Privacy in the Google Ecosystem

Are you a user of any of Google’s applications – like Gmail, YouTube, Search, Google Maps, Chrome Browser, etc? Do you use an Android phone? Have you used the oh-so-convenient facility of using the ‘login using your Google account’ facility to login to a non-google website or mobile app?

If yes, then are you aware that almost all that you do is being recorded and processed in the background? That your detailed profile is being built? How else do you think the ‘right’ ads pop up when you are browsing or using an app?

Here is a sample of the kind of personal details that Google can track & record about you – and this can be rather spooky:

  • Each and every site that you have visited using your Chrome browser and all the passwords that you have asked Chrome to ‘remember’.
  • Every single thing you have done using your Android phone – whom have you called or mailed, the apps you have used, all the geographical locations you have visited, where exactly you have taken a photo, etc. And, therefore, who are your real-life friends & family – based on whom you frequently call and mail.
  • Every single search you have done – not just on Google but also on other Google properties like YouTube – and, therefore, which sites you have visited or which videos you have watched.

Why does Google record this? Who else gets access to this information?

  • This is used to build your profile. This is then used to deliver advertisements and offers to you via all the ad and data networks it is connected to. That is why, after reading something about Bali online, for the next couple of hours you keep seeing ads about hotels in Bali or flight deals to Bali on every site you visit.
  • This information is also made available to other websites and applications that use the Google Authentication facility – where you use the ‘Sign in with Google’

However, the good news is that Google gives you the flexibility to control a LOT of this – what is recorded, what goes to ad networks, what goes to 3rd party sites and apps, etc.

On this Data Privacy Day, we at Arrka have developed a ‘Privacy Guide for your Google Account’ – a detailed document that tells you exactly how you can control and manage your privacy better.

Note:

-This is the first of our privacy guide series. Stand by for similar guides for Facebook, Linked In and other Social Media properties. If you would like to be intimated about these, drop us a mail at privacy@arrka.com

– We’d also love to get your feedback. Mail us at privacy@arrka.com

Advertisements
Posted in Uncategorized | Leave a comment

LATEST PRIVACY RELATED ISSUES ON FACEBOOK

I have been getting lots of questions from friends and family in the last few weeks about what is all this discussion going on about privacy issues on Facebook – and what they should be doing. Some have even fallen victim to ‘hoax’ suggestions and have been posting them on Facebook to get their friends to act.

This is a quick post to explain what is the buzz going around and what you can do about it.

What has Facebook introduced recently that has everyone in such a tizzy about privacy?

#1. Graph Search:

What is it?

– It is a feature that enables users to search Facebook in a deeper way – and give out results about what kind of, say, music or photos or apps or other kind of info you may have shared. So, for eg, if someone is searching for ‘Vada Pav in Mumbai’, it may throw up pictures of vada pav you may have put up 2 years ago or some link containing vada pav that you may have shared last month. Or if you have subscribed to an app that recommends the best roadside eateries selling vada pavs in Mumbai, that may be thrown up. Mind you, it will also give out results from the web.

Why is it ‘scary’?

-Till date, such searches were not possible. A Google search, for eg, does not throw up what you post on Facebook. Nor did a Facebook search throw up such stuff till this feature was introduced.

– All data (photos, music, links, apps) that has so far not been restricted by you to a limited audience would now, by default, be available to the public at large.

So what should I do now?

– You can still do many things to keep your data relatively private. Read on…

 # 2. Option to be ‘unsearchable’ by name has been removed:

Facebook is removing the ‘who can look up your timeline by name’ feature. (This is being done in a phased manner – so if you still see it in your account, it is only a matter of time before this is removed.)

What was this?

– When someone searched for your name using the search feature on Facebook, you could control if your name appeared in the search or not. So, for eg, if your setting in this feature was ‘friends of friends’, only friends of friends could find you in the search. Your profile did not appear in any search by the general public.

What is the implication of the removal of this feature?

