t readily apparent to end users (save some lagging when they were attempting to access an infected server). Lovesan, however was able to infect end users running Windows ME or Windows XP, and use the infected machines in DDoS attacks. Sobig spread itself through email and network drives, and contained a trojan in order to cause more headaches for infected users. However, it appears that the trojan feature did not function as expected. These three worms infected millions of machines, and made headlines all over the world. 2004 Sasser – A computer worm that can be considered as the last large “hobbyist” outbreak. This is significant as it signaled the end of an era when most malware was written by people who were simply curious to see what the malware could do. Nowadays, malware has a more specific, insidious purpose, such as stealing information or making money. 2006 Warezov – A two-year email worm campaign perpetuated by professional criminals, Warezov gained notoriety for downloading new versions of itself from remote servers – sometimes as frequently as every 30 minutes, according to a 2006 interview with Mikko. 2007 Storm Worm (also called Small.dam) – Storm Worm was a trojan that was spread as an attachment to spam emails. But more importantly, it was a combination of complex and advanced virus techniques that criminals were able to use to make money by using infected machines as part of a botnet. 2013 Cryptolocker – A notorious ransomware family, Cryptolocker was spread through malicious email attachments, as well as the infamous Gameover Zeus botnet. Infected victims would find their hard drives suddenly encrypted, essentially locking them out of their devices and data until they paid a ransom to the perpetrators. While the FBI, in cooperation with other law enforcement agencies and security companies (including F-Secure), were able to disrupt the operation, the perpetrators were able to use Cryptolocker to extort about 3 million dollars from victims before being stopped. Other notable mentions include the 2005 Sony rootkit (for being distributed on Sony BMG CD-ROMs on their behalf), the still prominent Downadup worm from 2008 (for infecting millions, including armed forces of several countries and police departments), and the well-known Stuxnet virus from 2010 (for both its sophistication and its apparent state-sponsorship). If you want to know more about the history of computer viruses, you can check out Computer Invaders: The 25 Most Infamous PC Viruses of All Time!
Today is Data Privacy Day (or Data Protection Day as it’s known in Europe). Unfortunately, that doesn’t mean you get gifts, so it hasn’t caught on in the same way as holidays like Christmas. But what you do get is the chance to take part in the conversation about how you see the boundaries that separate your public life from your personal life. So what do you have to say about this? And why is this topic so important anyway? Well, F-Secure Security Advisor Sean Sullivan posed this question to just over 1,000 people in the US and UK in 2014. While about 83% of respondents said they don’t have anything to hide (slightly more in the UK than the US), 89% said “no” (again, slightly more in the UK than in the US) when asked “Would you want to share everything about your life with everyone everywhere, all the time, forever?” [polldaddy poll=9289730] The point being – people think about privacy in different ways, and a lot of what they think is shaped by the conversations about privacy that we have. A recent F-Secure survey posed a variety of security and privacy related questions to almost 9000 people in 11 different countries. You can see the breakdown of some of the results below. When asked about whether they were concerned about data privacy, and if they changed their Internet habits as a result, many people disagreed with the statement (more Americans seemed concerned compared to other nationalities). So people are either unconcerned about their data privacy, or at least not enough to change their behavior. However, other questions focused more on particular threats to online privacy, and these responses indicated considerably more people are concerned about these threats. The majority of respondents said they avoided using public Wi-Fi – a well-documented security and privacy risk. And an overwhelming majority of respondents said they avoid installing apps asking for unnecessary app permissions (which are critical for controlling what apps can access what data). Avoiding using certain apps or services strikes me as an indication that people are concerned about these things. And they’re right to be worried about these things, which becomes more apparent when confronted with questions that highlights how vulnerable their online privacy actually is. I asked Sean about this, who pointed out the way we talk about things like privacy on Data Privacy Day/Data Protection Day is more significant that people might think. “In North America, we say Data Privacy Day. In Europe, we say Data Protection Day. They refer to the same thing, but represent it in different ways,” says Sean. “I want to protect my data because privacy is important to me. I don’t want everyone to know my phone number or my credit cards number, so I try and use services that don’t collect this information.” “It’s not because I’m emotionally attached to my personal space, even though that’s important, but I feel like that information could be used in ways that may be harmful. And that aspect isn’t always clear when people talk about online privacy.” Just over a year ago, Sean wrote that he’d like to ask people “Are there things in your past that are best left forgotten?” Maybe today is a good day to start talking about that.