The Internet often forces people to treat their data like currency: enter your information and get access to an app or service. Businesses collect bits of data for each person online and use it to track and target them.
Privacy is a human right. People should have a say in their privacy, says Jon von Tetzchner, co-founder of the firms that created the Opera and Vivaldi browsers. The problem is, many people who share their information for the convenience of using different services don't realize the consequences of having their information tracked.
Current regulations don't let anyone opt out. Oftentimes there isn't a question of implicit consent. When you go shopping on Walmart's website, you're not given the option to browse free from online trackers.
"We're being told, to get Internet services you have to give up privacy, or to get security you have to give up privacy," he continues. "But by giving up privacy we're actually giving up security. You don't need to track a person all the time to be able to figure out where they are."
For some software or services there is a need to collect certain types of information, but as von Tetzchner points out, most of the time there is no correlation. Overall, the tracking has gone too far, he continues, to a point where it "has to be in violation of law." The implications are poised to become far more nefarious than targeted advertisements on Facebook or Google.
"For a lot of us, [targeting] is maybe just a nuisance," he explains. "But when you see that being used for things like propaganda, it becomes highly problematic and even a security issue."
Growth and Consequences of Online Tracking
Online tracking and data collection is partially fueled by the size of corporations behind it. Large companies and ecosystems have so heavily invested in these operations, there is a fear of breaking the system if the collection is stopped. Unfortunately, major businesses are at high risk.
"The bigger the target, the bigger the game," he notes, citing the Yahoo breach as an example of what happens when a major data collector gets hit. "With these services, there is a problem because they can be attacked and if they get attacked, the spoils are huge." He admits he's inclined to use smaller companies because they're less connected to larger entities.
Cloud growth also plays a role in making storage of user data cheaper, easier, and more secure -- if done properly. As we now know, poor cloud security practices can affect billions.
"Sure, cloud is cheaper, but it depends on the quality of people you have doing the job," says von Tetzchner. "It's creating situations where you have single points of failure."
What does this mean for the future? "This implies problems for everyone," he continues. It's imperative for businesses to care more about privacy regulation. Many companies and app developers prioritize functionality over privacy and security due to resource and time constraints. Relaxed security and privacy standards have made mobile ecosystems appealing to attackers.
Given the size of players in the game and ubiquity of data collection, this is a difficult problem to address. Ideally, von Tetzchner says, there would be a limit on data collection and no individual tracking, which didn't even exist not long ago. One of the challenges is there aren't many sources that could really regulate this, though the United States and European Union are two potential sources.
Most Consumers Don't Understand the Problem
News reports of major cyberattacks and data leaks have driven broader security awareness, but there continues to be a general lack of knowledge when it comes to online threats, the exposure of their personal information and devices, and potential for unwanted spying.
"Most people don't really understand how far that goes," says von Tetzchner. "All of our movements are tracked, everything we do on our computers with regards to browsing is being seen … It's like asking someone, 'Can I follow you, one step behind you, all the time?'"
The 2017 State of Privacy and Security Awareness Report by MediaPro found 70% of 1,012 US workers don't fully grasp security and privacy. Behavior on social media was especially concerning as the number of people willing to potentially risk their companies on social media grew to 20%.
Savvy users have trouble hiding in the shadows. Some are turning to the Dark Web for their online activity not because they want to do anything illegal, but because they want to use the Internet without being watched, von Tetzchner says.
"It's natural for people to want to keep their privacy," he says. "It doesn't mean you're doing anything illegal. Users shouldn't have to use Tor, or anything like that."
- The Week in Crypto: Bad News for SSH, WPA2, RSA & Privacy
- Security Training & Awareness: 3 Big Myths
- 10 Major Cloud Storage Security Slip-Ups (So Far) this Year
- How to Talk to the C-Suite about Malware Trends
Join Dark Reading LIVE for two days of practical cyber defense discussions. Learn from the industry’s most knowledgeable IT security experts. Check out the INsecurity agenda here.