– With the removal of this control, basically anyone can look up your profile. In other words, you can no longer ‘hide’ from people who don’t know you on facebook

– Therefore, this means that unknown people can land on your PUBLIC profile and browse through it.

So what should I do?

– The best way to deal with this is to restrict what is visible on your PUBLIC profile. So strangers can see only very limited stuff.

Some tips to deal with the above:

First of all, make sure you turn on all the basic privacy and security settings available on Facebook. The Facebook help centre tells you how to do this under the ‘privacy’ and ‘security’ categories (https://www.facebook.com/help/)

Secondly, remember the Golden Rule: DO NOT post anything that you want to keep private. Eventually, NOTHING is ever private in the online world and you have NO CONTROL over the data that you post.

Here are some quick pointers that can help you:

For Graph Search:

– Limit the audience in all your posts to ‘friends’ – using the audience selector option available while posting. In fact, Facebook automatically uses this as your default option for all subsequent posts once you have chosen ‘friends’ as your audience in a post – until you next change the setting, that is.

  • IMP: Be aware that Facebook switches its default setting to the audience for your last post. So if you change the audience setting to ‘friends of friends’ for even one post, all your subsequent posts will automatically become ‘friends of friends’ unless you change it back to ‘friends’

-For posts that someone else tags you on (especially photos):

  • It is a good idea to first review all posts you are tagged in before they appear on your timeline. You can choose this option under ‘Timeline and Tagging’ under ‘Settings’. Once you choose this, you are alerted every time someone tags you and you can view everything under your ‘Activity Log’
  • If you don’t want a post – especially a photo – to appear on your timeline for your friends to see, choose the “Hidden from timeline” option. However, remember that the photo continues to exist – just that it doesn’t show up on YOUR timeline. And if a particular photo really bothers you, you can request Facebook to have it removed.

– Limit ‘past posts availability’ – In case you are not sure if, in the past, you have shared your posts beyond friends, you have an option under privacy settings to limit the audience of your past posts to only friends. Turning on this option automatically restricts all your past posts to only friends.

To limit what is available on your Public Profile:

– First check what is viewable by the public today. You can see this by going to the ‘what do other people see on my timeline’ option that shows up on the drop down menu for privacy shortcuts (click on the little lock icon on the top right hand corner of your Facebook page)

– You can now go to every section in your Facebook profile and adjust the settings so that minimal info is viewable to anyone who is not a friend.

– Note: Photos posted by others where you are tagged (they appear under ‘photos of you’ in the photos section) are not really in your control. The audience for these photos is determined by the tagger. All you can do is ensure it does not appear on your timeline.

– Also remember that whenever you ‘like’ or ‘comment’ on any public page or share anything posted on a public page (for eg – those cool cartoons or the many ‘thoughts’ that folks like to re-post), it is always ‘public’!

– Another suggestion is to review the actual information you have posted in sections like “About”. It may be a good idea to remove all information that is not absolutely essential to be put up. Lots of people put up their contact numbers, residence addresses, etc here. Not a good idea at all!

Posted by Shivangi Nadkarni, Co-Founder & CEO, Arrka Consulting                http://www.arrka.com | @shivanginadkarn

Posted in Infosec - simplified, Infosec for non-Infosec folks, Social Media Risks | Tagged , , , , , , | Leave a comment

A Crucial Milestone for Privacy in India

As conversations and debates are in full flow all around us on privacy and data protection, India quietly crossed a crucial milestone in its privacy journey for enterprises last week.

The Data Security Council of India (DSCI), India’s focal body on data protection which is an independent Self Regulatory Organization (SRO) under NASSCOM®, launched the ‘DSCI Lead Assessor for Privacy’ program last week.

Why is this significant? Where does it fit in? This post elaborates on this and gives an overview of the Privacy Ecosystem in India from an Enterprise perspective.

Privacy & Data Protection issues and challenges are not merely growing – they are escalating. The issues encompass individuals, civil society, governments as well as enterprises. While some countries and geographies have been addressing these challenges via laws and regulations for quite some time now, others like India have adopted necessary legislation only in the last few years with more laws scheduled to be passed in the pipeline.

