Tag Archives: online security

Defining privacy in the digital age – myths, pitfalls and positives

Privacy online has multiple meanings for different platforms and businesses – but what about us here at digi.me?

So much personal information about each of us is scattered about the web, traded, sold on and held in multiple places that we can neither access nor delete, that we can have no realistic expectation of full online privacy.

There can be no absolutes where one form of every kind of data that relates to an individual is owned and controlled by them without exception, and so online privacy is fluid when set against the norms of the offline world.

The last decade has also seen personal perceptions of privacy change and evolve dramatically with the explosion in online services and social networks on which many of us regularly post information which would previously have been considered for personal consumption only.

So how does all of this inform what we are and how we operate?

Well, digi.me deliberately enables a more private world, with more personal data under the control of each individual user, enabling them to use it as they wish, for direct benefits or insights.

But is it a privacy solution? We are often perceived as this but it’s not our primary aim as our strengths and business vision lie around the benefits of data gathering and controlled exchange.

The data still exists where it originated, but its combination with other streams and sources in one private digi.me library controlled by the user creates a body of information that is immensely more powerful than the sum of the parts scattered before this aggregation, as well as being completely private within the app itself.

This, then, is the true value of what we do, unlocking the potential of personal data, by bringing it together and creating greater value with associated complete security, with data only being exchanged or shared on the user’s terms, for their benefit.

But the constituent parts are not private in their original locations, and nor is there any way of making them be so – multiple copies of data are an expectation in the online world not shared by its offline cousin, which deals in physical entities of which often only one exists – a key reason why there can be confusion comparing the two.

Essentially, online privacy remains a fluid force, dependent in great part on the expectations of both parties when information is created and shared. What it means in any given context differs on nuances, with a broad variety of different forms available including private browsing, private sharing and private chat.

So privacy online becomes less about how each of us wants to define it, and more about how the services and platforms we use tell us they are defining it in that particular instance. We can then choose whether or not that is reasonable, and whether or not we, the guardians of our own privacy, want to partake.

Often, as seen with some of the bigger platforms, these terms and definitions will change over time – so part of taking back control of our online privacy is always being aware and as knowledgeable as we can be about what we are sharing, and with whom, and for how long.

There is no quick privacy fix, but one of the aims of digi.me going forward is to return ever more privacy to its users and enable an increasingly private world.

We are already 100% private in our operation, as we never see, touch or hold the data that users collect for their personal libraries. And we will soon enable individuals to exchange selected data with apps/businesses on a direct one to one permissioned basis.

Better for businesses as they get 100% accurate, fully permissioned data, as time goes on more and more businesses will go direct in this way, rather than scraping thinner, less accurate data from around the sides of our searches and transactions as is the predominant model now. A model that is increasingly working for neither the consumers nor businesses, which are increasingly at war over the methods used.

As more and more businesses go direct to individuals, there will be less and less money and demand for the ‘data scalpers’ and slowly their business model will become less economic and will shrink away – leaving the direct, privacy-enabling system as the major route for exchange of data for value.

Thus digi.me will enable a more private world where each user can choose how much data, if any, they are happy to share.

Ten ways to keep your personal data safe online

The price of using websites and other online services is often giving away personal information about ourselves, but there are some quick and easy steps that we can all take to make that data as safe as possible.

The online world is often a strange one – we quite happily give information away to strangers that we would never dream of doing face to face, in the false belief it is what everyone is doing so must be safe.

And, while to a large degree it is, we do still need to take care, particularly not to give away unnecessary information that could be used for identify theft or just plain fraud.

So what should we be doing – and what must be avoided?

  1. Be clear who can see what – that means enabling, and checking, privacy settings for every social media site you use, and ensuring you only make payments through secured web pages when shopping or banking online.
  2. Have strong passwords – and don’t reuse them or write them down. We know this one is tricky. Great passwords, in terms of strength, are by their nature hard to recall, while easy-to-remember ones are not. But be savvy, because account security is everything – and enable two-stage authentication where you can, so you can get back into your account with minimal effort and fuss if you are hacked.
  3. Take care not to post information that is often used as security questions for internet banking services, such as your data of birth, mother’s maiden name or first pet. The more would-be fraudsters know about you, the easier it is to find, or convince someone to give them, the rest.
  4. Don’t fall for dodgy or so-called phishing emails – your bank, or other outlets that have card details, won’t ask for sensitive details over email, so beware any emails that do, no matter how official looking. If in doubt, call the institution on a number that you know is real.
  5. Be careful where you log-on – take care to disconnect from a session if using public computers in libraries, for example, and beware public wifi as its often not as secure as a home connection.
  6. On which note – make sure your home wifi is password-protected, so others can’t access it – both to try and get your details or piggyback on your data allowance.
  7. Keep spyware and virus scanners up to date on any device that you use to access the internet – viruses and keystroke loggers are both a big risk to your data
  8. Be wary about who you befriend online, and who you give personal information such as your address out to
  9. Beware what pictures and status updates tell a potential criminal about you – holiday pictures show you’re away from home, for example.
  10. Be sensible and always have your wits about you – only give out the information that is needed by any one site, don’t take risks with your personal information, or your safety, and if something feels wrong take heed and get yourself out of the situation.

