On the news this morning was an article about HP laptops having a key logger as part of a disabled debug facility in the driver for the Synaptics touchpad. Conspiracy theorists are already suggesting that it is effectively a back door which HP or Synaptics or a hacker with malicious intent could activate and have access to everything you type and swipe. There is a patch available for this, and I would recommend anyone with an affected HP laptop to update asap. If this is a generic Synaptics bug, it is likely that many other brands will be affected. https://support.hp.com/us-en/document/c05827409
It got me thinking about privacy, surveillance and the world we live in.
I have a client who asked me to check and restore her IT equipment. She had been in an abusive relationship, and was convinced that her computers, phone, wi-fi router and every type of technology were being centrally controlled and feeding back to her estranged partner. After extensive sub-forensic examination, I could find no evidence of tracking or remote access software, just a whole pile of viruses and malware. I think in this case, the abusive threats she had received had made her understandably paranoid, and anything unusual, such as the actions of the malware, convinced her that her computers were being remotely controlled and monitored. I have worked with her to restore her IT systems, and show her that her email accounts are secure and not being externally accessed, but she still has issues with technology, and I can understand why. The paradox is that when she uses her windows 10 laptop, or her iPhone, many of her usage habits, what she does, where she goes etc will be collated by Microsoft, Apple, Facebook etc.
Generally we have become too trusting with our information. Some people share every aspect of their life on social media. Many people routinely use voice recognition technologies like Siri, Alexa, Cortana and OK Google to help with searching and interacting with the Internet. In the default setup, these assistants listen constantly, with much of the speech analysis being done online. So basically, Apple, Amazon, Microsoft and Google could be listening to everything you say if you have one of these devices or assistants. Despite their obvious advantages, ease of use, and benefit for anyone with a disability, I am really not sure I want anyone listening to everything I say. I am really not sure anyone or anything would want to listen to all my mumbles and sweary words either!
Somewhere, in server farms around the world, there are big databases with everything you have posted on social media, everywhere you’ve been with your gps phone or satnav, everything you have searched for online, everything you have viewed on your web-connected tv, Netflix, YouTube etc, everything you have listened to on Spotify, Sonos, iTunes etc, possibly even everything you have said, through Siri, Alexa etc, and health information from Fitbit etc.. Now at present, these databases are distributed across multiple providers, each building a profile of you and your likes. Even if you never go online, or use satnav, or social media, you will have profiles somewhere, pulled from the electoral register, and your absence from technologies will inform the profile. In the future, this information will be traded, or consolidated, without our knowledge or consent. It has already happened to some extent. Some people think that Rupert Murdoch’s acquisition of MySpace in 2005 for $580m was primarily for the 75.9 million users profiles, rather than building the social media channel for advertising revenue.
Why? Profiling is currently used to target adverts. If you browse online, you may be aware of adverts that target you depending on your age, gender, sporting interests etc. I had an instance where I was researching a specific car for a client. Now bear in mind, I use a pretty well locked down browser, reject 3rd party cookies etc.. Anyway, for weeks after, despite clearing cookies, I was subjected to adverts for this specific car online, where they weren’t blocked by my ad blocker! In future, this may be used to a different level – personalised adverts appearing on billboards as you walk past, or flashing up on a tube train or bus you are on. I think this is the tip of the iceberg though, and profiling will one day be used for much greater purposes, potentially good.. and bad.
So what can you do? Knowing that I have multiple accounts online, I choose to opt out of advertising profiling where possible. I am cautious about what I share on social media. I rarely use voice controlled assistants and only then on demand. Periodically check your permissions and policies. If you have Google, Apple, Microsoft, Yahoo accounts, check the data that is stored. If you use social media, check the permissions that are set, and the apps that can access your account. You have rights to your data, you just need to know where to look. Keep your data secure: use secure account passwords, make sure you use an antivirus, whatever device you use – pc, mac, iPhone, android. Keep your phone and computer up to date with the latest updates. Use a screen lock on your phone and computer. Avoid insecure public WiFi. Use an ad blocker and disable 3rd party cookies.
Webreturn can advise about securing your data and online accounts. We can disinfect, restore and update computers and other IT equipment, and set up protection against future data theft and malware. It won’t stop organisations building profiles of you, but might limit the damage that profiling could potentially do. Contact us for more information >>