In a dynamic, continually evolving scenario like this, enterprises often struggle to implement and manage privacy initiatives and programs. Whether it is a multinational operating across multiple countries with a host of different business lines or a small business with a limited regional presence, it has to deal with personal information of individuals that it is exposed to or handles or merely processes. The individuals could be customers and/or employees.

To help enterprises implement and manage privacy programs, DSCI conceptualized and launched its DSCI Privacy Framework (DPF©) back in December 2010. Based on global privacy principles and best practices, the DPF© helps enterprises implement privacy in a comprehensive manner.

Enterprises that began adopting this framework subsequently started looking at DSCI to certify them – for having complied with the framework. This required the enterprise to be assessed for compliance.  To cater to this, DSCI developed an assessment framework – the DSCI Assessment Framework for Privacy (DAF-P©) which was released in December 2012.

What is noteworthy is that while developing the assessment framework, DSCI took cognizance of the fact that not all enterprises may be in a position to roll out DPF©. Some, especially the smaller ones, may just look at complying with certain global privacy principles. Hence DAF-P© was designed in two parts – one focused on assessment of DPF© and the other on assessment of global privacy principles. The first would qualify for external assessment and consequent certification by DSCI while the second could be used by an enterprise for self assessment. Of course, enterprises have the option of doing a self-assessment for DPF© without necessarily going in for a certification from DSCI.

The overall DSCI certification eco-system consists of

– A DSCI Certification Board

– Accredited organizations authorized to assess an enterprise for compliance with DPF©.

– Certified DSCI Lead Assessors for Privacy who carry out the actual assessment of an organization, under the aegis of an accredited assessor organization. These assessors can also work with an enterprise for self-assessment

With the launch of the DSCI Lead Assessor for Privacy program, the first aspect of the above ecosystem has been kick-started. Given the enthusiastic response to the program from industry, this is sure to rev up privacy adoption in Indian enterprises.

Posted by Shivangi Nadkarni, Co-Founder & CEO, Arrka Consulting                http://www.arrka.com | @arrka2 | @shivanginadkarn

Posted in Data Protection & Privacy, The CISO Community | Tagged , , , , , , , | Leave a comment

Credit Card Frauds – What You Should Know

Given the recent spate of news articles about credit card frauds, we thought we should ‘de-mystify’ all the discussions going on and outline what you, the user, needs to know to safeguard against such frauds.

What comprises a ‘Credit Card Fraud’?

When criminals get hold of your credit card details (including the cvv number printed on the reverse of your card) and use these to make purchases with your card, it is a ‘credit card fraud’.

How can someone get hold of my Credit Card details?

This can happen in any of the following ways:

#1. When a criminal manages to actually see your credit card

How can this happen to YOU?

  • If your card gets lost or stolen.
  • If you may have taken a photocopy of your card and the copy gets into the wrong hands
  • At a shop or restaurant where you may have used your card:
  • Yes, many shops & restaurants are infiltrated by criminal gangs who manage to copy your card details without you being aware. Sometimes, a person working there is a part of the gang who swipes your card on another unauthorised device to copy the card details or sometimes the swipe machines (those ‘thingies’ where your card gets swiped) have been infiltrated by criminals to capture and copy /forward the credit card details online. At times, the billing systems may also have been compromised. All this is known as “skimming“. Unfortunately, despite some very stringent mandates from MasterCard & Visa (there is a security standard for this known as PCI-DSS)  many establishments, especially the smaller ones, are not compliant and remain insecure.
  • Note: Some countries are notorious for this. So when you travel to such countries, you become an easy victim

#2. When your card details get stolen online

How can this happen to YOU?

