It is an amazing time to be alive. We carry the world in our hands; the amount of information available at our fingertips is extraordinary. We can share our views with thousands of people with just a click. Staying connected with our loved ones has never been easier. But all this comes at a price, and that price is our privacy.
Scientific advancements in the recent years have made it possible for mankind to imagine an arena of potential for the future. Technology and automation have sewn themselves into our lives and made it impossible to survive without it. What drives these advancements is data. Companies collect a huge amount of sensitive information that we may not want to share with anyone, let alone strangers. The rapid development of Artificial Intelligence has made matters worse in the context of data security.
Some people might say that as a law abiding citizen they have nothing to hide. This is understandable until the extent of data collection is unknown. As we browse the internet on our smartphones or laptops, we are unconsciously sharing details about our interests, behavior, and preferences. Location, time spent on browsing, visited sites, shopping interests, eating habits, medical issues, political views, and so much more. Ignorance leads to sharing more sensitive information like names and social security numbers too.
“Digital Anonymous Profile” – A digital ID that is created with reference to your online behavior. Company’s collect this data in their systems, which can be used and sold to other companies for a profit.
There are plenty of loopholes in privacy policies and network processes that full protection is not an option anymore. However, one should be aware of the risks and where they come from, and if possible work on minimizing them. Following are a few ways how everyday surfing poses a threat to privacy.
A Windows 10 device is already tagged with a unique advertising ID for each user. This is done so that “app developers and advertising networks can use to provide more relevant advertising in apps”, quoting the Microsoft website. Data synchronization is enabled by default and lets Microsoft collect any personal data and device information that is entered. This data can be shared with a third party without consent. Other operating systems like Linux and MacOS are comparatively safer in case of privacy.
Small files saved in the browser designed to hold data specific to a user or a website, cookies act as a tool to enhance the browsing experience. The uses of this tool can be put under scrutiny. A string of text that is stored in your browser, only visible to the site that stored them. Companies use these cookies to show advertisements from other sites, creating a unique identification for a device and bit by bit collecting more data this way.
Browsers are complex software that acts like boats needed to access the internet. Surfing the internet requires browsers to interact with other computers thereby revealing some details to other sites. As a result, a mixture of browser settings and device history create a unique Device Fingerprint.
Device settings create a unique fingerprint for the purpose of identification. Even if the browser does not save cookies, the digital fingerprint can be used to identify the user. Much like the real world, we leave our fingerprint on each site we visit.
Check your device fingerprint at amiunique.org.
Solution? The device can be not entirely unique. As the fingerprint is a combination of browser settings and preferences, one can try to keep them vague and not specific. Also, select a browser that is safer from the privacy aspect, like Tor or Firefox.
Most people fill in forms online placing a remarkable amount of trust in sites whose security standard may not be known. Almost everyone does not read the “Terms and Conditions” before accepting them while creating a new account or signing up on a website. We fill in login credentials, credit card information and other important details then click a button; data leaves the machine, but where does it go? What measure is being taken to ensure its safety?
After the internet became global, new standards were invented for protection against cyber attacks. In 1994, Secure Socket Layer (SSL) protocol came into existence and HTTPS (Hypertext Transfer Protocol, with an SSL) was introduced. Then came Transport Layer Security (TLS), an assured version of Transmission Control Protocol (TCP). All these security protocols have been invented to protect the user’s interest in case of distrust. But, numerous websites have failed to adopt the SSL which creates the perfect opportunity for hackers to steal details even before the “Submit” button is clicked.
The SSL or TLS always performs a “handshake” that ensures end-point verification, confirming that the data is being received only from the site we think it is, and encryption, which eliminates the possibility of information being tapped and copied.
A string of characters as critical as a password cannot be stored in a database as it is. Thus the use of Cryptographic Hash Function, which takes a ‘message’ and turns it into an alphanumeric string of fixed size. The ‘hash value’ obtained is easy to calculate, but difficult to compute back into the message. A small difference in a message will have a totally different hash value.
So, even if the login credentials are compromised, the hash value of passwords cannot be used. Sadly the hackers have found ways to attack this process as well.
Rainbow Table, a database of precomputed cryptographic hash functions and is used to convert them back into passwords. It is designed with compromised databases, around the idea that most people are not so original when it comes to creating a password. To overcome these, another scheme comes into play called ‘salt’.
A ‘Salted Hash’ is when you add a predefined string called ‘salt’ to password and a delimiter (like a colon or a semicolon, it must be consistent) before creating a hash value for it. This makes it considerably difficult for the attacker even after de-hashing the function value unless they can guess the salt value for all passwords.
This is just a small insight into how your data might be manipulated or used. It takes a load of hard work and coding algorithms in protecting and attacking online information.
We are living in a world where everything is connected and shared. Millenial kids who are growing up with the internet do not understand that their entire life will become a searchable profile. The use of security camera records all activities and can track every interaction. This data may not be public now, but future computers and technology would be able to crack that encryption. There will be more cyber attacks, using data as a weapon. Your digital life can be hacked and used against you, every mistake, every reckless decision can be turned into a liability at any moment.
Computers continue to get more powerful, and it is not hard to imagine a collapse of democracies as the life of leaders become public for political gain. The masses are not ready for this change, and we are starting to get outraged over a small piece of information easily, without checking if it is even true. The future will be a time of miraculous inventions, but it has a dark side to it as well, and the only hope is strong unions and laws that will keep privacy protected.