Talk: Why the Software we use is designed to violate our Privacy

René Pfeiffer/ September 29, 2011/ Conference

Most of us are used to take advantage of  the fruits of the Web 2.0. There is web e-mail, online backups, social networking, blogs, media sharing portals (for audio/video), games, instant messaging and more – available for private and corporate users. A lot of sites offer their services for free (meaning without charging anything), thus increasing the number of accounts created. Nevertheless you pay something. You are being mined for information and data. Some of these products collect our data directly. In such cases, the exchange of user data for free services is well known, at least to many savvy users. However, many other products do not collect our private data. Instead, they quietly facilitate and enable data collection by other parties. It all depends on the business model. Of course most portals and sites have privacy settings. Unsurprisingly, the default values for many of the tools we use have been selected to guarantee that most consumers will be tracked, and their personal data analysed. Privacy does not come first.

Why should we care? Many customers and businesses might not, but once you have to protect your digital assets you probably don’t want to show them to others. As managing director you do not want the results of your R&D department shared on social networking sites. On the contrary you might be interested to outsource some part of your infrastructure, and then you have to deal with the consequences. This is when privacy settings turn into security risks. You have to be aware of this. The leaked party photos of today may be a major security breach in the future – and your company should not be part of it. These leaks can be easily combined with social engineering to target key employees or to stage more attacks.

Christopher Soghoian of the Center for Applied Cybersecurity Research at Indiana University will explain what is behind the way data is managed and why. His talk combines behavioural economics, awareness of Internet business models, and a healthy dose of paranoia to analyse one of the primary reasons we have so little privacy online – because it would limit the profits of those whose free products and services we use. Christopher Soghoian has in-depth experience with privacy issues. He played a part in Google’s use of HTTPS by default for Gmail, and Dropbox’s recent acknowledgement that it doesn’t properly encrypt user data.

Share this Post

About René Pfeiffer

System administrator, lecturer, hacker, security consultant, technical writer and DeepSec organisation team member. Has done some particle physics, too. Prefers encrypted messages for the sake of admiring the mathematical algorithms at work.