Is Online Privacy a Pipe Dream?

In the early days of the Internet, few people had much concern about online security, in terms of their personal information. After all, there was no eBay, Amazon or online banking available to the rank and file users. That gradually changed, as it became possible to give a credit card number for orders of services and products.

Safeguarding credit card information, of course, was no new issue. By that time, it was already possible to order some things by credit card over the phone and a few horror stories spread like wildfire, making even the most obtuse users act cautiously.

As ecommerce began to be more common, particularly with a few big brands shifting their attention to connected users in a new market, a flood of warnings surfaced. Many banks and card providers included security precautions in their customer service information. The public (at least the portion that had some common sense) began to be selective of when and how they would use their credit card online.

About this time, merchant account providers began requiring that pages that accepted financially sensitive information be secure and services began cropping up to ensure compliance with certain levels of data security.

Governments began establishing regulations regarding what financial information could be stored, by whom and how. There was a wider general awareness of the risks of making online purchases and the measures one could take to minimize those risks.

Enter: The Hacker

Hackers didn’t just come into existence at this point, of course… they had existed for as long as the Internet. Prior to that, though, they weren’t much talked about, at least outside of webmasters and IT admin circles. With more targets, though, and with those targets presenting a lot of harvestable (and potentially profitable) data, the population explosion was inevitable.

And not surprisingly, hacking took on a new profile. In the early days, there were basically two kinds of hackers:

• Those that looked for security breaches just “because they could”, supposedly in an effort to get sites to tighten up their security. Some of these hackers got periodically sidetracked toward whistleblowing, when they stumbled across more than they expected.
• Those that sought to do harm to a site. Motivations included revenge, political/religious/ethical conviction and activists.

As online spending became more prevalent, a third type of hacker evolved:

• Those that sought to harvest data they could either sell or use for their own benefit.

And because there was no longer such a necessity for a hacker to be a master of code, the barrier to entry was lower. That resulted in a lot more hackers, particularly in the third category.

That category has turned into an underground industry, responsible for billions of dollars in losses every year. Use of stolen credit card information is one part of it. Identity theft is another, broader part.

Loose Lips Sink Ships

During World War II, “Loose Lips Sink Ships” was a motto coined by the U.S. government, to caution both military members and civilians to be careful not to let slip innocuous comments that, by themselves, might be harmless. But when assembled with other innocuous comments, could construct enough information to allow the enemy to know when and where a troop movement might be taking place.

Example:

• Rob’s wife comments that she hopes Rob has an opportunity to buy her some Italian silk when he gets to Naples.
• Ginny mentions that her husband Al is bunking in the same stateroom as Rob and Antonio.
• Antonio tells his buddies at the bar he can’t help with the fundraiser on Sunday because his ship is sailing early Saturday morning.

Anyone that can put that information together could surmise that whatever ship Rob, Al or Antonio are on will be sailing Saturday morning for Italy. A lot of ships were attacked by submarines with as little information during the war.

Which has What  to do With Internet Security?

Most of us are bright enough not to put too much of our online information in one place. But when those bits and pieces you have scattered about are all pulled together, they form a pretty complete picture.

If, for instance, you’ve fleshed out your Google+ account’s About page like I have, with a lot of different places you’ve written and a lot of different social media accounts and profiles, you’ve planted quite a bit of information on yourself.

For instance, maybe you used to use a different email address on different types of profiles and also used some different user names on some venues. But if those profiles and venues appear on your G+ account, they can all be tied together. Maybe you were careful not to list those accounts that have different usernames and emails. Did you use the same avatar, though? If so, guess what – they’re still linked.

Did you really believe that Google+ was ever intended to be a social media network? Think again. It’s an information network. It was built to gather information, to tie people to data, to flesh out the graph. Nothing more.

And it doesn’t take a couple of Google PhDs to build an algorithm that can tie all your online information together. Hell, it can be done manually, if someone’s interested enough in you. In a few hours, you can put together a pretty comprehensive dossier on anyone with a reasonably complete Google profile.

I remember years ago when the first noises were being made about protecting your data online, a lot of naysayers would respond “If you’re not doing anything wrong, you have nothing to be afraid of”.

Keep tellin’ yourself that, pilgrim!

Don’t run out and buy a roll of tinfoil to make yourself a shiny new fedora, though. It’s not like Big Brother is really watching, right?