  • Your own device (PC/Laptop/Tablet/ Smartphone) gets ‘infected’ or ‘compromised’ by malware (malicious software) that is programmed to steal your credit card details as you use the card online
  • The online merchant with whom you are doing an online transaction may have insecure servers or databases or applications (in other words, ‘systems’) – where your credit card details are stored. So these may get infiltrated by cyber-criminals – from where your credit card info gets into their hands
  • OR the other folks in the credit card chain– like the bank with whom the merchant has tied up with or a ‘payment aggregator’ (an intermediary between the merchant and the bank) – may have had their systems similarly infiltrated.
  • You may become a victim of ‘Phishing’ or ‘Vishing’/’Smishing’.
  • ‘Phishing’ is when you get a very authentic-sounding mail supposedly from your bank asking you to go online and give your credit card details – which you may end up doing. In reality, banks NEVER ask you to give your card details – and it is usually a cyber-crime gang behind it
  • ‘Vishing’ is when the same thing happens over a phone call – and you end up giving out your card details
  • ‘Smishing’ is via sms

How will I know if my card has been ‘compromised’ or ‘defrauded?

-You may see suspicious transactions in your statement – transactions you may have had nothing to do with

-You get sms or email alerts or a call from your bank informing you of transactions you have not done

So what should I do to protect myself?

– If you ever lose your credit card, report it IMMEDIATELY to your bank. Keep your bank’s call centre number and your credit card number handy in case you face this situation (and DO NOT store your credit card number on your mobile phone!!)

– NEVER give a copy of your credit card (especially a copy of the reverse side) to untrusted people. In fact, you should simply avoid giving it to anyone, even your family members, since you don’t have control over where they may leave it by mistake, etc

  • So what should you do if you book a ticket for a relative and have to give him/her a copy of your credit card to show at the check-in counter (since airlines in India require this)?
    • DIN it into their heads that, under no circumstances, should they give the photocopy of your card to the airline. And that they should TEAR the paper properly and dispose it as soon as they reach their destination. Call and follow-up with the person if required!!

-Subscribe to the “transaction alert” facilities offered by your banks (in case your bank doesn’t do it automatically) – where an sms and/or email is sent to you every time a transaction is done.

-Be alert to Phishing and Vishing/ Smishing. Remember, your bank NEVER asks you to reveal your credit card details. In case you do have a doubt that the mail you have received is indeed genuine, CALL your bank on a number you already have (not the one mentioned in the email) and re-check. Similarly, if you get a call asking you to give your credit card details, disconnect the call and call up the bank yourself on a number you already have to verify. Never give out details on an incoming call as you can never be sure it is really coming from your bank

-If you are traveling abroad, it may be worthwhile to call your bank to find out if the country you are traveling to comes under their list of “high risk” countries for credit card frauds. In such places, it makes sense to avoid using your credit card – instead use travel cards / travelers cheques and other less-risky products. In fact, many banks themselves replace your card as soon as you are back from a travel to a high-risk country.

-If you ever get an sms/email alert about a transaction you haven’t done, call your bank immediately and report it.

-Go through your monthly credit card statements carefully – to ensure that no suspicious transactions have happened. If you see something, report it immediately

-Always tear your charge slips before you dispose them. Especially make sure that the part where your credit card details are mentioned is properly destroyed. The credit card ecosystem standards now require that your full credit card number is not to be printed on charge-slips. But there are several places where this is not done – so it is better that you remain careful!

For Online Transactions:

-Always keep your Anti-Virus and Anti-Malware up-to-date on your devices (yes, you MUST install one on your smart-phone or tablet if you use it for extensive browsing or use apps on it). And avoid visiting suspicious websites!

-Turn on the secure online transaction mechanisms offered by Visa (‘Verified by Visa’) and Mastercard (Secure Code) – where you get a second password (one time passwords (OTPs) or special ‘internet pins’) for online transactions. In fact, in India, the RBI has made it mandatory for banks to give a second password for online transactions.

– While transacting online, make sure the site where you are giving your credit card details is SSL-protected. Which means, check if the URL in the address bar of your browser begins with ‘https’ instead of ‘http’

-NEVER do online transactions using a public device (like a cybercafé, etc) or using a free wi-fi (like at airport terminals or cafes). They are extremely high-risk areas!

