Ronnie05's Blog

The end of Privacy as it happens! (Dont bother – its the industry economics now)

Posted in Internet and Search, Technology impact on economy and population by Manas Ganguly on April 17, 2013

If you’re not paying for something, you’re not the customer; you’re the product being sold- Andrew Lewis

The Internet is a surveillance state. Whether we admit it to ourselves or not, and whether we like it or not, we’re being tracked all the time. Google tracks us, both on its pages and on other pages it has access to. Facebook does the same; it even tracks non-Facebook users. Apple tracks us on our iPhones and iPads.Increasingly, what we do on the Internet is being combined with other data about us. Everything we do now involves computers, and computers produce data as a natural by-product. Everything is now being saved and correlated, and many big-data companies make money by building up intimate profiles of our lives from a variety of sources.

Facebook, for example, correlates your online behavior with your purchasing habits offline. And there’s more. There’s location data from your cell phone, there’s a record of your movements from closed-circuit TVs. This is ubiquitous surveillance: All of us being watched, all the time, and that data being stored forever. This is what a surveillance state looks like, and it’s Minority Report all over again.

Sure, we can take measures to prevent this. We can limit what we search on Google from our iPhones, and instead use computer web browsers that allow us to delete cookies. We can use an alias on Facebook. We can turn our cell phones off and spend cash. But increasingly, none of it matters.

There are simply too many ways to be tracked. The Internet, e-mail, cell phones, web browsers, social networking sites, search engines: these have become necessities, and it’s fanciful to expect people to simply refuse to use them just because they don’t like the spying, especially since the full extent of such spying is deliberately hidden from us and there are few alternatives being marketed by companies that don’t spy. This isn’t something the free market can fix. We consumers have no choice in the matter. All the major companies that provide us with Internet services are interested in tracking us. Visit a website and it will almost certainly know who you are; there are lots of ways to be tracked without cookies. Cellphone companies routinely undo the web’s privacy protection.

Maintaining privacy on the Internet is nearly impossible. If you forget even once to enable your protections, or click on the wrong link, or type the wrong thing, and you’ve permanently attached your name to whatever anonymous service you’re using.

In today’s world, governments and corporations are working together to keep things that way. Governments are happy to use the data corporations collect — occasionally demanding that they collect more and save it longer — to spy on us. And corporations are happy to buy data from governments. Together the powerful spy on the powerless, and they’re not going to give up their positions of power, despite what the people want.

Fixing this requires strong government will, but they’re just as punch-drunk on data as the corporations. Welcome to a world where Google knows exactly what sort of porn you all like, and more about your interests than your spouse does. Welcome to a world where your cell phone company knows exactly where you are all the time. Welcome to the end of private conversations, because increasingly your conversations are conducted by e-mail, text, or social networking sites.

And welcome to a world where all of this, and everything else that you do or is done on a computer, is saved, correlated, studied, passed around from company to company without your knowledge or consent; and where the government accesses it at will without a warrant.

Welcome to an Internet without privacy, and we’ve ended up here with hardly a fight.

Advertisements

Do You support CISPA? (I do!)

Posted in Internet and Search by Manas Ganguly on May 1, 2012

The Utopia of Free Internet is a pipe dream. And strong measures will be required to safeguard Internet as a whole.

Even With American congress currently wading through the political details of CISPA, the much maligned, privacy-killing “Cyber Intelligence Sharing and Protection Act” neeeds aa second look. With more and most of our lives being lived out on the internet, it is slowly becoming apparent that the internet can no longer be considered the high-tech playground that everyone once thought it was. The choice is between Privacy friendly anarchy and a disciplined approach to a portal where an amazing amount of our lives is to be lived through.

So, with the danger posed on both sides of the cyber-hacker war, is the internet bearing witness to an internet cyber-détente – the CISPA?

We have all known directly, about the effects of cyber-hackers. They can do anything from changing high school grades, to turning off street lights, to stealing hundreds of thousands of social security numbers from websites. But little did many of us realize just how dangerous these hacking activities could become. An hour on internet with a good Anti-Virus machine pops out 20 or 30 malicious attacks on the machine.

