These days everything happens online – from simple information gathering to online shopping to buying air tickets or ordering home delivery for food. With such over-dependence on the internet in our everyday life, it is imperative that at some point there will be some cause for concern. An individual’s ‘Data Privacy’ is of prime importance when it comes to the internet. Today, every operating system, website, and mobile application stealthily shares a tiny bit of data about the user in the name of enhancing customer experience. Thus, it is the need of the hour to safeguard an individual’s interest as far as privacy is concerned and to limit spying, which is so commonly prevalent.
Today, we are getting tracked online with or without being logged in to an application. Our IP addresses, browser fingerprints, referrer agents, cookies and tracking scripts, user agents and super cookies are being sent across to the applications as a way of getting tracked online. Even if we are not logged in, a simple Google search unknowingly shares plenty of information such as the geographical location, what ads you have clicked, where those ads are located, what images you have viewed, and which videos you have watched, etc.
There are third-party tracking services that are used in applications to keep a tab on the user’s browsing behavior. With the advent of HTTPs, this has been slightly challenging for the tracking services. However, there has been a workaround developed for this. Session-replay scripts are deployed across webpages to monitor events such as a keyboard, screen coordinates for the mouse and mouse movements with respect to time. These recorded events can be mapped to the context of the webpage and can be replayed later to mimic user behavior.
This implies that a third party can even replay a user entering a password into a form field, which, by all means, is a privacy breach. All this is deployed in the name of customer experience but in the end, it gets used for targeted marketing.
Even mobile applications like Facebook, Instagram, etc. has permissions to access the user’s camera and microphone. This means that it has the potential to have eyes and ears on you all the time.
Further, voice assistants like Amazon’s Alexa or Apples’ Siri, among others, come alive when they hear the word “Alexa” or “Hey Siri”. This could only be possible if these devices listen to everything we say to get activated at the trigger word.
Consider another common example from our day-to-day life: our emails can be read by Google algorithms. Yes, it is true. For example, if you take a scenario where your friend has sent you an email to plan a vacation, later you will receive an email consisting of advertisements attracting you with the better packages (travel, food, hotels, etc.). This is done in the name of improving customer experience. However, it is done at the cost of a third party knowing one’s vacation plans.
Facebook’s data, which was used by Cambridge Analytica to harvest the personal information of millions of Facebook profiles without their consent and was utilized for political purposes, is another example of the misuse of data collected by applications.
Traditionally, an attacker can get personal information about a user in the following ways:
- Through malicious mobile apps: To install the malicious software’s in the device
- Phishing: A fake email
- Smishing: When someone tries to trick you to give them private information via a call or an SMS
- Malware Attacks: Malicious software’s
- Physical Security Threats: Having direct physical access to your personal devices
We do have some tools to spy on our website to monitor visitors and customers, and maintain the logs accordingly, such as RankWatch, KissMetrics, Zapbi, etc.
Steps to be in a safe zone or safe online
- Be conscious when opening attachments, clicking on links and sharing credentials with unknown sources
- Always download the files from trusted resources
- Try to avoid reusing the password for multiple devices or services
- Disable and delete the cookie whenever you can from all the browsers
- Patch up the older or vulnerable software to overcome the cyber security holes
- Implement the two-factor authentication to combine the password with code ex. sent to your mobile device
- Use a VPN to keep activities and details private
- Logging out of Google to avoid the tracking of your location
- Be cautious while doing financial transactions
A user’s personal data should never be monitored by any third party not even if the cost is an undermined user experience. In extreme cases, if it needs to be done, it must be handled in a very secure manner.
Shaik Johni Bhasha, is a B.Tech Graduate from AIET in the stream of ECE. He has professional experience of around 4 years in the field of IT Security. He is very passionate about reading books (technical and non-technical). He likes gathering information to know the past, present, and future of technology. His hobbies include poetry, listening to music, spending time with friends and family and spending time with nature.
