Internet Security

Security!

Well, internet security and privacy in particular. This is more of my domain than most of my other articles :)
Just a slight disclaimer - I am a lot more involved in scripting and artificial intelligence, not so much cybersecurity. However, I have sufficient knowledge to construct a structured and substantial article on the dwindling privacy you have online.
Disclaimer number 2: I despise every single company mentioned here (unless stated otherwise). It makes my blood boil and I get shivers whenever I end up using one of their platforms.

What if I'm just being paranoid? What if this is just some anti-big-tech conspiracy theory?
If you think that, this article isn't for you.

The Importance of Internet Security

Many people underestimate the importance of internet security (and privacy) and practically never EVER consider it an issue. Although I suppose I only know this because I like the tech field and this isn't something people would willingly seek out. Regardless, I'm here for that!

I'll start with a question: On the internet, who are you?

No, I'm not Socrates or another philosopher. Philosophy is way too complicated for me anyways. On the internet, you are defined by your data or rather your digital footprint. The data you leave as you interact with the digital universe is akin to leaving footprints in the mud/snow.

Your entire life is reflected by the data you spread around all over the internet. Some of you will waft your data all over the goddamn place whereas others are a lot more cautious in their approach to their data and where it's going. You see, your life should be a private matter. Admittedly, with social media, now it's not so private anymore. But whatever. It's irrelevant for today.

When confronted with the fact that sharing your data carelessly is a generally bad practice, people will tend to say "So what? How does that have any consequence? How does it affect me?"

Well here, I'm going to tell you exactly what the problem is. And trust me, this goes much much further than your own careless practices on the net. So, buckle up because this is going to be a really wild ride down the most intricate rabbit hole on the planet (which is not linguistics).

Facebook

Or Meta! Or whatever you wanna call it because either way it's the king of harvesting your data like you're some human in The Matrix!

Now, first of all, I think it's important to assume that the companies I will be talking about have the decency to not read private things, such as direct messages.

I think one of the dangers which Meta's dominance of the social media industry poses is it's reach. No matter if you use Facebook, Instagram or Snapchat, you are not safe from the profiling that they are able to do.

Let's start with contacts. Facebook takes pride in making the world a more connected place. After all, their slogan is: "Connect with friends and the world around you on Facebook." Great!

You are effectively handing out information on who you know and are friends with. What can go bad, right? Facebook would be able to rank your friends by how much you engage with them. And this could indicate your friends group. Which can then directly reflect on you.

For example, you go out partying with your friends. Your friends share pictures to their wall while you don't. It doesn't matter since now partying can be associated to your digital profile.

What impresses me is that some people fill this out ENTIRELY

Facebook aces at making you give them your personal information. Brands this harvesting under "helping people find you". Simply saying they're harvesting your data may rub some people the wrong way. Facebook itself prompts you for the following:

name, surname, address(es), phone number, birthday, gender, school(s) you attended, education level, contact info, members of your family + relationships, personal details, political/religious affiliation, your life events and your other socials(not that it matters, they already know). Just look at all of that!

They're a step away from asking your your credit card info!

Google

They own your life anyways, so give up trying to fight them, right?

Ironic that this website is built on Google Sites

No, seriously. Have you ever stopped to consider just how much of your life is dependent on Google? If you're an Apple person, you may be congratulating yourself. And yes, congratulations on getting yourself out of the pan and into the fire. Just to disclose, I am strictly anti-Apple. The company sucks, their ethics are non-existent and they have no decency whatsoever.

It is undeniable that the world revolves around Google's monopoly in the tech sector. And that means they can do whatever the heck they want without consequences.

So what exactly does Google hold about you? EVERYTHING. Your location. Location history. Your interests. People you know. Your search history. Your schedule (calendar). Without any exaggeration, Google (and Facebook) is fully capable of knowing every single detail about your life.

I would also like to point out that even if you have the GPS disabled on your phone, your location can still be calculated (rather accurately) by triangulation from cell towers. You find the 3 closest towers and get their location (easy) and draw the loci for each of them.

