Luke Mahony

By

Luke Mahony

Published on

June 21, 2018

Tags

gdpr, IT, privacy, security

Privacy is a hot topic, at the moment.


Privacy

Is Alexa listening in? Have you updated your settings to align with GDPR? Did you change your Twitter password after the internal leak? Just how much data did Cambridge Analytica scrub from us?

From an IT perspective, privacy and security are two sides of the same coin. Some of our firewalls receive over 430,000 unauthorised access requests per day. This is a bespoke piece of hardware that needs to know what data is allowed in and out of our network and, more importantly, who has access to our network. We build this security based on a list of pre-set parameters, much like you set your privacy settings in Facebook or Instagram. If we miss one critical setting or fail to tick one box, we run the risk of denying members of our own network access or, far worse, open ourselves up to a whole host of data breaches.

With this in mind, I decided to do a straw poll of the EU IT team to see which social media platforms they used. Now, taking into account that those in IT careers aren’t known for their pressing desire for social interaction, nonetheless, the results were pretty conclusive. Out of a team of four, two use Facebook and one uses Instagram, two of the four have no social media presence at all. I wanted to know why. Each person came back with a variation on unsafe.

When it comes to social media, I am, admittedly, a complete luddite. However, at one stage, I did feel pressured enough to create a Facebook account, so I decided to check my settings and it turns out that my younger self was just as paranoid as my present self. Is this due to a greater understanding of the risks? Potentially, but, more likely, I and the team are less willing to share. However, the same platforms have moved further into data mining and are distributing your personal information to 3rd parties. Of course, Facebook and the like will ask your permission to furnish other people with your particular preferences and peccadillos but how often does one really trawl through the various T&C’s and disclaimers?

One of the problems, as I see it, is that of informed consent. I couldn’t tell you the number of times in a day that I click on “Accept Cookies” without even thinking about it. If, however, I were to actively investigate what those cookies were tracking, I would be presented with pages of legal and technical jargon that would put me off using the internet entirely. The same applies for social media platforms, we click the “I agree” button without fully understanding the pact that we have created. Now, with the proliferation of apps and games that Facebook, for example, hosts, one could be fooled into believing that all the data you submit is safely ensconced within Facebook’s servers, however, the reality is that the data will be farmed out to the 3rd party server who actually hosts the app or game. And, as we never read what information we were allowing them to harvest in the first place, we don’t know whether it’s simply our username, our email address, our extended profile or even those of our friends/connected users.

Why should one care? I mean, it’s only a bit of data, right? Facebook isn’t as insidious as made out to be – with nefarious tendrils extending into all aspects of one’s life, right? In the majority of cases, probably not, you can ignore the unabridged terms and conditions and move on with your busy life. However, in some cases, all this data – your likes, your browsing habits, your click history, your social circle etc is passed to an app developer’s server, the majority of whom are trustworthy and won’t use half the details that they collect from your profile. This can lead to a pretty complete profile which resides on a server which is affiliated to, but not controlled by, the platform from whence you accessed it.

Still don’t care? Well, we, in IT, do. The more personal information available to would be conmen or fraudsters, the greater the risk of targeted scams and phishing emails. And, even in this day and age, you’d be surprised how many people use their date of birth or a combination of that and their significant other’s or children’s names or their postcodes or the first line of their home address as the password to everything. Given enough data and enough time, they can gain access to all your online accounts.

Sharing isn’t caring – it’s stupid. Read this, if you don’t believe me.

Do get in touch