And last but not the least, it is always good to have cards with lower credit limits. Have multiple cards if required – instead of one single card with a high limit. This ensures that even if there is a fraud, your maximum damages would be to the extent of your credit limit only.

Posted by Shivangi Nadkarni, Co-Founder & CEO, Arrka Consulting. 

http://www.arrka.com | @arrka2 | @shivanginadkarn

Posted in frauds, Infosec - simplified, Infosec for non-Infosec folks | Tagged , , , | 1 Comment

Are Your Kids Online? Watch Out!

Every parent’s worst nightmare is her child losing his / her way in the online world given the widespread exposure that today’s children have to a proliferation of smart devices such as laptops, iPads or Smart Phones. Each of these brings with it its own set of challenges for the parent while exposing the innocent child to a world where technology could end up leading the child to the bad guys.

Children across all age groups are vulnerable as the internet. Therefore, it is imperative for parents to find ways to control and balance what their child is getting exposed to along with the huge advantages that are on offer.

What kind of risks & threats do children face online?

  • Inappropriate content
    • There are sites after sites showcasing adult content which is either sexually explicit or contains extremely violent imagery with abusive language, something that children should not be exposed to especially in their formative years. And much of this kind of content is just a link or an ad away.
    • It is not just the websites anymore but such adult content also finds its way into the Free Apps / iBook store and appears in the form of new apps or books etc available as free downloads.
  •  Risky Interactions
    • Older children who are tech savvy constantly interact with friends via Social Media like Facebook and through messaging apps like ‘whats app’, Google Chat etc. In their excitement to befriend and outdo one another, they end up befriending total strangers. They are too young to realize the implications – often ending up becoming victims of cyber-stalking, cyber-bullying and other dangerous & criminal elements on the internet.
  • Sharing sensitive information
    • As a parent, you take so much care to keep you children and your family safe in the physical world by taking multiple measures – which includes not publicising a lot of information about yourself. The means to do so in the physical world is limited. However, it is very easy to ‘broadcast’ sensitive info in the cyber world – especially via sites like Facebook etc. And children often do not realise that they are giving out info that they are not supposed to – nor do they realise its implications.
  • Malware
    • Clicking on malicious links or attachments can expose your laptop and other devices to unwanted viruses and malware which in turn can wreak havoc on your digital lives by wiping off precious data, crashing your applications, sending out unwanted mails, installing Trojans and spyware on your devices and get your laptop into cyber-crime botnets. Children tend to be unaware of such dangers and can inadvertently end up compromising your device.

What can you as a parent do?

  • TALK to your child and create awareness: As a first step, we need to TALK as much as possible to our children and educate them on the dos & don’ts and also let them know that there are dangers lurking in the online world as much as in the physical one. It is important to create the awareness about what’s good, bad and the no go areas. For example a simple thing like sharing sensitive information such as exact house address on social networking sites maybe an absolute no.
  • Hear and listen to what the child has to say: We as parents also need to up our antennae and listen to the children especially when they mention their friends or any untoward interaction that they have recently experienced. Amidst all the din and chaos around parenting and our daily lives, it’s important to stay alert to pick up such information shared by them and alert them to any possible danger.
  • Monitor and supervise internet access: We should also impose controls on the child’s internet usage. It may just be a good idea to cap the usage and also allow internet access under Parental supervision only. This helps you control what the child is exposed to.
  • Implement Parental Controls on your device & applications: Quite a few  applications that we use on a daily basis such as Google Search, home Operating System, Web browsers- Firefox Mozilla, Google Chrome & Internet Explorer, iPad Safari, YouTube, among others come with parental control options. We need to quickly identify and turn on these safety options available.