From there, where can we go? Well... All of you here bring your phones to school. Your current location is no secret at any time except if your phone is in a Faraday cage. And because you're always in the same place for 8-2:30 then it's easy to conclude you go to school at a particular place. The same applies to absolutely everything. Every small aspect of your life can be tracked.

And this can lead to a dataset of your behavioural patterns. You go to school every day. You go to the gym every so often. You eat Mc Donald's every weekend... The data present is quite limitless. And all of this is harvested from you and fed into huge machine learning algorithms which classify your lifestyle and can use it to infer more data on you.

And this is from nothing more than your location.

What about your search history? Another trove of personal information. Has it ever happened to you that you search for something and soon after you end up seeing ads for the exact thing you were searching. I myself was looking for a bicycle a long time ago. The very next day, I turn my computer on and am targeted by ads for bicycles.

I talk a lot more in depth on advertisements in a later part. However, this just goes to show the extent to which you're being tracked.

Your google searches can further contribute to your digital profile, giving an insight into what you do in your free time, what you are interested in etc... Can you imagine the risk involved with maybe your political stance being marked into your digital footprint?

To worsen it, most desktop users use Google Chrome which oh-so-conveniently links your Google account to all the services. From my point of view, there is a really really fine line between convenience and security risk caused by mass interconnection of services. Google search engine, Gmail, YouTube, Google photos, Google Meet etc etc... They're all linked and it really facilitates data harvesting on you.

To add to this, your search data is being stored on Google servers, and per US law, they may be forced by the government to hand over all this information if they so request. A centralised conglomerate monopolising the tech sector is strictly at odds with privacy and the best interests of the public.

Furthermore, Google holds immense power for harm, including censorship and biases. The search engine itself has a page ranking algorithm which aims to display websites which it deems to be more relevant. Biases in the search engine could be disastrous. Imagine the potential - swaying of political opinion, discrimination against certain websites (especially new ones), biases in favour of it's associated services while against those of its competitors.

Your Digital Footprint!

Because your life is no secret to anyone anyways!

This category is split across the following 2 subtopics for clarity and because this topic alone is extremely long.

It is important to recognise that the other things I mentioned above concerning companies harvesting your data does also apply. That is also data concerning your online activity - your online self - which exists on the internet and may NEVER be erased.

An interesting thing about your digital footprint is that once it is out there, there is no taking it down. Which means that the information you share, willingly or not, can very easily fall into the wrong hands. In fact, frequent data breaches on websites and online services can be devastating as huge amounts of personal information are leaked. So, now, any data you decided to give the website is now in the hands of some hacker. And I'll admit it - my data is definitely out there. Passwords and date of birth and email addresses and all sorts of information is bought and sold on the dark web. To put things into perspective, for the average person, their digital footprint is bought and sold an estimated 90 times in an hour.

And here comes one of the most basic steps in making your data less reflective of your real self. Fake information. Say you were born in 1310. Say you live in the Republic of Congo. Say your name is Susan Hill. That way, when it eventually gets out, your information is not being handed over to scumbags.

The Categories of your Online Footprint:

Passive - data you leave online without intending to disclose it.
Active - data you spread online intentionally such as through social media use.
Personally Identifiable - anyone can make a link between the real world you and your digital footprint.
Anonymous - no links can be made between the your online and physical existences.

Data You Share

You don't even care if it's voluntary or not!

"By proceeding on this website, you accept our cookie policy. You can read out cookie policy here. Click accept to continue."

Is this familiar? Well, if you don't use the browser much, I suppose not. But this still applies to you - just the data is accumulated in-app.

To start off, what are cookies? Not the things there --> Cookies, in this context, are small chunks of data which are stored locally on your device, usually in a simple text file. Encrypted? Maybe ¯\(ツ)/¯

Cookies are one of the ways you basically hand out your data on a silver platter. Cookies may be anything from saving your password for later logins to tracking your actions on websites. And the thing about them is that it allows the same service to access data on you regardless of the website. And you don't even need to login!

Google Analytics. Or Google AdSense. They use cookies to get pinpoint accurate advertisement targeting on you. You pretty much can't hide. Or, actually, yes you can! Many browsers allow you to disable 3rd party cookies. While not foolproof, this is already a good way to protect yourself. For further protection, check out this article I wrote on the PiHole.

