Voyeur Tap: They See You
Think you are safe on the Internet? Think again. According
to the Cybercrime Report 2011 published by Symantec, the makers of Norton
anti-virus, cybercrime in India
- and across the globe - is shooting up at an alarming rate.
Like most people, I start my Monday mornings by checking
email. Last week was no different. I fired up Gmail, then logged on to a couple
of news websites to check out the headlines. I must have opened about five
websites. Less than a minute later, I was being observed by more than 50
trackers.
Most prominent was something called ‘Doubleclick’, a subsidiary of Google that develops and provides internet ad services. That was the only name I had heard of. There were other names I had never heard of, including 2mdn.net, parsley.com and scorecardresearch.com. How did I know they were tracking me?
I was running a nifty little browser add-on called Collusion, developed by the Mozilla corporation, which aims to show, in real time, the shadowy web of connections between sites you go to and trackers you have probably never heard of when you browse the Web. Welcome to reality – privacy is dead.
“It just doesn’t exist anymore!” exclaims Jagannath Patnaik, director, channel sales at Kaspersky, an online security firm. “The very nature of the internet is open and connected. So to think that you’re in your own private bubble when you’re browsing or chatting or emailing or social networking from the comfort of your own bedroom is laughable.”
The explosion of the personalised Web has pretty much clobbered online privacy to its death. No matter where you go, no matter what you do, someone or the other is tracking your surfing. “With every click of the mouse and every touch of the screen, we are like Hansel and Gretel leaving breadcrumbs of our personal information everywhere we travel through the digital woods” said Gary Kovas, CEO of the Mozilla corporation at a TED event recently.
Online, there are no secrets. That emotional email you sent to your ex, that porn site you surfed, the hours you spent watching kitten videos online can all be gathered to create a defining profile of you. Your information can be stored, analysed, indexed and sold as a commodity to data brokers who in turn might sell it to advertisers, employers, health insurers and credit rating agencies – a 39 billion-dollar industry, according to Kovacs.
How worried should you be?
Be afraid. be very afraid
Quite, according to Prasanna V, co-founder and principal consultant at Packet Verify Technologies, an information security firm based in Bangalore. “Every time you are online, you could be giving out information like your IP address, browser and operating system details, browsing patterns, links clicked and files downloaded – all without you even knowing about it”, he says. When you throw Twitter and Facebook into the mix, you could even be involuntarily broadcasting information about websites you visited, articles you read, videos you watched and more to all your friends and followers. Many browsers now support a functionality called Location Aware browsing – which means that a website can track you down to your physical location with pinpoint accuracy.
“Companies like Google datamine ALL your data that passes through their services in an attempt to tailor ads that would entice you into clicking or buying,” says Atul Chitnis, one of India’s pioneering technologists focused on the internet and free and open source software. “This applies to ANY information, including chat logs, email, Web pages and sites you visit,” he says.
Over a period of time, it is possible to build a profile of who you are, what you do online, where you are located, who your friends and family are and more. “While contextual ads are already rampant, targetted ads based on demographics like profile, race and locations are also popping up whether or not we need them,” says Prasanna.
The implications are far greater than most of us can imagine: governments could use such online attributes for surveillance, cyber criminals can use this information to carry out targetted attacks and identity theft and websites could use your information and photos in advertising without consent. “In fact, many Web services do not even provide an option to deactivate your account and there is no clarity on what they do with your information once you’re gone,” cautions Prasanna.
Being spied upon can be creepy. But should we be bothered so much about the fact that we are being spied on simply to serve us ads? After all, wouldn’t the likelihood of you checking out a particular advertisement be more if it was about something you cared about? Madhulika Mathur, technology editor of MW magazine, agrees.
“To be honest, I don’t care about privacy. I have shared a lot of information on Facebook and Twitter and I am not going to lose any sleep over the fact that it is being recorded and sitting in a database somewhere,” she says. Mathur says that more than privacy, it is the security of her data that bothers her more. “It’s the theft of data or sale of data to third parties what I worry about,” she says.
