The Reality of Privacy in A Modern World

The Reality of Privacy in A Modern World

Technology has completely transformed the world as we know it. It has made many mundane tasks effortless or even negated the need for them altogether. You have access to an abundance of information and services without even getting up. There is no doubt that it has vastly improved the quality of life in many regards, but it is not without consequence. One of the prices we have had to pay is our privacy. In much the same way as security, privacy is not possible to have at the same time as convenience. There are few situations in which only the information that is absolutely necessary is collected, but even with only the bare essentials being harvested, complete privacy is impossible.

We all have our own lives and for the vast majority of us, whether we like it or not, we put ourselves first. Those of us who do put others first are highly admirable but at the end of the day, all of us want to be able to afford to live. To be employed in an increasingly competitive and optimised world is ever more challenging. There is always a push to cut costs and raise profits, it is just how the world is geared to work. It is just sad that it has taken us down a path where your date of birth is required to make use of the more convenient features of a computer or phone.

Let's take a walk through some of the data that is justifiably required to traverse a digital world. To have an account with someone is common practice and for such an account you’ll need an identifier for which your name works well. There is a problem with names though, and that is the fact that they are not unique which defeats the whole point of an identifier. The solution is either a username or email address, because of how systems have been designed, there is usually a bit of information which cannot be changed as it would “break” the database. It is bad practice to have this unique, non-changing key be the username or email address, but it still happens. Anyway, we have now got a username and email address, next we want to prove we are who we say we are. This is where passwords come in, these are not personally identifiable information and if yours is, then you are doing it wrong.

So, an email address and/or username, and password is justifiably required. We can add an address if you are ordering something, for billing and potentially delivery purposes. A phone number might be needed as well. Let’s say you are ordering a knife, the seller has to “know” that you’re old enough so they may want a DOB, problem is they usually have no way of confirming this so it’s not uncommon for them to go down the route of having “Check this box to confirm you are X or older” instead – negating the need for a DOB.

The point I am trying to make is that some information is justifiably required to provide you with whatever it may be that you are trying to use. However, there is a lot of information that is not technically needed but is gathered because it can be used either directly or indirectly for financial gain by the collector.

firstnameNelson
An email that I received as I was writing this, it seemed rather fitting. Nice of them to redact my name.

Let's shift focus a bit, so far, I have been talking about the information you knowingly provide but there is a lot that you do not “know” about. Take this blog for instance, you are using a device which sends all sorts of information back to the makers of the operating system and the software you have installed. This information can be used for debugging and improving but it can also often be used for profiling users and identifying users. “They” may say that it is anonymised but how can you be sure? How do you know what is being sent and where to?

Then you have the DNS requests, these are performed by your computer/browser to resolve the domain name (owennelson.co.uk for instance) to an IP address which is the Internet address from which this blog can be obtained. The DNS servers you use are by default set to ones provided by your ISP and consequently grant the ISP the ability to see a list of what sites you visit, when, and how often – you have no way of knowing if they do or not. Of course, as all your broadband traffic goes through them, they can also gain some insights that way.

Finally, at least in as far as I’m taking it here, you have the website itself. It is not at all uncommon for a site to be running some sort of analytical script(s) to gather information like how long you visited, what pages you viewed, what browser and OS you are using, what features are enabled, and so on. There is also the information collected in the server logs which by default will be your IP address, your browser’s user agent and the requests your browser made. You can see your IP and decoded user agent on one of my other sites, emailtools.io/apps/myip/. The point I am trying to make is, data is collected everywhere, pretty much everything “phones home” frequently and data is archived and will rarely be completely gone. Your smart watch, your internet connected light bulbs/fridge/kettle/toaster/whatever other device which really should not be internet connected but is, all collect data.

eyes
You are being watched. Sufficiently creepy picture and caption... The alternative was pictures of animals looking through things.

At the end of the day, information is money, as a company, if you do not utilize it then you are at a major disadvantage. Take this blog for instance, there is a practice of using what has been dubbed “click-bait” titles to generate more views. I absolutely hate this, but the fact is, it works. If I were not against it, this blog would be titled something like “Companies don’t want you to know this”. It does not give you any indication as to what the blog is about, but it is more likely to get your attention and consequently, clicks. Now, that is not related to privacy, but it is a fantastic example of how information can be manipulated to, in most cases, generate greater profits. That is a practice that uses no personal information whatsoever, imagine what companies could do with your data. "[[FIRST NAME]], we thought you might like a new …" That sort of message ring any bells? It is what eBay notify me with on my phone. It is scary, reading a blog post on a random site then a few minutes later getting a message from eBay, “Hey, want to buy this thing you were just reading about, from us?”. What about the other notifications like “Claim these fantastic deals from <that store you just walked past>”.

The physical world is covered with cameras and other security systems, but you can still remain effectively anonymous through the use of a balaclava and cash - although you might worry a few people. The world of technology is quite different, you can remain anonymous, but it takes extreme dedication and sacrificing a lot in the way of convenience. I suppose it could be a bit easier for those of us with a cover identity... Yeah, not exactly something that is readily available.

This post is rather wordier than I would normally go for but it's a serious topic which people are evermore conditioned to disregard. I don't expect anyone to decide "That's it" and unplug their router after reading this but I'd be glad if it gives you something to think about. There is no answer to this problem, convenience will always win. One last thing, remember that data breach that happened last week? What about the dozens of them since? Surely, you've seen them all on the news because they're incredibly serious matters that everyone cares about?

Short link: on-te.ch/pcy

Owen Nelson

Owen Nelson

https://owennelson.co.uk

IT Systems Administrator from Northamptonshire, UK. Always on the lookout for ways to make things faster and more secure - and I enjoy getting through a fair bit of Tea along the way.

View Comments