Furthermore, I found this quote of interest while researching this topic:

ProPublica states that "The practical result of the change is that the DoubleClick ads that follow people around on the web may now be customized to them based on your name and other information Google knows about you. It also means that Google could now, if it wished to, build a complete portrait of a user by name, based on everything they write in email, every website they visit and the searches they conduct." Google contacted ProPublica to correct the fact that it doesn't "currently" use Gmail keywords to target web ads.

So out of everything, Google only denied the use of Gmail keywords for targeting ads. This is laughable.

And yet... You click on accept cookies. Because it's too much of a hassle to click on decline and then tick out all the cookie options. Which is fair. Websites make it hard for you to decline cookies, thus practically forcing you to accept them. They know you cannot be bothered.

They prey off the fact that you do not care.

Data You Give Out For Free!

You're a gift that keeps on giving!

Primarily, this is in the form of you posting stuff to social media without thinking. Can figure out where you live, where you go. Heck, people get robbed because they post on Instagram that they're on vacation in the Carribbean. Or it can be used to stalk the crap outa you. From where you work or the area you live in etc etc... It goes on and on and on!

Now, I would like to give my own experience on this. Sharing all of this information to the world opens up the floodgates for cyber-stalking. Added to that, 52% of 15 year olds have a public account. Cyber-bullying can therefore become part of the mix. Now for my personal experience. I have not been stalked or bullied online. However, one time, I actually did the stalking myself.

Before you call the police on me, or report me to the FBI, I did it only on people who I considered ethically and morally "inferior". To be precise, the people involved in the pornographic ring on Telegram a year ago. And while this is legally questionable, I did it because I wanted to have some fun.

Your Telegram account is not a closed book. In fact, many people forget to turn the privacy settings on, allowing me to stalk them across the internet. Added to that, there are special tools which you can use to track down people across platforms. In the end, I gathered some 80 Facebook accounts, some 30 LinkedIn profiles, some Instagram accounts etc... And the funniest thing is that I found a lot of them had spouses!

While not totally in line with the theme of this story, it's important to recognise what your data can be used for in the wrong hands.

Your Internet Service Provider!

Possibly the worst offender in this list!

Interestingly, I started writing this before the MyT scandal involving the government. I may have another article coming out on that, by the way. I also talked a little bit on the ISP risk in my article on the PiHole, which circumvents part of this privacy issue.

To start off, your ISP is the biggest risk to your privacy online. EVERYTHING you do online passes through them. And this is why having the government intercept everything is extremely threatening to our democracy. But let's leave this aside.

Whenever you do anything on the internet, the data passes through your ISP.

This means the ISP gets to spy on everything you ever do on the internet. Which is bad, very bad. They can know you visited YouTube. They can know when you access your bank online. They can know when you buy things online. And while most data on the internet is encrypted, data packets still possess a "destination address" which MyT does see.

Furthermore, when you access websites, you need to convert the URL into an IP address. This is done in a DNS server and it is rather interesting to note that MyT does not let you change your DNS server on the router, forcing you to use their own or one of their choosing. And since a DNS server gets requests for websites' IP addresses when you visit them, it can know which websites you are visiting.

And as if this is not enough, MyT would be theoretically able to "tap into" your internet connection through one of the routers they have on the street. Or most home routers have a secret administrator profile for which you cannot change the password. This opens up the network to any probing which MyT may fancy doing.

But most people do not care about this. Out of sight out of mind.

Your next line is "what if I use a VPN?"

https://gist.github.com/joepie91/5a9909939e6ce7d09e29

Please check out this link for a very detailed (and funny) explanation of how VPNs themselves pose a security risk. I will, as usual, attempt to condense it myself and give my own point of view. But regardless, that article is just superior. Read it.

Alternatively, Tom Scott made an amazing video which you can find here: https://www.youtube.com/watch?v=WVDQEoe6ZWY

Sure, VPNs are amazing for bypassing geological restrictions, such as licensing issues on Netflix. In fact, I use one for watching things available exclusively abroad (BBC iPlayer) and it's called Mysterium. It is one of the best VPNs I have ever encountered for this. You pay per Gigabyte used so if you go a month without using it, you are not charged. It's decentralised, meaning it cannot be blocked by streaming services. And admittedly, it is extremely insecure due to the risk of Man In The Middle attacks. But, as long as you don't send any sensitive data across, it's fine.

