Have you ever wondered how much information there is about you on the Internet? Your digital identity is shaped by your accounts, posts, photos, comments, search queries, and other “traces.” It’s your virtual double. And this double can be of interest to many different people, many of whom are not harmless researchers.
Take social networks, for instance. They let you use a multitude of handy services. Technically it’s free, yet Facebook, VKontakte, etc. collect information about you and your behavior/preferences to sell on to advertisers. Search engines (Google, Yandex, etc.) do the same.
An outrage? Perhaps, but bear in mind that you yourself allowed them to do so when you created an account and clicked the “I accept...” button. Somewhere in the confidentiality agreement, it’s generally stated that when creating an account you consent to your information being collected and passed to third parties.
But there are other entities that do roughly the same thing but without your consent. Some individuals earn their crust by harvesting publicly available information on you — from phone numbers to friends and interest groups in social networks — and then compiling a dossier for sale to advertisers or for their own dark purposes.
Controlling who can find out what is basically what the privacy in the title of our course is all about. In the modern digital world, privacy is vital — if your data falls into the wrong hands, the consequences can be serious, and not only online.
Left your contact details on a suspicious forum? Expect to get bombarded with spam emails! And don’t be surprised if you get calls offering legal assistance, free medical checkups, and other “services.”
You googled where to buy a bicycle, and for the next few weeks bicycle banners get wheeled out on almost every site you visit? Welcome to targeted advertising. Nor does it spare your browser history — this data reveals your circle of interests. Targeted advertising poses no particular risk, but the feeling that you are being tracked without your consent can be unnerving.
However, a leak of personal data can lead to more serious consequences. Let’s say you posted some funny pics from a bachelor party in the public domain. Your boss happens to see them by chance — and decides that you can’t yet be trusted to meet partners or clients. Maybe they’ve seen the pictures too and don’t take you — and therefore the company — seriously. Moreover, information online can stay there for a very long time. Risqué comments posted when young or drunk (or both) can come back to bite in 5-10 years when you have a reputation to protect.
And your private correspondence is a veritable goldmine for people looking to get rich. Are you sure that a confidential agreement you wanted to work on at home hasn’t accidentally wormed its way in there? If an unscrupulous outsider saw it, it would endanger not only you.
Got tickets to the big game and decided to brag to friends by posting a photo of them on Instagram? Someone just scanned the barcode printed on them and got into the stadium before you. It’s a waste not only of time and nerves, but money. Not to mention a spoiled weekend!
But when it comes to headaches, leaked passport details can cause some of the worst. Armed with them, some fraudster could apply for a loan in your name, set up a fake company, or offload a debt.
Having a combination of data on you gives potential attackers even more possibilities. Imagine they found out your home address and current location (for example, from a geotagged photo). If the distance between the two is measured in hundreds of kilometers, then some uninvited guests might drop by your house — safe in the knowledge that they have plenty of time to do a thorough job.
But how can cyber thieves get hold of this information? Stay tuned for the next lesson!
What user data is NOT of interest to cybercriminals?