Lesser-Known Risks for Corporations and Consumers
Big data corporations are always seeking new ways to capture data from consumers, and some of those tactics they employ can expose their targets – and at times, their employers – to significant privacy risk. Greg Sparrow discusses some of the most unknown privacy dangers consumers face today.
Now more than ever before, “big data” is a term that is widely used by businesses and consumers alike. Consumers have begun to better understand how their data is being used, but many fail to realize the hidden dangers in every day technology. From smartphones to smart TVs, location services and speech capabilities, oftentimes user data is stored without your knowledge. Here are some of the most common, yet least-known privacy dangers facing consumers today.
1. Geolocation
Geolocation can be convenient, especially when you’re lost or need GPS services. However, many fail to realize that any information surrounding your location is stored and archived, and then oftentimes sold to a third party who wants to use that information for a myriad of reasons. For example, are you aware that data is often collected during your shopping experiences? A variety of stores will purchase location information to determine how long a customer browsed in a particular aisle so they can further market to those customers in the future, promoting similar products. The information may seem harmless, but would you feel the same way if you saw a physical person following you around collecting the same information?
2. Social Media
Facebook, Google, Twitter and Instagram are all social media services provided to individuals for “free,” but have you ever wondered what the real cost might be? It is often said that if you don’t have to PAY for the service, then you probably ARE the service.
The hidden cost for utilizing these social media sites is the forfeit of personal information for the social media sites to sell and thus profit from. In fact, Google and Yahoo can actually read their customers’ personal email. Some individuals might say they don’t mind because they have “nothing to hide,” but wouldn’t you be wary of publicly posting your login credentials, not knowing who might have access?
Giving these large organizations rights to your private messages can be interpreted as pretty much the same thing. After all, isn’t your personal email just that – personal? Another unknown fact about Facebook is that they can create “ghost profiles” using facial recognition for people who do not have an account but appear in someone else’s photos. During the Dakota Pipeline Protests, Facebook sold the private chat messages of its users who were discussing the matter to the FBI and local police, as well as private security companies who further reported inside information directly to the pipeline company. Because the information was “for sale,” the police didn’t need a warrant to obtain confidential information; they simply needed to buy it. This is just one of the many ways social media affects those who don’t realize the implications.
3. Web Browsers and Apps
Before smartphones existed, “apps” were nonexistent. Anything accessed now through an app was before accessed through an internet browser. The web browser on a smartphone is what is referred to in the cybersecurity industry as “sandboxed,” meaning it cannot access general data on the system or control hardware. An installed app, however, can be coded to do anything it wants to gain access to any hardware the user has control of.
Take the History Channel for example: If a user accesses the site from a laptop, they can access the entire website without a problem. However, if accessed through a web browser on a smartphone, the user is prompted to “download the app.” Many times, if you do not download the app, the website will disable you from viewing or using it, forcing you to download the app and giving up your personal information in the process. The app will ask for permission to access the camera and the microphone on your device. This is because the app is storing personal information of its users outside of what happens within the History Channel app you just downloaded.
4. Speech Software and Smart TVs
Speech software such as Cortana, Alexa and Siri have become increasingly popular in the past few years. However, if you are running these services in your home or office, then you have an active listening device running at all times. Essentially, you are “bugged.” These services are running, tapping and sending your audio steams to remote servers daily. Many fail to realize that the cameras on these devices can be turned on without the light being activated, meaning your smart TV can be watching you even when you aren’t watching it. All of this can be done without downloading any related software because the software is already built in. Some smart TVs will not turn on if the camera is covered with tape or if the microphone has been disabled. If you’re living in the United States and utilizing a smart TV, it’s likely monitoring and watching you.
5. Shopping & Savings Cards
Are these just great programs to help you save a little money at various stores? What is in it for the business offering these savings? There are some little-known privacy dangers inherent in the “frequent shopper” or savings cards offered by many grocery stores and retailers. These organizations are saving, analyzing and sharing information on what you buy and when you buy it in order to predict future sales. The savings passed on to the consumer are far less than the amount of money these companies are making by selling the information to outside resources regarding your purchasing history and habits. Specifically, Kroger and Ingles make over 200 percent more profit from the data that they sell than the savings the consumer experiences. The best way to protect oneself from the sharing of personal information is to limit the number of programs you participate in.
Greg Sparrow is Senior Vice President and General Manager at CompliancePoint. Greg has enjoyed over 17 years of experience in privacy, information security and risk management. Greg has had the pleasure of working on both US based and international projects. He was responsible for the development and implementation of the security program’s responsible for protecting billions of dollars in annual transaction volume. Greg’s most recent work includes security and certification work for Samsung Pay, enterprise risk management for multiple NFL and MLB sports teams and helping to secure critical infrastructure at some of the nation’s largest transit hubs.