Well, I'm not sponsored by or affiliated with them in any way, I just find the concept extremely cool.

Back on topic, VPNs only change who can see your data. So instead of MyT seeing you're visiting YouTube, the VPN provider can see that and can log it. And the no-logs thing is most often a lie. They need logs in order to protect the company when someone inevitably does something extremely illegal using the VPN service. And many companies claiming they don't keep logs ended up actually keeping them.

VPNs provide very little in terms of additional security since the "military grade encryption" (which is the norm now anyway) only applies when the data packets are moving from one VPN server to the next. It is the standard encrypted packets which leave the exit server of the VPN.

As such, I personally do not trust VPNs. And when I use them to fake my location, I make sure nothing sensitive or compromising passes through them.

Period Tracker Apps!

The entire idea for this article comes from this category. The backstory behind it being that Roe V Wade was overturned in the USA, leading to the criminalisation of abortion in around half the states. This in turn led to a huge security risk presented by "period" tracker apps.
(period is in inverted commas because this is a joke on them being tracker apps)

While the following is particularly prevalent in this case, there is no reason other apps cannot do that (looking at you, TikTok). It's simply spyware dressed as a functional app - a Trojan horse of sorts. So, without any further delay...

Apps on your mobile devices very often ask for some stupid permissions. Such as the well-known meme of the calculator asking for permission to access the camera. The apps often do not need to use those components of your device, unless it is for something malicious.

And now, we come to the question. Why does a period tracker app need to access your location and location history? Does this not indicate something extremely malicious taking place? Truly. After the overturning of Roe V Wade, it was found that you can buy the location history data for 3 women, as well as their period data, for the low low cost of $180 on the Dark Web (or close enough, I forgot exactly).

What does this data reveal?

Let's see. Period data can be used to extrapolate if someone is pregnant. This would be marked by a prolonged period during which the person does not have their period. So, with this data alone, you can find out if someone is pregnant. Location data/history spices things up.

It allows a malicious actor to figure out where you have gone.
Take a moment to find out how serious this is.

It can indicate if you have gone out of state, such as to a state where abortion is legal. It can indicate if you went to an abortion clinic. So, if the period data shows you are likely pregnant and you suddenly move out of state and soon after your period restarts, it can be figured out that you went for an abortion.

And let's not forget that it shows exactly where you live.

And already since several countries (including the USA) have appalling privacy laws, this information could be used in court against you. Or some extremists/fanatics could decide to pay you a visit. The outcomes are numerous and not a single one works in your favour.

On another note, the hacktivist group Anonymous has hacked numerous period tracker apps and deleted all the data accumulated on people. Truly wonderful.

How to Fight Mass Data Harvesting

For those of you who are determined enough.

It is not easy to escape from the data harvesting and mass surveillance which has become oh so predominant on the present-day internet. However, this security and privacy crisis will only get worse with time.

The website https://www.privacytools.io/ has a lengthy compilation of alternative software and services which are designed to protect your privacy online. Anything from Google-free and privacy-oriented web browsers like The Onion Router (TOR) to calendar apps which are totally disconnected from what is essentially spyware.

I would add more but the list is complete and extremely thorough. It provides alternatives for everything I mentioned here, and more!

If you want to take a step further, you can also adopt cryptocurrencies like Bitcoin and Ethereum which are semi-anonymous or Monero which is fully anonymous (and which the Feds hate). In fact, cryptocurrency adoption has skyrocketed recently and I personally use an anonymous crypto-funded Visa card for anything online. Check out https://paywithmoon.com/ if you want to see how.

Conclusion

Well, there is not much for me to add here. You have seen for yourself how security and privacy on the internet are being gradually eroded and this crisis will definitely have its repercussions in the future. Consequences which will affect you, the public.

It is undeniable that there is indeed a serious problem.

Thank you very much for reading all the way till here! Of course, do leave any feedback you may have directly in my DMs on WhatsApp or Telegram, or drop me an email at the address below!