Privacy isn’t dead, you’re just doing it wrong
By Chester Wisniewski February 6, 2014
- While passwords can be changed, birthdates, national ID numbers and personal details cannot
- With big data, innocuous or unimportant details can be pieced together in new and surprising ways
SECURITY and privacy are often conflated, and in many ways the two concepts do overlap, but they differ in an important way.
Security is about being free from danger or threats. Privacy is about controlling what information about you is known and who you want to know it.
Data Privacy Day occurs every year on the 28th of January and was intended to remind us to more carefully consider our privacy choices throughout the year.
This year, I ask you to think about your privacy choices next time you create a new online profile, load an app on your phone, or sign up for a frequent shopper card at your favourite retail establishment.
When you sign up for an online profile, you are usually trying to connect with like-minded individuals on a hobby forum or find friends and family on social media.
These sites ask for a lot of personal details to ‘help’ you: Name, country, city, where you went to school, gender, birthdate and even whether you are in a relationship.
The more information you provide, the richer experience you will have using the service, right?
For each of us the information we choose to divulge will differ. Many of these pieces of information are likely optional to provide and we should carefully weigh the benefits of sharing them.
It's essential to remember that while passwords can be changed, our birthdates, national identification numbers (SSNs, SINs, NI numbers, etc.) and other personal details cannot.
And with the big data movement hellbent on collecting as much information about us whenever possible, apparently innocuous or unimportant details can be pieced together in new and surprising ways.
Break the app addiction
Phone apps are another story. An enigma. A mystery. Any company with a bit of cash can commission a phone app to make it easier to do business with them, but is it safe?
Research shows that what is going on under the hood is often far more dangerous than you might imagine. Apps often ask for a bevy of permissions without any guarantee that these permissions won't be misused.
My advice is to try and break the app addiction. Wherever possible, use your mobile device's browser instead.
Lastly, we should reconsider our relationships with retail establishments.
Does your coffeeshop need to know your birthdate for you to join their cup-a-day club? Is it worth disclosing your household income, address, favourite cereal, and postal code to join your supermarket's points programme?
Most often it is as simple as questioning whether it is needed or desired.
Do you require my phone number or simply wish to have it? Can I buy an item without telling you my postal code?
What is your organisation's plan to protect this information if I choose to share it with you? Is it legal for you to ask me for this information?
That last question is the toughest one, and we can't easily provide you with a guide.
Each jurisdiction has different privacy laws that explain the data that a company must collect, what it may ask for, and – importantly – what it is legally forbidden to request.
If you are concerned, you need to know your rights.
Look into the laws where you live and don't be afraid to challenge companies overstepping their bounds in asking for your personal information.
I believe this isn't just about slowing down the erosion of our privacy: I honestly believe we can build it back up.
If it feels wrong, it is wrong, so privacy is defined by each of us.
Some of us want to air every detail of their lives, while others are willing to forgo some conveniences to keep life more private.
Don't be bullied: Ask questions and get informed. Your privacy is only gone if you stop caring.
You can make a positive change to your privacy today by taking our 3-Step Privacy Plan Diet.
Freedom isn't free – you have to make an effort!
Chester Wisniewski is a senior security advisor at Sophos Canada. This article first appeared on the Sophos Naked Security blog here, and is being reprinted here with its kind permission. Sophos is headquartered in Boston, US and Oxford, UK.
PDPA: Businesses have responsibilities and burdens
Twitter’s new DM options: To combat spam or invite more?
For more technology news and the latest updates, follow us on Twitter, LinkedIn or Like us on Facebook.