“I cannot even fathom how my life is being stored in various databases. Where I live, what I buy, how much I spend, what car do I own, what is my medical history – everything is being recorded. It is important for the law to prevent these companies from sharing my data with let’s say, potential employers, insurance companies or marketing agents. When you are able to visualise what is at stake here, then personal information you share on social networks will look trivial.”
Data breaches, unfortunately, are far more common than we imagine. Last month, business social network LinkedIn said that passwords of 6.5 million of its users had leaked on to the Internet. LinkedIn has a lot of information on its more than 160 million members, including potentially confidential information related to jobs being sought.
“Based on my own experience of having detected and notified data leaks of personal information, most companies in India are neither aware nor have proper data collection policies of users’ data,” says Prasanna. “I have detected and notified data leaks for a leading coffee chain in the country, an IPL franchisee and a leading Indian travel portal. Most of them had no idea that personally identifiable information about their users was getting leaked online!”
The fine print
To be fair, most companies, including Facebook, have fairly extensive privacy policies that you, as a user, are expected to read and understand, to know what you’re signing up for. But when was the last time you actually sat down and waded through one? According to a New York Times report, legal and technology researchers estimate that it would take about a month for Internet users to read the privacy policies of all the websites they visit in a year (so good luck with that)!
“What does bother me is how companies like Facebook enforce their own social rules and changing concept of privacy on over 800 million people without their consent,” says Mathur. “I can casually say that I don’t care about privacy because my politics, my sexual preferences and my personal relationships are fairly middle-of-the-road.
But what if that wasn’t the case? What if I was homosexual and hadn’t told my extended family? What if my strong political leanings could make a wrong impression at the workplace? What if I couldn’t understand the frequently changing, 6,800 word-long Facebook data use policy to figure or how to work with the various privacy settings? For a lot of people, these sweeping privacy policy changes could have serious consequences.”
Track me not
In February, US President Obama unveiled his administration’s framework for new privacy regulations. As part of its big reveal, the White House also announced the first product of that framework: the completion of an industry agreement on ‘Do Not Track’ technology for behaviour-based Web advertising.
The agreement was signed by some of the biggest names in technology including Google, Yahoo, Microsoft and AOL and Web advertising networks. It means that every major browser will now come built-in with Do Not Track features, which will allow consumers – us – to opt out of behaviour-based marketing, blocking advertisers’ tracking cookies and preventing other types of cross-site tracking of behavioural information. According to White House figures, the companies signing on the agreement account for delivery of nearly 90 per cent of behaviour-based advertisements on the Internet.
Here in India, we are slightly less privileged. Between trying to censor websites that post ‘defamatory content’ and blanket-blocking torrent sites, it doesn’t seem that the Indian government has had any time to look into safeguarding citizens when they are online.
“Privacy laws simply don’t exist in our country!” says Yashraj Vakil, chief operating officer at Red Digital, a company that specialises in social media campaigns. “Whenever I shop online or am asked to hand over any personally identifyable information by an Indian website, I am instantly wary. I would rather trust a site that is based in another country.”
And the stakes are high.
“You should be concerned,” says Chitnis. “Today it may be your money that is at stake, but tomorrow it could be the life of a loved one or a friend that is threatened because of information being used to get to them. Privacy is something that is your birthright. Every country’s constitution guarantees it, and it is all that prevents you from becoming a meaningless puppet in the hands of information brokers. So you should NEVER accept loss of privacy. You should fight for it.”
Browsing through Cyberspace
What you’re giving out
Browser and operating system details, browsing patterns, IP address, websites visited, links clicked and more.
How to stay safe
We know it’s a pain but try and read privacy policies of the sites you frequent.
Use the latest version of your browser to ensure maximum protection against online threats.
All browsers today have an ‘incognito’ or a ‘private browsing’ mode where none of your browsing history, searches, cookies or temporary Internet files are stored on your computer.
Disable scripts in your browser. Most sites run scripts without your knowledge to collect your browsing habits and other information.
Avoid free Wi-Fi and make sure you’re always on a secure Internet connection.
Pranav
Dixit, HT B120701
No comments:
Post a Comment