The internet is a wonderful thing for so many reasons, but treat it with the respect it deserves and you’ll be able to just enjoy it and not fear it.

TalkTalk hack: is stolen data really unencrypted?

The news that up to four million TalkTalk customers have had personal details stolen in a massive hack is serious enough – but suggestions that this crucial personal data may not have been encrypted seriously ups the ante.

The telecoms firm has revealed that information such as customers’ names, addresses, phone numbers, dates of birth, and partial bank details could now be in the hands of hackers. And we now know it may not have benefited from an extra layer of security known as encryption.

So what does this mean? Basically, unencrypted data is plain text – it can be read easily by anyone, without the need for special keys or passwords. But encrypted data is just that – encrypted. While hackers are able to steal it, they’re not necessarily able to read it or sell it on in any way – unless they have the key or code needed to unlock it, it is largely useless to them.

Encrypting data obviously has many uses, ranging from the obvious security benefits to companies holding personal data through to reassuring customers that hacks will not automatically see their personal information disseminated on the web.

It’s not a legal requirement, as TalkTalk’s CEO has been at pains to point out – but there’s a huge argument that it just makes sense to use it.

Hacking and cyber crime in general is on the increase, so no company is able to completely guarantee they will never be a victim, despite their best efforts. With this in mind, taking the best possible care with customer data, particularly sensitive information of exactly the type that can be used to scam people or clone online identities, just seems to make sense.

But that doesn’t seem to have been the case at TalkTalk, with CEO Dido Harding unable to guarantee all the data stolen was encrypted, although the company claimed that it had been kept securely (which is a very different thing).

But what does this all this talk of how secure the data was mean to us, the average user? Well, for starters, it’s a good lesson in finding out as much as we can about what each company who holds our personal data does with it, and how securely they treat it.

It’s also a good lesson, particularly if you may be one of those unfortunate TalkTalk victims, to keep an eye on your credit report, so you can see if anyone attempts to open new accounts in your name. If you do see any that you don’t recognise, contact your bank or financial services provider immediately, and also report any fraudulent activity to Action Fraud on 0300 123 2040 or http://www.actionfraud.police.uk.

Looking to the future, moving to a place where we each have control of our data so that we keep our most important details safe and secure ourselves and share them only with people or companies we want to or trust is an obvious next step in the personal data revolution.

While companies such as digi.me are working on making just this happen, across multiple industries, for now you can keep your social media content safe and backed up with our free app – click here to get your copy now.

data privacy

Ashley Madison and Spotify: lessons about personal data privacy

It’s been an interesting week for observers and chroniclers of data issues, especially around privacy and what we can reasonably expect to happen to information we trust to the web and individual websites.

First there was the Ashley Madison leak, following an earlier hack, where millions of email addresses and account details of users, including sexual preferences and credit card information, were dumped online and made visible to anyone who had the time and inclination to go through them (and plenty did).

The extramarital affairs website offered a full delete service, where users could pay an extra fee to erase any trace of their usage, but this appears to have been all but useless. It was also interesting to see reports of how many company, government and military email addresses had been used, when plenty of services offer free and therefore anonymous accounts, implying a clear trust that because Ashley Madison said they were discreet, then this must be true.

Then, as the ramifications of this hack/leak were still becoming clear, Spotify hit its own technological bump in the road, when it was forced to withdraw a wide-ranging new privacy policy that expanded the data it collected from users and who this was shared with.

As the backlash intensified, with angry  users wondering why a music streaming service needed access to their phone contacts and photos, Spotify’s CEO Daniel Ek apologised for how it had been implemented, promising an “update” to the new policy and better communication in future (although interestingly not backtracking on the content of the policies themselves).