Some hands-on tips using readily available options in all apps and devices for a SAFER INTERNET EXPERIENCE

  • Passwords are good: A good way to prevent your children from accessing applications, data etc on shared devices like ipads, home PCs, smart phones etc is by setting passwords for them all. This way even if they stumble upon some application not meant for them they will not be able to do access it.
  • Use SafeSearch options: Search is possibly the easiest source from where the children are likely to end up accessing adult content. Thus sanitising the search results and ads etc is imperative. Search tools such as Google, Yahoo, Bing and even YouTube all come with their parental control options, for example with Google you can implement the Safe Search option and it is a good way to allow only child-friendly stuff to be thrown up and make it your default setting.
  • Internet monitoring applications: There are software applications also available which give details about time spent on the internet, sites visited and applications used with internet filtering capabilities, and also with the ability to send out alerts when certain inappropriate sites are visited. It might be a good idea to have one of these installed on your devices.
  • Anti-Virus is a must: Installing good antivirus software on the PC / Laptop etc is a must in case some malicious links get accidently clicked on and the virus or malware get downloaded in your PC then it can be blocked real time.
  • Trusted sources only: Downloading software, music, reading material etc should be through trusted sources only. At the same time disallowing file sharing programs to run on the PC would be an appropriate move. Also teach children that it is important to distinguish between reliable and unreliable sources of information.
  • Use Privacy settings: Social networking sites like Facebook, Google + have their security / privacy settings and they have a minimum age limit to have profiles FB and Google. While that is great, ensuring simple things like allowing only Profile information to be visible to a select few only and making use of privacy settings of pictures uploaded comments and status updates shared go a long way in keeping you and your child safe.

Ensuring Safe internet for children is now a crucial part of parenting with talking, supervising and monitoring being the key ingredients. This is also a continuous process as technologies change so does the threat landscape. We as parents need to be aware and proactive in meeting these emerging challenges for our children in the online world.

– by Rupa Parekh. Rupa, our guest blogger, is an independent consultant with wide experience in the domain of Information Risk & Business. As she grapples with the challenges of keeping her energetic, gadget-savvy young son safe online, she has been doing her bit to spread the message and create awareness amongst other parents in a similar situation.

Posted in Infosec - simplified, Infosec for non-Infosec folks, Safety of Kids Online, Social Media Risks | Tagged , , , , , , | 1 Comment

Lessons Reiterated by the New York Times Hack

As we keep interacting with folks from different types of organisations in this part of the world, and keep addressing so many ‘fallacies’ around managing Information Security, along comes news of yet another high-profile hack that reiterates some basic lessons. Here is a ‘quick take’ on the lessons we can learn…

What Happened – The Background:

– The NYT revealed yesterday that it’s computer systems had been attacked & infiltrated for the last four months – by China-based insurgents

– Apparently they got hold of the passwords of all its users – and used them to spy on some journalists who were investigating a story about the outgoing Chinese premier, Wen Jiabao

 How did they do it?

– They apparently installed 45 pieces of ‘malware’ – malicious software – in the NYT’s IT infrastructure

  •  Of this, only one was identified by their Antivirus product (from Symantec)

– And how were these installed?

  •  The technique most likely to have been used is ‘Spear-phishing’ – where a very realistic-looking mail is sent to specific, targeted people within the company with an attachment containing malware. When the person clicks on this attachment, the malware gets installed on his or her machine

–  Interestingly, the attack was not direct – it was routed via some US universities

Lessons?

– Don’t assume that your traditional Anti-Virus solution is the ‘be-all & end-all’ of your defence against Viruses & Malware

  •           Supplement it with other approaches and solutions
  •           Basically look at Infosec holistically – specific products and technologies alone cannot protect you completely

–  Educate! Educate! Educate! your users.

  •           They are the first and most critical line of defence of your company

– Your company need not always be the end-target of an attack – but you may be used as the crucial “via media” to attack someone else

  •           So you cannot hide behind the excuse that “we are a small company – we don’t have anything worth stealing”

– Remember : In today’s world, if someone wants to ‘get’ you, they will find a way. Your best approach is to assume you will indeed get infiltrated some day and how best can you be prepared to deal with it and to limit the damage

Posted by Shivangi Nadkarni, Co-Founder & CEO, Arrka Consulting

http://www.arrka.com | @shivanginadkarn |@arrka2

Posted in Infosec - simplified | Tagged , , , , , , | Leave a comment

Stay Paranoid, Stay Safe

28th January is commemorated as ‘Data Privacy Day’ worldwide.

