Pantharax Cybersecurity enthusiast

Introduction to privacy

Privacy you said?

Well, talking about privacy may take a long time but I thought it was interesting to tell you what I think. It may not be very organized, I write it as I think, it’s just an introduction after all.

Before arriving at the usual speeches of “We must use Linux” or “We must ban Facebook”, we will try to understand how are manipulated our data on the Internet.

Social networks

We will start quietly (or not) by social networks and the use they have of our data.

The use of data

You have to be honest with yourself, as soon as you register on a social network, you provide a significant amount of personal information, only to access the service.

Once registered, you’ll “Like”, “Share”, interact with content. Unfortunately, this content may not have been suggested to you by a friend but by an advertiser.

An advertiser is an advertising company that pays the social network (in our case) to advertise. But to be profitable, the company have to target ads for a given audience because it is the best way to have potential customers. However, to target an audience, you have to know it, and for that, you need the social network give some information about you.

This is where the question of privacy comes in: what are you willing to give, in term of data, to the social network so that it can sell them to advertisers? Unfortunately, we usually do not let you the choice … Profile, photos, friends list, age, place of residence, hobbies,… Everything is good to create a profile you looking like the maximum. Advertisers then create user profiles and sway their ads based on which profile you are closest to.

This is how we see scandals like the one involving Facebook and Cambridge Analytica, but it’s far from being an isolated case! Keep in mind that if a service is free, you are the product! This is not true all the time and it may even be true for a paid service!

A little social engineering?

I will be very brief on this subject because I am far from mastering it but it is quite simple to do social engineering thanks to the data you publish on social networks (or even on your personal blog). To say it simply, anything you say can be used against you at any time from the moment it’s public. So do not put too much sensitive information about yourself or about your company in your publications. I recently read an article published on the blog of MalwareBytes about the use of data on LinkedIn, and we quickly realize what you can do with a simple Google search (with Google’s APIs particularly). It’s still quite simple to use Open Source Intelligence (OSINT) to gather information about a “target”.

The e-commerce

A quick enough topic to address, the use of cookies on merchant sites. Although you are told, because it is mandatory, that cookies are used to “improve your user experience”, they serve above all to draw you on the Internet and allow you to suggest specific products. Thus, when you go to a merchant site and you visit the page of a product, the site records what you do by saving it in the so famous cookies. Let’s say now that you do not buy this product and go to another site … Your favorite social network, for example. You will then be likely to see an ad in which the product you just consulted will be visible, as by chance!

Small digression: a small camera

By deviating a bit from other examples but remaining in the topic of privacy, we could approach the topic of surveillance cameras or even your webcam, well integrated in your laptop. Yes, the little camera that looks at you all the day! Just say it right away that it can be activated without your knowledge even if the small light which indicates its activity is switched off. Said like that, we laugh less. So put a cache in front of the webcam, anything will suffice. Maybe it will prevent you from being blackmailed one day because someone will have a video of you, naked, strolling in front of your laptop. Same thing for surveillance cameras … Put one in your home to make sure no one gets into your pretty house, that’s a good idea, except when you do not configure access to this famous camera. Indeed, allowing access to your camera from the Internet and without a password, or with those by default (which amounts to the same), can turn against you. Let me explain: imagine that a burglar realizes that your home is empty because he had access to your own surveillance cameras, he will be able to go and steal some business quietly. A small site to image my words: Insecam Personally, I find it scary.

To conclude, pay attention to what you share or publish, remember to empty your cookies from time to time to avoid being tracked but do not fall into paranoia. Do you say that everything you post on the Internet (social network or not) will never be forgotten by the servers that hosted it.

And finally, never say, “Anyway, I have nothing to hide.” or “My data does not interest anyone.” Everyone has something to hide, that’s how it is, the principle of privacy. Otherwise, your house would be open to all passers-by in the street! And yes, your data interest many companies because they are worth the money!

[ blog  privacy  ]