Back in June 2010, it was discovered that a computer worm known as Stuxnet was unleashed upon an Iranian nuclear facility, with the apparent intent of damaging or destroying that facility’s network infrastructure by targeting very specific networked industrial equipment (in this case, Siemens Industrial Programmable Logic Controllers). Apparently the “attack” did what was intended, forcing the Iranian government to seriously consider putting in place additional cyber-protections to prevent further infections. This even led to the government physically disconnecting many of it’s high priority oil well facilities from the internet altogether.

But even with all of the potential physical damage that can be caused by cyber-hackers, there is a virtual world, the internet itself, that is at risk of total annihilation. That’s right — total and complete virtual annihilation.

Imagine for a second, a scenario where groups of cyber-hackers wage all out war online. Using infected code, their targets include companies, then websites, and then eventually servers themselves. Imagine all of the world’s largest servers, those that make up the backbone of the internet as we know it, being laid waste by continuous cyber-attacks, until the internet becomes a virtual wasteland. Don’t think this can happen? The irony is that Hollywood is not that far-fetched.

This brings about the inevitable idea, that with all of the cyber-firepower that exists around the world — viruses, hackers, worms, trojan horses, the list goes on — the internet can easily be presented with a situation where the war becomes a no-win scenario. A cyber-détente, where both sides realize that the outcome will be total destruction, based on an all-or-nothing form of warfare.

It will be interesting to see where CISPA will take the debate on individual privacy-versus-cyber security. One can only hope that the discussion will protect the internet from a virtual brink of destruction, and keep cyberspace safe for everyone.

Privacy issues aside, there always is a maning to the adage when it is said – “If you want peace, prepare for war”.

Tagged with: , , ,

Facebook: Walls have Ears (and why not to take them for granted)

Posted in Internet and Search, Social context, media and advertising by Manas Ganguly on November 14, 2011

Facebook’s 800 million users with an average of 3 posts per day are generating volumes of information- mostly personal, but also brand led, economy led, social led, political and other behavioral trends that define the world today. Think tanks, medical researchers and political scientists are using the site to study everything from health issues to social trends as expressed in Likes, Wall posts and Status Updates. With over 800 million active users adding an average of three pieces of content per day, the Facebook “data supernova” is generating a research boom, driving the number of academic papers with the site’s name in the title up almost 800% over the past five years. Facebook’s stash of personal information is so encyclopedic that the researchers, social scientists and marketers could simply use the site’s advertising tool to pinpoint their desired demographic with scientific accuracy — the way marketers have been doing for years. Facebook with all its huge data bases provides a precision targeting tool with a direct approach to consumers.

However, the problem with all this is that of privacy. Facebook’s users know the site is watching them, whether they like it or not — the trade-off for being able to chatting with lovers or writing innocuous wall posts is that the site is able to mine users’ personal information. Not a lot of Facebook users even think about the fact that a researcher or a marketer is looking at their profiles. As far as they were concerned, it was just between them and their friends. Then there’s the question of methodology. Even off-line, there’s no guarantee that a research subject is being completely honest. On Facebook, it’s impossible to know how much of a user’s profile information and Wall posts are true. What you say on Facebook and what you do outside of Facebook are two completely different things. Which is why, many researcher and scientists still think a clipboard and a pen are still the best research tools anyone can use. There’s no substitute for going into the real world and speaking to real people. Social research is supposed to be about the social — and a hell of a lot of the social still takes place offline.

Sony Data breach: User backlash and lessons in security

Posted in Industry updates by Manas Ganguly on May 4, 2011

The data breach at Sony obviously has left the corporation a bit shaken and stirred and on its part Sony has been trying to make good on the losses both on credibility and services. While, Customers will get complimentary downloads and 30 days of free premium services as a make good, it raises fundamental questions on user-data security. A few questions to be answered in transparency by Sony are