While the Data Privacy and Security folks are all charged up and enthusiastic, as always, about this day, we find that it quietly passes by the vast majority of people for whom it is actually relevant – all of you out there who are heavily invested in the digital world via Emails, via social media like Facebook / Twitter, via online activities like shopping or simply browsing, or via even simple sms’ing.

So we at Arrka decided to mark this day by kicking-off our own small contribution to the world of Data Privacy: a series of short posts to educate and spread awareness about  the Why?-What?-When?-How?-Where? of data privacy.

This is the first in the series: Why is Data Privacy relevant to ME?

So do you do any of the following?

  • Browse the web?
  • Send email?
  • Use Search (like Google)?
  • Send smses?
  • Use Social Media like Facebook, etc?
  • Fill out (paper-based) forms from time to time?

If ‘yes’ to any of the above, then you are in the direct line of the privacy fire.

Here are a few points that will probably have you sit up and realise why:

– 300 Billion1 plus emails are sent & received everyday. Copies of ALL of them go into permanent storage somewhere on the Internet – even the ones you delete!

  • Most email service providers and corporate email services can and do track WHERE you opened your email from and WHEN
  • The content of ALL emails sent & received via free, public mail services (like Gmail, Hotmail, Yahoo, etc) are noted & tracked by the service provider. How else do you think you get to see ‘related ads’ next to your mail messages (Test it out – open a gmail message and check out the ads that pop up next to it)
  • All mails sent & received using corporate mail ids are stored and archived by the company – even the ones you delete.

– There are 1 Billion plus users on Facebook today serving up 650,000 comments per min2

  • Every move you make on Facebook is analysed and put into permanent storage
    • Status messages, comments, likes, info, messages, photos…
    • deleted messages, events, date/time/location of logins, multiple users on one comp….
  • Facebook also collects all sorts of background info while you browse
    • For eg, it tracks which other websites you visit when you are logged in– even if you don’t hit the “like” button on the other website
  • And remember, Facebook is a publicly listed company now, under pressure to monetize its rich data!

-Google records 2 million searches per min2

  •  For each search query, it stores your search history, which sites you visit from the search results and your location
  • Remember, the search terms you feed in are used to form your behavioral profile – which in turn is shared with online ad networks

-Every sms you send is stored permanently by your mobile service provider

-What about the physical world?

  • Have you ever filled out a Credit card / insurance / etc application and never actually got the product? Ever wondered where that personal info you filled out has gone?
  • When was the last time you filled out a contest form or dropped off your visiting card for a ‘lucky draw’? Ever wondered who ALL get hold of that info you give out?

We live in an era where we “trade” our personal info for a number of free services in return. This is fair indeed – under various circumstances. It is just that, as an individual, it is important that you KNOW that you are doing this trade and are fully aware of your actions and their implications.

A lot of the current global conversations on Data Privacy and its related policies, regulations and laws are with regard to bringing out ‘what goes on underneath’ to the forefront and giving individuals the right to control at least some aspects of this phenomenon – as well as holding organisations & governments dealing with personal data responsible and liable for the security and proper use of the same.

Over a series of subsequent posts, we intend to ‘de-mystify’ data privacy a bit, explain HOW a lot of this happens and generally equip you with necessary awareness so you know how to be careful as you reap the joys and benefits of today’s digital world.

Meanwhile, the best thing to do is ‘Stay Paranoid and thus, Stay Safe’

PS: Remember to follow this blog to keep abreast of our subsequent blog posts.

-Posted by Shivangi Nadkarni, Co-Founder & CEO, Arrka Consulting. www.arrka.com | @arrka2 | @shivanginadkarn

References:

  1. Figure as of 2011 (http://royal.pingdom.com/2012/01/17/internet-2011-in-numbers)
  2. http://techliberation.com/2011/05/18/some-metrics-regarding-the-volume-of-online-activity/
Posted in Data Protection & Privacy | Tagged , , , | 12 Comments