Privacy ‘breaches’ and issues have become a lot more important recently and we focused on it to some degree with Real ID – and a recent piece of correspondence I received have made for some interesting thoughts on what privacy is – or lack there of. There is an illusion of the level of control you have over your information.
So in part this a throw at you kinda thing with some recent examples of privacy goings on, to get you thinking, and aware if you were not already
The downloadable list of searchable facebook profiles from Skullsecurity.org ( site seems to be down but a web cache of the post works – and Corporations ( or people employed by them ) are now downloading this Torrent
I cannot think of a reason why I personally would want an indexed copy of 1million facebook users, and their user pics, and usernames but what could you do with that data? I can think of people like Law enforcement, marketing people , social media profilers that would be interested. Especially if friends lists are to be indexed and cross checked. That data hasn’t been torrented yet. “So far, I have only indexed the searchable users, not their friends. Getting their friends will be significantly more data to process, and I don’t have those capabilities right now. I’d like to tackle that in the future” Skull says on his blog. I bet there is someone who does have that capability.
The News that your Smartphone Apps are spying on you is nothing new, but getting more public attention with an App Genome Project , Lookout’s early release findings show that a large amount of Applications had the ability to access a users location, and apparently some even have access to your contact list, and others through 3rd party software are collecting information. All the tech blogs are talking about it now. Last year Palm come to media attention for sending GPS locations back to Palm.
Did you also know that the Photo’s you take with your iphone ( and other smart phones) also contains GPS data. Unless you turn location services off, and that when you upload these photos to various places not all of them strip that GPS information. It’s quite creepy selecting ‘places’ and seeing a map of your city, and all the places you and your iphone have gotten around – and then you wonder who else can see. ( if your interested Picasso has the ability to read any GPS data that is on a picture and put it in a map – it also lets you strip a pic of that data and save a clean copy)
Google was cleared of Wi-fi Snooping in the UK with not collecting ” Significant Personal details” but in Australia they were found to have breached the Australian Privacy Act “On the information available I am satisfied that any collection of personal information would have breached the Australian Privacy Act.” It is a little concerning , whether intentional or not – cars roaming streets collecting mass amounts of data – a street worth of data might not be useful, but a country full, two countries full. What could the data from a collection of unsecured wifi points be useful for – or to whom? I’ve read enough spy/mystery book for my imagination to go wild. I think that’s more of a concern than the bits of data supposedly collected from each. The wifi information however is still publicly accessible. I’m sure quite easy to find using a program like I did with Netstumbler back when I got my first Wifi enabled laptop some years back. Cruise down the local main road, and have a look. It used to be able to record of all the networks secure and unsecured it found. Heck any wifi sniffing capable device would do the same on a small scale.
The key to a lot of these ‘privacy breaches’ seem to be informed control – you had the ability to reduce, or avoid your privacy exposure, but may not have been informed enough as to the potential consequences or use to be motivated to activate that control.
- Your name on the facebook list could have been prevented by turning off public search.
- As for location services on your apps – I’m assuming the majority are ones that ask you ” Such and Such would like to use your location. ANSWER NO. The ones that access your contact information are more of a concern though, but I suspect they some may be apps that ask you to communicate to your friends.
- Turn off location services on your smartphone so your photo’s aren’t being tagged with GPS
- Googles Wifi data collection was only done on unsecured Wifi networks. A German court in May ruled that unsecured Wifi owners can be fined which might be a little extreme, but I’m sure it gets people more worried about it more.Put a password on it.
It is one thing however for the information to be available if you really want to know, and another for it to be index-able, search-able and ‘abuser friendly’. Eg now our electoral rolls in OZ are no longer available on CD – though this seemed to be initiated from a fear of Electoral fraud – not privacy concerns, but it has the same effect. You can still go view a physical copy of the roll and data such as Name, address, date of birth and gender in alphabetical order, you just can’t index it and copy it. However they don’t say what format they give the data to political parties for their local constituent mailing lists I can’t imagine it would be in paper form.
Some things aren’t always in our control. Information / data available on public domain isn’t the only thing we need to worry about.
We put our trust in places that hold our personal information, or even our communications like email inquiry’s, catalog lists, organisation memberships – and no guarantee they will follow privacy principles, unless they get caught and fined. Health services seem to get into trouble all the time – releasing customer information accidentally – getting patient records mixed up. Or even breaches as simple as the IPad customer list from AT & T being released, and how can we forget the ESRB breach where a simple ‘reply all’ released publicly the email address to all recipients from everyone else who had contacted them to complain about Blizzards Real ID.
Remember when it was credit card numbers that were the biggest security threat. “Be careful who you give your credit card number.” We now worry when we lose sight of a credit card because the waiter might have a skimming device in their pocket. Our ATMs have skimming devices attached , and Eftpos machines in fast food outlets get modded to collect skimmed data.
Even Night Clubs are scanning and retaining fingerprints of patrons
We have to spend as much time worrying about how safe our information is as we do accessing the services we use. Kind of puts Real ID in perspective. What’s in a name when someone has your fingerprints, your telephone contact list, where you were on Saturday night and where you live . Read How I become a Foursquare Stalker as to how someone tracked a stranger down based on information from looking at people on the app within one mile of him. You can check ‘people near me ‘on twitter and Buzz as with some people tagging their home addresses as their current location. Robmenow collects public data about users geotagging their location – the idea being if the user is at say a coffee shop in the city. They aren’t at home.
The information available is not a danger – until the intent of someone makes it so.
Doesn’t it make you just want to stop and think how much worse will it get? – As we become aware of each incident of what information is available out there and start thinking about the intent of those who are collecting for undisclosed use we become more concerned. Governments are getting worried, ( we can thank Canada for pressure on Facebook for of the privacy changes) Eventually laws will tighten,or Governments will just cut off access to what they can’t control to their liking. Eg look at China and Google. We just can’t switch off the technology age. I like it. I live in it, play in it. However people will continue to make reply all mistakes, mix up files, lose data and your control over your own information gets weaker.
We have a very casual approach to our information we give out voluntarily because we aren’t always aware of the consequences – the trend is changing but we have no idea as to how the data is to be used in the future, or how many people in the privacy chain with access to that information are weak links. No where on a privacy form does someone tell you what they do with your data. “We keep this behind an trillion byte encryption protected by armor plated servers Oh but 20 people including the cleaner can print off copies when they want.” Organizations have to answer to the law- but international boundaries, and inconsistent regulations means that one country will not have the same standards, and enforceability as another.
We are a little wiser now. When Blizzard tried to make the Forum Change to real names a ‘in the future’ thing, we got fair warning, and plenty of time to protest and the potential for misuse by some rather zealous examples splashed across the internet.
We have however, no control over customer purchase lists with our emails being leaked, a laptop with sensitive information left in a cafe, or your inbox being filled with someone else’s personal messages due to a code or software error. Effectively all we can do is scream ‘ breach breach’ after the information has been released. How many incidents do we not know about.
I was at a RSL Club with my family a while ago, and my Id Card was scanned onto their computer on sign in. There was no choice, and it was either eat dinner with my family and get my card scanned, or look like a paranoid prat if I refused. The attendant looked at me strangely when I asked why it was being scanned, and then even more so when I asked how long is the data retained?
Where’s the line between paranoia and sensibility?
I’m going to leave it there, not sure I have come to some deep and meaningful conclusion, but I’m a blogger not a journalist. My intent is to give you with this post food for thought. Just because we should at least think about things like this on occasion, because we as individuals should be responsible enough to control and try and be aware. Even if it means your sister inlaw deletes you off facebook because you disabled access to your wall to stop people from posting things you could not control on there.