The Anti-virus Times

Friday, October 25, 2024

The digital era has opened up a huge number of opportunities for humanity and brought changes to almost all aspects of our lives. Social interactions, knowledge sharing, working and shopping online, and the ability to quickly access virtually any needed piece of information—all these marvels are now available to us thanks to communication technologies. The advent of the World Wide Web revolutionised our understanding of communication. Moreover, technologies have been evolving so rapidly that society has found itself adapting to the latest trends and developments literally on the fly. Apart from its obvious benefits, this new digital life of ours also has a downside. When it comes to online activity, many people are still concerned about their anonymity and security. Is complete anonymity even possible? What information do we reveal online? What happens to this data, and how can it affect our lives? In today's Antivirus Times issue, we're going to talk about online privacy.

The Internet's past and present

From a technology viewpoint, today's World Wide Web operates almost exactly as it did 30 years ago. Two devices connect and communicate over a number of intermediate nodes. To do so, these devices must use certain identifiers (addresses or names) and know the route along which their messages are being transmitted. And to make this work, they also need communication channels as well as a protocol for coordinating the transmission.

Initially, the World Wide Web did not offer any specific features for maintaining anonymity. People had been exchanging information in plain text for years with no encryption whatsoever. Back then everyone was more excited about the Internet’s capabilities than they were concerned about their security. That's why few people gave any thought to how they could hide their IP addresses and location, encrypt messages or use secure channels. It's also important to note that two decades ago, the Internet was a much less commonplace phenomenon, with fewer real-life applications and standards for regulating its use, than it is now. The notion of anonymity was based on a perceived lack of connection between the user's actual personality and their virtual profile.

Today, the Internet is not merely about browsing webpages and sending emails. The global network connects billions of different devices and affects almost all areas of human life. The need to keep communications protected fostered the design of corresponding technologies and solutions. Traffic encryption is just one of them. At the same time, the value of information has increased significantly and its volume even more so. Most of us use social media, online stores, convenient digital services and ecosystems. The amount of data that gets generated, transmitted and stored on the Internet every day is almost impossible to imagine. But in all of the above scenarios, a marker of some kind can always be used to determine our identity. And whenever we use the Internet, we usually leave a so-called “digital footprint”. In other words, the matters of privacy and security are now dealt with on a completely different level.

Personal data and data leaks

In this publication, we regard personal data as aggregate information that allows a user's identify to be determined—such as their full name and phone number. Obviously, Internet service providers possess this kind of information. Companies running various online services also store the personal data we provide voluntarily. For example, today most popular online platforms require a phone number during registration. It's an essential piece of data, since it is usually tied to the respective person's ID.

Unfortunately, when it comes to storing customer data, some online service owners are less reliable than others. Data leaks caused by intruders happen from time to time, and an attack on a company can originate both from outside the infrastructure and from within. Leaked databases usually circulate on the Web or go up for sale on darknet marketplaces. Consequently, determining that a certain user has accessed a particular service or registered on a specific site is not a very difficult task. Just use the information you have to search the databases for possible matches. As attacks on corporate infrastructures become more frequent and sophisticated and because some companies fail to adopt adequate data security measures, the problem of personal data leaks is now more relevant than ever.

Activity tracking and a passive digital footprint

Internet service providers can see what their customers are doing—they know which sites these users visit and when. Secure HTTPS connections hide the actual content being transmitted, but not the fact that a transmission is in progress. In most cases, the ISP can also see the addresses and domain names of the sites that a user visits. This information won't be available to the service provider if its customer uses a VPN or other routing tools, but it will still know that the tools are being used. All incoming and outgoing traffic is processed and classified based on certain criteria, and all activities are logged. Of course, in most cases, an ISP doesn't really need to purposefully collect information about its customer, but bear in mind that this is feasible.

Various online businesses—be it a delivery service or a VPN service, or an IoT ecosystem (for example, a smart home)—can process and store all the information that you submit to them. Unfortunately, there is no guarantee that this data won't be relayed to a third party (intentionally or as a result of a leak) or used for illegal purposes.

Targeted ads illustrate just how effective automated data collection really is. A typical situation: you've been looking for a new fridge and now relevant banner ads pop up everywhere. Even worse, you receive calls or SMS from stores you've never heard of. They propose that you buy a refrigerator or other household equipment on an instalment plan. This information about you is collected in the background by ad trackers on various sites and by third-party parsing services linked to companies that process user data. That's how your phone number can end up on a cold or warm calling list.

You’d think that one could easily get lost on the Internet amidst hundreds of millions of users. But growing computing power, improved algorithms and ever-evolving neural networks make it possible to learn a lot very quickly about an individual by analysing their digital footprint.

Social media and voluntary personal data disclosure

In addition to a passive digital footprint, users often disclose information about themselves on social media. Of course, everyone is free to decide how much they want to share, but remember that posting something on the Web is similar to sending a radio transmission on an open frequency—i.e., it becomes available not only to its intended recipients. And even if you use the most advanced privacy settings (for example, accessible to friends only), the message at the very least will still be available to the social media owner. And if the post is public, potential bad actors may be able to see it as well. There are numerous cases of users becoming robbery victims simply because they stopped being vigilant on the Web.

In addition to actual posts, information about other meaningful activities—likes, comments, and reactions—can also be collected and analysed. Can this be used against you? It all depends on the specific circumstances. But always remember that all your actions can be tracked. If necessary, someone can put together small pieces of the puzzle and get a complete user dossier.

Unknown vulnerabilities and malware

Even if we assume that the developers of a “secure” messenger or any other anonymity service will under no circumstances ever disclose your information, no one can guarantee that it will remain secure with 100 percent certainty. Any application can have a loophole that only a few people know about. A vulnerability of this kind can be exploited to read private correspondence or keep track of all of a user's actions. Unfortunately, no one can tell with absolute certainty that no such loopholes exist. That's why you always need to allow for the possibility that your communications can be compromised at any moment.

And we also can't cover this topic without mentioning malware. It poses an even greater threat to the average user because there exists a vast category of trojans specifically designed to steal information on devices. Spyware, keyloggers, DNS spoofing programs, and other trojans all pose a severe security threat. Many malicious programs are also used to compromise IoT devices that are equipped with cameras and connected to home networks. For users who don’t pay attention to their devices' security, the risk of their personal data falling into the wrong hands increases manifold. And that can be much more dangerous than annoying ads or logs of your activity being stored by your ISP.

Balanced security

Complete anonymity on the Internet is unattainable, but this does not mean that you should stop caring about your privacy altogether. A lot depends on how much of their identity a user chooses to reveal. On the one hand, discarding all means of communication and going completely offline is hardly a reasonable option. On the other hand, maintaining privacy to a certain extent is important and worth taking care of.

Users should, above all, be on their guard for scammers and other cybercriminals who thrive on stolen information and data leaks. Spear phishing attacks, for example, take advantage of previously collected information about specific individuals.

Other than that, just keep in mind that nowadays many systems and services on the Internet collect and analyse information about us. Most of them are created for profit; others belong to various countries' authorities and agencies. Also note that there is no way to tell how or whether a certain piece of data will ever be used.