He also said that Spotify would not access or import people’s photos, contacts, sensor or GPS data without their permission.

So, what do both of these sagas tell us about the state of and awareness of data privacy online? I would argue quite a bit – and much of it positive.

While the fallout of the Ashley Madison data will have wide-ranging implications for anyone unmasked, the huge amount of coverage around the hack, subsquent leak and celebrity or well-known users will also undoubtedly raise the profile of the state of data privacy online. Namely, it has been made crystal clear that users need to take full responsibility for their own data and who they trust that with, as even sites claiming to be uber secure are just not able to ensure that is always true, particularly in the wake of a concerted hacking attack.

While not many sites are likely to suffer the fate of Ashley Madison, which was targeted by hackers The Impact Team who had an issue with the content of the site, every site holding personal data has the potential for a breach, and users often have no more than their word that all standard protocols have been followed before handing over what can be sensitive information. Indeed, companies themselves may believe they are protecting data adequately but just not have the technological know-how for that to be correct.

Equally, the Spotify backlash, while primarily among the internet-savvy Twitter usergroup, also shows a promising swell against overarching privacy policies, proving that users won’t accept absolutely anything in return for free use of a service, and increasingly have enough awareness to check what exactly they are signing up to.

Awareness of what we give away with many online transactions (excluding the likes of digi.me, which never sees your data) is the first step in making sure that anyone we hand our data to will treat it with respect, amoving on to holding those who don’t to public rebuke and account.

And thus the vastly greater awareness around data privacy issues following recent events can only be a good thing as more and more of our lives are lived online.

Does Big Data Mean A Bigger Target For Hackers?

The bigger data gets, the bigger a temptation it becomes for hackers. US retail giant Target Corporation must be well aware of the irony found in its name, after last week’s attack that now sees the details of around 360 million of its customer accounts available on cyber black markets.

As we create, publish and store more and more types and quantities of information online, the potential for things to go wrong in some capacity or another also increases. In 2012 alone, 160 million people were affected by data leaks, which was 40% up on the previous year. While server failures and human error account for some of the data leaks and losses, 67% of data loss incidents have been the result of hacking attacks.

Data is highly valuable, that much is obvious. The fact that people are a) trying to get hold of it, and b) willing to break the law in some cases to do so only serves to further highlight this issue. But why in that case do so many individuals adopt such a laissez-faire attitude to looking after their own personal data? In a 2013 study, 50% of UK internet users surveyed said that they never back up the content they post to social networks.

More and more information is being collected and stored, with many companies looking to benefit from big data. So there is definitely value to your content. But is the over-eagerness to collate this information and subsequently harvest it actually detrimental to the overall quality of the data and what information can be successfully extracted?

Gordon Harrison, an industry consultant at data analytics specialist SAS said that “Big data is about pushing the needle out of the haystack irrespective of how big the haystack has become or how small the needle is.”

As well as the potential inaccuracies, as more and more personal information is amalgamated together, big data stores will be targeted by hackers more frequently. At SocialSafe we believe big data is wrong… for the individual. Instead of a number of organisations holding mass stores of information about millions upon millions of individuals, why not let the individuals hold all their own information themselves, putting them completely in control of their data?

 

Facebook Blog About Privacy Re. 3rd Party Apps

In a blog post last Friday, Facebook went into quite some depth about the privacy of your data when it comes to connecting with third-party apps, and when users you are friends with connect with them. You can read the whole entry on the Facebook Privacy blog, but we’ll just cover a couple of points here.

Somewhat worryingly, it appears that even if you remove an app from your profile, they will still have all the data that you initially granted them access to, and they will only delete it if you contact them directly and explicitly ask them to do so. While Facebook can’t help you with this by asking them to delete it for you, they do ensure that apps are contractually obliged to delete data when requested.

However, it’s not just your own actions that you might want to be mindful of, as the Facebook Privacy blog explains:

“Your friend might also want to share the music you “like” on Facebook. If you have made that information public, then the application can access it just like anyone else. But if you’ve shared your likes with just your friends, the application could ask your friend for permission to share them.”

So essentially any information on your own profile that a friend can view is also accessible to any third-party apps that they use. Even though we’ve made this point recently, we’d just like to remind you that while SocialSafe allows you to backup your Facebook, Twitter, Google+ and other social media accounts, we never actually see nor store any of your data. There’s more about this in a separate blog that you can read here.