GUEST ESSAY: Did you know these 5 types of digital services are getting rich off your private data?

By Greg Sparrow

Now more than ever before, “big data” is a term that is widely used by businesses and consumers alike.  Consumers have begun to better understand how their data is being used, but many fail to realize the hidden privacy pitfalls in every day technology.

Related: Europe tightens privacy rules

From smart phones, to smart TVs, location services, and speech capabilities, often times user data is stored without your knowledge. Here are some of the most common yet hidden privacy dangers facing consumers today.

•Geo-Location– Geo-Location can be convenient, especially when you’re lost or need GPS services. However, many fail to realize that any information surrounding your location is stored and archived, and then often times sold to a third party who wants to use that information for a wide variety of reasons.

For example, are you aware that data is routine collected while you shop? A variety of stores will purchase location information to determine how long a customer browsed in a particular aisle, so that they can further market to those customers in the future- promoting similar products.  The information may seem harmless, but would you feel that same way if you saw a physical person following you around collecting the same information?

•Social Media– Facebook, Google, Twitter,and Instagram are all social media services that are provided to individuals for “free,” but have you ever wondered what the real cost might be? The hidden cost for utilizing these social media sites is the forfeit of personal information for the social media sites to sell and thus profit from. In fact, Google and Yahoo can actually read their customers personal email.

Some individuals might say they don’t mind because they have “nothing to hide,” but wouldn’t you be wary of publicly posting your login credentials not knowing who might have access? Giving these large organizations rights to your private messages, can be interpreted as pretty much the same thing.

Sparrow

Another little known fact about Facebook is that they can create “ghost profiles” using facial recognition for people who do not have an account, but appear in someone else’s photos. During the Dakota Pipeline Protests, Facebook sold the private chat messages of its users who were discussing the matter to the FBI and local police, as well as private security companies who further reported inside information directly to the pipeline company.

Related: How corporations leverage Facebook to conduct ‘astroturfing’

Because the information was “for sale,” the police didn’t need a warrant to obtain confidential information- they simply needed to buy it.  This is just one of the many ways that social media affects those who don’t realize the implications.

•Web browsers vs. apps– Before smart phones existed, “apps” were nonexistent. Anything accessed now through an app, was before accessed through an internet browser. The web browser on a smart phone is what is referred to in the cyber security industry as “sandboxed,” meaning it cannot access general data on the system or control hardware.

An installed app however can be coded to do anything it wants to gain access to any hardware the user has control of.  Take the History Channel for example, if a user accesses the site from a laptop, they can access the entire website without a problem.  However, if accessed through a web browser on a smart phone, the user is promoted to “download the app.”

Many times, if you do not download the app, the website will disable you from viewing or using it, forcing you to download the app and giving up your personal information in the process. After downloading the app, it asks for permission to access the camera and the microphone on your device.  This is because the app is storing personal information of its users outside of what happens within the History Channel app you just downloaded.

•Speech software & smart TV’s– Speech software such as Cortana, Alexa, and Siri have become increasingly popular in the past few years. However, if you are running these services in your home or office, then you have an active listening device running at all times. Essentially, you are “bugged.”  These services are running, tapping and sending your audio steams to remote servers daily.  Many fail to realize that the cameras on these devices can be turned on without the light being activated. Meaning, your smart TV can be watching you even when you aren’t watching it.

All of this can be done without downloading any related software because the software is already built-in.  Some smart TV’s will not turn on if the camera is covered with tape, or if the microphone has been disabled.  If you’re living in the United States and utilizing a smart TV, it’s likely monitoring and watching you.

•Shopping & savings cards– Are these just great programs to help you save a little money at various stores? What is in it for the business offering these ‘savings’? There are some little- known privacy danger inherent in the “frequent shopper” or savings cards offered by many grocery stores and retailers.

These organizations are saving, analyzing, and sharing information on what you buy, when you buy it, and predicting future sales. The savings passed on to the consumer are far less than the amount of money these companies are making by selling the information to outside resources regarding your purchasing history and habits. ]

Specifically, Kroger and Ingles make over 200% more profit from the data that they sell than the savings that the consumer experiences.  The best way to protect oneself from the sharing of personal information, is to limit the number of programs you participate in.

About the essayist: Greg Sparrow is the Vice President & General Manager of Information Security Practice at CompliancePoint, a consulting and auditing company. He has over 15 years of experience with information security, cybersecurity and risk management.

 

Share on FacebookShare on Google+Tweet about this on TwitterShare on LinkedInEmail this to someone