1. Even though, the initial analyses saw that Credit card data wasn’t stolen, what kept Sony waiting for 7 days before they made this event public. The ensuing 7 days did not record any fraudulent activities but then the possibility of frauds in these 7 days were the maximum. All that Sony did was to shut down its Playstation network on learning of the crime which stopped further leaks but did not address lost information adequately.
2. Sony probably did not pay enough attention to security when it was developing the software that runs its network. In the rush to get out innovative new products, security can sometimes take a back seat. Also, New software has errors in it. So they expose code with errors in it to large numbers of people, which is a catastrophe in the making. Sony would have to do with explaining the lack of adequate security in guarding sensitive information.
3. Data storage is categorized into sensitive credit card information which is given higher class of access security versus other details such as name, password, age, gender, family details etc. These layers in security may cause larger ripples in terms of individual email based phishing scams and attacks. ALL USER DATA NEEDS TO BE ACCORDED FORTRESS SECURITY SET UP.
4. The second data breach has reportedly happened from a 2007 out-dated database. If that be the case, the question arises how is out-dated data treated and accorded security. Shouldn’t that be well secured as well?

Sony has been more forthcoming on the security breaches given that bulk of attacks on corporate and governmental computer networks go unreported because victims want to avoid the embarrassment and public scrutiny that come with acknowledging that their systems have been hacked. In many cases companies seek to keep the matter quiet by telling individual customers of the problem without issuing a public statement like the one from Sony this week. For example, 85 percent of some 200 companies in electricity-producing industries said that their networks had been hacked, according to a survey released this month by security software maker McAfee Inc and the non-profit Center for Strategic and International Studies. Yet utilities rarely disclose such attacks. In many cases, intrusions go undetected by the victim company, leaving the firm and its customers completely unaware that criminals have access to their sensitive data.

The hacking of Sony Corp’s PlayStation Network,Sony Online entertainment, Qriosity and has earned a place in the annals of Internet crime. It is one of the biggest online data infiltrations ever and is a sign that the industry may face new threats. It also serves a reminder that as we move into the digital world, we put more and more of our digital identity into the cloud, or digital devices … Security is going to be a tremendously important part of what we do. Payments security is evolving along with intelligent devices, like smartphones and contactless cards, and technologies such as NFC. Security standards and their up gradation is a key component to maintaining data privacy and data integrity.

How safe is user data online? (The Sony episode)

Posted in Industry updates by Manas Ganguly on May 3, 2011

Julian Assange in an interview some time back alleged Facebook to be the “most appalling spying machine” which exposes private information of over 600 million subscribers to law makers and other national security agencies in a breach of fair rules of user privacy. Inside days of Assange’s interview, we heard from Sony Corp, a leading Durable and Gaming brand about 2 counts of security breaches of its online networks. The first attack on Sony’s play-station video game network and Qriosity online music and film service which happened between 17th-19th April exposed names, addresses, passwords and possibly credit card numbers of its 77 million customers. The second attack (which preceded the first one but was discovered later possibly 16th-17th April) had drilled a hole through Sony Online entertainment network and had compromised credit card data relating to 24.6 million of its consumers and debit card data of around 10,700 more customers in Austria, Germany, the Netherlands and Spain. Sony in a statement has said that the main credit card database had not been compromised as it is housed in a safe and secure environment.

What saves the day for Sony corp is that second level security data – The three- and four- digit codes are used as a second source of authentication for many online vendors. The network passwords were also protected by a level of security called hash algorithm in which the word users type in is converted on Sony’s servers to a string of characters entirely unrelated to the original password. With passage of time, the value of this stolen information diminishes greatly as banks and users increase security precautions around such credit card data or altogether cancel it. However, hackers may be trying to hijack e-mail accounts by attempting to access ones provided to Sony, and plugging in PSN passwords to see if they were re-used for both, and spear fishing for data through fraudulent emails that contain enough personal information to persuade the victim to let down their defenses, which can be enough to get them to click on a link that downloads malicious software onto their personal computer.

The financial impact of this security incident for Sony depends on how well the company convinces customers it “will make things right”. The outflow for Sony in terms of credit card fraud, network repair and marketing costs is $50 million. The cost of legal suites would add to that figure in some measure. The impact for Credit card majors could be around $500 million. How about user faith and confidence on Sony? The loss of that (in Mastercards’ tag line) is priceless.

%d bloggers like this: