With the advent of the internet many people seem to forget about privacy and its importance. Some people claim that privacy is actually dead and has been for a while and we have plenty of examples of people who knowingly and willingly breaching their own privacy but does this mean that people no longer care about privacy?
What is obvious is that people nowadays seem to love sharing every little aspect of their lives with the whole world. From social networking sites like Facebook to people like Jennifer Ringley whose famous JenniCam site broadcasted unedited and uncensored footage of Jennifer from 1996 – 2003.
Another possibility is that people consider social networking sites to be fun and are therefore carefree in their usage. Stories such as employees getting fired due to comments about their current employer seem to suggest this is indeed the case. In this case I would assume that Farm Boy employees thought that being a ‘members only’ group would keep their comments private, but in a world where secret treaties are leaked can anyone really expect that limiting access is protection enough? Apparently some people are willing to bet their jobs that it is. Worse yet it’s not an isolated case as there are many known cases of people incriminating themselves on social sites.
It’s not just about knowingly sharing your personal details with the world either. Nowadays no one thinks twice about buying items off the internet; it’s convenient and easy but not everyone understands the privacy one sacrifices in doing so. When buying online you’re sharing a lot of confidential information including credit card number, name and address. We’re trusting that those details will be kept safe, that they will not misused and that the company we’re buying from is secure. Unfortunately this isn’t always the case as I myself discovered when one of the credit cards I use exclusively online was used to buy services on the other side of the globe. None of the companies I bought from advised me of any breach they suffered which compromised my credit card number and there were no reports on the media either. That said I still didn’t stop buying online even after falling victim to the dangers involved.
On one hand we live in the information age; no matter how much you value your privacy it’s impossible to keep everything secret. Every subscription, online purchase, bulletin board registration, social networking site participation, government institution and more will record your details and store them in some form or another. Whether we want to or not we have to trust that these entities will keep this data safe from threats both outside and within their infrastructure.
On the other hand we do not want to make an already bad situation worse. Going back to Jennifer Ringley (the person who started the trend of lifecasting) we have someone who didn’t mind sharing every intimate moment of her life with the whole world yet was still annoyed when, after reciting her phone number over the phone and streaming it to everyone watching her cast, it resulted in people calling her.
The truth is that most of the time we’re better off if certain details remain private. Every piece of information which becomes public could potentially be used by social engineers. Think of something as trivial as an internal telephone list where a social engineer has a list of employees, their title and telephone number. Let’s assume the social engineer wants to gain access to credit card details. He first needs to log in and for that he requires credentials. With a phone list he could try a simple social engineering attack – he calls up the sales manager and asks for an employee who works in sales, when the manager says he got the wrong number he asks to be forwarded to the person (in this case his victim) and tells the victim that he is sitting next to his (the victim’s) manager and they’re running an audit (or any other excuse) and asks for the victim’s credentials. The victim knows the call is coming from his manager’s office (because it was forwarded), this person called him by name and would therefore assume the attacker is sitting next to his manager while asking for his credentials; he is therefore very likely to comply with the request. A simple attack and all that was needed was a phone list.
A lot of information can be used by hackers to launch targeted attacks. If one of your employees posts on Twitter that your company still refuses to upgrade from IE 6 even though everyone knows how insecure it is (an actual post I came across) an attacker who has exploits that target IE 6 knows which company to launch an attack on.
Social sites have made people want to share every detail of their lives with everyone and in turn they’ve become more trusting. In itself it’s a nice concept; sharing is good but it can also be dangerous to a person or an organization. When something is shared with the world, it’s gone public and in most cases is impossible to take back. That being said it is also important to understand that in most cases privacy only helps in hiding the problem. If the employee didn’t post about his company using IE6, it would still have used IE6 and it might still be vulnerable. If Farm Boy employees didn’t write about their unhappiness with their work place they’d still be unhappy. A social engineer with no access to a phone list can still call up a company and social engineer his way to potential victim’s details such as the manager’s name and phone number.
Privacy might only buy you some time while fixing the real problems; however, it still remains a core value that we should retain as important, especially online.