By Chester Wisniewski, Senior Security Advisor, Sophos
-
Security and privacy are often conflated, and in many ways the two concepts do overlap, but they differ in an important way.Security is about being free from danger or threats. Privacy is about controlling what information about you is known and who you want to know it. As far as privacy goes, a safer internet is in your hands. Because of this I ask you to think about your privacy choices next time you create a new online profile, load an app on your phone, or sign up for a frequent shopper card at your favorite retail establishment.
When you sign up for an online profile, you are usually trying to connect with like-minded individuals on a hobby forum or find friends and family on social media.These sites ask for a lot of personal details to “help” you: name, country, city, where you went to school, gender, birth date and even whether you are in a relationship.
The more information you provide, the richer experience you will have using the service, right? For each of us the information we choose to divulge will differ. Many of these pieces of information are likely optional to provide and we should carefully weigh the benefits of sharing them.It’s essential to remember that, while passwords can be changed, our birth dates, national identification numbers (SSNs, SINs, NI numbers, etc.) and other personal details cannot.And with the big data movement hell-bent on collecting as much information about us whenever possible, apparently innocuous or unimportant details can be pieced together in new and surprising ways.
Phone apps are another story. An enigma.A mystery. Any company with a bit of cash can commission an phone app to make it easier to do business with them, but is it safe?Research shows that what is going on under the hood is often far more dangerous than you might imagine.Apps often ask for a bevy of permissions without any guarantee that these permissions won’t be misused. My advice is to try and break the app addiction. Wherever possible, use your mobile device’s browser instead.
Lastly, we should reconsider our relationships with retail establishments.Does your coffeeshop need to know your birthdate for you to join their cup-a-day club?Is it worth disclosing your household income, address, favorite cereal, and postal code to join your supermarket’s points program?Most often it is as simple as questioning whether it is needed or desired.Do you require my phone number or simply wish to have it? Can I buy an item without telling you my postal code?What is your organization’s plan to protect this information if I choose to share it with you? Is it legal for you to ask me for this information?That last question is the toughest one, and we can’t easily provide you with a guide.
Each jurisdiction has different privacy laws that explain the data that a company must collect, what it may ask for, and – importantly – what it is legally forbidden to request.If you are concerned, you need to know your rights.
Look into the laws where you live and don’t be afraid to challenge companies overstepping their bounds in asking for your personal information.I believe this isn’t just about slowing down the erosion of our privacy: I honestly believe we can build it back up.If it feels wrong, it is wrong, so privacy is defined by each of us.Some of us want to air every detail of their lives, while others are willing to forgo some conveniences to keep life more private.Don’t be bullied: Ask questions and get informed. Your privacy is only gone if you stop caring.
Freedom isn’t free – you have to make an effort!