Take Control of Your Data – Part 3

It’s not just Google as covered in Part 1 or Facebook in Part 2 who is collecting user data. Even when we browse or download an application from either the play store or iOS store, data is collected and aggregated about us. Our emails are analyzed to target us with relevant advertisements. Another case is those websites (fake) or even the real ones which collect our data to provide us with a service. Most of these websites do not detail as to how are they handling, storing or retaining the data. Let us understand by two such examples before identifying the ultimate tips to take control of your data. 

Example 1: The Curious Case of Discounts & Offers

Recently, I received a message about Reliance Jio Fiber offering services in New Delhi, India. I decided to visit this website. When I logged on to this website, it congratulated me on taking the first step towards ultra-low cost Gigabit broadband service. It then expressed disappointment that the service is however not live in your area currently. As an extremely friendly person, it offered me a pre-registration link, which captured all my details from my name till my pet’s name. After entering all the details, it says thank you (for sharing the data free of cost) and confirms that you would be notified when the service is live.

Such cases are so common where people fall into the trap of such websites and willingly share their data. Even today if you search Jio Fiber, you’ll find at least 3 different websites – Jiofiber.com, Jiofiber.org, and Jiofiber.co.in giving false updates and offering your registration links.

I guess I’m not lucky. Why so? Because I receive so many WhatsApp messages from a lot of friends claiming that they have won Nike shoes, iPhones, Laptops by simply clicking on a link and playing a simple game, while I, on the other hand, end up getting nothing but a malware on my smartphone. Such messages tantalize you to click such links where you ultimately get malicious apps/downloads or end up sharing personal data.

Example 2: Service Websites

These are websites which offer you services in return. They ask you to share a lot of data in exchange for a service. To understand this, take an example of Naukri.com. This website collects your data in exchange for providing a job opportunity to you. To avail this service, you willingly share your data with them. Now think what happens to your data when you get a job and start working. Did you ever go back to any such organizations asking them to delete your data since you no longer require their services? 

A quick look at the privacy policy of naukri.com ( https://www.naukri.com/privacypolicy) reveals the following:

There is no mention of deletion or the retention period of your data. Even if you argue that you could delete your profile altogether, there is no way to confirm if your data was actually deleted from all their servers.
Isn’t it time to take control of your data? Think about it.

Well, enough about the data sharing. Aren’t you tired of listening to all this data sharing? What can we do as users? We need to access the internet, Right? We need to use such services, Right? And since we need all this, we won’t be able to do anything about it, Right? WRONG. The Internet is the new oxygen and we do need to share such data, but we can always take precautionary steps to improve our level of privacy. Why allow a website to track our location when there is no need for such tracking? Why share your IP details or your search terms with ISPs? And if you really want to share all this data, why not get paid for it? Intrigued? Read on to find further.

1. Your browser is the one which connects you to the Internet. So the first thing to check is the current status of your browser. Panopticlick is one such option to check. When you visit a website, online trackers and the site itself may be able to identify you – even if you’ve installed software to protect yourself. It’s possible to configure your browser to thwart tracking, but many people don’t know how. Panopticlick will analyze how well your browser and add-ons protect you against online tracking techniques. We’ll also see if your system is uniquely configured—and thus identifiable—even if you are using the privacy-protective software.  

There is another such website which tells you whether your browser leaks your PII or not. ( https://browserleaks.com/)

2. If you are not satisfied with the results of your browser, it is time to change the browser itself. I would recommend TOR as it offers a high level of privacy and anonymity. 

3. When you search something on Google, it tracks and records your search history to provide you a better experience. You would have noticed that if you search about a favorite song on your android phone in the Google search bar, you would find similar recommendations or your search history when logged in through a desktop/laptop machine. If you value your privacy, change your search engine to DuckDuckGo. It offers plenty of useful features including region-specific searching; Safe Search, which omits potentially objectionable material; keyboard shortcuts; and more.

4. We share files every day. The cloud storage service Dropbox or Google, designed to let you share files with others is, in the words of Edward Snowden, “very hostile to privacy.” If you’re looking for a free alternative that lets you anonymously share files of any size, try the open source OnionShare, which was written by Micah Lee, who works with the journalist Glenn Greenwald who was the recipient of the NSA files from Snowden. It’s available for Windows, Mac OS X, and Ubuntu.

5. Mailing Services. Google, Yahoo, Microsoft, Apple all monitor your emails, again to provide you better user experience. If you want to avoid these snoopy eyes, why not use a mail which encrypts your emails end to end or uses a temporary account which can be used when required and then discarded. Guerrilla Mail lets you set up a new, random email address with only a click. Using it in the Tor Browser ensures that no one, not even Guerrilla Mail, can connect your IP address with that ephemeral email address.

6. When you sign-up for user accounts across the web, using a different email address for each site is a good way to throw unscrupulous third-parties off of your trail. If you're merely creating a throwaway account on a whim, consider using disposable email accounts from sites like Mailinator or YopMail. Anybody can access those inboxes though, so use discretion. If you actually want to maintain legitimate accounts on sites like Facebook or Twitter, you can create numerous free email accounts, and then configure email forwarding to funnel all of the messages into a single inbox. It's a lot of additional work, but it also offers the benefit of being able to easily detect which sites are selling your information to spammers.

7. The ultimate one is changing your operating system altogether. Whonix is exactly that - an open source OS that focuses on anonymity, privacy, and security. Based on the Tor network, Whonix is about as anonymous as an OS can get before it all becomes too inconvenient for normal use. Whonix runs in two parts, “one solely runs Tor and acts as a gateway… The other… is on a completely isolated network. Only connections through Tor are possible.” You can download it for free from whonix.org.

Wait, you don’t want all this and are comfortable with sharing your data online. Great!! What if you could get paid for it? Datacoup is one such company that helps you sell your anonymous data for real, cold hard cash. It's simple. If you connect data, you'll earn. 

In the end, personal data is your identity. It is up to you how you would like to manage it. 

This is the end of the 3-part series on how to take control of your data. If you liked it, it is time to share it. Do share your thoughts in comment section below.

Link to Part 1 : http://www.mayurpahwa.com/2018/04/take-control-of-your-data-part-1_4.html
Link to Part 2 : http://www.mayurpahwa.com/2018/04/take-control-of-your-data-part-2.html


You may also like to read...

Identification, Authentication, Authorization, and Accountability

Access Control Models - DAC, MAC, RBAC , Rule Based & ABAC

How to Pass SSCP Exam in the First Attempt

Understanding Security Modes - Dedicated , System high, Compartmented , Multilevel

Cloud Computing - The Logical Model